f13995db4175e5dbea232776fbbb6758bfed8fe0ba70eaf390b6008a453af7c4

Analysis

max time kernel
113s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 17:44

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

DriversCloud_Win (1).exe
Size

401KB
MD5

cb7e8b7b7fabe00a2f29a92720b8317e
SHA1

87a4aef2a9f882b64cf01e66ff1714340f78d500
SHA256

f13995db4175e5dbea232776fbbb6758bfed8fe0ba70eaf390b6008a453af7c4
SHA512

85f92959d59a94dc5df1a10805337348a08b39c34ab65fbb04dda40a8ce9818b0b15838af380509e310b9e72589acc9f8af12a6013824ea1eb9d3c72f3cbae06
SSDEEP

6144:egORaDUgROThd4y62ucdOr+9Jb+Nhqnu2Y3klAv6bz58WNa33K:egHHRSd4zLuOqJb+N6Y3AAv6h8W63K

Score

8^/10

bootkit discovery persistence upx

Malware Config

Signatures

Downloads MZ/PE file

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll	acprotect
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll	acprotect

Executes dropped EXE 3 IoCs

Processes:

mcsetup.exeDriversCloud.exeDriversCloud.exe

pid process

4420 mcsetup.exe
3780 DriversCloud.exe
1744 DriversCloud.exe

pid	process
4420	mcsetup.exe
3780	DriversCloud.exe
1744	DriversCloud.exe

Loads dropped DLL 33 IoCs

Processes:

DriversCloud_Win (1).exemcsetup.exeMsiExec.exeMsiExec.exeMsiExec.exeMsiExec.exeDriversCloud.exeDriversCloud.exe

pid	process
2952	DriversCloud_Win (1).exe
2952	DriversCloud_Win (1).exe
2952	DriversCloud_Win (1).exe
2952	DriversCloud_Win (1).exe
2952	DriversCloud_Win (1).exe
2952	DriversCloud_Win (1).exe
2952	DriversCloud_Win (1).exe
2952	DriversCloud_Win (1).exe
4420	mcsetup.exe
4420	mcsetup.exe
4188	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
3952	MsiExec.exe
1160	MsiExec.exe
1160	MsiExec.exe
1160	MsiExec.exe
4420	mcsetup.exe
3780	DriversCloud.exe
3780	DriversCloud.exe
3780	DriversCloud.exe
3952	MsiExec.exe
3808	MsiExec.exe
3808	MsiExec.exe
1744	DriversCloud.exe
1744	DriversCloud.exe
1744	DriversCloud.exe
1744	DriversCloud.exe
1744	DriversCloud.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll	upx
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll	upx
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll	upx
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

mcsetup.exemsiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\L:	mcsetup.exe
File opened (read-only)	\??\T:	mcsetup.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	mcsetup.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\K:	mcsetup.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\F:	mcsetup.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\P:	mcsetup.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	mcsetup.exe
File opened (read-only)	\??\W:	mcsetup.exe
File opened (read-only)	\??\Y:	mcsetup.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	mcsetup.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	mcsetup.exe
File opened (read-only)	\??\Z:	mcsetup.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\R:	mcsetup.exe
File opened (read-only)	\??\U:	mcsetup.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\E:	mcsetup.exe
File opened (read-only)	\??\I:	mcsetup.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\G:	mcsetup.exe
File opened (read-only)	\??\H:	mcsetup.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\N:	mcsetup.exe
File opened (read-only)	\??\V:	mcsetup.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

DriversCloud.exe

description ioc process

File opened for modification \??\PhysicalDrive0 DriversCloud.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	DriversCloud.exe

Drops file in System32 directory 2 IoCs

Processes:

mmc.exeDriversCloud.exe

description	ioc	process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DriversCloud.exe

Drops file in Program Files directory 13 IoCs

Processes:

msiexec.exesetup.exe

description	ioc	process
File created	C:\Program Files\Cybelsoft\DriversCloud.com\Drivers\DriversCloud_x86.sys	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\fb7d4803-d0bd-4348-b519-9315fd2280eb.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230331174631.pma	setup.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.html	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\sqlite3x64.dll	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\CPUID\cpuidsdk64.dll	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\Drivers\DriversCloud.inf	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\DCCrypt.dll	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\DCEngine.dll	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\Drivers\driverscloud_amd64.cat	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\Drivers\DriversCloud_amd64.sys	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\Drivers\driverscloud_x86.cat	msiexec.exe

Drops file in Windows directory 64 IoCs

Processes:

mmc.exemsiexec.exe

description	ioc	process
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File opened for modification	C:\Windows\Installer\e575e3d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\{7C5A59CD-BF23-4E8B-9DAE-28A0ED02AE61}\DriversCloud.exe	msiexec.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File opened for modification	C:\Windows\Installer\MSI61E8.tmp	msiexec.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File opened for modification	C:\Windows\Installer\{7C5A59CD-BF23-4E8B-9DAE-28A0ED02AE61}\DriversCloud.exe	msiexec.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File opened for modification	C:\Windows\Installer\{7C5A59CD-BF23-4E8B-9DAE-28A0ED02AE61}\SystemFoldermsiexec.exe	msiexec.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File opened for modification	C:\Windows\Installer\MSI5FB4.tmp	msiexec.exe
File created	C:\Windows\Fonts\RobotoCondensed.ttc	msiexec.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\{7C5A59CD-BF23-4E8B-9DAE-28A0ED02AE61}\SystemFoldermsiexec.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7524.tmp	msiexec.exe
File created	C:\Windows\Installer\e575e3f.msi	msiexec.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File opened for modification	C:\Windows\Installer\MSI60AF.tmp	msiexec.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 49 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

DriversCloud.exemmc.exevssvc.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\EDID	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ContainerID	DriversCloud.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf	DriversCloud.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Device Parameters	DriversCloud.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DriversCloud.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000\Control	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Device Parameters\EDID	DriversCloud.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000\Device Parameters	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a8dca56a4fb650f70000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a8dca56a0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900a8dca56a000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a8dca56a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a8dca56a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Driver	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	DriversCloud.exe
Key security queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ContainerID	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	DriversCloud.exe
Key security queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Device Parameters	DriversCloud.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	DriversCloud.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	DriversCloud.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000\LogConf	DriversCloud.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control	DriversCloud.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 18 IoCs

Processes:

msiexec.exeLogonUI.exe

description	ioc	process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "247"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe

Modifies registry class 41 IoCs

Processes:

msiexec.execontrol.exemsedge.exeDriversCloud.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\ProductIcon = "C:\\Windows\\Installer\\{7C5A59CD-BF23-4E8B-9DAE-28A0ED02AE61}\\DriversCloud.exe"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3254AD142D6BA504CB44F6B58899F2E3\DC95A5C732FBB8E4D9EA820ADE20EA16	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\SourceList\Media\1 = ";"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\Clients = 3a0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\Cybelsoft\\DriversCloud.com 11.2.8.0\\install\\D02AE61\\"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\ = "URL:driverscloud protocol"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DC95A5C732FBB8E4D9EA820ADE20EA16	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\driverscloud	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DC95A5C732FBB8E4D9EA820ADE20EA16\MainFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\PackageCode = "DA41DFAD1D90BF542A07D2C98FF3CBD4"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\shell\open\command	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\driverscloud\shell\open	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3254AD142D6BA504CB44F6B58899F2E3	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	DriversCloud.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\Url protocol	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\shell\open\command\ = "C:\\Program Files\\Cybelsoft\\DriversCloud.com\\DriversCloud.exe %1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DC95A5C732FBB8E4D9EA820ADE20EA16\Feature_2	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\Version = "184680456"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\driverscloud\shell\open\command	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\driverscloud\shell	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DC95A5C732FBB8E4D9EA820ADE20EA16\Feature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\DC95A5C732FBB8E4D9EA820ADE20EA16\Feature_4	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\ProductName = "DriversCloud.com"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\shell\open	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\shell	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\SourceList\PackageName = "maconfsetup.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DC95A5C732FBB8E4D9EA820ADE20EA16\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\Cybelsoft\\DriversCloud.com 11.2.8.0\\install\\D02AE61\\"	msiexec.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

