3ee59459573b3cd30af648d4bc46e81d0350d6dda15dce3f45ca3a1a835ff608

Resubmissions

07-03-2023 13:26

230307-qpnn8aab39 7

Analysis

max time kernel
108s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2023 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ISSetupPrerequisites/FTDI VCP Driver.exe
Size

2.2MB
MD5

6393d7cb4a0e2dc6460eaca993cbaddf
SHA1

aff6653a6467417b0f6eabcc6b052788bdf110bc
SHA256

b4aa2c9fe26265c8ed02f3e6d102cc32e9cb7fa468756a47d5d1e233f50c3e09
SHA512

4e325822a50017a96c813c4ef26b0fbe31d2ac73ae6ca7796c7598240efa0829f0e6329b052082ea0cf90dc6229295c3fe879b31ce90f01c47c34229effd88a8
SSDEEP

49152:7Hmu9sF1YC1PfV+FYroTz50Tns60FAnGf5nzA5hCZmnoI:CuuFfJY2roTl0TstFz5zAjC8oI

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	FTDI VCP Driver.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	OS_Detect.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	DPInst_Monx64.exe

Executes dropped EXE 3 IoCs

pid	Process
3736	OS_Detect.exe
2996	DPInst_Monx64.exe
320	DPInstx64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 60 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\ftdibus.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\i386	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET990A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\ftdibus.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_196728ceed198527\amd64\FTLang.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DPInstx64.exe
File created	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\SET9F23.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET990B.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\SET9F24.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_16c2db3d57d3fe89\amd64\ftserui2.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\SET991C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\i386\SET991E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\ftdiport.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_16c2db3d57d3fe89\amd64\ftser2k.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_16c2db3d57d3fe89\ftdiport.PNF	DPInstx64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\ftdibus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_196728ceed198527\ftdibus.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET98DB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_196728ceed198527\amd64\ftdibus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\SET991D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\SET991D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_196728ceed198527\ftdibus.PNF	DPInstx64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\ftdiport.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\SET991C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\FTLang.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\ftserui2.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\SET9F25.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\SET9F37.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_16c2db3d57d3fe89\ftdiport.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\ftd2xx64.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_16c2db3d57d3fe89\amd64\ftcserco.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_196728ceed198527\i386\ftd2xx.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\i386\SET991E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET990B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_196728ceed198527\amd64\ftbusui.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\SET9F26.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_16c2db3d57d3fe89\ftdiport.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET990A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\SET9F23.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\SET9F25.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\i386\ftd2xx.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET98CA.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET98DB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_196728ceed198527\ftdibus.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\ftser2k.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\SET9F24.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\SET9F26.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET98CA.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\SET9F37.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\ftcserco.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_196728ceed198527\amd64\ftd2xx64.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\ftbusui.dll	DrvInst.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~1\DIFX\0169CE3A95F06636\DPInstx64.exe	DPInstx64.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\DPINST.LOG	DPInstx64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DPInstx64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 58 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DPInstx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DPInstx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DPInstx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DPInstx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DPInstx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	DPInstx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DPInstx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DPInstx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DPInstx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DPInstx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DPInstx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DPInstx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DPInstx64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DPInstx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	DPInstx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DPInstx64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2996	DPInst_Monx64.exe
2996	DPInst_Monx64.exe
2996	DPInst_Monx64.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeAuditPrivilege	3968	svchost.exe
Token: SeSecurityPrivilege	3968	svchost.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3736	OS_Detect.exe
2996	DPInst_Monx64.exe
320	DPInstx64.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3760 wrote to memory of 3736	3760	FTDI VCP Driver.exe	83
PID 3760 wrote to memory of 3736	3760	FTDI VCP Driver.exe	83
PID 3760 wrote to memory of 3736	3760	FTDI VCP Driver.exe	83
PID 3736 wrote to memory of 2996	3736	OS_Detect.exe	86
PID 3736 wrote to memory of 2996	3736	OS_Detect.exe	86
PID 2996 wrote to memory of 320	2996	DPInst_Monx64.exe	88
PID 2996 wrote to memory of 320	2996	DPInst_Monx64.exe	88
PID 3968 wrote to memory of 564	3968	svchost.exe	90
PID 3968 wrote to memory of 564	3968	svchost.exe	90
PID 3968 wrote to memory of 4012	3968	svchost.exe	91
PID 3968 wrote to memory of 4012	3968	svchost.exe	91

