7e3cc838ab3aa1207957dbe39acf9379d00ed93c5cdf74a56a9e8a4f4453b3c8

Analysis

max time kernel
500s
max time network
505s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2023, 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KeyboardSplitter.exe
Size

6.4MB
MD5

85be9314df40802ef6ca32b276389737
SHA1

49e09df75179e4df7f435c5073478932b43fecb6
SHA256

7e3cc838ab3aa1207957dbe39acf9379d00ed93c5cdf74a56a9e8a4f4453b3c8
SHA512

9c90819c49db3170cb8e897b8b7c515727618999ea6d5b9a6f638ec8943a8cc208efa352f5029dd7b33e8fef46e869669b60d334c77ad117630ac47577237fb6
SSDEEP

98304:Dnwz2f6G5rKvmZLJoW/HzZ2ans8GVoLd+GnltN0A0AZ4lBkCOX2r:Dwza642OZmW/d2ansBGdPnl4FECE2

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 5 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\keyboard.sys	keyboard_driver.exe
File created	C:\Windows\system32\drivers\mouse.sys	keyboard_driver.exe
File opened for modification	C:\Windows\System32\drivers\SETE728.tmp	DrvInst.exe
File created	C:\Windows\System32\drivers\SETE728.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\ScpVBus.sys	DrvInst.exe

Executes dropped EXE 2 IoCs

pid	Process
2260	keyboard_driver.exe
2384	devcon.exe

Loads dropped DLL 1 IoCs

pid	Process
4928	KeyboardSplitter.exe

Drops file in System32 directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\SETD1AE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\scpvbus.inf_amd64_d001fb20668dd09d\ScpVBus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\scpvbus.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\scpvbus.inf_amd64_d001fb20668dd09d\scpvbus.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\SETD13F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\SETD1AD.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\SETD1AD.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\ScpVBus.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\scpvbus.inf_amd64_d001fb20668dd09d\scpvbus.PNF	devcon.exe
File opened for modification	C:\Windows\System32\WdfCoInstaller01009.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\SETD13F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\SETD1AF.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\SETD1AF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\ScpVBus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\scpvbus.inf_amd64_d001fb20668dd09d\WdfCoInstaller01009.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\SETD1AE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\scpvbus.inf_amd64_d001fb20668dd09d\ScpVBus.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\SETE7F5.tmp	DrvInst.exe
File created	C:\Windows\System32\SETE7F5.tmp	DrvInst.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	devcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem2.inf	DrvInst.exe
File created	C:\Windows\inf\oem2.inf	DrvInst.exe

Checks SCSI registry key(s) 3 TTPs 62 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	devcon.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	devcon.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	devcon.exe

Modifies data under HKEY_USERS 42 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	devcon.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	devcon.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	devcon.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe
4928	KeyboardSplitter.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	4928	KeyboardSplitter.exe
Token: SeAuditPrivilege	2188	svchost.exe
Token: SeSecurityPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2384	devcon.exe
Token: SeRestorePrivilege	852	DrvInst.exe
Token: SeBackupPrivilege	852	DrvInst.exe
Token: SeRestorePrivilege	852	DrvInst.exe
Token: SeBackupPrivilege	852	DrvInst.exe
Token: SeLoadDriverPrivilege	852	DrvInst.exe
Token: SeLoadDriverPrivilege	852	DrvInst.exe
Token: SeLoadDriverPrivilege	852	DrvInst.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 2260	4928	KeyboardSplitter.exe	85
PID 4928 wrote to memory of 2260	4928	KeyboardSplitter.exe	85
PID 4928 wrote to memory of 2260	4928	KeyboardSplitter.exe	85
PID 4928 wrote to memory of 2384	4928	KeyboardSplitter.exe	87
PID 4928 wrote to memory of 2384	4928	KeyboardSplitter.exe	87
PID 2188 wrote to memory of 3484	2188	svchost.exe	90
PID 2188 wrote to memory of 3484	2188	svchost.exe	90
PID 3484 wrote to memory of 364	3484	DrvInst.exe	91
PID 3484 wrote to memory of 364	3484	DrvInst.exe	91
PID 2188 wrote to memory of 852	2188	svchost.exe	92
PID 2188 wrote to memory of 852	2188	svchost.exe	92