mcsetup.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	mcsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B	mcsetup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8D4C4A23BA9EE84EA7348FA98CC6E65FBB69DE7B\Blob = 0300000001000000140000008d4c4a23ba9ee84ea7348fa98cc6e65fbb69de7b140000000100000014000000bbaf7e023dfaa6f13c848eadee3898ecd93232d4040000000100000010000000ab9b109ce8934f11e7cd22ed550680da0f0000000100000030000000a768343c4aeaced5c72f3571938864983a67ed49031c1da2495863caf65fe507011f7f0e70b6cb40e5631c07721be03419000000010000001000000082218ffb91733e64136be5719f57c3a15c0000000100000004000000001000001800000001000000100000002aa1c05e2ae606f198c2c5e937c97aa24b0000000100000044000000420032004600410046003700360039003200460044003900460046004200440036003400450044004500330031003700450034003200330033003400420041005f0000002000000001000000820500003082057e30820466a003020102021067def43ef17bdae24ff5940606d2c084300d06092a864886f70d01010c0500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a308185310b3009060355040613024742311b30190603550408131247726561746572204d616e636865737465723110300e0603550407130753616c666f7264311a3018060355040a1311434f4d4f444f204341204c696d69746564312b302906035504031322434f4d4f444f205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010091e85492d20a56b1ac0d24ddc5cf446774992b37a37d23700071bc53dfc4fa2a128f4b7f1056bd9f7072b7617fc94b0f17a73de3b00461eeff1197c7f4863e0afa3e5cf993e6347ad9146be79cb385a0827a76af7190d7ecfd0dfa9c6cfadfb082f4147ef9bec4a62f4f7f997fb5fc674372bd0c00d689eb6b2cd3ed8f981c14ab7ee5e36efcd8a8e49224da436b62b855fdeac1bc6cb68bf30e8d9ae49b6c6999f878483045d5ade10d3c4560fc32965127bc67c3ca2eb66bea46c7c720a0b11f65de4808baa44ea9f283463784ebe8cc814843674e722a9b5cbd4c1b288a5c227bb4ab98d9eee05183c309464e6d3e99fa9517da7c3357413c8d51ed0bb65caf2c631adf57c83fbce95dc49baf4599e2a35a24b4baa9563dcf6faaff4958bef0a8fff4b8ade937fbbab8f40b3af9e843421e89d884cb13f1d9bbe18960b88c2856ac141d9c0ae771ebcf0edd3da996a148bd3cf7afb50d224cc01181ec563bf6d3a2e25bb7b204225295809369e88e4c65f191032d707402ea8b671529695202bbd7df506a5546bfa0a328617f70d0c3a2aa2c21aa47ce289c064576bf821827b4d5aeb4cb50e66bf44c867130e9a6df1686e0d8ff40ddfbd042887fa3333a2e5c1e41118163ce18716b2beca68ab7315c3a6a47e0c37959d6201aaff26a98aa72bc574ad24b9dbb10fcb04c41e5ed1d3d5e289d9cccbfb351daa747e584530203010001a381f23081ef301f0603551d23041830168014a0110a233e96f107ece2af29ef82a57fd030a4b4301d0603551d0e04160414bbaf7e023dfaa6f13c848eadee3898ecd93232d4300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff30110603551d20040a300830060604551d200030430603551d1f043c303a3038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e636f6d6f646f63612e636f6d300d06092a864886f70d01010c050003820101007ff25635b06d954a4e74af3ae26f018b87d33297edf840d2775311d7c7162ec69de64856be80a9f8bc78d2c86317ae8ced1631fa1f18c90ec7ee48799fc7c9b9bccc8815e36861d19f1d4b6181d7560463c2086926f0f0e52fdfc00a2ba905f4025a6a89d7b4844295e3ebf776205e35d9c0cd2508134c71388e87b0338491991e91f1ac9e3fa71d60812c364154a0e246060bac1bc799368c5ea10ba49ed9424624c5c55b81aeada0a0dc9f36b88dc21d15fa88ad8110391f44f02b9fdd10540c0734b136d114fd07023dff7255ab27d62c814171298d41f450571a7e6560afcbc5287698aeb3a853768be621526bea21d0840e494e8853da922ee71d0866d7	mcsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	mcsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	mcsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	mcsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	mcsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E	mcsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	mcsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd	mcsetup.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

msiexec.exeDriversCloud.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
1392	msiexec.exe
1392	msiexec.exe
1744	DriversCloud.exe
1744	DriversCloud.exe
1744	DriversCloud.exe
1744	DriversCloud.exe
1744	DriversCloud.exe
1744	DriversCloud.exe
1744	DriversCloud.exe
424	msedge.exe
424	msedge.exe
2596	msedge.exe
2596	msedge.exe
4608	identity_helper.exe
4608	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

mmc.exe

pid process

4172 mmc.exe
Suspicious behavior: LoadsDriver 5 IoCs

Processes:

pid process

652
652
652
652
652
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

2596 msedge.exe
2596 msedge.exe
2596 msedge.exe
2596 msedge.exe
2596 msedge.exe
2596 msedge.exe
2596 msedge.exe
2596 msedge.exe

