3ee59459573b3cd30af648d4bc46e81d0350d6dda15dce3f45ca3a1a835ff608

Resubmissions

07/03/2023, 13:26

230307-qpnn8aab39 7

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
07/03/2023, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ISSetupPrerequisites/FTDI VCP Driver.exe
Size

2.2MB
MD5

6393d7cb4a0e2dc6460eaca993cbaddf
SHA1

aff6653a6467417b0f6eabcc6b052788bdf110bc
SHA256

b4aa2c9fe26265c8ed02f3e6d102cc32e9cb7fa468756a47d5d1e233f50c3e09
SHA512

4e325822a50017a96c813c4ef26b0fbe31d2ac73ae6ca7796c7598240efa0829f0e6329b052082ea0cf90dc6229295c3fe879b31ce90f01c47c34229effd88a8
SSDEEP

49152:7Hmu9sF1YC1PfV+FYroTz50Tns60FAnGf5nzA5hCZmnoI:CuuFfJY2roTl0TstFz5zAjC8oI

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
508	OS_Detect.exe
1820	DPInst_Monx64.exe
1104	DPInstx64.exe

Loads dropped DLL 7 IoCs

pid	Process
1352	FTDI VCP Driver.exe
1352	FTDI VCP Driver.exe
1352	FTDI VCP Driver.exe
508	OS_Detect.exe
508	OS_Detect.exe
992	Process not Found
1820	DPInst_Monx64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 52 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\SET1548.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\ftcserco.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\SET155A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\ftdiport.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET11DF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_neutral_196728ceed198527\ftdibus.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\SET1537.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\SET155A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\FTLang.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\SET11F0.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\SET11F0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DPInstx64.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\SET1549.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_neutral_16c2db3d57d3fe89\ftdiport.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET11BF.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET11BF.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET11DF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\i386\ftd2xx.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_neutral_16c2db3d57d3fe89\ftdiport.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET1131.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\i386	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET1170.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\ftbusui.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\SET1548.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_neutral_196728ceed198527\ftdibus.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\SET1536.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\ftser2k.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\SET1537.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET1131.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\ftdibus.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\ftserui2.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\ftdiport.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\ftd2xx64.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\ftdibus.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\SET1201.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\i386\SET1202.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\SET1536.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\SET1549.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET1170.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\ftdibus.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\SET1201.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\i386\SET1202.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64	DrvInst.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~1\DIFX\0169CE3A95F06636\DPInstx64.exe	DPInstx64.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\DPINST.LOG	DPInstx64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DPInstx64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem3.inf	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1820	DPInst_Monx64.exe

Suspicious use of AdjustPrivilegeToken 42 IoCs

description	pid	Process
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1104	DPInstx64.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1376	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe
Token: SeRestorePrivilege	1564	DrvInst.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 508	1352	FTDI VCP Driver.exe	28
PID 1352 wrote to memory of 508	1352	FTDI VCP Driver.exe	28
PID 1352 wrote to memory of 508	1352	FTDI VCP Driver.exe	28
PID 1352 wrote to memory of 508	1352	FTDI VCP Driver.exe	28
PID 508 wrote to memory of 1820	508	OS_Detect.exe	31
PID 508 wrote to memory of 1820	508	OS_Detect.exe	31
PID 508 wrote to memory of 1820	508	OS_Detect.exe	31
PID 508 wrote to memory of 1820	508	OS_Detect.exe	31
PID 1820 wrote to memory of 1104	1820	DPInst_Monx64.exe	32
PID 1820 wrote to memory of 1104	1820	DPInst_Monx64.exe	32
PID 1820 wrote to memory of 1104	1820	DPInst_Monx64.exe	32
PID 1820 wrote to memory of 1104	1820	DPInst_Monx64.exe	32
PID 1820 wrote to memory of 1104	1820	DPInst_Monx64.exe	32

C:\Users\Admin\AppData\Local\Temp\ISSetupPrerequisites\FTDI VCP Driver.exe
"C:\Users\Admin\AppData\Local\Temp\ISSetupPrerequisites\FTDI VCP Driver.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\OS_Detect.exe
  "C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\OS_Detect.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:508
- - C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInst_Monx64.exe
    "C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInst_Monx64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInstx64.exe
      "C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInstx64.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Program Files directory
      Drops file in Windows directory
      Suspicious use of AdjustPrivilegeToken
      PID:1104

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{0ef73cea-3e0d-55e3-41f9-d478945e4356}\ftdibus.inf" "9" "630446fff" "0000000000000588" "WinSta0\Default" "00000000000003F4" "208" "c:\users\admin\appdata\local\temp\ckz_ai2m"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1376

