File name:

fusion msi x32.msi

Full analysis: https://app.any.run/tasks/2067a29e-d9d3-4735-b364-41af4baac77a
Verdict: Malicious activity
Analysis date: May 14, 2019, 20:46:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
opendir
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Code page: 1252, Title: FusionInventory Agent 2.4.3 (x86 edition) 2.4.3.0, Subject: FusionInventory Agent 2.4.3 (x86 edition), Author: FusionInventory Team, Keywords: Installer, Comments: Installer wrapped by MSI Wrapper (6.0.91.0) from www.exemsi.com, Template: Intel;1033, Revision Number: {8395FC6B-092B-4A0F-BD32-4DE08C17DA49}, Create Time/Date: Wed Dec 17 10:17:14 2014, Last Saved Time/Date: Wed Dec 17 10:17:14 2014, Number of Pages: 200, Number of Words: 2, Name of Creating Application: MSI Wrapper (6.0.91.0), Security: 2
MD5:

770364A3401636811ABE9321CE0F6ACB

SHA1:

7043E964451ECC6E3F6189F38E1BB16A5C64851F

SHA256:

443D8439723B2C3EEC509D3DF8151190DC375E06AFFF78B74FA08351CFE5638A

SSDEEP:

196608:FqNsSPjvozSrFFG+AIRQybwWQgwC0JjacTNkwEWRpTtfs:wNnPzozcFGNIRQybwbgwCwjNNfRZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 992)

    • Application was dropped or rewritten from another process

      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)
      • fusion msi x32.exe (PID: 3124)
      • ns5678.tmp (PID: 3228)
      • sed.exe (PID: 2728)
      • ns5A70.tmp (PID: 3728)
      • ns7BC5.tmp (PID: 2656)
      • sed.exe (PID: 2844)
      • ns7D2D.tmp (PID: 3464)
      • ns7E18.tmp (PID: 1924)
      • sed.exe (PID: 1848)
      • sed.exe (PID: 3896)
      • ns7F62.tmp (PID: 2880)
      • sed.exe (PID: 1088)
      • ns81B5.tmp (PID: 2196)
      • sed.exe (PID: 2676)
      • ns8291.tmp (PID: 952)
      • sed.exe (PID: 3536)
      • ns838C.tmp (PID: 3720)
      • ns80BA.tmp (PID: 3612)
      • sed.exe (PID: 3548)
      • ns8582.tmp (PID: 2036)
      • sed.exe (PID: 1424)
      • fusioninventory-agent.exe (PID: 2148)
      • ns8E8C.tmp (PID: 4032)
      • sed.exe (PID: 2564)
      • ns8477.tmp (PID: 2692)
      • ns9802.tmp (PID: 3112)
      • perl.exe (PID: 2804)
      • perl.exe (PID: 3676)
      • dmidecode.exe (PID: 2428)
      • dmidecode.exe (PID: 2644)
      • dmidecode.exe (PID: 4056)
      • ns9FC4.tmp (PID: 2540)
      • dmidecode.exe (PID: 3256)
      • dmidecode.exe (PID: 3736)
      • dmidecode.exe (PID: 2760)

    • Loads the Task Scheduler COM API

      • schtasks.exe (PID: 3696)

    • Loads dropped or rewritten executable

      • sed.exe (PID: 2728)
      • sed.exe (PID: 2844)
      • sed.exe (PID: 1848)
      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)
      • sed.exe (PID: 1088)
      • sed.exe (PID: 2676)
      • sed.exe (PID: 3536)
      • sed.exe (PID: 3896)
      • sed.exe (PID: 3548)
      • sed.exe (PID: 1424)
      • fusioninventory-agent.exe (PID: 2148)
      • sed.exe (PID: 2564)
      • perl.exe (PID: 2804)
      • perl.exe (PID: 3676)

    • Adds new firewall rule via NETSH.EXE

      • ns8E8C.tmp (PID: 4032)
      • ns9802.tmp (PID: 3112)
      • ns9FC4.tmp (PID: 2540)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 2472)
      • MsiExec.exe (PID: 3880)
      • fusion msi x32.exe (PID: 3124)
      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)

    • Executes scripts

      • fusion msi x32.exe (PID: 3124)

    • Starts CMD.EXE for commands execution

      • WScript.exe (PID: 2612)
      • ns5A70.tmp (PID: 3728)
      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)
      • perl.exe (PID: 2804)
      • perl.exe (PID: 3676)

    • Uses NETSH.EXE for network configuration

      • ns5678.tmp (PID: 3228)
      • ns8E8C.tmp (PID: 4032)
      • ns9802.tmp (PID: 3112)
      • ns9FC4.tmp (PID: 2540)

    • Starts application with an unusual extension

      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)

    • Creates files in the program directory

      • sed.exe (PID: 2728)
      • sed.exe (PID: 2844)
      • sed.exe (PID: 1848)
      • sed.exe (PID: 3896)
      • sed.exe (PID: 1088)
      • sed.exe (PID: 2676)
      • sed.exe (PID: 3548)
      • sed.exe (PID: 1424)
      • fusioninventory-agent.exe (PID: 2148)
      • sed.exe (PID: 3536)
      • sed.exe (PID: 2564)
      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)