pid	process
4172	mmc.exe

pid	process
652
652
652
652
652

pid	process
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemcsetup.exe

description	pid	process
Token: SeSecurityPrivilege	1392	msiexec.exe
Token: SeCreateTokenPrivilege	4420	mcsetup.exe
Token: SeAssignPrimaryTokenPrivilege	4420	mcsetup.exe
Token: SeLockMemoryPrivilege	4420	mcsetup.exe
Token: SeIncreaseQuotaPrivilege	4420	mcsetup.exe
Token: SeMachineAccountPrivilege	4420	mcsetup.exe
Token: SeTcbPrivilege	4420	mcsetup.exe
Token: SeSecurityPrivilege	4420	mcsetup.exe
Token: SeTakeOwnershipPrivilege	4420	mcsetup.exe
Token: SeLoadDriverPrivilege	4420	mcsetup.exe
Token: SeSystemProfilePrivilege	4420	mcsetup.exe
Token: SeSystemtimePrivilege	4420	mcsetup.exe
Token: SeProfSingleProcessPrivilege	4420	mcsetup.exe
Token: SeIncBasePriorityPrivilege	4420	mcsetup.exe
Token: SeCreatePagefilePrivilege	4420	mcsetup.exe
Token: SeCreatePermanentPrivilege	4420	mcsetup.exe
Token: SeBackupPrivilege	4420	mcsetup.exe
Token: SeRestorePrivilege	4420	mcsetup.exe
Token: SeShutdownPrivilege	4420	mcsetup.exe
Token: SeDebugPrivilege	4420	mcsetup.exe
Token: SeAuditPrivilege	4420	mcsetup.exe
Token: SeSystemEnvironmentPrivilege	4420	mcsetup.exe
Token: SeChangeNotifyPrivilege	4420	mcsetup.exe
Token: SeRemoteShutdownPrivilege	4420	mcsetup.exe
Token: SeUndockPrivilege	4420	mcsetup.exe
Token: SeSyncAgentPrivilege	4420	mcsetup.exe
Token: SeEnableDelegationPrivilege	4420	mcsetup.exe
Token: SeManageVolumePrivilege	4420	mcsetup.exe
Token: SeImpersonatePrivilege	4420	mcsetup.exe
Token: SeCreateGlobalPrivilege	4420	mcsetup.exe
Token: SeCreateTokenPrivilege	4420	mcsetup.exe
Token: SeAssignPrimaryTokenPrivilege	4420	mcsetup.exe
Token: SeLockMemoryPrivilege	4420	mcsetup.exe
Token: SeIncreaseQuotaPrivilege	4420	mcsetup.exe
Token: SeMachineAccountPrivilege	4420	mcsetup.exe
Token: SeTcbPrivilege	4420	mcsetup.exe
Token: SeSecurityPrivilege	4420	mcsetup.exe
Token: SeTakeOwnershipPrivilege	4420	mcsetup.exe
Token: SeLoadDriverPrivilege	4420	mcsetup.exe
Token: SeSystemProfilePrivilege	4420	mcsetup.exe
Token: SeSystemtimePrivilege	4420	mcsetup.exe
Token: SeProfSingleProcessPrivilege	4420	mcsetup.exe
Token: SeIncBasePriorityPrivilege	4420	mcsetup.exe
Token: SeCreatePagefilePrivilege	4420	mcsetup.exe
Token: SeCreatePermanentPrivilege	4420	mcsetup.exe
Token: SeBackupPrivilege	4420	mcsetup.exe
Token: SeRestorePrivilege	4420	mcsetup.exe
Token: SeShutdownPrivilege	4420	mcsetup.exe
Token: SeDebugPrivilege	4420	mcsetup.exe
Token: SeAuditPrivilege	4420	mcsetup.exe
Token: SeSystemEnvironmentPrivilege	4420	mcsetup.exe
Token: SeChangeNotifyPrivilege	4420	mcsetup.exe
Token: SeRemoteShutdownPrivilege	4420	mcsetup.exe
Token: SeUndockPrivilege	4420	mcsetup.exe
Token: SeSyncAgentPrivilege	4420	mcsetup.exe
Token: SeEnableDelegationPrivilege	4420	mcsetup.exe
Token: SeManageVolumePrivilege	4420	mcsetup.exe
Token: SeImpersonatePrivilege	4420	mcsetup.exe
Token: SeCreateGlobalPrivilege	4420	mcsetup.exe
Token: SeCreateTokenPrivilege	4420	mcsetup.exe
Token: SeAssignPrimaryTokenPrivilege	4420	mcsetup.exe
Token: SeLockMemoryPrivilege	4420	mcsetup.exe
Token: SeIncreaseQuotaPrivilege	4420	mcsetup.exe
Token: SeMachineAccountPrivilege	4420	mcsetup.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

mcsetup.exemsiexec.exemsedge.exe

pid process

4420 mcsetup.exe
2668 msiexec.exe
2668 msiexec.exe
2596 msedge.exe
2596 msedge.exe
2596 msedge.exe
2596 msedge.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

mmc.exeDriversCloud.exeDriversCloud.exeLogonUI.exe

pid process

4172 mmc.exe
4172 mmc.exe
3780 DriversCloud.exe
3780 DriversCloud.exe
1744 DriversCloud.exe
1744 DriversCloud.exe
5100 LogonUI.exe

pid	process
4420	mcsetup.exe
2668	msiexec.exe
2668	msiexec.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

pid	process
4172	mmc.exe
4172	mmc.exe
3780	DriversCloud.exe
3780	DriversCloud.exe
1744	DriversCloud.exe
1744	DriversCloud.exe
5100	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

DriversCloud_Win (1).exemsiexec.exemcsetup.execontrol.exeMsiExec.exemsedge.exe

description	pid	process	target process
PID 2952 wrote to memory of 4420	2952	DriversCloud_Win (1).exe	mcsetup.exe
PID 2952 wrote to memory of 4420	2952	DriversCloud_Win (1).exe	mcsetup.exe
PID 2952 wrote to memory of 4420	2952	DriversCloud_Win (1).exe	mcsetup.exe
PID 1392 wrote to memory of 4188	1392	msiexec.exe	MsiExec.exe
PID 1392 wrote to memory of 4188	1392	msiexec.exe	MsiExec.exe
PID 1392 wrote to memory of 4188	1392	msiexec.exe	MsiExec.exe
PID 4420 wrote to memory of 2668	4420	mcsetup.exe	msiexec.exe
PID 4420 wrote to memory of 2668	4420	mcsetup.exe	msiexec.exe
PID 4420 wrote to memory of 2668	4420	mcsetup.exe	msiexec.exe
PID 1392 wrote to memory of 3808	1392	msiexec.exe	MsiExec.exe
PID 1392 wrote to memory of 3808	1392	msiexec.exe	MsiExec.exe
PID 1392 wrote to memory of 3808	1392	msiexec.exe	MsiExec.exe
PID 4080 wrote to memory of 4172	4080	control.exe	mmc.exe
PID 4080 wrote to memory of 4172	4080	control.exe	mmc.exe
PID 1392 wrote to memory of 776	1392	msiexec.exe	srtasks.exe
PID 1392 wrote to memory of 776	1392	msiexec.exe	srtasks.exe
PID 1392 wrote to memory of 3952	1392	msiexec.exe	MsiExec.exe
PID 1392 wrote to memory of 3952	1392	msiexec.exe	MsiExec.exe
PID 1392 wrote to memory of 1160	1392	msiexec.exe	MsiExec.exe
PID 1392 wrote to memory of 1160	1392	msiexec.exe	MsiExec.exe
PID 1392 wrote to memory of 1160	1392	msiexec.exe	MsiExec.exe
PID 1392 wrote to memory of 3780	1392	msiexec.exe	DriversCloud.exe
PID 1392 wrote to memory of 3780	1392	msiexec.exe	DriversCloud.exe
PID 3808 wrote to memory of 1744	3808	MsiExec.exe	DriversCloud.exe
PID 3808 wrote to memory of 1744	3808	MsiExec.exe	DriversCloud.exe
PID 2596 wrote to memory of 2756	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2756	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe
PID 2596 wrote to memory of 2208	2596	msedge.exe	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\DriversCloud_Win (1).exe
"C:\Users\Admin\AppData\Local\Temp\DriversCloud_Win (1).exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2952

C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\mcsetup.exe
C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\mcsetup.exe /exelang 1033
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4420

C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\maconfsetup.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\mcsetup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\ EXE_CMD_LINE="/exelang 1033 /exenoupdates /forcecleanup /wintime 1680044141 "
3⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:2668

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1392

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 397F898DF71A1D87918BB1CC0D189C40 C
2⤵
- Loads dropped DLL
PID:4188

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding E79C5BBA3A464C7F17497ADEE11ACFC1 C
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3808

C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe
"C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
PID:776

C:\Windows\System32\MsiExec.exe
C:\Windows\System32\MsiExec.exe -Embedding ABCC9F518CE43A3C3EA8F7FDA27FA9D2
2⤵
- Loads dropped DLL
PID:3952

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 14ADBEA49F660BC421971E4C0DD11A6E
2⤵
- Loads dropped DLL
PID:1160

C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe
"C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe" -i /parefeu=1 /lan=en
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3780

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.DeviceManager
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4080