C:\Users\Admin\AppData\Local\Temp\KeyboardSplitter.exe
"C:\Users\Admin\AppData\Local\Temp\KeyboardSplitter.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Users\Admin\AppData\Local\Temp\KeyboardSplitter 2.2.0.0 resources\keyboard_driver.exe
  "C:\Users\Admin\AppData\Local\Temp\KeyboardSplitter 2.2.0.0 resources\keyboard_driver.exe" /install
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  PID:2260
- C:\Users\Admin\AppData\Local\Temp\VirtualXbox 2.2.0.0 resources\devcon.exe
  "C:\Users\Admin\AppData\Local\Temp\VirtualXbox 2.2.0.0 resources\devcon.exe" install ScpVBus.inf Root\ScpVBus
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  PID:2384

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{b7b78d6b-91a3-8f4d-a077-db43ce87086b}\scpvbus.inf" "9" "4b5cfab93" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "c:\users\admin\appdata\local\temp\virtualxbox 2.2.0.0 resources"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  - Suspicious use of WriteProcessMemory
  PID:3484
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{8cfe2bdf-557b-9141-baff-2be7bed43da0} Global\{ded0535e-9aa1-5f40-a2d8-128ffc89ccd4} C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\scpvbus.inf C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\ScpVBus.cat
    3⤵
    PID:364
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem2.inf" "oem2.inf:c14ce88487555a35:ScpVBus_Device:22.52.24.182:root\scpvbus," "4b5cfab93" "0000000000000148"
  2⤵
  - Drops file in Drivers directory
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious use of AdjustPrivilegeToken
  PID:852

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3696

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl,@1 ,
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\KeyboardSplitter 2.2.0.0 resources\keyboard_driver.exe

Filesize
459KB

MD5
0485d7466d93b687fa90e1644b2aacbb

SHA1
8a2b8cea2500a9e04c7472fa052f71db78db5813

SHA256
41362f9a019e55a63e4efe5761f703ffdcb06ca185bf2e36092f8e1bf5a264ff

SHA512
3240511701e954a349c7017bdfb35dd65e822f29abcb7371669cb1ca7e5d0b86ee60c716c6d1e24a859d1003cf2bd8efba8958ee0f6ff3f6cdf72cf5a2b2fd54

Download Submit
C:\Users\Admin\AppData\Local\Temp\KeyboardSplitter 2.2.0.0 resources\keyboard_driver.exe

Filesize
459KB

MD5
0485d7466d93b687fa90e1644b2aacbb

SHA1
8a2b8cea2500a9e04c7472fa052f71db78db5813

SHA256
41362f9a019e55a63e4efe5761f703ffdcb06ca185bf2e36092f8e1bf5a264ff

SHA512
3240511701e954a349c7017bdfb35dd65e822f29abcb7371669cb1ca7e5d0b86ee60c716c6d1e24a859d1003cf2bd8efba8958ee0f6ff3f6cdf72cf5a2b2fd54

Download Submit
C:\Users\Admin\AppData\Local\Temp\VirtualXbox 2.2.0.0 resources\ScpVBus.inf

Filesize
2KB

MD5
c554a925eb6c46da1a6e221aacec157b

SHA1
a934a3f41d6cf87af41df8c40e8be89c2ed56d9e

SHA256
db8367c5e7e9b0a857d9f4d220a08d475381440f793d9408071e16a865eccd51

SHA512
237010f6aee981439b236596db317c36d181a457aeb0e189676cdcbeda86e887249f2e080d56a8cc761c8545ed5eda8a92755b9b303ab90a3af102e80bf26812

Download Submit
C:\Users\Admin\AppData\Local\Temp\VirtualXbox 2.2.0.0 resources\devcon.exe