    • Creates a software uninstall entry

      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)

  • INFO

    • Low-level read access rights to disk partition

      • vssvc.exe (PID: 1180)

    • Searches for installed software

      • msiexec.exe (PID: 2472)

    • Changes settings of System certificates

      • DrvInst.exe (PID: 832)

    • Adds / modifies Windows certificates

      • DrvInst.exe (PID: 832)

    • Application launched itself

      • msiexec.exe (PID: 2472)

    • Loads dropped or rewritten executable

      • MsiExec.exe (PID: 3880)
      • MsiExec.exe (PID: 3348)

    • Dropped object may contain Bitcoin addresses

      • fusioninventory-agent_windows-x86_2.4.3.exe (PID: 3104)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Installer (100)

EXIF

FlashPix

Title: FusionInventory Agent 2.4.3 (x86 edition) 2.4.3.0
Subject: FusionInventory Agent 2.4.3 (x86 edition)
Author: FusionInventory Team
Keywords: Installer
Comments: Installer wrapped by MSI Wrapper (6.0.91.0) from www.exemsi.com
Template: Intel;1033
RevisionNumber: {8395FC6B-092B-4A0F-BD32-4DE08C17DA49}
CreateDate: 2014:12:17 10:17:14
ModifyDate: 2014:12:17 10:17:14
Pages: 200
Words: 2
Software: MSI Wrapper (6.0.91.0)
Security: Read-only recommended
CodePage: Unicode UTF-16, little endian
LocaleIndicator: 13322
Company: FusionInventory Team
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
109
Monitored processes
58
Malicious processes
25
Suspicious processes
9

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start msiexec.exe no specs msiexec.exe vssvc.exe no specs drvinst.exe no specs msiexec.exe msiexec.exe no specs fusion msi x32.exe wscript.exe no specs cmd.exe no specs fusioninventory-agent_windows-x86_2.4.3.exe ns5678.tmp no specs netsh.exe no specs ns5a70.tmp no specs cmd.exe no specs schtasks.exe no specs find.exe no specs ns7bc5.tmp no specs sed.exe no specs ns7d2d.tmp no specs sed.exe no specs ns7e18.tmp no specs sed.exe no specs ns7f62.tmp no specs sed.exe no specs ns80ba.tmp no specs sed.exe no specs ns81b5.tmp no specs sed.exe no specs ns8291.tmp no specs sed.exe no specs ns838c.tmp no specs sed.exe no specs ns8477.tmp no specs sed.exe no specs ns8582.tmp no specs sed.exe no specs fusioninventory-agent.exe no specs ns8e8c.tmp no specs netsh.exe no specs ns9802.tmp no specs netsh.exe no specs ns9fc4.tmp no specs netsh.exe no specs cmd.exe no specs perl.exe perl.exe cmd.exe no specs dmidecode.exe cmd.exe no specs dmidecode.exe cmd.exe no specs dmidecode.exe cmd.exe no specs dmidecode.exe cmd.exe no specs dmidecode.exe no specs cmd.exe no specs dmidecode.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
184cmd.exe /x/d/c "dmidecode 2>nul"C:\Windows\system32\cmd.exeperl.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
456cmd.exe /x/d/c "dmidecode 2>nul"C:\Windows\system32\cmd.exeperl.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
832DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot18" "" "" "6792c44eb" "00000000" "00000560" "000004C0"C:\Windows\system32\DrvInst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\drvinst.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
952"C:\Users\admin\AppData\Local\Temp\nsn54C1.tmp\ns8291.tmp" "C:\Users\admin\AppData\Local\Temp\nsn54C1.tmp\sed.exe" -i -e "s/$/\r/" "C:\Program Files\FusionInventory-Agent\docs\releases\installer-contributions.txt"C:\Users\admin\AppData\Local\Temp\nsn54C1.tmp\ns8291.tmpfusioninventory-agent_windows-x86_2.4.3.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\nsn54c1.tmp\ns8291.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
992"C:\Windows\system32\cmd.exe" /c schtasks /query /fo csv | find /c "FusionInventory-Agent"C:\Windows\system32\cmd.exens5A70.tmp
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
996netsh advfirewall firewall delete rule name="FusionInventory-Agent"C:\Windows\system32\netsh.exens5678.tmp
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Network Command Shell
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\netsh.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\credui.dll
c:\windows\system32\user32.dll
1088"C:\Users\admin\AppData\Local\Temp\nsn54C1.tmp\sed.exe" -i -e "s/$/\r/" "C:\Program Files\FusionInventory-Agent\docs\releases\installer-acknowledgments.txt"C:\Users\admin\AppData\Local\Temp\nsn54C1.tmp\sed.exens80BA.tmp
User:
SYSTEM
Company:
GnuWin32 <http://gnuwin32.sourceforge.net>
Integrity Level:
SYSTEM
Description:
Sed: stream editor
Exit code:
0
Version:
4.1.5.4013
Modules
Images
c:\users\admin\appdata\local\temp\nsn54c1.tmp\sed.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\nsn54c1.tmp\libintl3.dll
c:\users\admin\appdata\local\temp\nsn54c1.tmp\libiconv2.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1180C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1424"C:\Users\admin\AppData\Local\Temp\nsn54C1.tmp\sed.exe" -i -e "s|=> undef, # SYSCONFDIR.*|=> q/C:\\Program Files\\FusionInventory-Agent\\etc/,|" "C:\Program Files\FusionInventory-Agent\perl\agent\FusionInventory\Agent\Config.pm"C:\Users\admin\AppData\Local\Temp\nsn54C1.tmp\sed.exens8582.tmp
User:
SYSTEM
Company:
GnuWin32 <http://gnuwin32.sourceforge.net>
Integrity Level:
SYSTEM
Description:
Sed: stream editor
Exit code:
0
Version:
4.1.5.4013
Modules
Images
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernelbase.dll
c:\systemroot\system32\ntdll.dll
c:\users\admin\appdata\local\temp\nsn54c1.tmp\sed.exe
c:\windows\system32\kernel32.dll
c:\users\admin\appdata\local\temp\nsn54c1.tmp\libintl3.dll
1828cmd /c ""C:\Users\admin\AppData\Local\Temp\RarSFX0\install.bat" "C:\Windows\System32\cmd.exeWScript.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
985
Read events
556
Write events
415
Delete events
14