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4172

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2220

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.driverscloud.com/en/configuration/lireconfignopluginv2/m11ef30719406-0-0/key
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xbc,0x130,0x7ff85cec46f8,0x7ff85cec4708,0x7ff85cec4718
2⤵
PID:2756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
2⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
2⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
2⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
2⤵
PID:1184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
2⤵
PID:3220

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff758655460,0x7ff758655470,0x7ff758655480
3⤵
PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
2⤵
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
2⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
2⤵
PID:764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9296750462931974963,6768496474736929890,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
2⤵
PID:2064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa399e055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5100

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e575e3e.rbs
Filesize
15KB

MD5
6151c219710e7f40e0453f08791b40a8

SHA1
5741b1dc34baf09b07521ec3dd1aff809f9b02d8

SHA256
85bf4c9e61737aa7a54c1e3128671f000ae89dcd8101fbe41e49ae1fb071a4b4

SHA512
4a2dee3e9c7cf07df758b0df6105a5aea6674c1fac62f03dbd286400154e72ac33d3e0a9b19e58bc1da64b3039b0de04cfdfe555cefe7c7a8b070751d8859fa0

Download Submit
C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe
Filesize
9.5MB

MD5
ec8d47904ab6d132b8b0cbc24009af94

SHA1
8a137b54a1d3f17ac510acaa51e07693bb5e2aae

SHA256
83a807602bd74794077e5f93b438dcb33a64f030b0319d4ced209d64ee8869da

SHA512
0792664b331edd3fe6bb80b2597329a2299544790e3d1bda74fd79cedea232a4529006d1030fecc775ee6f0d3a061da8cbc66e7e7dac858270cac2f588536a36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B
Filesize
2KB

MD5
c7c617f9da08bbf0cc8e371d16f55642

SHA1
f3b7a0e94a68a8186867d394bfd213884e71aede

SHA256
806fa42a96c0d0c694aff24fffeac87811c0196fa83b3dd0d8b1e2a5c2cf30e7

SHA512
bc0cf97a4b0e9682a1fa66948649d4e2e3235c6a4e10d07736f25d10d514a0fd3a941312b7838692212df032d479e09da791fe35595c7c2da0026721fa5412b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_DAE8FE37663BC9C1F404B6398D5A6051
Filesize
510B

MD5
1edf67cef3b619af99344f435e0aae07

SHA1
e2b14a077f05c233d94875ed5920d752263b79d4

SHA256
aec689a4fae12216e5fc287aa2b3acc817d64f297da756d895418e77c6ee362d

SHA512
2d22c13c2fa572888dc02b893ff14e3c11a9a24b5b7af008227bc352566c352404b0de8448a125ee06bd07a4113667c4c41a5bfb76aba95e523efcc9f1f0761a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
Filesize
1KB

MD5
51670b1e6a72ca840cb4f575cb17cbf3

SHA1
fe3c270430d1880cd21106fb786d297ddf20bf08

SHA256
93851d34eb891ecfbfd856c86447f5d8861301e1dbf4fb868de5a5293a0620b7

SHA512
a044cbc8423e370fb2c2e4c56108ba839ee1ca42e3c8a07752bf3fc2c6ccbdc4b9de2bfc2b801120ab3ad02cbbbeae5ecaabddbe280407ed3cf8ddbb0002d00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B
Filesize
490B

MD5
9e873b65d0309105061feae43ffd8191

SHA1
8a145f2449df9848498d8d37100292a5cc35cd2e

SHA256
b0d46ed72e2a808f4f17526c41f33d6c905ff9e6a3934b55da34c4b5b45b1d22

SHA512
003ad8b821c58c9eb87824b48cdf81bc3ee8f7bd290ae4b746d85f2fdc911048f0346ac68a295989631f2114f9957940b6552a3aa91c03ed94adcab4a90a7b49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_DAE8FE37663BC9C1F404B6398D5A6051
Filesize
490B

MD5
77a068a7d61121de92b4f578826b33b2

SHA1
98a6d7a87dfff46432206c75f4f95a333ff93df5

SHA256
f05aecd17b8f5e231ae688894c7109524e197830788e25cc3c0a22c361b36c0d

SHA512
f9b84fccc496ad26a943295badf391c1d87535ce42a88a7208eba56ec4790090f53f781d0b2dec088561472ecbe492a5cd2ecc165073d4c56840f5b60c39d44d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
Filesize
486B

MD5
2d47deef9af917bad20a27fa2aeda107

SHA1
93659e180b3ad0d5008a4d308da14155bdc2b38d

SHA256
a4360e33173fa8753ef8bd380aa4c7d2f903a21837df73575c192d78a77ea29f

SHA512
194f41c5b81c671598badb1916f5a1a40573dd5ebb2f30749e893db4f773d78c1351ee9eef34a692c266b7fc32d337ad3dd78c022315591b39e7e9f6adf013e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
808768f789941d771a7dca11efcb7d52

SHA1
804a36ed63581c051db70f691bc6aa7feac74752

SHA256
72107098be9608e0cd3a958fd0f2f8a04523b17560d1f5b3bf9c39be48529cce

SHA512
c37c6565ec82a39dd8033d7379e57d96351e4ba8c84e37115533057056c8c48dec93a0a2855163898b87fbaf080debea105d17e02f69b8676fc09f852aa24d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
cbd49c3fb25d0f4a5f4c8556aa06b55f

SHA1
4bd67d7c0ac99b40d01095a87ac5a775f6397d6d

SHA256
8aa1938fe44f10e1471efe638a6692639a1a810cfcbecebc3ae54eaf60e3e0c7

SHA512
0e97fe38de07d801ad0221b940ff1c387f37e6f05171ecd425c8ac0d82d3b48c871d58d86c449063f1252963ab817292ff918c9cfac095a91e24f4569d3d4875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
eba0b7cef84b525526d2e141638fc5d5

SHA1
cd8049325da8ac15b8c0140d840d9e7c331a0ff5

SHA256
f768de2f3284e46601ab362b2908097a828fe548b3ad30c9d6e6768ffcc3afd7

SHA512
66ee3b164344e1fd185c035ea76719d4844cb4c520a36ec1a7bb2943c4a858d3a8a40221882c9ac9174e5e6672141498253a598e57706c0cbab771e6799bfb53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
5f820f92084f9c62ea86dfb9a5e5e41f

SHA1
7e64596dedfb679730e275b5efe17c75821693c5

SHA256
54c5f988f35fa8a8a8612287dcef67e85ace4327283073cc6ec561161e9cea72

SHA512
62f3c9dc022455c21d4c8416bbddee29aeea86d1b11a27b14b8e9072e6162aea1581606c037a0383eaf64e3e74f42eaede1c13ede6a46c437542b43e4c8357aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
fc115ecf2f4a4e964d23e570a87b7236

SHA1
0ae65c48dcd905290f0af6ca43ab70d0f6a1a490

SHA256
84672a2cb61273be14c0cfa8be21827230cd98699c947d9129bbb1bf6fec5a25

SHA512
e840360ad2ebd7de71472a44d96cb52ab6c5c8167353a9c2e0330e74b4352ad20dbb9cab6ed89c518f0e18dda51ffb992a639bc5e753c5a6c608aec6fb73b443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3942260f1c8980beaca184c832e6d2b9

SHA1
e054f637fed3bdc519e8c8ccec56ed50517bd069

SHA256
8c4a4e71fdfb9a39b63d5238286f7728e50f3a9d846ac3ca7042859068e56b52

SHA512
a24aeeac57362fb62f23d57081df6b9df7cbd0d7ebd22d88d610c6a50ce57ab7216e88a3d614f876982683c7832c4aef05555a23d352f331a475fb6e38b353d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
eb54b235790fd25bada435f6651d6113