Filesize
80KB

MD5
7920632d06bda4f19f4815232796fd24

SHA1
0dbc86019e7b49eab75e70e3be07e6e78a41d3dd

SHA256
f4225d077a71787e8b98ed2e649aae8af1ae5c92e82414b59f71c9dd1784e729

SHA512
09eefce4be893c756b18a3044ee1b7a4207f9235e1be765e2f598e10ad962d18c6588bf3a44bb0d629f4c92f84b076da33292a2faa334a5380dee867a37fdf91

Download Submit
C:\Users\Admin\AppData\Local\Temp\djlastnight's Gaming Keyboard Splitter v2.2.0.0\VirtualXboxNative.dll

Filesize
14KB

MD5
c0a65fb87bff1b0bef9e26c9332b8658

SHA1
f7810afb38b850b73cb4af37ab097f1161393a38

SHA256
72625764cc1fe7a8f99c29019ad7839980bbe0565af7844ee9e821869cb0d02c

SHA512
2d55bb1681ca87a6524d1a98bb582391363eb6353c0ccb86028ac0a7aa710d96ef6f30064d73143efc9bd7cba14803f353902a98b697b1dd165b66d63aec37f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B7B78~1\ScpVBus.cat

Filesize
8KB

MD5
f731eb640512970da863bb207c911afb

SHA1
7c853c5e237149b51a939bb3eb307f33ee010d95

SHA256
e7cd617710f38c80f0e8700780a92c97c5b2ddc42586de1d8afbd2e624225629

SHA512
f354b10ae68af37b153f9439709cb7712223e5d7bbeec278989f7f17fe5cf00b6ad253f29470795b50c62309bd0ad2e8662afaf73baaa5f691cad4a1015e0036

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B7B78~1\ScpVBus.sys

Filesize
43KB

MD5
6011ab0ca3d08527cf2af246d792548f

SHA1
8e3216e7b8f7340dc0f14ab25db1b3b7e978ec1a

SHA256
2c363a38f474abe214d947f4e8c5d246a65228f4ff1f56c65ec66253a38f04e8

SHA512
8ef8d4309b095974e2d605756a452c6843df9f686552d8458540482d25f298c124c16bcd39499ea2d3ba65cab97cc1af529f735704742c77a7194dd4d96eedaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B7B78~1\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\AppData\Local\Temp\{b7b78d6b-91a3-8f4d-a077-db43ce87086b}\scpvbus.inf

Filesize
2KB

MD5
c554a925eb6c46da1a6e221aacec157b

SHA1
a934a3f41d6cf87af41df8c40e8be89c2ed56d9e

SHA256
db8367c5e7e9b0a857d9f4d220a08d475381440f793d9408071e16a865eccd51

SHA512
237010f6aee981439b236596db317c36d181a457aeb0e189676cdcbeda86e887249f2e080d56a8cc761c8545ed5eda8a92755b9b303ab90a3af102e80bf26812

Download Submit
C:\Windows\INF\oem2.inf

Filesize
2KB

MD5
c554a925eb6c46da1a6e221aacec157b

SHA1
a934a3f41d6cf87af41df8c40e8be89c2ed56d9e

SHA256
db8367c5e7e9b0a857d9f4d220a08d475381440f793d9408071e16a865eccd51

SHA512
237010f6aee981439b236596db317c36d181a457aeb0e189676cdcbeda86e887249f2e080d56a8cc761c8545ed5eda8a92755b9b303ab90a3af102e80bf26812

Download Submit
C:\Windows\System32\DriverStore\FileRepository\SCPVBU~1.INF\ScpVBus.sys

Filesize
43KB

MD5
6011ab0ca3d08527cf2af246d792548f

SHA1
8e3216e7b8f7340dc0f14ab25db1b3b7e978ec1a

SHA256
2c363a38f474abe214d947f4e8c5d246a65228f4ff1f56c65ec66253a38f04e8

SHA512
8ef8d4309b095974e2d605756a452c6843df9f686552d8458540482d25f298c124c16bcd39499ea2d3ba65cab97cc1af529f735704742c77a7194dd4d96eedaa