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{2b109cce-e2f5-10ad-1150-a57292029c0f}\ftdiport.inf" "9" "689d9a347" "00000000000003F4" "WinSta0\Default" "0000000000000570" "208" "c:\users\admin\appdata\local\temp\ckz_ai2m"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1564

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInst_Monx64.exe

Filesize
73KB

MD5
c40dba8f4e4b7e6a9c26e91a1c6613cf

SHA1
901039392671410f44b1769ece2b48d8491bd81a

SHA256
a514788339e1cc936a8b8c9496db0a03ad01bfc0d0170d16273b2ce1d4e694cb

SHA512
25afc95a5bd64ab16c7b9d8b0168b4b1df564a8fce13794b82033fdbc396e0542b64d3a9440cb8d18d709d29759da8420f9167c3d486b9f3ebdba0d4531bf3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInst_Monx64.exe

Filesize
73KB

MD5
c40dba8f4e4b7e6a9c26e91a1c6613cf

SHA1
901039392671410f44b1769ece2b48d8491bd81a

SHA256
a514788339e1cc936a8b8c9496db0a03ad01bfc0d0170d16273b2ce1d4e694cb

SHA512
25afc95a5bd64ab16c7b9d8b0168b4b1df564a8fce13794b82033fdbc396e0542b64d3a9440cb8d18d709d29759da8420f9167c3d486b9f3ebdba0d4531bf3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInstx64.exe

Filesize
908KB

MD5
c3ac43b2018114a617e946aa8fdf3cac

SHA1
2d90f38bc995c9cd5efec52109f8bd2468001ca7

SHA256
ef6c5fe9f08be67f24c7dfa5c7bc3d69ab4e387e6065602d45ba358289f05117

SHA512
8c471a2575751c5995b10859219b979d75c8e8e4496604c0718268d8367790c5bb8e6dd47c735dcecd02a62dbb0d8fbbb70ea1d085ad7b798491a3d831cd9488

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInstx64.exe

Filesize
908KB

MD5
c3ac43b2018114a617e946aa8fdf3cac

SHA1
2d90f38bc995c9cd5efec52109f8bd2468001ca7

SHA256
ef6c5fe9f08be67f24c7dfa5c7bc3d69ab4e387e6065602d45ba358289f05117

SHA512
8c471a2575751c5995b10859219b979d75c8e8e4496604c0718268d8367790c5bb8e6dd47c735dcecd02a62dbb0d8fbbb70ea1d085ad7b798491a3d831cd9488

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\OS_Detect.exe

Filesize
73KB

MD5
1b030ef57a57739326272a81a00598d5

SHA1
a4810e6192ead7f58e77b01a3a904a656a63ef18

SHA256
36ebb0be0a79ae3f6f8aec5e4ed7f810851c9ac1ff0011fd1f19a343a6663f30

SHA512
8d3380ae5acb4a9b47a26fba225a7a18042e08717b96545582e652238e0834c7ed2e1762f34bb500ada432c4ad8488b28ae4628dc3c0defa6657cce4311f4f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\OS_Detect.exe

Filesize
73KB

MD5
1b030ef57a57739326272a81a00598d5

SHA1
a4810e6192ead7f58e77b01a3a904a656a63ef18

SHA256
36ebb0be0a79ae3f6f8aec5e4ed7f810851c9ac1ff0011fd1f19a343a6663f30

SHA512
8d3380ae5acb4a9b47a26fba225a7a18042e08717b96545582e652238e0834c7ed2e1762f34bb500ada432c4ad8488b28ae4628dc3c0defa6657cce4311f4f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_AI2M\dpinst.xml

Filesize
121B

MD5
0d8b4c7538a0a919b094ca5ac9533114

SHA1
6a11d810d9e3e5a1164031bb1328b9ca7ddda5b7

SHA256
2dfce2253a5e718e1cf4663b1b6d385cdad2f41e02b901978d7d5c9b94e3a52d

SHA512
c50affe593c7c6c5d5ced575e1b0fd2fa5be25dddf0157add90eeeeb93f8039bee11cb96b1c99285d1d4061483da388f8ecf41c75b244afab69ab7a11d2af5b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0EF73~1\amd64\FTLang.dll

Filesize
278KB

MD5
3ebb56d3a9601b778586e9f696a821e2

SHA1
c69d62d73cd36898783f0261b955b310a1c9df73

SHA256
d530434f0ad2b7ce43cb1c38700c38942e25a7816375729fcd339c2175bc61e5

SHA512
26e549afcbfe3e3e2d57a07b7d6a7c2373f0d153c4be1a29f2602fa80eef775b0bcee59320e5a31c7e7b0526af04f14f115b7169709bc26e4a15c1a5cbf36580

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0EF73~1\amd64\ftbusui.dll

Filesize
140KB

MD5
49424524ec55edcb9f448239dcac04f5

SHA1
59b8625b63dac5be9ebb418ba0f35fabf7b85222

SHA256
b4c5a11ac96f61f04a1af46bbc7507fa9e356ee928d5662e5303b23a0edda834

SHA512
a1ae040b6a537013c1bb9f066b0f02afdc101cae93f706f4aaec960de13d081375c3979a6621a8ce866f254bc9175b120871f91da0bb70066a590d435202e0e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0EF73~1\amd64\ftd2xx64.dll

Filesize
322KB

MD5
bc0fd46d9e9d8578053d02511cebdf2a

SHA1
6526bc9db42ce0eb0f453235c63fca2fbdf2342f

SHA256
ce1ff346e4bb51a605a99ae6e51fb7929d176a31a24ee536fb95c08bee037fd0

SHA512
8aebd66ac465a660ca95b685fa251c4285260ee370d29d30029bf8b16894f9ffc2b244ad359be6f0aeb412f965a6c4bdbc32ea255528f3d05f682ec9d8926fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0EF73~1\amd64\ftdibus.sys

Filesize
67KB

MD5
7442bca60ed46cc31c2f39728bbdd9ad

SHA1
ee11b1a361788ead7d0539472f4cc89e095759ca

SHA256
0218349e24ac059c502009432a0ec51086e1f9a895e7367cac1fc6a6c8187b2b

SHA512
3dacf7de845ae732e3676550e1fd506ea24810554c0823182c3fc2a88c3895870228eed0588c067cca69cb664c173defc6294d5da388112389f83a7f20a345ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0EF73~1\i386\ftd2xx.dll

Filesize
201KB

MD5
5c46e1b62ba9bed54c339cb28fc978ea

SHA1
3a84d4faa8391970117c4fbd3aeeffe4fc9a924c

SHA256
381117c743766e3a696609bb29ca075772aa603cff196e16c3854c06ee1ab254

SHA512
59d3ef442c16a591732665947ddeaeb5daee95e3bab583ba60bd240bd9e77829012051edc38d946e2252c8ce79af1713fcffbbed5b0bdd3243cb2e7832eb0285

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0ef73cea-3e0d-55e3-41f9-d478945e4356}\ftdibus.cat

Filesize
11KB

MD5
719c0c5a7cb6312f13a9bae4b3110152

SHA1
153cd6a841ff919a2c6eabb2274572bd90ac0fdb

SHA256
b2508e8ab1abc297df0881f60c40ab495749e7f6c4c76d0da4aa72cb071453c3

SHA512
c3e315d50f5c0d27b8033f6851aa8160b9f541287e0a5884e0498a59982205ed4d1abce0466bebd34ce78fe5de9f50b4efa8047c757d3e731c5c4b7c9038d76a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{0ef73cea-3e0d-55e3-41f9-d478945e4356}\ftdibus.inf

Filesize
4KB

MD5
f4302a452767a833b6ce545953d51263

SHA1
3134fef0e1d959ec0cc2e458c94b7057b2ac0cc9

SHA256
28c5d483663f238eeb286d53d9a61e1618bfa914ac3128e774623bd09bb04600

SHA512
98dbe7312acd6d190df41216b1b67b5246fc0013f3a4a3566ef5d0dea9e0399e1f14f429ad73bacdb7566b3f570da069dd9bb1f9a5ed7da2365471a49bf59315

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2B109~1\amd64\ftcserco.dll

Filesize
50KB

MD5
f23c05f647a3a8eadcd53107e8f3c12a

SHA1
8ae12d749564690004cba1d3c88fddd2bfccfa91

SHA256
9004408bbfc81e35a21c444f7c1f6b41c422eb8cedb54a4c610ca6036abd29e7

SHA512
234baa0676ad9d3d973561267347adece27a7f6e45db0165c01547e3a9f70d78370ee6667dc20c682a688ddcb8eec652106b5d0953c668635d9b7ba6855d2951

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2B109~1\amd64\ftser2k.sys

Filesize
82KB

MD5
121af3148cdda212cffbc4f6240699c2

SHA1
18111df80d4e0d76d4aaf4914aa7a8fa595b9fc2

SHA256
866d8ca649144502dcf2975905100abc8ba068c6a1aaf503421b2fa97ffd2514

SHA512
9a706b4fe3276ccc78fc1256ecc76538caf98cc080cb79265fd74d4e1263b56e4cb1285ef4e1d3070fd2d2d8e05ad9d7d315d173f02392e2c1ca411ccdf60b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2B109~1\amd64\ftserui2.dll

Filesize
53KB

MD5
badb676621ee28e1c87ea39d7e7be179

SHA1
5aae561f190bb9305adde66f638391a8aed0f11e

SHA256
32e3f24c267137549ee23c0bf4da1da28e07cfe04c56f6d2e6d309214b06b101

SHA512
acc421c4d58411d40db93e228fd70d006a9cfe209107fe45be1e564363275a1056597419be38b5178368b1e4b69e70995375e070ced56c7543a7308e3573afbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2b109cce-e2f5-10ad-1150-a57292029c0f}\ftdiport.cat

Filesize
10KB

MD5
3a52d058a5203c5efd4e0027017e3e58

SHA1
2aef0da7acbb32405ff593226f4454a4d684e65b

SHA256
661ce147a903a951e217b177a9ba793e50ec1073e0660412b671e81d652e8131

SHA512
08d73e11a06218057f60e414d43666dbfe1a44d3e6800473f0c9e9c8192ac6f5e3f046cec1c35204ba5c100107f666f549ca3399985eb270f1356291910b81f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2b109cce-e2f5-10ad-1150-a57292029c0f}\ftdiport.inf

Filesize
5KB

MD5
c94170ec43e861c43831537029789380

SHA1
88eb56038379b8b7dcfb4d2448a60f52e064b265

SHA256
714ef681c28a88aa90ebebae3cafca58a743d191fc872fbca169b79a7afe18a6

SHA512
563a3515474a42265c3d193743565bff8e7f2035f63d0b93ef01efccfc9ace8eb0b159904180ed59401babc863da4e788e269d9191e53ca95417983c9cf04a92

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_neutral_196728ceed198527\ftdibus.PNF

Filesize
12KB

MD5
016079732621a0eb14ae8bd2181c622d

SHA1
ad3facb5be0b70bcafe845662ddf6cf7c53d1616

SHA256
b46e2a767f670030526b8de2c8907d069ec43a37efe958bbb03d971dd9b0e935

SHA512
f038955432cf1df9fd68f9e096bda059f9865fe6d3c48ab9dd39995c26fec67734f5fd513ce0b201b7c8c8e95a93b325a84b744d6df5b9d085abbf6e2399dd04

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_neutral_196728ceed198527\ftdibus.cat

Filesize
11KB

MD5
719c0c5a7cb6312f13a9bae4b3110152

SHA1
153cd6a841ff919a2c6eabb2274572bd90ac0fdb

SHA256
b2508e8ab1abc297df0881f60c40ab495749e7f6c4c76d0da4aa72cb071453c3

SHA512
c3e315d50f5c0d27b8033f6851aa8160b9f541287e0a5884e0498a59982205ed4d1abce0466bebd34ce78fe5de9f50b4efa8047c757d3e731c5c4b7c9038d76a

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_neutral_196728ceed198527\ftdibus.inf

Filesize
4KB

MD5
f4302a452767a833b6ce545953d51263

SHA1
3134fef0e1d959ec0cc2e458c94b7057b2ac0cc9

SHA256
28c5d483663f238eeb286d53d9a61e1618bfa914ac3128e774623bd09bb04600

SHA512
98dbe7312acd6d190df41216b1b67b5246fc0013f3a4a3566ef5d0dea9e0399e1f14f429ad73bacdb7566b3f570da069dd9bb1f9a5ed7da2365471a49bf59315

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_neutral_16c2db3d57d3fe89\ftdiport.PNF

Filesize
13KB

MD5
c4bbbddb7fa8582ad524055547514210

SHA1
f1134407099f355a1f9a44fa0414b76819ac6170

SHA256
99709f5c4ab0c3cc31ad9031eea4c95f64ff1f72e4188c389b472f91098f7b94

SHA512
71fc50d3d5a61479b0f6ea31857fd99edcebc9d1c9ffe00f70a7ff41d65c79cf15602392d718b0c321235cf0354eaf1fe02a57f93cdd5a6019cbb20425dfd442

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_neutral_16c2db3d57d3fe89\ftdiport.cat

Filesize
10KB

MD5
3a52d058a5203c5efd4e0027017e3e58

SHA1
2aef0da7acbb32405ff593226f4454a4d684e65b

SHA256
661ce147a903a951e217b177a9ba793e50ec1073e0660412b671e81d652e8131

SHA512
08d73e11a06218057f60e414d43666dbfe1a44d3e6800473f0c9e9c8192ac6f5e3f046cec1c35204ba5c100107f666f549ca3399985eb270f1356291910b81f9

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_neutral_16c2db3d57d3fe89\ftdiport.inf

Filesize
5KB

MD5
c94170ec43e861c43831537029789380

SHA1
88eb56038379b8b7dcfb4d2448a60f52e064b265

SHA256
714ef681c28a88aa90ebebae3cafca58a743d191fc872fbca169b79a7afe18a6

SHA512
563a3515474a42265c3d193743565bff8e7f2035f63d0b93ef01efccfc9ace8eb0b159904180ed59401babc863da4e788e269d9191e53ca95417983c9cf04a92

Download Submit
C:\Windows\System32\DriverStore\INFCACHE.1

Filesize
1.4MB

MD5
5c202522f09ddbdaf1982a9edb9331d2

SHA1
48782040b82f0eecb01fe7eb528253824e8c3fb2

SHA256
b7c7d73f056cb36cbbfb979de0952291ce3aa939c61e252136e519f93222cdf2

SHA512
3283739b6760a26b5b577ee335d0650057017b3e80d879d0f82f8be390a9dc9cfe7f57195eb658074ad2dd2f831fc7385b4a17bf5129011be48524335c94d2e9

Download Submit
C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\SET11F0.tmp

Filesize
11KB

MD5
719c0c5a7cb6312f13a9bae4b3110152

SHA1
153cd6a841ff919a2c6eabb2274572bd90ac0fdb

SHA256
b2508e8ab1abc297df0881f60c40ab495749e7f6c4c76d0da4aa72cb071453c3

SHA512
c3e315d50f5c0d27b8033f6851aa8160b9f541287e0a5884e0498a59982205ed4d1abce0466bebd34ce78fe5de9f50b4efa8047c757d3e731c5c4b7c9038d76a

Download Submit
C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\SET1201.tmp

Filesize
4KB

MD5
f4302a452767a833b6ce545953d51263

SHA1
3134fef0e1d959ec0cc2e458c94b7057b2ac0cc9

SHA256
28c5d483663f238eeb286d53d9a61e1618bfa914ac3128e774623bd09bb04600

SHA512
98dbe7312acd6d190df41216b1b67b5246fc0013f3a4a3566ef5d0dea9e0399e1f14f429ad73bacdb7566b3f570da069dd9bb1f9a5ed7da2365471a49bf59315

Download Submit
C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET1131.tmp

Filesize
278KB

MD5
3ebb56d3a9601b778586e9f696a821e2

SHA1
c69d62d73cd36898783f0261b955b310a1c9df73

SHA256
d530434f0ad2b7ce43cb1c38700c38942e25a7816375729fcd339c2175bc61e5

SHA512
26e549afcbfe3e3e2d57a07b7d6a7c2373f0d153c4be1a29f2602fa80eef775b0bcee59320e5a31c7e7b0526af04f14f115b7169709bc26e4a15c1a5cbf36580

Download Submit
C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET1170.tmp

Filesize
322KB

MD5
bc0fd46d9e9d8578053d02511cebdf2a

SHA1
6526bc9db42ce0eb0f453235c63fca2fbdf2342f

SHA256
ce1ff346e4bb51a605a99ae6e51fb7929d176a31a24ee536fb95c08bee037fd0

SHA512
8aebd66ac465a660ca95b685fa251c4285260ee370d29d30029bf8b16894f9ffc2b244ad359be6f0aeb412f965a6c4bdbc32ea255528f3d05f682ec9d8926fc9

Download Submit
C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET11BF.tmp

Filesize
140KB

MD5
49424524ec55edcb9f448239dcac04f5

SHA1
59b8625b63dac5be9ebb418ba0f35fabf7b85222

SHA256
b4c5a11ac96f61f04a1af46bbc7507fa9e356ee928d5662e5303b23a0edda834

SHA512
a1ae040b6a537013c1bb9f066b0f02afdc101cae93f706f4aaec960de13d081375c3979a6621a8ce866f254bc9175b120871f91da0bb70066a590d435202e0e7

Download Submit
C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\amd64\SET11DF.tmp

Filesize
67KB

MD5
7442bca60ed46cc31c2f39728bbdd9ad

SHA1
ee11b1a361788ead7d0539472f4cc89e095759ca

SHA256
0218349e24ac059c502009432a0ec51086e1f9a895e7367cac1fc6a6c8187b2b

SHA512
3dacf7de845ae732e3676550e1fd506ea24810554c0823182c3fc2a88c3895870228eed0588c067cca69cb664c173defc6294d5da388112389f83a7f20a345ca

Download Submit
C:\Windows\System32\DriverStore\Temp\{255ace30-4ffa-3d62-4f66-9728b3047f24}\i386\SET1202.tmp

Filesize
201KB

MD5
5c46e1b62ba9bed54c339cb28fc978ea

SHA1
3a84d4faa8391970117c4fbd3aeeffe4fc9a924c

SHA256
381117c743766e3a696609bb29ca075772aa603cff196e16c3854c06ee1ab254

SHA512
59d3ef442c16a591732665947ddeaeb5daee95e3bab583ba60bd240bd9e77829012051edc38d946e2252c8ce79af1713fcffbbed5b0bdd3243cb2e7832eb0285

Download Submit
C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\SET1549.tmp

Filesize
10KB

MD5
3a52d058a5203c5efd4e0027017e3e58

SHA1
2aef0da7acbb32405ff593226f4454a4d684e65b

SHA256
661ce147a903a951e217b177a9ba793e50ec1073e0660412b671e81d652e8131

SHA512
08d73e11a06218057f60e414d43666dbfe1a44d3e6800473f0c9e9c8192ac6f5e3f046cec1c35204ba5c100107f666f549ca3399985eb270f1356291910b81f9

Download Submit
C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\SET155A.tmp

Filesize
5KB

MD5
c94170ec43e861c43831537029789380

SHA1
88eb56038379b8b7dcfb4d2448a60f52e064b265

SHA256
714ef681c28a88aa90ebebae3cafca58a743d191fc872fbca169b79a7afe18a6

SHA512
563a3515474a42265c3d193743565bff8e7f2035f63d0b93ef01efccfc9ace8eb0b159904180ed59401babc863da4e788e269d9191e53ca95417983c9cf04a92

Download Submit
C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\SET1536.tmp

Filesize
82KB

MD5
121af3148cdda212cffbc4f6240699c2

SHA1
18111df80d4e0d76d4aaf4914aa7a8fa595b9fc2

SHA256
866d8ca649144502dcf2975905100abc8ba068c6a1aaf503421b2fa97ffd2514

SHA512
9a706b4fe3276ccc78fc1256ecc76538caf98cc080cb79265fd74d4e1263b56e4cb1285ef4e1d3070fd2d2d8e05ad9d7d315d173f02392e2c1ca411ccdf60b77

Download Submit
C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\SET1537.tmp

Filesize
53KB

MD5
badb676621ee28e1c87ea39d7e7be179

SHA1
5aae561f190bb9305adde66f638391a8aed0f11e

SHA256
32e3f24c267137549ee23c0bf4da1da28e07cfe04c56f6d2e6d309214b06b101

SHA512
acc421c4d58411d40db93e228fd70d006a9cfe209107fe45be1e564363275a1056597419be38b5178368b1e4b69e70995375e070ced56c7543a7308e3573afbe

Download Submit
C:\Windows\System32\DriverStore\Temp\{7dca96ee-336f-31f2-ecf1-304d6f9a0e5f}\amd64\SET1548.tmp

Filesize
50KB

MD5
f23c05f647a3a8eadcd53107e8f3c12a

SHA1
8ae12d749564690004cba1d3c88fddd2bfccfa91

SHA256
9004408bbfc81e35a21c444f7c1f6b41c422eb8cedb54a4c610ca6036abd29e7

SHA512
234baa0676ad9d3d973561267347adece27a7f6e45db0165c01547e3a9f70d78370ee6667dc20c682a688ddcb8eec652106b5d0953c668635d9b7ba6855d2951

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\amd64\FTLang.dll

Filesize
278KB

MD5
3ebb56d3a9601b778586e9f696a821e2

SHA1
c69d62d73cd36898783f0261b955b310a1c9df73

SHA256
d530434f0ad2b7ce43cb1c38700c38942e25a7816375729fcd339c2175bc61e5

SHA512
26e549afcbfe3e3e2d57a07b7d6a7c2373f0d153c4be1a29f2602fa80eef775b0bcee59320e5a31c7e7b0526af04f14f115b7169709bc26e4a15c1a5cbf36580

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\amd64\ftbusui.dll

Filesize
140KB

MD5
49424524ec55edcb9f448239dcac04f5

SHA1
59b8625b63dac5be9ebb418ba0f35fabf7b85222

SHA256
b4c5a11ac96f61f04a1af46bbc7507fa9e356ee928d5662e5303b23a0edda834

SHA512
a1ae040b6a537013c1bb9f066b0f02afdc101cae93f706f4aaec960de13d081375c3979a6621a8ce866f254bc9175b120871f91da0bb70066a590d435202e0e7

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\amd64\ftcserco.dll

Filesize
50KB

MD5
f23c05f647a3a8eadcd53107e8f3c12a

SHA1
8ae12d749564690004cba1d3c88fddd2bfccfa91

SHA256
9004408bbfc81e35a21c444f7c1f6b41c422eb8cedb54a4c610ca6036abd29e7

SHA512
234baa0676ad9d3d973561267347adece27a7f6e45db0165c01547e3a9f70d78370ee6667dc20c682a688ddcb8eec652106b5d0953c668635d9b7ba6855d2951