SHA1
57967a97d5dde6d8c82572a67030673e498f20dc

SHA256
101d61d588a9b3803d4834f4eca24769a2b41ef8dd4ae4bb4990c9845df15e3c

SHA512
e4349777989cd4e40d1a176bbb77da7b21029abf974e4d4aac1505a6e5670a948df78ccb300d01336ca4035def145a558cc197d0b22b0810a9d86402cb69500b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
deb0dd4ceeab5e6b0338e77c82231d5f

SHA1
8d71fe2535e4835e1a8cc1729eedd2f1e90f4ee2

SHA256
917acd61f9217be7bd168eff62e016d31d18e5a5f7935df5367a77132790904c

SHA512
b630af013de250865eb5983f365473b3fc101e310646531f52985fb5d3c5eb3c789c7d4d50af05615a11ed6a460bf66a7ae19dcd010f31d7e4e9eae5fea8c98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58267e.TMP
Filesize
871B

MD5
17390c1f5040c6400c2bbf65f0d4bf14

SHA1
c3531d6a267a007d452995efd050076850ee2de4

SHA256
f8053c9ff4f77ae386f8b831e3e1e631b3c5bdeff4c3ff2b3d758d404f479a16

SHA512
3af2f4432668a9de901a6c7f3b9f7bd2c1d476d7696776539a9a3877fa158e39b0f0b9eee2ccf0830998bb33f93acb8a03f45972073796bd4cff94e567142a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b2b0826352faf52acb48d22a0edeebd0

SHA1
0d7ee7870909c26e76252df218179fba048d31cd

SHA256
e09f4391e206682b350cb4e9ae45409ef7df190197c38d400a584dba88b6cbb3

SHA512
a99f2cca4b3ce2b426c78300fe096e56d227b04dfee7266b944adbec551310f49f62623b46e820c8cf864506e2d9a60813a5102d54ebae97bdb2ef9d0ca5e5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
8096c17b8100d5e744a1b7a22daf1608

SHA1
50a7a5be7eaebb13a97781c7dc5bbfb3d19550a8

SHA256
5947746a067c42edce237a1e1211869241e1b4c4afa12fd446c9a469c19766e0

SHA512
51a004570611ccf310cf3250ab426dfee6b7338d5b32a300240c21ccd47a77ce1ba02a7c153e82a904abe96b323f2a5567fe5b37e0c8d1dcffe47ea258547d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\DriversCloud\mcfile.tmp
Filesize
4KB

MD5
5bca04b10bcb2f1bb521a92c224a40de

SHA1
9b45606e8c1af065656a14e6b725e4d5d3ce0c03

SHA256
32eb5631bb405198828ea06998e4a7d84067f94faa65e97f6d21a0a1bd36fab9

SHA512
aeca14b056d5a663413f352254531dc45de9320da89772a73ed6d733c6e1d2bd6cd6ed29e67bdd7cbd0476f385e49d1cc849054c9910af6605b19e29b3708a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\mcsetup.exe
Filesize
12.8MB

MD5
ad03daf6c8eacc9d04ad21523eb48c90

SHA1
93240895f26cf99910100e53d53e2d30dde6c54b

SHA256
2bdd08118f293eb41d06d363806eb04ec64266e2898519d1d9e4fd91a5c2a3f9

SHA512
96e097b25602c83f1ab51abf55cf59465db5d2a0de93c6a9fe214f128126725f4096d7913f8006bd63fe0ee12e78a7d3bf5ec17144d6ea914c3f706a3248910a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\mcsetup.exe
Filesize
12.8MB

MD5
ad03daf6c8eacc9d04ad21523eb48c90

SHA1
93240895f26cf99910100e53d53e2d30dde6c54b

SHA256
2bdd08118f293eb41d06d363806eb04ec64266e2898519d1d9e4fd91a5c2a3f9

SHA512
96e097b25602c83f1ab51abf55cf59465db5d2a0de93c6a9fe214f128126725f4096d7913f8006bd63fe0ee12e78a7d3bf5ec17144d6ea914c3f706a3248910a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIDA68.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIDA68.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE024.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE024.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE15D.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE15D.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE15D.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE20A.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE20A.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE288.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE288.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE47D.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE47D.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE51A.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIE51A.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll
Filesize
6KB

MD5
989672c2df6ab3bba092d5cb796c45e0

SHA1
97f043740bbc7bd79dabf3e314b3aee0213fe89a

SHA256
23e71ac3e977eb1ab8d365e8a66776d002dd81afb492a8b41120f48bbe0f1c3d

SHA512
801d6d1e867fe1ebe45d433d759c5e6e7dd27e81cca027c2e92c33be25e513155c10a02a5d21ef35e11ca1f3f3c9f92345bc5c205a44d5c70f36788d813311bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll
Filesize
6KB

MD5
989672c2df6ab3bba092d5cb796c45e0

SHA1
97f043740bbc7bd79dabf3e314b3aee0213fe89a

SHA256
23e71ac3e977eb1ab8d365e8a66776d002dd81afb492a8b41120f48bbe0f1c3d

SHA512
801d6d1e867fe1ebe45d433d759c5e6e7dd27e81cca027c2e92c33be25e513155c10a02a5d21ef35e11ca1f3f3c9f92345bc5c205a44d5c70f36788d813311bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll
Filesize
6KB

MD5
989672c2df6ab3bba092d5cb796c45e0

SHA1
97f043740bbc7bd79dabf3e314b3aee0213fe89a

SHA256
23e71ac3e977eb1ab8d365e8a66776d002dd81afb492a8b41120f48bbe0f1c3d

SHA512
801d6d1e867fe1ebe45d433d759c5e6e7dd27e81cca027c2e92c33be25e513155c10a02a5d21ef35e11ca1f3f3c9f92345bc5c205a44d5c70f36788d813311bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\GetVersion.dll
Filesize
6KB

MD5
989672c2df6ab3bba092d5cb796c45e0

SHA1
97f043740bbc7bd79dabf3e314b3aee0213fe89a

SHA256
23e71ac3e977eb1ab8d365e8a66776d002dd81afb492a8b41120f48bbe0f1c3d

SHA512
801d6d1e867fe1ebe45d433d759c5e6e7dd27e81cca027c2e92c33be25e513155c10a02a5d21ef35e11ca1f3f3c9f92345bc5c205a44d5c70f36788d813311bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\INetC.dll
Filesize
38KB

MD5
69475bb1753f1fe8daa310104c4d8a8b

SHA1
e8e6a4e7bd8a7b4005c9ab9788d65fef8b59f3f0

SHA256
8dbeed8eabb2cd7f390eb57d5c7927e8f6dc32bf7d2b8464fc80420fff9eb5f2

SHA512
3dfcececcd3510a668814e58db2bdc46fdfff53c30a259d53d162a6b8e03b9a798647c94b1de3c6cf9b019c0bb46acf7133a34d7b31a8197fbc1d6dadfcc86e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\INetC.dll
Filesize
38KB

MD5
69475bb1753f1fe8daa310104c4d8a8b

SHA1
e8e6a4e7bd8a7b4005c9ab9788d65fef8b59f3f0

SHA256
8dbeed8eabb2cd7f390eb57d5c7927e8f6dc32bf7d2b8464fc80420fff9eb5f2

SHA512
3dfcececcd3510a668814e58db2bdc46fdfff53c30a259d53d162a6b8e03b9a798647c94b1de3c6cf9b019c0bb46acf7133a34d7b31a8197fbc1d6dadfcc86e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\INetC.dll
Filesize
38KB