Download Submit
C:\Windows\System32\DriverStore\FileRepository\SCPVBU~1.INF\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\ScpVBus.cat

Filesize
8KB

MD5
f731eb640512970da863bb207c911afb

SHA1
7c853c5e237149b51a939bb3eb307f33ee010d95

SHA256
e7cd617710f38c80f0e8700780a92c97c5b2ddc42586de1d8afbd2e624225629

SHA512
f354b10ae68af37b153f9439709cb7712223e5d7bbeec278989f7f17fe5cf00b6ad253f29470795b50c62309bd0ad2e8662afaf73baaa5f691cad4a1015e0036

Download Submit
C:\Windows\System32\DriverStore\Temp\{b410558b-86fc-5547-b9a6-9f2cd708132d}\scpvbus.inf

Filesize
2KB

MD5
c554a925eb6c46da1a6e221aacec157b

SHA1
a934a3f41d6cf87af41df8c40e8be89c2ed56d9e

SHA256
db8367c5e7e9b0a857d9f4d220a08d475381440f793d9408071e16a865eccd51

SHA512
237010f6aee981439b236596db317c36d181a457aeb0e189676cdcbeda86e887249f2e080d56a8cc761c8545ed5eda8a92755b9b303ab90a3af102e80bf26812

Download Submit
C:\Windows\system32\drivers\keyboard.sys

Filesize
18KB

MD5
9d39232310190dc8c0cb7472db523a1e

SHA1
e32cb026441aa952d70fac7f9f6495d850ebd82e

SHA256
2cb5ec142cfac879bce4a2f9549258db972aebbd24f4551b6b748b464eb7dba9

SHA512
9bf0c2cd1af6bee3ca9a50cc3b07c429b526c08d7ef94ae507e4dcf864a6216c1527294902e4266d45ccd85c54ed975361307a8b6ef00a21af22e0a941e83d52

Download Submit
\??\c:\users\admin\appdata\local\temp\VIRTUA~1.0RE\ScpVBus.sys

Filesize
43KB

MD5
6011ab0ca3d08527cf2af246d792548f

SHA1
8e3216e7b8f7340dc0f14ab25db1b3b7e978ec1a

SHA256
2c363a38f474abe214d947f4e8c5d246a65228f4ff1f56c65ec66253a38f04e8

SHA512
8ef8d4309b095974e2d605756a452c6843df9f686552d8458540482d25f298c124c16bcd39499ea2d3ba65cab97cc1af529f735704742c77a7194dd4d96eedaa

Download Submit
\??\c:\users\admin\appdata\local\temp\VIRTUA~1.0RE\WDFCOI~1.DLL

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
\??\c:\users\admin\appdata\local\temp\virtualxbox 2.2.0.0 resources\ScpVBus.cat

Filesize
8KB

MD5
f731eb640512970da863bb207c911afb

SHA1
7c853c5e237149b51a939bb3eb307f33ee010d95

SHA256
e7cd617710f38c80f0e8700780a92c97c5b2ddc42586de1d8afbd2e624225629

SHA512
f354b10ae68af37b153f9439709cb7712223e5d7bbeec278989f7f17fe5cf00b6ad253f29470795b50c62309bd0ad2e8662afaf73baaa5f691cad4a1015e0036

Download Submit
memory/4928-132-0x0000000000240000-0x00000000008A6000-memory.dmp

Filesize
6.4MB

Download
memory/4928-139-0x000000000A930000-0x000000000A93E000-memory.dmp

Filesize
56KB

Download
memory/4928-138-0x000000000AE90000-0x000000000AEC8000-memory.dmp

Filesize
224KB

Download
memory/4928-137-0x0000000008DA0000-0x0000000008DA8000-memory.dmp

Filesize
32KB

Download
memory/4928-136-0x0000000006650000-0x00000000066E2000-memory.dmp

Filesize
584KB

Download
memory/4928-134-0x0000000006200000-0x0000000006266000-memory.dmp

Filesize
408KB

Download
memory/4928-133-0x0000000005870000-0x0000000005E14000-memory.dmp

Filesize
5.6MB

Download