Modification events

(PID) Process:(2472) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4000000000000000E0A42326960AD501A809000020090000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2472) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4000000000000000E0A42326960AD501A809000020090000D0070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2472) msiexec.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP
Operation:writeName:LastIndex
Value:
20
(PID) Process:(2472) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SPP
Operation:writeName:SppGatherWriterMetadata (Enter)
Value:
40000000000000000C519126960AD501A809000020090000D3070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2472) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\VssapiPublisher
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000001A789826960AD501A809000038040000E8030000010000000000000000000000A1DF5994DA5A8E45B59C9000DE046D890000000000000000
(PID) Process:(1180) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
400000000000000036C6A626960AD5019C040000EC0D0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1180) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
400000000000000036C6A626960AD5019C040000C4080000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1180) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
400000000000000036C6A626960AD5019C040000F0090000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1180) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
40000000000000009028A926960AD5019C040000180C0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(1180) vssvc.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Leave)
Value:
40000000000000005214B526960AD5019C040000F0090000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
Executable files
104
Suspicious files
16
Text files
2 607
Unknown types
0

Dropped files

PID
Process
Filename
Type
2472msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
2472msiexec.exeC:\Windows\Installer\1240ab.msi
MD5:
SHA256:
2472msiexec.exeC:\Users\admin\AppData\Local\Temp\~DF24E9442507633A61.TMP
MD5:
SHA256:
1180vssvc.exeC:
MD5:
SHA256:
2472msiexec.exeC:\Windows\Installer\1240ac.ipibinary
MD5:
SHA256:
2472msiexec.exeC:\Windows\Installer\MSI46A7.tmpexecutable
MD5:
SHA256:
832DrvInst.exeC:\Windows\INF\setupapi.ev1binary
MD5:
SHA256:
832DrvInst.exeC:\Windows\INF\setupapi.dev.logini
MD5:
SHA256:
832DrvInst.exeC:\Windows\INF\setupapi.ev3binary
MD5:
SHA256:
2472msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{9459dfa1-5ada-458e-b59c-9000de046d89}_OnDiskSnapshotPropbinary
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2804
perl.exe
GET
200
200.75.4.78:80
http://inventario-fi.forum.cl/plugins/fusioninventory/?action=getConfig&task[Collect]=2.5&machineid=User-PC-2019-05-14-21-47-25
CL
text
42 b
unknown
3676
perl.exe
GET
200
200.75.4.78:80
http://inventario-fi.forum.cl/plugins/fusioninventory/?action=getConfig&task[Collect]=2.5&machineid=User-PC-2019-05-14-21-47-25
CL
text
42 b
unknown
3676
perl.exe
POST
200
200.75.4.78:80
http://inventario-fi.forum.cl/plugins/fusioninventory/
CL
pz
98 b
unknown
3676
perl.exe
GET
200
200.75.4.78:80
http://inventario-fi.forum.cl/plugins/fusioninventory/?action=getConfig&machineid=User-PC-2019-05-14-21-47-25&task[Deploy]=2.7
CL
text
42 b
unknown
2804
perl.exe
POST
200
200.75.4.78:80
http://inventario-fi.forum.cl/plugins/fusioninventory/
CL
pz
98 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2804
perl.exe
200.75.4.78:80
inventario-fi.forum.cl
Gtd Internet S.A.
CL
unknown
3676
perl.exe
200.75.4.78:80
inventario-fi.forum.cl
Gtd Internet S.A.
CL
unknown

DNS requests

Domain
IP
Reputation
inventario-fi.forum.cl
  • 200.75.4.78
unknown

Threats

No threats detected
Process
Message
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
dmidecode.exe
Invalid parameter passed to C runtime function.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
fusion msi x32.msi