MD5
69475bb1753f1fe8daa310104c4d8a8b

SHA1
e8e6a4e7bd8a7b4005c9ab9788d65fef8b59f3f0

SHA256
8dbeed8eabb2cd7f390eb57d5c7927e8f6dc32bf7d2b8464fc80420fff9eb5f2

SHA512
3dfcececcd3510a668814e58db2bdc46fdfff53c30a259d53d162a6b8e03b9a798647c94b1de3c6cf9b019c0bb46acf7133a34d7b31a8197fbc1d6dadfcc86e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\System.dll
Filesize
12KB

MD5
564bb0373067e1785cba7e4c24aab4bf

SHA1
7c9416a01d821b10b2eef97b80899d24014d6fc1

SHA256
7a9ddee34562cd3703f1502b5c70e99cd5bba15de2b6845a3555033d7f6cb2a5

SHA512
22c61a323cb9293d7ec5c7e7e60674d0e2f7b29d55be25eb3c128ea2cd7440a1400cee17c43896b996278007c0d247f331a9b8964e3a40a0eb1404a9596c4472

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\nsDialogs.dll
Filesize
9KB

MD5
48f3e7860e1de2b4e63ec744a5e9582a

SHA1
420c64d802a637c75a53efc8f748e1aede3d6dc6

SHA256
6bf9cccd8a600f4d442efe201e8c07b49605ba35f49a4b3ab22fa2641748e156

SHA512
28716ddea580eeb23d93d1ff6ea0cf79a725e13c8f8a17ec9dfacb1fe29c7981ad84c03aed05663adc52365d63d19ec2f366762d1c685e3a9d93037570c3c583

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\xml.dll
Filesize
649KB

MD5
c4bcabd1e9bf222e55f82c1e2c2f4c05

SHA1
b119ac57235a70c9469313fb4076beeb469d6da3

SHA256
9cc980e775846b9ad69da8adbca8de09d11e5d55e581e0388b53fe22b81fef9d

SHA512
5a77000e6f08af4cddd5f3b7167fbedcbb0f47e75466854bf0b8fd839c17b5423928321cce79b6369dc07afa38c586046833718431ef7056ed5e7fe6c5c9a3ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsrA55F.tmp\xml.dll
Filesize
649KB

MD5
c4bcabd1e9bf222e55f82c1e2c2f4c05

SHA1
b119ac57235a70c9469313fb4076beeb469d6da3

SHA256
9cc980e775846b9ad69da8adbca8de09d11e5d55e581e0388b53fe22b81fef9d

SHA512
5a77000e6f08af4cddd5f3b7167fbedcbb0f47e75466854bf0b8fd839c17b5423928321cce79b6369dc07afa38c586046833718431ef7056ed5e7fe6c5c9a3ac

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CPUID\cpuidsdk64.dll
Filesize
2.3MB

MD5
404c34c87ed378da73fb24a3f1eb6011

SHA1
5bc1870ebd554f8844614a9b8178dedf94ed960e

SHA256
2a657f136cd542c8bc00b373027b8165e5e719201f7ebb0cf1624fce5872a325

SHA512
f0a07aa9b733ad64375fd5586183c3ce3278118b03ee60ab4870d16ee1c247fce03fb9753c612a33e4f45ffb9873d15edb337d25d71d54c568bd995bb95a34a6

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\Langues\LangueMC.ar.resx
Filesize
45KB

MD5
ff7ad8ec9e3c0fce97a19a44a25372f6

SHA1
1ad38030cbb4c9e186e32fe0b5fd6eb17ba236c4

SHA256
e3098f5d3353ace167a5a14c5897f0dff2c1c1ceaaa6319e61dc69488247137c

SHA512
181656429aff8dc1c1096b168cbbbdf433e37329c9de9625e6a027ac152940eb333e21d475683e99904d3961f835ecb162296c88261452511c397cf540dc0f8d

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\Langues\LangueMC.de.resx
Filesize
41KB

MD5
8165e3bd97f62361dee7be9c9c5542ff

SHA1
456190b56b7f95d4837784d6259ada7a3f32fba4

SHA256
458bd08b72e1984eb0f938c29707ae6bd60e7f0ebac6821cefa8241e730a470e

SHA512
97e18b6e35d37c76ae462bd1a71d8f6633fd4d37fea1e6430e7a4e2e1677f9f34cfcce6d798613891af309dbf5c6210af10e58671f1b42e11bbcc99ca3327422

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\Langues\LangueMC.en.resx
Filesize
40KB

MD5
2b674184722e5c91137de6340c4a6708

SHA1
672cc3e810bc828fd5ef0940724ca1c18a9b42c7

SHA256
f9747b19ab597328981cb4bb0cb050ba2eb72c42a45d3cfe394880208b0dbcba

SHA512
4cfa646dfc4e74c833ad6df70a48ee51859345c762825d9b3c26d3d5f31bbdabac0844a04ef7f95317022c0a8e340eadc1b83da09bf42475b74028359eca009d

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\Langues\LangueMC.es.resx
Filesize
41KB

MD5
a27be78800ca7e6952accb51126d527d

SHA1
7d0c8de4eca3add328bb9d0793267bd412f10d14

SHA256
f068df81e3761862e1ad859546227c054a98aeffc8d6d802e32dc7265726f27e

SHA512
d3dd0d4cc8833815da9d6eead964db8d8c8ffc46f9bea2441d9855e2ac86a9ce6de0c441fed0fe943bdc98c539ec07dc96136e4b1902769b9feb9c6e98dbd639

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\Langues\LangueMC.fr.resx
Filesize
41KB

MD5
49426b94d278073dfee73985de577543

SHA1
6fc38434b77fcd1b0962788d88ea0c00ccb66107

SHA256
27db0b4fef539a25e8ce1d9581ec6135be4a07519249cccad0b2623dd1a20735

SHA512
ccedb866dd3c39a6d3088656642afac33397b8b6026c9172fb7e167c46101477a0278ffa8016e3c60ff834af3ec41a8f8cb6d1d5de38f5bb34114f57ab8c7285

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\Langues\LangueMC.pt.resx
Filesize
41KB

MD5
70aba13f9234fb28b1a5421198d74611

SHA1
de80eeaa28f933a5337dc2687145731ad31e0d90

SHA256
a54003fba09460d0f720c6422528ffd6830b1d5d39c73bfaa34b08f91631ce80

SHA512
5fafd48d2075dd608c816ad7cb887b4760a6eaff147e5726666648873f4258fe076bebb88829981257e774d5d76e976922892a2ca79ad284b10dd0c62da3f913

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\Langues\LangueMC.pt.resx
Filesize
41KB

MD5
70aba13f9234fb28b1a5421198d74611

SHA1
de80eeaa28f933a5337dc2687145731ad31e0d90

SHA256
a54003fba09460d0f720c6422528ffd6830b1d5d39c73bfaa34b08f91631ce80

SHA512
5fafd48d2075dd608c816ad7cb887b4760a6eaff147e5726666648873f4258fe076bebb88829981257e774d5d76e976922892a2ca79ad284b10dd0c62da3f913

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\Langues\LangueMC.ru.resx
Filesize
46KB

MD5
500c0bdb4455f0266b83594632a78e81

SHA1
56d18fe0c23d66d1c7a71753272dd475e305d758

SHA256
4554ea05697b4e64614682f7d506bcd7646abf9526cb46a934cf18546aa6e138

SHA512
2327c2e15bbe6a4ee8caa0ef6c3a72c50ca96f33ab20b9aef3ffc2e56ed7cfa7d88081e5e4e5cbee30e4dffa42628f8e08b637c669b379c2386edb1fdfff61e8