C:\Users\Admin\AppData\Local\Temp\ISSetupPrerequisites\FTDI VCP Driver.exe
"C:\Users\Admin\AppData\Local\Temp\ISSetupPrerequisites\FTDI VCP Driver.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3760
- C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\OS_Detect.exe
  "C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\OS_Detect.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3736
- - C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\DPInst_Monx64.exe
    "C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\DPInst_Monx64.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\DPInstx64.exe
      "C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\DPInstx64.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Program Files directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Suspicious use of SetWindowsHookEx
      PID:320

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{ea80eb9c-8e4d-1e41-8a37-9cce543838e8}\ftdibus.inf" "9" "4558e3b83" "0000000000000148" "WinSta0\Default" "0000000000000160" "208" "c:\users\admin\appdata\local\temp\ckz_7ai4"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:564
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{92703c0b-d907-044c-8f80-b68fe7286886}\ftdiport.inf" "9" "48eeb7a1f" "000000000000017C" "WinSta0\Default" "0000000000000180" "208" "c:\users\admin\appdata\local\temp\ckz_7ai4"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\DPInst_Monx64.exe

Filesize
73KB

MD5
c40dba8f4e4b7e6a9c26e91a1c6613cf

SHA1
901039392671410f44b1769ece2b48d8491bd81a

SHA256
a514788339e1cc936a8b8c9496db0a03ad01bfc0d0170d16273b2ce1d4e694cb

SHA512
25afc95a5bd64ab16c7b9d8b0168b4b1df564a8fce13794b82033fdbc396e0542b64d3a9440cb8d18d709d29759da8420f9167c3d486b9f3ebdba0d4531bf3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\DPInst_Monx64.exe

Filesize
73KB

MD5
c40dba8f4e4b7e6a9c26e91a1c6613cf

SHA1
901039392671410f44b1769ece2b48d8491bd81a

SHA256
a514788339e1cc936a8b8c9496db0a03ad01bfc0d0170d16273b2ce1d4e694cb

SHA512
25afc95a5bd64ab16c7b9d8b0168b4b1df564a8fce13794b82033fdbc396e0542b64d3a9440cb8d18d709d29759da8420f9167c3d486b9f3ebdba0d4531bf3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\DPInstx64.exe

Filesize
908KB

MD5
c3ac43b2018114a617e946aa8fdf3cac

SHA1
2d90f38bc995c9cd5efec52109f8bd2468001ca7

SHA256
ef6c5fe9f08be67f24c7dfa5c7bc3d69ab4e387e6065602d45ba358289f05117

SHA512
8c471a2575751c5995b10859219b979d75c8e8e4496604c0718268d8367790c5bb8e6dd47c735dcecd02a62dbb0d8fbbb70ea1d085ad7b798491a3d831cd9488

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\DPInstx64.exe

Filesize
908KB

MD5
c3ac43b2018114a617e946aa8fdf3cac

SHA1
2d90f38bc995c9cd5efec52109f8bd2468001ca7

SHA256
ef6c5fe9f08be67f24c7dfa5c7bc3d69ab4e387e6065602d45ba358289f05117

SHA512
8c471a2575751c5995b10859219b979d75c8e8e4496604c0718268d8367790c5bb8e6dd47c735dcecd02a62dbb0d8fbbb70ea1d085ad7b798491a3d831cd9488

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\OS_Detect.exe

Filesize
73KB

MD5
1b030ef57a57739326272a81a00598d5

SHA1
a4810e6192ead7f58e77b01a3a904a656a63ef18

SHA256
36ebb0be0a79ae3f6f8aec5e4ed7f810851c9ac1ff0011fd1f19a343a6663f30

SHA512
8d3380ae5acb4a9b47a26fba225a7a18042e08717b96545582e652238e0834c7ed2e1762f34bb500ada432c4ad8488b28ae4628dc3c0defa6657cce4311f4f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\OS_Detect.exe

Filesize
73KB

MD5
1b030ef57a57739326272a81a00598d5

SHA1
a4810e6192ead7f58e77b01a3a904a656a63ef18

SHA256
36ebb0be0a79ae3f6f8aec5e4ed7f810851c9ac1ff0011fd1f19a343a6663f30

SHA512
8d3380ae5acb4a9b47a26fba225a7a18042e08717b96545582e652238e0834c7ed2e1762f34bb500ada432c4ad8488b28ae4628dc3c0defa6657cce4311f4f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\OS_Detect.exe

Filesize
73KB

MD5
1b030ef57a57739326272a81a00598d5

SHA1
a4810e6192ead7f58e77b01a3a904a656a63ef18

SHA256
36ebb0be0a79ae3f6f8aec5e4ed7f810851c9ac1ff0011fd1f19a343a6663f30

SHA512
8d3380ae5acb4a9b47a26fba225a7a18042e08717b96545582e652238e0834c7ed2e1762f34bb500ada432c4ad8488b28ae4628dc3c0defa6657cce4311f4f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\ckz_7AI4\dpinst.xml

Filesize
121B

MD5
0d8b4c7538a0a919b094ca5ac9533114

SHA1
6a11d810d9e3e5a1164031bb1328b9ca7ddda5b7

SHA256
2dfce2253a5e718e1cf4663b1b6d385cdad2f41e02b901978d7d5c9b94e3a52d

SHA512
c50affe593c7c6c5d5ced575e1b0fd2fa5be25dddf0157add90eeeeb93f8039bee11cb96b1c99285d1d4061483da388f8ecf41c75b244afab69ab7a11d2af5b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{92703c0b-d907-044c-8f80-b68fe7286886}\ftdiport.inf

Filesize
5KB

MD5
c94170ec43e861c43831537029789380

SHA1
88eb56038379b8b7dcfb4d2448a60f52e064b265

SHA256
714ef681c28a88aa90ebebae3cafca58a743d191fc872fbca169b79a7afe18a6

SHA512
563a3515474a42265c3d193743565bff8e7f2035f63d0b93ef01efccfc9ace8eb0b159904180ed59401babc863da4e788e269d9191e53ca95417983c9cf04a92

Download Submit
C:\Users\Admin\AppData\Local\Temp\{92703~1\amd64\ftcserco.dll

Filesize
50KB

MD5
f23c05f647a3a8eadcd53107e8f3c12a

SHA1
8ae12d749564690004cba1d3c88fddd2bfccfa91

SHA256
9004408bbfc81e35a21c444f7c1f6b41c422eb8cedb54a4c610ca6036abd29e7

SHA512
234baa0676ad9d3d973561267347adece27a7f6e45db0165c01547e3a9f70d78370ee6667dc20c682a688ddcb8eec652106b5d0953c668635d9b7ba6855d2951

Download Submit
C:\Users\Admin\AppData\Local\Temp\{92703~1\amd64\ftser2k.sys

Filesize
82KB

MD5
121af3148cdda212cffbc4f6240699c2

SHA1
18111df80d4e0d76d4aaf4914aa7a8fa595b9fc2

SHA256
866d8ca649144502dcf2975905100abc8ba068c6a1aaf503421b2fa97ffd2514

SHA512
9a706b4fe3276ccc78fc1256ecc76538caf98cc080cb79265fd74d4e1263b56e4cb1285ef4e1d3070fd2d2d8e05ad9d7d315d173f02392e2c1ca411ccdf60b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\{92703~1\amd64\ftserui2.dll

Filesize
53KB

MD5
badb676621ee28e1c87ea39d7e7be179

SHA1
5aae561f190bb9305adde66f638391a8aed0f11e

SHA256
32e3f24c267137549ee23c0bf4da1da28e07cfe04c56f6d2e6d309214b06b101

SHA512
acc421c4d58411d40db93e228fd70d006a9cfe209107fe45be1e564363275a1056597419be38b5178368b1e4b69e70995375e070ced56c7543a7308e3573afbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\{92703~1\ftdiport.cat

Filesize
10KB

MD5
3a52d058a5203c5efd4e0027017e3e58

SHA1
2aef0da7acbb32405ff593226f4454a4d684e65b

SHA256
661ce147a903a951e217b177a9ba793e50ec1073e0660412b671e81d652e8131

SHA512
08d73e11a06218057f60e414d43666dbfe1a44d3e6800473f0c9e9c8192ac6f5e3f046cec1c35204ba5c100107f666f549ca3399985eb270f1356291910b81f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EA80E~1\amd64\FTLang.dll

Filesize
278KB

MD5
3ebb56d3a9601b778586e9f696a821e2

SHA1
c69d62d73cd36898783f0261b955b310a1c9df73

SHA256
d530434f0ad2b7ce43cb1c38700c38942e25a7816375729fcd339c2175bc61e5

SHA512
26e549afcbfe3e3e2d57a07b7d6a7c2373f0d153c4be1a29f2602fa80eef775b0bcee59320e5a31c7e7b0526af04f14f115b7169709bc26e4a15c1a5cbf36580

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EA80E~1\amd64\ftbusui.dll

Filesize
140KB

MD5
49424524ec55edcb9f448239dcac04f5

SHA1
59b8625b63dac5be9ebb418ba0f35fabf7b85222

SHA256
b4c5a11ac96f61f04a1af46bbc7507fa9e356ee928d5662e5303b23a0edda834

SHA512
a1ae040b6a537013c1bb9f066b0f02afdc101cae93f706f4aaec960de13d081375c3979a6621a8ce866f254bc9175b120871f91da0bb70066a590d435202e0e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EA80E~1\amd64\ftd2xx64.dll

Filesize
322KB

MD5
bc0fd46d9e9d8578053d02511cebdf2a

SHA1
6526bc9db42ce0eb0f453235c63fca2fbdf2342f

SHA256
ce1ff346e4bb51a605a99ae6e51fb7929d176a31a24ee536fb95c08bee037fd0

SHA512
8aebd66ac465a660ca95b685fa251c4285260ee370d29d30029bf8b16894f9ffc2b244ad359be6f0aeb412f965a6c4bdbc32ea255528f3d05f682ec9d8926fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EA80E~1\amd64\ftdibus.sys

Filesize
67KB

MD5
7442bca60ed46cc31c2f39728bbdd9ad

SHA1
ee11b1a361788ead7d0539472f4cc89e095759ca

SHA256
0218349e24ac059c502009432a0ec51086e1f9a895e7367cac1fc6a6c8187b2b

SHA512
3dacf7de845ae732e3676550e1fd506ea24810554c0823182c3fc2a88c3895870228eed0588c067cca69cb664c173defc6294d5da388112389f83a7f20a345ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EA80E~1\ftdibus.cat

Filesize
11KB

MD5
719c0c5a7cb6312f13a9bae4b3110152

SHA1
153cd6a841ff919a2c6eabb2274572bd90ac0fdb

SHA256
b2508e8ab1abc297df0881f60c40ab495749e7f6c4c76d0da4aa72cb071453c3

SHA512
c3e315d50f5c0d27b8033f6851aa8160b9f541287e0a5884e0498a59982205ed4d1abce0466bebd34ce78fe5de9f50b4efa8047c757d3e731c5c4b7c9038d76a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EA80E~1\i386\ftd2xx.dll

Filesize
201KB

MD5
5c46e1b62ba9bed54c339cb28fc978ea

SHA1
3a84d4faa8391970117c4fbd3aeeffe4fc9a924c

SHA256
381117c743766e3a696609bb29ca075772aa603cff196e16c3854c06ee1ab254

SHA512
59d3ef442c16a591732665947ddeaeb5daee95e3bab583ba60bd240bd9e77829012051edc38d946e2252c8ce79af1713fcffbbed5b0bdd3243cb2e7832eb0285

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ea80eb9c-8e4d-1e41-8a37-9cce543838e8}\ftdibus.inf

Filesize
4KB

MD5
f4302a452767a833b6ce545953d51263

SHA1
3134fef0e1d959ec0cc2e458c94b7057b2ac0cc9

SHA256
28c5d483663f238eeb286d53d9a61e1618bfa914ac3128e774623bd09bb04600

SHA512
98dbe7312acd6d190df41216b1b67b5246fc0013f3a4a3566ef5d0dea9e0399e1f14f429ad73bacdb7566b3f570da069dd9bb1f9a5ed7da2365471a49bf59315

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
0eb707ac98227a363d1a7390efc7ca67

SHA1
ddeff72461c4f00f92cdabe41cf7832ee7009923

SHA256
36887a6ebbd0d943005719f2b274e99a1509946f66fcb42f294b8df45cc73f2c

SHA512
19300039741385854f7b007a9462e09ca5aebaadc173ef7bfb86c9783ca728a20930fc9f61e446bcfd93c3a2b996126400a8ab28ca2362b5181386e62fe40301

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
09a87a52ffbd130819b702bce9f76b60

SHA1
bda900d7a4c168323629f9cc195f4dc9d15d01b4

SHA256
d9dd2c84b7ed7cf9398f8f8bd88ddfc802c02466dae5d3b639ac5fc869d7defd

SHA512
b8f0e2e6bba795585f271f3447e0d9fba6c120c04284619b08bc663b120795ca0ea7c30b5546ff87b8219c133c309b0cbccff25981ebdb12df753322d6ea208b

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
ac9bd3a9c1d0c274324bd73e0890678b

SHA1
382bf17578792f1982b276472cad4ed5c46cf9a1

SHA256
5fcd16adffba0809454a2176862b33e9ca713fedfe44557f921df74ed99cbdac

SHA512
ad69fa038d3c49a8665e70de1002997950aa5cdfaa14d1cdb9b37d2d10bbad976411324b5e6dcd07c4d36c38f7cb52c57ca0afd098f30f5756217fe82369d46d

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_196728ceed198527\ftdibus.cat

Filesize
11KB

MD5
719c0c5a7cb6312f13a9bae4b3110152

SHA1
153cd6a841ff919a2c6eabb2274572bd90ac0fdb

SHA256
b2508e8ab1abc297df0881f60c40ab495749e7f6c4c76d0da4aa72cb071453c3

SHA512
c3e315d50f5c0d27b8033f6851aa8160b9f541287e0a5884e0498a59982205ed4d1abce0466bebd34ce78fe5de9f50b4efa8047c757d3e731c5c4b7c9038d76a

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_196728ceed198527\ftdibus.inf

Filesize
4KB

MD5
f4302a452767a833b6ce545953d51263

SHA1
3134fef0e1d959ec0cc2e458c94b7057b2ac0cc9

SHA256
28c5d483663f238eeb286d53d9a61e1618bfa914ac3128e774623bd09bb04600

SHA512
98dbe7312acd6d190df41216b1b67b5246fc0013f3a4a3566ef5d0dea9e0399e1f14f429ad73bacdb7566b3f570da069dd9bb1f9a5ed7da2365471a49bf59315

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_16c2db3d57d3fe89\ftdiport.cat

Filesize
10KB

MD5
3a52d058a5203c5efd4e0027017e3e58

SHA1
2aef0da7acbb32405ff593226f4454a4d684e65b

SHA256
661ce147a903a951e217b177a9ba793e50ec1073e0660412b671e81d652e8131

SHA512
08d73e11a06218057f60e414d43666dbfe1a44d3e6800473f0c9e9c8192ac6f5e3f046cec1c35204ba5c100107f666f549ca3399985eb270f1356291910b81f9

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ftdiport.inf_amd64_16c2db3d57d3fe89\ftdiport.inf

Filesize
5KB

MD5
c94170ec43e861c43831537029789380

SHA1
88eb56038379b8b7dcfb4d2448a60f52e064b265

SHA256
714ef681c28a88aa90ebebae3cafca58a743d191fc872fbca169b79a7afe18a6

SHA512
563a3515474a42265c3d193743565bff8e7f2035f63d0b93ef01efccfc9ace8eb0b159904180ed59401babc863da4e788e269d9191e53ca95417983c9cf04a92

Download Submit
C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\SET991C.tmp

Filesize
11KB

MD5
719c0c5a7cb6312f13a9bae4b3110152

SHA1
153cd6a841ff919a2c6eabb2274572bd90ac0fdb

SHA256
b2508e8ab1abc297df0881f60c40ab495749e7f6c4c76d0da4aa72cb071453c3

SHA512
c3e315d50f5c0d27b8033f6851aa8160b9f541287e0a5884e0498a59982205ed4d1abce0466bebd34ce78fe5de9f50b4efa8047c757d3e731c5c4b7c9038d76a

Download Submit
C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\SET991D.tmp