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\amd64\ftd2xx64.dll

Filesize
322KB

MD5
bc0fd46d9e9d8578053d02511cebdf2a

SHA1
6526bc9db42ce0eb0f453235c63fca2fbdf2342f

SHA256
ce1ff346e4bb51a605a99ae6e51fb7929d176a31a24ee536fb95c08bee037fd0

SHA512
8aebd66ac465a660ca95b685fa251c4285260ee370d29d30029bf8b16894f9ffc2b244ad359be6f0aeb412f965a6c4bdbc32ea255528f3d05f682ec9d8926fc9

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\amd64\ftdibus.sys

Filesize
67KB

MD5
7442bca60ed46cc31c2f39728bbdd9ad

SHA1
ee11b1a361788ead7d0539472f4cc89e095759ca

SHA256
0218349e24ac059c502009432a0ec51086e1f9a895e7367cac1fc6a6c8187b2b

SHA512
3dacf7de845ae732e3676550e1fd506ea24810554c0823182c3fc2a88c3895870228eed0588c067cca69cb664c173defc6294d5da388112389f83a7f20a345ca

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\amd64\ftser2k.sys

Filesize
82KB

MD5
121af3148cdda212cffbc4f6240699c2

SHA1
18111df80d4e0d76d4aaf4914aa7a8fa595b9fc2

SHA256
866d8ca649144502dcf2975905100abc8ba068c6a1aaf503421b2fa97ffd2514

SHA512
9a706b4fe3276ccc78fc1256ecc76538caf98cc080cb79265fd74d4e1263b56e4cb1285ef4e1d3070fd2d2d8e05ad9d7d315d173f02392e2c1ca411ccdf60b77

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\amd64\ftserui2.dll

Filesize
53KB

MD5
badb676621ee28e1c87ea39d7e7be179

SHA1
5aae561f190bb9305adde66f638391a8aed0f11e

SHA256
32e3f24c267137549ee23c0bf4da1da28e07cfe04c56f6d2e6d309214b06b101

SHA512
acc421c4d58411d40db93e228fd70d006a9cfe209107fe45be1e564363275a1056597419be38b5178368b1e4b69e70995375e070ced56c7543a7308e3573afbe

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\ftdibus.cat

Filesize
11KB

MD5
719c0c5a7cb6312f13a9bae4b3110152

SHA1
153cd6a841ff919a2c6eabb2274572bd90ac0fdb

SHA256
b2508e8ab1abc297df0881f60c40ab495749e7f6c4c76d0da4aa72cb071453c3

SHA512
c3e315d50f5c0d27b8033f6851aa8160b9f541287e0a5884e0498a59982205ed4d1abce0466bebd34ce78fe5de9f50b4efa8047c757d3e731c5c4b7c9038d76a

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\ftdibus.inf

Filesize
4KB

MD5
f4302a452767a833b6ce545953d51263

SHA1
3134fef0e1d959ec0cc2e458c94b7057b2ac0cc9

SHA256
28c5d483663f238eeb286d53d9a61e1618bfa914ac3128e774623bd09bb04600

SHA512
98dbe7312acd6d190df41216b1b67b5246fc0013f3a4a3566ef5d0dea9e0399e1f14f429ad73bacdb7566b3f570da069dd9bb1f9a5ed7da2365471a49bf59315

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\ftdiport.cat

Filesize
10KB

MD5
3a52d058a5203c5efd4e0027017e3e58

SHA1
2aef0da7acbb32405ff593226f4454a4d684e65b

SHA256
661ce147a903a951e217b177a9ba793e50ec1073e0660412b671e81d652e8131

SHA512
08d73e11a06218057f60e414d43666dbfe1a44d3e6800473f0c9e9c8192ac6f5e3f046cec1c35204ba5c100107f666f549ca3399985eb270f1356291910b81f9

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\ftdiport.inf

Filesize
5KB

MD5
c94170ec43e861c43831537029789380

SHA1
88eb56038379b8b7dcfb4d2448a60f52e064b265

SHA256
714ef681c28a88aa90ebebae3cafca58a743d191fc872fbca169b79a7afe18a6

SHA512
563a3515474a42265c3d193743565bff8e7f2035f63d0b93ef01efccfc9ace8eb0b159904180ed59401babc863da4e788e269d9191e53ca95417983c9cf04a92

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_ai2m\i386\ftd2xx.dll

Filesize
201KB

MD5
5c46e1b62ba9bed54c339cb28fc978ea

SHA1
3a84d4faa8391970117c4fbd3aeeffe4fc9a924c

SHA256
381117c743766e3a696609bb29ca075772aa603cff196e16c3854c06ee1ab254

SHA512
59d3ef442c16a591732665947ddeaeb5daee95e3bab583ba60bd240bd9e77829012051edc38d946e2252c8ce79af1713fcffbbed5b0bdd3243cb2e7832eb0285

Download Submit
\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInst_Monx64.exe

Filesize
73KB

MD5
c40dba8f4e4b7e6a9c26e91a1c6613cf

SHA1
901039392671410f44b1769ece2b48d8491bd81a

SHA256
a514788339e1cc936a8b8c9496db0a03ad01bfc0d0170d16273b2ce1d4e694cb

SHA512
25afc95a5bd64ab16c7b9d8b0168b4b1df564a8fce13794b82033fdbc396e0542b64d3a9440cb8d18d709d29759da8420f9167c3d486b9f3ebdba0d4531bf3d1

Download Submit
\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInst_Monx64.exe

Filesize
73KB

MD5
c40dba8f4e4b7e6a9c26e91a1c6613cf

SHA1
901039392671410f44b1769ece2b48d8491bd81a

SHA256
a514788339e1cc936a8b8c9496db0a03ad01bfc0d0170d16273b2ce1d4e694cb

SHA512
25afc95a5bd64ab16c7b9d8b0168b4b1df564a8fce13794b82033fdbc396e0542b64d3a9440cb8d18d709d29759da8420f9167c3d486b9f3ebdba0d4531bf3d1

Download Submit
\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInst_Monx64.exe

Filesize
73KB

MD5
c40dba8f4e4b7e6a9c26e91a1c6613cf

SHA1
901039392671410f44b1769ece2b48d8491bd81a

SHA256
a514788339e1cc936a8b8c9496db0a03ad01bfc0d0170d16273b2ce1d4e694cb

SHA512
25afc95a5bd64ab16c7b9d8b0168b4b1df564a8fce13794b82033fdbc396e0542b64d3a9440cb8d18d709d29759da8420f9167c3d486b9f3ebdba0d4531bf3d1

Download Submit
\Users\Admin\AppData\Local\Temp\ckz_AI2M\DPInstx64.exe

Filesize
908KB

MD5
c3ac43b2018114a617e946aa8fdf3cac

SHA1
2d90f38bc995c9cd5efec52109f8bd2468001ca7

SHA256
ef6c5fe9f08be67f24c7dfa5c7bc3d69ab4e387e6065602d45ba358289f05117

SHA512
8c471a2575751c5995b10859219b979d75c8e8e4496604c0718268d8367790c5bb8e6dd47c735dcecd02a62dbb0d8fbbb70ea1d085ad7b798491a3d831cd9488

Download Submit
\Users\Admin\AppData\Local\Temp\ckz_AI2M\OS_Detect.exe

Filesize
73KB

MD5
1b030ef57a57739326272a81a00598d5

SHA1
a4810e6192ead7f58e77b01a3a904a656a63ef18

SHA256
36ebb0be0a79ae3f6f8aec5e4ed7f810851c9ac1ff0011fd1f19a343a6663f30

SHA512
8d3380ae5acb4a9b47a26fba225a7a18042e08717b96545582e652238e0834c7ed2e1762f34bb500ada432c4ad8488b28ae4628dc3c0defa6657cce4311f4f50

Download Submit
\Users\Admin\AppData\Local\Temp\ckz_AI2M\OS_Detect.exe

Filesize
73KB

MD5
1b030ef57a57739326272a81a00598d5

SHA1
a4810e6192ead7f58e77b01a3a904a656a63ef18

SHA256
36ebb0be0a79ae3f6f8aec5e4ed7f810851c9ac1ff0011fd1f19a343a6663f30

SHA512
8d3380ae5acb4a9b47a26fba225a7a18042e08717b96545582e652238e0834c7ed2e1762f34bb500ada432c4ad8488b28ae4628dc3c0defa6657cce4311f4f50

Download Submit
\Users\Admin\AppData\Local\Temp\ckz_AI2M\OS_Detect.exe

Filesize
73KB

MD5
1b030ef57a57739326272a81a00598d5

SHA1
a4810e6192ead7f58e77b01a3a904a656a63ef18

SHA256
36ebb0be0a79ae3f6f8aec5e4ed7f810851c9ac1ff0011fd1f19a343a6663f30

SHA512
8d3380ae5acb4a9b47a26fba225a7a18042e08717b96545582e652238e0834c7ed2e1762f34bb500ada432c4ad8488b28ae4628dc3c0defa6657cce4311f4f50

Download Submit