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\driverscloud.xrc
Filesize
59KB

MD5
dc78f66261488e35c5ae0525b2aaab43

SHA1
57dbb3603956351194b2981efe48f650fb5c7bd2

SHA256
799fbafdb4d2d58e0d8f999ece2015d10e3056ed0fd86f4f0df2ab23f2516cdb

SHA512
fb927703e07c116af2497fb1b0847f0510f9852e83c70a44642decebf49e8cfec0672fbaaeb6556d6c77eb4a9c88a88c036687a3ac5e1d628e0710ee860bae89

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\filtres.xml
Filesize
53KB

MD5
ee25327ad88b354e9d1350c9a3276f85

SHA1
d418584c2bb8702ef9f0fc256b91cb5dc57f66e7

SHA256
a760fb31c8df6ec7a71ff7689534ba56470b75b7be4adebcc64a64e21feabd31

SHA512
7fbee7a829f8a8652db767059e9c52aff652ada0746d3b08303bda714242a551aa1e9f8314aaee0ff8b4594f07d033f00d51c148ec13571757bc6e53b4fc5406

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\CommonAppDataFolder\driverscloud.com\mcbase.db
Filesize
1.9MB

MD5
e1357b4dc9e749cc3ef5d6b266df150a

SHA1
34dbc5f8fa2b2971e59a46cbb3c0fe6a2b2ebdce

SHA256
330c82464e8790e6f7380612000b6af909807c02ef61ddace0ad237d35a1859c

SHA512
2c1a7bb3387ce06a8bd9720499b113155d67154e43651927ef67bf464b96b8d25ed6e039d10562910cfd11a1a84ebfcc87402b79b9d8bc2d87f6a5f628a35c60

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\DCCrypt.dll
Filesize
939KB

MD5
c8e1aab5fafa03387571f379a8d23ad2

SHA1
d7ee29231915b9150848e351e2fc9fa5d4ec732b

SHA256
6da69cfdb7d6f5b4db1b0bbc2e70bd110ce72143e7303bde8964d71ad956d968

SHA512
710b7255b534df26abb111925c4bc767a51c20ff09f52278d54ada5148811bbc70c5c4d696bd653283abf04e7170a36012c410b9579bb81e51cf8bdd57f28b5c

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\DCEngine.dll
Filesize
6.8MB

MD5
2c242659d3bf0d0c665196d4657aaf79

SHA1
7fdd04a54dff5289b9307911a312e462df7a7de5

SHA256
486ec160b662b7a2dd23937bc5951d18f4ca99c5335dbe69a95a252f5b376db0

SHA512
3c7778c76bae897188c6f0c4c7e722246593e11a4b1461825e094b80f1abbaa4e10ae20f8b4b451bff9c20ef10e6dab933022d98ac1218697359e202539f124b

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\DriversCloud.exe
Filesize
9.5MB

MD5
ec8d47904ab6d132b8b0cbc24009af94

SHA1
8a137b54a1d3f17ac510acaa51e07693bb5e2aae

SHA256
83a807602bd74794077e5f93b438dcb33a64f030b0319d4ced209d64ee8869da

SHA512
0792664b331edd3fe6bb80b2597329a2299544790e3d1bda74fd79cedea232a4529006d1030fecc775ee6f0d3a061da8cbc66e7e7dac858270cac2f588536a36

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\DriversCloud.html
Filesize
124B

MD5
c4195c2e8d1149ed7461c38ed7fe93ae

SHA1
affca473a15750ba79aff61d536e6ff9004be65b

SHA256
1135588113e1b39092094456f73cd56eea17e484ffdb1cfbdf7deda3b55253f7

SHA512
2660fba24ff7b4208e6e839ab0e7586e5ab316330a67deca95e4ad683a443e2c79786852e87cdd0dcf644bb0628fd7d7c6d2a44059113cb5c10d0cfa3a049715

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\Drivers\DriversCloud.inf
Filesize
2KB

MD5
a11569fb0ba98d573fbbc218f257034d

SHA1
1255be98bc3dc43d6666effb1dfcdc8616ae92a7

SHA256
b122c56aae7f7f5496fd008d710f85f58173f7c8489b5b392d33981c0f90e904

SHA512
05a122e1f24ba65f9ed3a788a38f8ff5eea6b620960228ff5c5ec787887d41e5f0303d184c5ca27a4df5a4ca6e5e3888c5a55103182eb70a56816b6347d88bba

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\Drivers\DriversCloud_amd64.sys
Filesize
24KB

MD5
49d1002443655bc63b8d49fef0b584fd

SHA1
6397f7a838b541614a03379787033be9285053cb

SHA256
2bc72d11fa0beda25dc1dbc372967db49bd3c3a3903913f0877bff6792724dfe

SHA512
cea3ab025071b116d643ac07c7a48f4e2d371287f7fdfd914d24c0c7a470ed37eda73f57c9d6853bb8be21e3bea4cabb95b48796fc0840e0dda8a3997aaf48c2

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\Drivers\DriversCloud_x86.sys
Filesize
24KB

MD5
b57b4187e1f64aa520da6add9c1cabb6

SHA1
6f3a9d4ee3da566279009199460ba96b13997034

SHA256
dce449f7b0cf438ca0cc25f41a9db97efffe5d9476338d66c6242f3d516f095e

SHA512
14867db6f6a54c7f0ab15eb340f6b8f310615610c7aa89e11a55c089304383bdea1d04e89a262e04960bd399ede18f1a35aeb08a69f5cddd068ebebca571a8b3

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\Drivers\driverscloud_amd64.cat
Filesize
10KB

MD5
1bba3fa7f56bee5e4fa89c3e36391748

SHA1
01dc07dd758d2744160095e64a631c35af6ce32c

SHA256
1a906710bd6b9ac6fe17d1d8e3b4582ca357729a5c3dc3d0cddf9e057b0c794c

SHA512
d335c4e3657f3c1ce61dc84a5411ab2ec58c39d505c64eea101b83ee6d5d9cc2759c7ec0640bee9b5ed6f9013459049144063c2d7c4d8ef879f2c81aa89ae071

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\Drivers\driverscloud_x86.cat
Filesize
10KB

MD5
f20da65fca1bf0d827993b1c02cc4be7

SHA1
786ae01ccae7f37a8818827d466aa90c695de1bb

SHA256
dcd5d780ab3a785f1548e60a54583e16dcf269c87089ece2cca1730b42e6eac9

SHA512
9ce88737ea258436ac44273577e5b35557da59b4981db9aa1dd8cd44f3e0e681633bd2a46cf953852494d394ecd10c0e270bb8bd0ea861886d9e22f0f35f0ae8

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\FontsFolder\RobotoCondensed.ttc
Filesize
366KB

MD5
f7c7799ba2c8f90465157a3a3d1278dc

SHA1
2f96c5e1fbbb3266df92d72fa2ceadfae1fbb4f5

SHA256
4e22adb0a8aa5b2402d9debb851154cca91bb33ac5a4e0fe3dbdec5f297f2d2d

SHA512
dccf45c1cee0d7f636691b6eaed753e05f60d6fecc05294c0c5011b832641bdaa688a7273345f069f183e4af29002ec931bcdc30260922819023675510a1f112

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\maconfsetup.msi
Filesize
3.5MB