Filesize
4KB

MD5
f4302a452767a833b6ce545953d51263

SHA1
3134fef0e1d959ec0cc2e458c94b7057b2ac0cc9

SHA256
28c5d483663f238eeb286d53d9a61e1618bfa914ac3128e774623bd09bb04600

SHA512
98dbe7312acd6d190df41216b1b67b5246fc0013f3a4a3566ef5d0dea9e0399e1f14f429ad73bacdb7566b3f570da069dd9bb1f9a5ed7da2365471a49bf59315

Download Submit
C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET98CA.tmp

Filesize
322KB

MD5
bc0fd46d9e9d8578053d02511cebdf2a

SHA1
6526bc9db42ce0eb0f453235c63fca2fbdf2342f

SHA256
ce1ff346e4bb51a605a99ae6e51fb7929d176a31a24ee536fb95c08bee037fd0

SHA512
8aebd66ac465a660ca95b685fa251c4285260ee370d29d30029bf8b16894f9ffc2b244ad359be6f0aeb412f965a6c4bdbc32ea255528f3d05f682ec9d8926fc9

Download Submit
C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET98DB.tmp

Filesize
140KB

MD5
49424524ec55edcb9f448239dcac04f5

SHA1
59b8625b63dac5be9ebb418ba0f35fabf7b85222

SHA256
b4c5a11ac96f61f04a1af46bbc7507fa9e356ee928d5662e5303b23a0edda834

SHA512
a1ae040b6a537013c1bb9f066b0f02afdc101cae93f706f4aaec960de13d081375c3979a6621a8ce866f254bc9175b120871f91da0bb70066a590d435202e0e7

Download Submit
C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET990A.tmp

Filesize
67KB

MD5
7442bca60ed46cc31c2f39728bbdd9ad

SHA1
ee11b1a361788ead7d0539472f4cc89e095759ca

SHA256
0218349e24ac059c502009432a0ec51086e1f9a895e7367cac1fc6a6c8187b2b

SHA512
3dacf7de845ae732e3676550e1fd506ea24810554c0823182c3fc2a88c3895870228eed0588c067cca69cb664c173defc6294d5da388112389f83a7f20a345ca

Download Submit
C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\amd64\SET990B.tmp

Filesize
278KB

MD5
3ebb56d3a9601b778586e9f696a821e2

SHA1
c69d62d73cd36898783f0261b955b310a1c9df73

SHA256
d530434f0ad2b7ce43cb1c38700c38942e25a7816375729fcd339c2175bc61e5

SHA512
26e549afcbfe3e3e2d57a07b7d6a7c2373f0d153c4be1a29f2602fa80eef775b0bcee59320e5a31c7e7b0526af04f14f115b7169709bc26e4a15c1a5cbf36580

Download Submit
C:\Windows\System32\DriverStore\Temp\{a8b3cf68-9960-ce4e-bab1-40ba1abe17d3}\i386\SET991E.tmp

Filesize
201KB

MD5
5c46e1b62ba9bed54c339cb28fc978ea

SHA1
3a84d4faa8391970117c4fbd3aeeffe4fc9a924c

SHA256
381117c743766e3a696609bb29ca075772aa603cff196e16c3854c06ee1ab254

SHA512
59d3ef442c16a591732665947ddeaeb5daee95e3bab583ba60bd240bd9e77829012051edc38d946e2252c8ce79af1713fcffbbed5b0bdd3243cb2e7832eb0285

Download Submit
C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\SET9F26.tmp

Filesize
10KB

MD5
3a52d058a5203c5efd4e0027017e3e58

SHA1
2aef0da7acbb32405ff593226f4454a4d684e65b

SHA256
661ce147a903a951e217b177a9ba793e50ec1073e0660412b671e81d652e8131

SHA512
08d73e11a06218057f60e414d43666dbfe1a44d3e6800473f0c9e9c8192ac6f5e3f046cec1c35204ba5c100107f666f549ca3399985eb270f1356291910b81f9

Download Submit
C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\SET9F37.tmp

Filesize
5KB

MD5
c94170ec43e861c43831537029789380

SHA1
88eb56038379b8b7dcfb4d2448a60f52e064b265

SHA256
714ef681c28a88aa90ebebae3cafca58a743d191fc872fbca169b79a7afe18a6

SHA512
563a3515474a42265c3d193743565bff8e7f2035f63d0b93ef01efccfc9ace8eb0b159904180ed59401babc863da4e788e269d9191e53ca95417983c9cf04a92

Download Submit
C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\SET9F23.tmp

Filesize
82KB

MD5
121af3148cdda212cffbc4f6240699c2

SHA1
18111df80d4e0d76d4aaf4914aa7a8fa595b9fc2

SHA256
866d8ca649144502dcf2975905100abc8ba068c6a1aaf503421b2fa97ffd2514

SHA512
9a706b4fe3276ccc78fc1256ecc76538caf98cc080cb79265fd74d4e1263b56e4cb1285ef4e1d3070fd2d2d8e05ad9d7d315d173f02392e2c1ca411ccdf60b77

Download Submit
C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\SET9F24.tmp

Filesize
53KB

MD5
badb676621ee28e1c87ea39d7e7be179

SHA1
5aae561f190bb9305adde66f638391a8aed0f11e

SHA256
32e3f24c267137549ee23c0bf4da1da28e07cfe04c56f6d2e6d309214b06b101

SHA512
acc421c4d58411d40db93e228fd70d006a9cfe209107fe45be1e564363275a1056597419be38b5178368b1e4b69e70995375e070ced56c7543a7308e3573afbe

Download Submit
C:\Windows\System32\DriverStore\Temp\{eaeb64fd-1364-1c4d-aeae-29429dc0e52f}\amd64\SET9F25.tmp

Filesize
50KB

MD5
f23c05f647a3a8eadcd53107e8f3c12a

SHA1
8ae12d749564690004cba1d3c88fddd2bfccfa91

SHA256
9004408bbfc81e35a21c444f7c1f6b41c422eb8cedb54a4c610ca6036abd29e7

SHA512
234baa0676ad9d3d973561267347adece27a7f6e45db0165c01547e3a9f70d78370ee6667dc20c682a688ddcb8eec652106b5d0953c668635d9b7ba6855d2951

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\amd64\FTLang.dll

Filesize
278KB

MD5
3ebb56d3a9601b778586e9f696a821e2

SHA1
c69d62d73cd36898783f0261b955b310a1c9df73

SHA256
d530434f0ad2b7ce43cb1c38700c38942e25a7816375729fcd339c2175bc61e5

SHA512
26e549afcbfe3e3e2d57a07b7d6a7c2373f0d153c4be1a29f2602fa80eef775b0bcee59320e5a31c7e7b0526af04f14f115b7169709bc26e4a15c1a5cbf36580

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\amd64\ftbusui.dll

Filesize
140KB

MD5
49424524ec55edcb9f448239dcac04f5

SHA1
59b8625b63dac5be9ebb418ba0f35fabf7b85222

SHA256
b4c5a11ac96f61f04a1af46bbc7507fa9e356ee928d5662e5303b23a0edda834

SHA512
a1ae040b6a537013c1bb9f066b0f02afdc101cae93f706f4aaec960de13d081375c3979a6621a8ce866f254bc9175b120871f91da0bb70066a590d435202e0e7

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\amd64\ftcserco.dll

Filesize
50KB

MD5
f23c05f647a3a8eadcd53107e8f3c12a

SHA1
8ae12d749564690004cba1d3c88fddd2bfccfa91

SHA256
9004408bbfc81e35a21c444f7c1f6b41c422eb8cedb54a4c610ca6036abd29e7

SHA512
234baa0676ad9d3d973561267347adece27a7f6e45db0165c01547e3a9f70d78370ee6667dc20c682a688ddcb8eec652106b5d0953c668635d9b7ba6855d2951

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\amd64\ftd2xx64.dll

Filesize
322KB

MD5
bc0fd46d9e9d8578053d02511cebdf2a

SHA1
6526bc9db42ce0eb0f453235c63fca2fbdf2342f

SHA256
ce1ff346e4bb51a605a99ae6e51fb7929d176a31a24ee536fb95c08bee037fd0

SHA512
8aebd66ac465a660ca95b685fa251c4285260ee370d29d30029bf8b16894f9ffc2b244ad359be6f0aeb412f965a6c4bdbc32ea255528f3d05f682ec9d8926fc9

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\amd64\ftdibus.sys

Filesize
67KB

MD5
7442bca60ed46cc31c2f39728bbdd9ad

SHA1
ee11b1a361788ead7d0539472f4cc89e095759ca

SHA256
0218349e24ac059c502009432a0ec51086e1f9a895e7367cac1fc6a6c8187b2b

SHA512
3dacf7de845ae732e3676550e1fd506ea24810554c0823182c3fc2a88c3895870228eed0588c067cca69cb664c173defc6294d5da388112389f83a7f20a345ca

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\amd64\ftser2k.sys

Filesize
82KB

MD5
121af3148cdda212cffbc4f6240699c2

SHA1
18111df80d4e0d76d4aaf4914aa7a8fa595b9fc2

SHA256
866d8ca649144502dcf2975905100abc8ba068c6a1aaf503421b2fa97ffd2514

SHA512
9a706b4fe3276ccc78fc1256ecc76538caf98cc080cb79265fd74d4e1263b56e4cb1285ef4e1d3070fd2d2d8e05ad9d7d315d173f02392e2c1ca411ccdf60b77

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\amd64\ftserui2.dll

Filesize
53KB

MD5
badb676621ee28e1c87ea39d7e7be179

SHA1
5aae561f190bb9305adde66f638391a8aed0f11e

SHA256
32e3f24c267137549ee23c0bf4da1da28e07cfe04c56f6d2e6d309214b06b101

SHA512
acc421c4d58411d40db93e228fd70d006a9cfe209107fe45be1e564363275a1056597419be38b5178368b1e4b69e70995375e070ced56c7543a7308e3573afbe

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\ftdibus.cat

Filesize
11KB

MD5
719c0c5a7cb6312f13a9bae4b3110152

SHA1
153cd6a841ff919a2c6eabb2274572bd90ac0fdb

SHA256
b2508e8ab1abc297df0881f60c40ab495749e7f6c4c76d0da4aa72cb071453c3

SHA512
c3e315d50f5c0d27b8033f6851aa8160b9f541287e0a5884e0498a59982205ed4d1abce0466bebd34ce78fe5de9f50b4efa8047c757d3e731c5c4b7c9038d76a

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\ftdibus.inf

Filesize
4KB

MD5
f4302a452767a833b6ce545953d51263

SHA1
3134fef0e1d959ec0cc2e458c94b7057b2ac0cc9

SHA256
28c5d483663f238eeb286d53d9a61e1618bfa914ac3128e774623bd09bb04600

SHA512
98dbe7312acd6d190df41216b1b67b5246fc0013f3a4a3566ef5d0dea9e0399e1f14f429ad73bacdb7566b3f570da069dd9bb1f9a5ed7da2365471a49bf59315

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\ftdiport.cat

Filesize
10KB

MD5
3a52d058a5203c5efd4e0027017e3e58

SHA1
2aef0da7acbb32405ff593226f4454a4d684e65b

SHA256
661ce147a903a951e217b177a9ba793e50ec1073e0660412b671e81d652e8131

SHA512
08d73e11a06218057f60e414d43666dbfe1a44d3e6800473f0c9e9c8192ac6f5e3f046cec1c35204ba5c100107f666f549ca3399985eb270f1356291910b81f9

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\ftdiport.inf

Filesize
5KB

MD5
c94170ec43e861c43831537029789380

SHA1
88eb56038379b8b7dcfb4d2448a60f52e064b265

SHA256
714ef681c28a88aa90ebebae3cafca58a743d191fc872fbca169b79a7afe18a6

SHA512
563a3515474a42265c3d193743565bff8e7f2035f63d0b93ef01efccfc9ace8eb0b159904180ed59401babc863da4e788e269d9191e53ca95417983c9cf04a92

Download Submit
\??\c:\users\admin\appdata\local\temp\ckz_7ai4\i386\ftd2xx.dll

Filesize
201KB

MD5
5c46e1b62ba9bed54c339cb28fc978ea

SHA1
3a84d4faa8391970117c4fbd3aeeffe4fc9a924c

SHA256
381117c743766e3a696609bb29ca075772aa603cff196e16c3854c06ee1ab254

SHA512
59d3ef442c16a591732665947ddeaeb5daee95e3bab583ba60bd240bd9e77829012051edc38d946e2252c8ce79af1713fcffbbed5b0bdd3243cb2e7832eb0285

Download Submit