MD5
416206483374cbc8c0b39ce3fdcef5a1

SHA1
fdcf14fa354f5d31cde8ed71227ca5efce9a2023

SHA256
c55bb14c0c57d6bca11f646636180d8f87a6dcd2457a94f1175a8dca0b611891

SHA512
dfe9b3b0d3d8bd55a14a45711f502643004bd6c4e35ff8dac495155fd3724fd9c059c52a44c0f3f5776942a8f39cd2615b5fb5f1b1f3be25216475ad5ecf0465

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\maconfsetup.msi
Filesize
3.5MB

MD5
416206483374cbc8c0b39ce3fdcef5a1

SHA1
fdcf14fa354f5d31cde8ed71227ca5efce9a2023

SHA256
c55bb14c0c57d6bca11f646636180d8f87a6dcd2457a94f1175a8dca0b611891

SHA512
dfe9b3b0d3d8bd55a14a45711f502643004bd6c4e35ff8dac495155fd3724fd9c059c52a44c0f3f5776942a8f39cd2615b5fb5f1b1f3be25216475ad5ecf0465

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\D02AE61\sqlite3x64.dll
Filesize
3.2MB

MD5
330434c67a397a77c43925e9ac63a431

SHA1
7d5d5726cf375ec607b440b01291f6ae521829d4

SHA256
9b59d57b677c35d1f86883470979e3a97ab9b5649da6e835b0893bae7b9894de

SHA512
9493b77ed1aba625b090ddc0136c3f8bf5d4058bae05dc126961ddecc1b3a569df98b9dc160e733adc36bccacd79354a3e1e3fb3c27474b8a3121e845a8db663

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\decoder.dll
Filesize
205KB

MD5
a5ffdcf45d3d123139c49017b22f444e

SHA1
7b3d3d293f9a34570fc91500a6580496147c7658

SHA256
8f49245444b02bf0e103c5a5850a0b2fb1f2880c917261d146e3b8bc3c166e40

SHA512
5ff195a70825efced761aceeec5a6f0d0e18c1a4074482f584efabef7166c957c728d71d6185e3487a1405c608d820efa4e07c584d60a8d51625e5d8a9a89397

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\decoder.dll
Filesize
205KB

MD5
a5ffdcf45d3d123139c49017b22f444e

SHA1
7b3d3d293f9a34570fc91500a6580496147c7658

SHA256
8f49245444b02bf0e103c5a5850a0b2fb1f2880c917261d146e3b8bc3c166e40

SHA512
5ff195a70825efced761aceeec5a6f0d0e18c1a4074482f584efabef7166c957c728d71d6185e3487a1405c608d820efa4e07c584d60a8d51625e5d8a9a89397

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\decoder.dll
Filesize
205KB

MD5
a5ffdcf45d3d123139c49017b22f444e

SHA1
7b3d3d293f9a34570fc91500a6580496147c7658

SHA256
8f49245444b02bf0e103c5a5850a0b2fb1f2880c917261d146e3b8bc3c166e40

SHA512
5ff195a70825efced761aceeec5a6f0d0e18c1a4074482f584efabef7166c957c728d71d6185e3487a1405c608d820efa4e07c584d60a8d51625e5d8a9a89397

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 11.2.8.0\install\decoder.dll
Filesize
205KB

MD5
a5ffdcf45d3d123139c49017b22f444e

SHA1
7b3d3d293f9a34570fc91500a6580496147c7658

SHA256
8f49245444b02bf0e103c5a5850a0b2fb1f2880c917261d146e3b8bc3c166e40

SHA512
5ff195a70825efced761aceeec5a6f0d0e18c1a4074482f584efabef7166c957c728d71d6185e3487a1405c608d820efa4e07c584d60a8d51625e5d8a9a89397

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
722d53dc2478fde663b25535f5886cb7

SHA1
1f080b95e5e9fe0203b0ea1c5e72459f3ea9770c

SHA256
2821c06255b4b1f1d64437e4554a3c1ed861c35a407349f410c1e94d911980ac

SHA512
70b585d95e99b47f02707057cd47e5f412c395b37653b23faab23182efa42bb55eed0938bfa38cd247467c2ba3c7651647af2697724f4e64a2130c94fadea12a

Download Submit
C:\Windows\Installer\MSI5FB4.tmp
Filesize
973KB

MD5
54349cb8890c133ae2085e0fb1e2bc53

SHA1
b3aa32e75ecf849677e3f705de205d7d7ccb0553

SHA256
6e71ae7e8e54c9879039cefaed406d9522a48eb90c0d9b5d02e855d9368579f1

SHA512
e864e29e097cca608bbc95c86f91f3a6eab13b99d021f51483ebce0b9fdf725e78483173e141e8d0667b2435b8ce0f24a69913b89bd05ffb325f7df10c442c7d

Download Submit
C:\Windows\Installer\MSI5FB4.tmp
Filesize
973KB

MD5
54349cb8890c133ae2085e0fb1e2bc53

SHA1
b3aa32e75ecf849677e3f705de205d7d7ccb0553

SHA256
6e71ae7e8e54c9879039cefaed406d9522a48eb90c0d9b5d02e855d9368579f1

SHA512
e864e29e097cca608bbc95c86f91f3a6eab13b99d021f51483ebce0b9fdf725e78483173e141e8d0667b2435b8ce0f24a69913b89bd05ffb325f7df10c442c7d

Download Submit
C:\Windows\Installer\MSI60AF.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Windows\Installer\MSI60AF.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Windows\Installer\MSI61E8.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Windows\Installer\MSI61E8.tmp
Filesize
442KB

MD5
fbc6ccca9154d017d647938190e4ad8d

SHA1
e753f1511f27427616e98762ba2f45d67c3d90d4

SHA256
d0c9f193d5fb108035c24cd16495d8471295c8ae4a507cc939dcd3c31ed70836

SHA512
d72a7b6be718e09b0b6b2a6c32888fb29bbe34d34d1965cce017162224db20d4badaae507244e16e7a72b84a15139fc9cb6ea703925666906f73420684e0d49d

Download Submit
C:\Windows\Installer\MSI6370.tmp
Filesize
597KB

MD5
0c6bf1c874893dcc42f172bbf42ecfbf

SHA1
72b34f84b5394945d57838d9336dca9a96f7746c

SHA256
b688bdc73468311174dfd678a13d3b3533606f5c54eecde5d3b0d3e436e9c6ef

SHA512
2cf7c9484ad7c8843f4083f2caeca761702933029f497d2d58ca1711c755691b4a6829087c5c389e9fa3497a4c34e6efa48b7589f4eec09924e01df8546a8480

Download Submit
C:\Windows\Installer\MSI6370.tmp
Filesize
597KB

MD5
0c6bf1c874893dcc42f172bbf42ecfbf

SHA1
72b34f84b5394945d57838d9336dca9a96f7746c

SHA256
b688bdc73468311174dfd678a13d3b3533606f5c54eecde5d3b0d3e436e9c6ef

SHA512
2cf7c9484ad7c8843f4083f2caeca761702933029f497d2d58ca1711c755691b4a6829087c5c389e9fa3497a4c34e6efa48b7589f4eec09924e01df8546a8480

Download Submit
memory/2952-254-0x0000000073EE0000-0x0000000073EEB000-memory.dmp

Filesize
44KB

Download
memory/2952-255-0x0000000073EE0000-0x0000000073EEB000-memory.dmp

Filesize
44KB

Download
memory/2952-179-0x0000000073EE0000-0x0000000073EEB000-memory.dmp

Filesize
44KB

Download
memory/2952-178-0x0000000073EE0000-0x0000000073EEB000-memory.dmp

Filesize
44KB

Download
memory/2952-177-0x0000000073EE0000-0x0000000073EEB000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads