Overview

overview

8

Static

static

1

e29412d1cb...97.dll

windows7-x64

8

e29412d1cb...97.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    59s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01/04/2023, 19:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e29412d1cb7924766bc5ade31eadde6f157f30f9b6174aad217400c4b45ce197.dll

  • Size

    3.4MB

  • MD5

    69a01415c4b3b990933b47351380127c

  • SHA1

    7a9051b8be45853594a6952a43798f6a7702a8c3

  • SHA256

    e29412d1cb7924766bc5ade31eadde6f157f30f9b6174aad217400c4b45ce197

  • SHA512

    368ca8a1f28a70e460df9686385d0ca7453183406e3467376759bb8f85b57f2adb1e5f6b9fb4b0da48f3f9dd44df0629eabc2f8a2b509a6de4a50769a2b07a04

  • SSDEEP

    24576:+V76pHUQnEXcfsfzHh/esoSPkzEcUwT6uSms+jgNb0JxGrurooa+AwhhfO8EPPPs:+V7mCV7jW228PPagxnGBluChwQpzIKX

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 6 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 43 IoCs
  • Drops file in Windows directory 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e29412d1cb7924766bc5ade31eadde6f157f30f9b6174aad217400c4b45ce197.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e29412d1cb7924766bc5ade31eadde6f157f30f9b6174aad217400c4b45ce197.dll,#1
      2⤵
      • Sets service image path in registry
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2004
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\Driver_Setup.bat" "
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:576
        • C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\devcon.exe
          devcon install VmtkmHid_0.inf "{8FBC4165-480D-4230-B1DF-7B86F3E5A3CC}\HID_DEVICE"
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          PID:1044
        • C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\devcon.exe
          devcon update VmtkmMouFiltr_0.inf "HID\Vid_1bcf&Pid_05e3&Col02"
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          • Drops file in Windows directory
          PID:1632
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{564038f8-c0dd-746c-4696-556a170db466}\vmtkmhid_0.inf" "9" "6f780c9bb" "000000000000058C" "WinSta0\Default" "00000000000002B4" "208" "c:\users\admin\appdata\local\temp\filedef20160419\x64"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:1604
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "2" "211" "ROOT\HIDCLASS\0000" "C:\Windows\INF\oem2.inf" "vmtkmhid_0.inf:Vendor.NTamd64:VHidMini.Inst:1.0.0.1:{8fbc4165-480d-4230-b1df-7b86f3e5a3cc}\hid_device" "6f780c9bb" "000000000000058C" "00000000000005BC" "00000000000005B8"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    PID:1996
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{1289b5e9-0bfa-087c-1d7e-4e6a9f0f6478}\vmtkmmoufiltr_0.inf" "9" "658dbf7d3" "00000000000005F4" "WinSta0\Default" "00000000000005E4" "208" "c:\users\admin\appdata\local\temp\filedef20160419\x64"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    PID:1764
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "HID\Vid_1bcf&Pid_05e3&Col01\1&2d595ca7&0&0000" "" "" "653a8043f" "0000000000000000" "0000000000000614" "000000000000061C"
    1⤵
    • Drops file in Windows directory
    PID:1528
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "HID\Vid_1bcf&Pid_05e3&Col04\1&2d595ca7&0&0003" "" "" "69a97a5bb" "0000000000000000" "00000000000005B0" "00000000000005F0"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    PID:1608
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "HID\Vid_1bcf&Pid_05e3&Col03\1&2d595ca7&0&0002" "" "" "6d847c53b" "0000000000000000" "0000000000000600" "0000000000000608"
    1⤵
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    PID:1728
  • C:\Windows\system32\DrvInst.exe
    DrvInst.exe "1" "200" "HID\Vid_1bcf&Pid_05e3&Col02\1&2d595ca7&0&0001" "" "" "615f7e4bf" "0000000000000000" "0000000000000628" "0000000000000630"
    1⤵
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    PID:1128
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\newdev.dll,pDiDeviceInstallNotification \\.\pipe\PNP_Device_Install_Pipe_1.{aa1e7b86-717f-42d3-bc05-c1a06a49bd05} "(null)"
    1⤵
      PID:1720
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "HID\Vid_1bcf&Pid_05e3&Col05\1&2d595ca7&0&0004" "" "" "65ce78637" "0000000000000000" "0000000000000684" "0000000000000680"
      1⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:1428
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "HID\Vid_1bcf&Pid_05e3&Col06\1&2d595ca7&0&0005" "" "" "61f3766b7" "0000000000000000" "0000000000000614" "0000000000000684"
      1⤵
      • Drops file in Windows directory
      PID:1596
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "1" "200" "HID\Vid_1bcf&Pid_05e3&Col07\1&2d595ca7&0&0006" "" "" "6e1874733" "0000000000000000" "000000000000061C" "0000000000000688"
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:432
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "2" "211" "HID\VID_1BCF&PID_05E3&COL02\1&2D595CA7&0&0001" "C:\Windows\INF\oem3.inf" "vmtkmmoufiltr_0.inf:UASSOFT.NTamd64:HIDUAS_Inst:1.0.0.0:hid\vid_1bcf&pid_05e3&col02" "658dbf7d3" "00000000000005F4" "0000000000000628" "0000000000000638"
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      PID:660
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
      1⤵
        PID:1764

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\Driver_Setup.bat
        Filesize

        148B

        MD5

        ffb0bbd1166100b72cc3823baa152b2f

        SHA1

        dab9d0aee5ab7f2995feeacdbc6bf7710a372f0f

        SHA256

        f107b57123cb427fce8d635f19e63483819d48876adf9ddc05174af80cce4229

        SHA512

        dabe236a5df5f7d62dc8df9d8c8faf6ef27db96c43caf61d13aba5e9e9f82a5f9aa5e1fa92d239580da7e62356991c6e76f9884c66380f0e53cac68a89658fec

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\Driver_Setup.bat
        Filesize

        148B

        MD5

        ffb0bbd1166100b72cc3823baa152b2f

        SHA1

        dab9d0aee5ab7f2995feeacdbc6bf7710a372f0f

        SHA256

        f107b57123cb427fce8d635f19e63483819d48876adf9ddc05174af80cce4229

        SHA512

        dabe236a5df5f7d62dc8df9d8c8faf6ef27db96c43caf61d13aba5e9e9f82a5f9aa5e1fa92d239580da7e62356991c6e76f9884c66380f0e53cac68a89658fec

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\VmtkmHid_0.inf
        Filesize

        3KB

        MD5

        ac2a7db4b61118498e6d74e302335c2b

        SHA1

        85da16e595b994cd6e3cdcedc2ae2e5068a5640e

        SHA256

        20ba09ccf6d435af296bbe9e84212538094ea064128052d737f6884265de05d0

        SHA512

        25b0ab141032643e7c871066d909b4e331991d55ec602c6b4166ffbab3aa43a1535aae92159ac16d7fb81c5885c3f26518b5b4c2224dd26ac8534f349b2898e0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\devcon.exe
        Filesize

        87KB

        MD5

        41ba1bbdd9284e49701ee94a3f446c33

        SHA1

        6d5bd532a0f9a3bf7005edeb53b4aba2d30a0c99

        SHA256

        c65d9acba88d2c56422ec4aba235b0ae25bb3261bf400cd30efe11de0c4330e4

        SHA512

        dc55452698966b77c157a81eb458984b17e3e3a0d3ff885479f7c823b847eb739a07782f140ced12eac75fdddd7416f923c885a9d8e8b0a10010fc07bef3da45

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\FileDef20160419\x64\devcon.exe
        Filesize

        87KB

        MD5

        41ba1bbdd9284e49701ee94a3f446c33

        SHA1

        6d5bd532a0f9a3bf7005edeb53b4aba2d30a0c99

        SHA256

        c65d9acba88d2c56422ec4aba235b0ae25bb3261bf400cd30efe11de0c4330e4

        SHA512

        dc55452698966b77c157a81eb458984b17e3e3a0d3ff885479f7c823b847eb739a07782f140ced12eac75fdddd7416f923c885a9d8e8b0a10010fc07bef3da45

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{1289B~1\VmtkmMouFiltr_0.sys
        Filesize

        7KB

        MD5

        3eb7619b8440e9a003c4a5a9b8acde33

        SHA1

        5c1d6bbe9ac62e8ce9bb5432b711fdc2e4e3b94f

        SHA256

        784287759ef05e815b2c486f7bc6af5077d1c9c86c4ef921e8b2039634f667a0

        SHA512

        eaa73dd2e6a65dff50b6a1ae1b3c3155e68849c5339c89d543e58b4ac34dbd4173e00d6deaf12b47bfe491cd001f0f3b04634364a4fb0acc73070da10ae7a0f5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{1289b5e9-0bfa-087c-1d7e-4e6a9f0f6478}\VmtkmHid_0.cat
        Filesize

        8KB

        MD5

        69d398d45035ea070ad1d950947b8258

        SHA1

        f389482e8f547f08f6637005cb0312ab1c94a9cb

        SHA256

        f966ccfc34fca47aa0f8de37ea7eba2d89c7db14db408a20ad9cdbc28ddda097

        SHA512

        6186f36982795d116da883769458c74e63a0719a78026f2343e2ba0ff27367d028f72a880e07ca894e8f67aed4f758a41a386bab358cbf18eff51326119d80be

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{1289b5e9-0bfa-087c-1d7e-4e6a9f0f6478}\vmtkmmoufiltr_0.inf
        Filesize

        2KB

        MD5

        c96843464c7474150b481cb5f0075c22

        SHA1

        9fb1a53cbe5c6e9adcb3fd061fc9f292a648a1e5

        SHA256

        006850d8035f5e776c34ceaf90d292b8ff83e9457e5b32e118e6d5b4a755ca40

        SHA512

        303bd7f8e9c04f755eb3e0bce867a16be10dbfccc25e98e4e12fa9d51241bb67e27dcac8c0ec0eebc1a20c043cd3e78e0766b879b3ffb69e00bdfe31f07dc0d4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{1289b5e9-0bfa-087c-1d7e-4e6a9f0f6478}\vmtkmmoufiltr_0.inf
        Filesize

        2KB

        MD5

        c96843464c7474150b481cb5f0075c22

        SHA1

        9fb1a53cbe5c6e9adcb3fd061fc9f292a648a1e5

        SHA256

        006850d8035f5e776c34ceaf90d292b8ff83e9457e5b32e118e6d5b4a755ca40

        SHA512

        303bd7f8e9c04f755eb3e0bce867a16be10dbfccc25e98e4e12fa9d51241bb67e27dcac8c0ec0eebc1a20c043cd3e78e0766b879b3ffb69e00bdfe31f07dc0d4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{564038f8-c0dd-746c-4696-556a170db466}\VmtkmHid_0.cat
        Filesize

        8KB

        MD5

        69d398d45035ea070ad1d950947b8258

        SHA1

        f389482e8f547f08f6637005cb0312ab1c94a9cb

        SHA256

        f966ccfc34fca47aa0f8de37ea7eba2d89c7db14db408a20ad9cdbc28ddda097

        SHA512

        6186f36982795d116da883769458c74e63a0719a78026f2343e2ba0ff27367d028f72a880e07ca894e8f67aed4f758a41a386bab358cbf18eff51326119d80be

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{564038f8-c0dd-746c-4696-556a170db466}\vmtkmhid_0.inf
        Filesize

        3KB

        MD5

        ac2a7db4b61118498e6d74e302335c2b

        SHA1

        85da16e595b994cd6e3cdcedc2ae2e5068a5640e

        SHA256

        20ba09ccf6d435af296bbe9e84212538094ea064128052d737f6884265de05d0

        SHA512

        25b0ab141032643e7c871066d909b4e331991d55ec602c6b4166ffbab3aa43a1535aae92159ac16d7fb81c5885c3f26518b5b4c2224dd26ac8534f349b2898e0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{564038f8-c0dd-746c-4696-556a170db466}\vmtkmhid_0.inf
        Filesize

        3KB

        MD5

        ac2a7db4b61118498e6d74e302335c2b

        SHA1

        85da16e595b994cd6e3cdcedc2ae2e5068a5640e

        SHA256

        20ba09ccf6d435af296bbe9e84212538094ea064128052d737f6884265de05d0

        SHA512

        25b0ab141032643e7c871066d909b4e331991d55ec602c6b4166ffbab3aa43a1535aae92159ac16d7fb81c5885c3f26518b5b4c2224dd26ac8534f349b2898e0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\{56403~1\VmtkmHid_0.sys
        Filesize

        11KB

        MD5

        15be41abe19a4c66d9e94ff5afee1822

        SHA1

        e47dca6ade9843a5ee6d6f100d12bcc06bee5f06

        SHA256

        da484327e2601a56f90d2ad2a040150171548fe8aeac8332c8f27c9ac6054fbb

        SHA512

        dcec2d963cee7c26190686c93cd28b4fa17d4c54ca0cf1e231603dc445a17685f43d4fab5e0d1e6b1e6b2bc8aac5617542068064d9639f150e6e77e2e2709c41

        Download Submit

      • C:\Windows\INF\oem2.inf
        Filesize

        3KB

        MD5

        ac2a7db4b61118498e6d74e302335c2b

        SHA1

        85da16e595b994cd6e3cdcedc2ae2e5068a5640e

        SHA256

        20ba09ccf6d435af296bbe9e84212538094ea064128052d737f6884265de05d0

        SHA512

        25b0ab141032643e7c871066d909b4e331991d55ec602c6b4166ffbab3aa43a1535aae92159ac16d7fb81c5885c3f26518b5b4c2224dd26ac8534f349b2898e0

        Download Submit

      • C:\Windows\INF\oem3.PNF
        Filesize

        8KB

        MD5

        088b0f1739dd120e789c63fdbeca3089

        SHA1

        8a1445a8e2db73fd804dffab3ada1195897b818c

        SHA256

        88a38e41018c52c14021cb31961e01e395c4c37f7849ccaaf15a5a39c6231411

        SHA512

        0d481ff424308d97763ce04284d118d136f0e2f4ca1deff65d05c6e5787610b55d9044e0467118dabeb0e95d27fdc87cf21effe51deee04d771e381ce1bdfc75

        Download Submit

      • C:\Windows\INF\oem3.inf
        Filesize

        2KB

        MD5

        c96843464c7474150b481cb5f0075c22

        SHA1

        9fb1a53cbe5c6e9adcb3fd061fc9f292a648a1e5

        SHA256

        006850d8035f5e776c34ceaf90d292b8ff83e9457e5b32e118e6d5b4a755ca40

        SHA512

        303bd7f8e9c04f755eb3e0bce867a16be10dbfccc25e98e4e12fa9d51241bb67e27dcac8c0ec0eebc1a20c043cd3e78e0766b879b3ffb69e00bdfe31f07dc0d4

        Download Submit

      • C:\Windows\System32\CatRoot2\dberr.txt
        Filesize

        194KB

        MD5

        a49acde7846ac313dc7ec0a67edde7a7

        SHA1

        d826a76a151247234dc581138c8929421fd8e754

        SHA256

        e776f2f02ef58e18f065a7c73d03b7dd8f9841d195a888f01e87fb0e9dbc5faf

        SHA512

        9825f6e37dddb5d314493d3605c9577c52f0180740e55cca88e183c10ba18351bc62518bc0a7f69d2b915fea846549ffc01354c899acd3b74c3b64b8f3413bbd

        Download Submit

      • C:\Windows\System32\DRIVER~1\FILERE~1\VMTKMH~1.INF\VmtkmHid_0.sys
        Filesize

        11KB

        MD5

        15be41abe19a4c66d9e94ff5afee1822

        SHA1

        e47dca6ade9843a5ee6d6f100d12bcc06bee5f06

        SHA256

        da484327e2601a56f90d2ad2a040150171548fe8aeac8332c8f27c9ac6054fbb

        SHA512

        dcec2d963cee7c26190686c93cd28b4fa17d4c54ca0cf1e231603dc445a17685f43d4fab5e0d1e6b1e6b2bc8aac5617542068064d9639f150e6e77e2e2709c41

        Download Submit

      • C:\Windows\System32\DRIVER~1\FILERE~1\VMTKMM~1.INF\VmtkmMouFiltr_0.sys
        Filesize

        7KB

        MD5

        3eb7619b8440e9a003c4a5a9b8acde33

        SHA1

        5c1d6bbe9ac62e8ce9bb5432b711fdc2e4e3b94f

        SHA256

        784287759ef05e815b2c486f7bc6af5077d1c9c86c4ef921e8b2039634f667a0

        SHA512

        eaa73dd2e6a65dff50b6a1ae1b3c3155e68849c5339c89d543e58b4ac34dbd4173e00d6deaf12b47bfe491cd001f0f3b04634364a4fb0acc73070da10ae7a0f5

        Download Submit

      • C:\Windows\System32\DriverStore\FileRepository\hidserv.inf_amd64_neutral_f2223e39f37c69f3\hidserv.PNF
        Filesize

        19KB

        MD5

        1b05c4888466cf3d3b9e85dc60e53cad

        SHA1

        c3e849dc86eab7aa82b60db1bfb64e5da7b7cec4

        SHA256

        bdf0c71bea3f0c4cf9ec782a99ce27684560a7209eb73fbd273deb6407de0ff3

        SHA512

        b5cc36f663465038c815a938b71891ac407f6a5b09a7a8b4902936fac4f32d617ff51ce8840306b0cb5b5c1df1b3a8060b892aa32c7a42c47a03aed0b3c05cd3

        Download Submit

      • C:\Windows\System32\DriverStore\FileRepository\vmtkmhid_0.inf_amd64_neutral_aaf954d05a2c7d7f\VmtkmHid_0.cat
        Filesize

        8KB

        MD5

        69d398d45035ea070ad1d950947b8258

        SHA1

        f389482e8f547f08f6637005cb0312ab1c94a9cb

        SHA256

        f966ccfc34fca47aa0f8de37ea7eba2d89c7db14db408a20ad9cdbc28ddda097

        SHA512

        6186f36982795d116da883769458c74e63a0719a78026f2343e2ba0ff27367d028f72a880e07ca894e8f67aed4f758a41a386bab358cbf18eff51326119d80be

        Download Submit

      • C:\Windows\System32\DriverStore\FileRepository\vmtkmhid_0.inf_amd64_neutral_aaf954d05a2c7d7f\vmtkmhid_0.PNF
        Filesize

        9KB

        MD5

        d3ab4e0106c3232e14ee111757a71f39

        SHA1

        d14290d4743049ef5a8d51f3b10b79f40c381972

        SHA256

        791a93e9f6a8c8a1f9a2c276e9c3624130d6901f36967941a7dfd437c404be3c

        SHA512

        a6f1fec4b079163cdb2e181f2f16cd29d6399ad389de371e9f72490788dcbe774c80f64d0c7dd67d6bac63d0abbb9a22806a3490264ae833404f634d36a67d6f

        Download Submit

      • C:\Windows\System32\DriverStore\FileRepository\vmtkmmoufiltr_0.inf_amd64_neutral_75b639d4ffc4e70a\VmtkmHid_0.cat
        Filesize

        8KB

        MD5

        69d398d45035ea070ad1d950947b8258

        SHA1

        f389482e8f547f08f6637005cb0312ab1c94a9cb

        SHA256

        f966ccfc34fca47aa0f8de37ea7eba2d89c7db14db408a20ad9cdbc28ddda097

        SHA512

        6186f36982795d116da883769458c74e63a0719a78026f2343e2ba0ff27367d028f72a880e07ca894e8f67aed4f758a41a386bab358cbf18eff51326119d80be

        Download Submit

      • C:\Windows\System32\DriverStore\FileRepository\vmtkmmoufiltr_0.inf_amd64_neutral_75b639d4ffc4e70a\vmtkmmoufiltr_0.PNF
        Filesize

        8KB

        MD5

        af5f767bef3305c6beafea20c1d12b16

        SHA1

        43c386c1125d9e92e36674210477078fcf5b15d9

        SHA256

        99e072f87a524df240517f950dbb2b8162166485e92ea504f203300580ca816e

        SHA512

        78bc5441a574fce67c55af4814cde6cfc5a4d8216a151bef34a9148523ff258b9e96bebfdc03e379d42219c28dac130cdad2001f545d06b12b932e16afe02fe0

        Download Submit

      • C:\Windows\System32\DriverStore\INFCACHE.1
        Filesize

        1.4MB

        MD5

        52cec1c693adbea6d136d7d8b6bcbc7a

        SHA1

        5f9d294b3b4ba31b94bf4d842d597eba8eff922e

        SHA256

        da30c83634753ab9f783634851b261322678d4a1842ceed5d461077b495095ab

        SHA512

        7997ca85d1d037985f8221ccb2e612036a0646f535f01c5612e49bc405a1e01e096520ccf1cf3f636bf25d85a9172ef69f80c476c894ade5d9fd162ed82a5918

        Download Submit

      • C:\Windows\System32\DriverStore\INFCACHE.1
        Filesize

        1.4MB

        MD5

        145f5730366cb02767d2619e72680f5d

        SHA1

        1ff4841749d6f4c022574a101c44944d66455e9e

        SHA256

        90db5bf0e0c629b24f7ae4c10f54d2c3f8144e7b2f647b0c971db08e9bb31645

        SHA512

        718af0f701cc14986e2da25073e169b3bbc61e95a893531e81352485605c700ace4d4ced1ef78b7dfce9c23cbc836bb817340697d7a80ae3f2e5089c3497a811

        Download Submit

      • C:\Windows\System32\DriverStore\Temp\{5c5ad93c-9400-7332-6157-ef08b9287f43}\SET3219.tmp
        Filesize

        8KB

        MD5

        69d398d45035ea070ad1d950947b8258

        SHA1

        f389482e8f547f08f6637005cb0312ab1c94a9cb

        SHA256

        f966ccfc34fca47aa0f8de37ea7eba2d89c7db14db408a20ad9cdbc28ddda097

        SHA512

        6186f36982795d116da883769458c74e63a0719a78026f2343e2ba0ff27367d028f72a880e07ca894e8f67aed4f758a41a386bab358cbf18eff51326119d80be

        Download Submit

      • C:\Windows\System32\DriverStore\Temp\{5c5ad93c-9400-7332-6157-ef08b9287f43}\SET322B.tmp
        Filesize

        11KB

        MD5

        15be41abe19a4c66d9e94ff5afee1822

        SHA1

        e47dca6ade9843a5ee6d6f100d12bcc06bee5f06

        SHA256

        da484327e2601a56f90d2ad2a040150171548fe8aeac8332c8f27c9ac6054fbb

        SHA512

        dcec2d963cee7c26190686c93cd28b4fa17d4c54ca0cf1e231603dc445a17685f43d4fab5e0d1e6b1e6b2bc8aac5617542068064d9639f150e6e77e2e2709c41

        Download Submit

      • C:\Windows\System32\DriverStore\Temp\{663aba29-a294-2c6c-ce69-703798bfc01f}\SET396B.tmp
        Filesize

        7KB

        MD5

        3eb7619b8440e9a003c4a5a9b8acde33

        SHA1

        5c1d6bbe9ac62e8ce9bb5432b711fdc2e4e3b94f

        SHA256

        784287759ef05e815b2c486f7bc6af5077d1c9c86c4ef921e8b2039634f667a0

        SHA512

        eaa73dd2e6a65dff50b6a1ae1b3c3155e68849c5339c89d543e58b4ac34dbd4173e00d6deaf12b47bfe491cd001f0f3b04634364a4fb0acc73070da10ae7a0f5

        Download Submit

      • C:\Windows\inf\oem3.PNF
        Filesize

        8KB

        MD5

        088b0f1739dd120e789c63fdbeca3089

        SHA1

        8a1445a8e2db73fd804dffab3ada1195897b818c

        SHA256

        88a38e41018c52c14021cb31961e01e395c4c37f7849ccaaf15a5a39c6231411

        SHA512

        0d481ff424308d97763ce04284d118d136f0e2f4ca1deff65d05c6e5787610b55d9044e0467118dabeb0e95d27fdc87cf21effe51deee04d771e381ce1bdfc75

        Download Submit

      • C:\Windows\setupact.log
        Filesize

        21KB

        MD5

        16c166309ccd0095a74ad7fce08a1a74

        SHA1

        dc5019182159237c0f7b9bd3cba0ad308a7521a8

        SHA256

        8cde7e44017f3fb33c9487aac638ced08d1e7d323507f5a94d9b81ddd3828578

        SHA512

        e1b072e29c9a024ee740f7c1af5d6cc040de08998a3d915691b727b2565d35eb20d90e85400a8180c2d6ace3990cb6d166f53fe5f581c7b2020a08c16fdeb5a0

        Download Submit

      • C:\Windows\setupact.log
        Filesize

        21KB

        MD5

        173b630c516fb871b220c4842227edb4

        SHA1

        a152e679eaf3aa8019d5b99cfc77a9648cd733cc

        SHA256

        0cfaa0f893ea82fa668aa0bec5d37f604f65fb4bbacb8e9e175050472783b003

        SHA512

        c58092144bd6126e2509242873949b7f43cd01d34f8405ab053e92189d30ff01648bbec6e111a0a35f81fec1f073d269b7bec5341c8510b1050d4ff63b12a204

        Download Submit

      • C:\Windows\system32\drivers\VmtkmMouFiltr_0.sys
        Filesize

        7KB

        MD5

        3eb7619b8440e9a003c4a5a9b8acde33

        SHA1

        5c1d6bbe9ac62e8ce9bb5432b711fdc2e4e3b94f

        SHA256

        784287759ef05e815b2c486f7bc6af5077d1c9c86c4ef921e8b2039634f667a0

        SHA512

        eaa73dd2e6a65dff50b6a1ae1b3c3155e68849c5339c89d543e58b4ac34dbd4173e00d6deaf12b47bfe491cd001f0f3b04634364a4fb0acc73070da10ae7a0f5

        Download Submit

      • \??\c:\users\admin\appdata\local\temp\FILEDE~1\x64\VMTKMH~1.SYS
        Filesize

        11KB

        MD5

        15be41abe19a4c66d9e94ff5afee1822

        SHA1

        e47dca6ade9843a5ee6d6f100d12bcc06bee5f06

        SHA256

        da484327e2601a56f90d2ad2a040150171548fe8aeac8332c8f27c9ac6054fbb

        SHA512

        dcec2d963cee7c26190686c93cd28b4fa17d4c54ca0cf1e231603dc445a17685f43d4fab5e0d1e6b1e6b2bc8aac5617542068064d9639f150e6e77e2e2709c41

        Download Submit

      • \??\c:\users\admin\appdata\local\temp\FILEDE~1\x64\VMTKMM~1.SYS
        Filesize

        7KB

        MD5

        3eb7619b8440e9a003c4a5a9b8acde33

        SHA1

        5c1d6bbe9ac62e8ce9bb5432b711fdc2e4e3b94f

        SHA256

        784287759ef05e815b2c486f7bc6af5077d1c9c86c4ef921e8b2039634f667a0

        SHA512

        eaa73dd2e6a65dff50b6a1ae1b3c3155e68849c5339c89d543e58b4ac34dbd4173e00d6deaf12b47bfe491cd001f0f3b04634364a4fb0acc73070da10ae7a0f5

        Download Submit

      • \??\c:\users\admin\appdata\local\temp\filedef20160419\x64\VmtkmHid_0.cat
        Filesize

        8KB

        MD5

        69d398d45035ea070ad1d950947b8258

        SHA1

        f389482e8f547f08f6637005cb0312ab1c94a9cb

        SHA256

        f966ccfc34fca47aa0f8de37ea7eba2d89c7db14db408a20ad9cdbc28ddda097

        SHA512

        6186f36982795d116da883769458c74e63a0719a78026f2343e2ba0ff27367d028f72a880e07ca894e8f67aed4f758a41a386bab358cbf18eff51326119d80be

        Download Submit

      • \??\c:\users\admin\appdata\local\temp\filedef20160419\x64\vmtkmmoufiltr_0.inf
        Filesize

        2KB

        MD5

        c96843464c7474150b481cb5f0075c22

        SHA1

        9fb1a53cbe5c6e9adcb3fd061fc9f292a648a1e5

        SHA256

        006850d8035f5e776c34ceaf90d292b8ff83e9457e5b32e118e6d5b4a755ca40

        SHA512

        303bd7f8e9c04f755eb3e0bce867a16be10dbfccc25e98e4e12fa9d51241bb67e27dcac8c0ec0eebc1a20c043cd3e78e0766b879b3ffb69e00bdfe31f07dc0d4

        Download Submit

      • \Users\Admin\AppData\Local\Temp\FileDef20160419\x64\devcon.exe
        Filesize

        87KB

        MD5

        41ba1bbdd9284e49701ee94a3f446c33

        SHA1

        6d5bd532a0f9a3bf7005edeb53b4aba2d30a0c99

        SHA256

        c65d9acba88d2c56422ec4aba235b0ae25bb3261bf400cd30efe11de0c4330e4

        SHA512

        dc55452698966b77c157a81eb458984b17e3e3a0d3ff885479f7c823b847eb739a07782f140ced12eac75fdddd7416f923c885a9d8e8b0a10010fc07bef3da45

        Download Submit

      • \Users\Admin\AppData\Local\Temp\FileDef20160419\x64\devcon.exe
        Filesize

        87KB

        MD5

        41ba1bbdd9284e49701ee94a3f446c33

        SHA1

        6d5bd532a0f9a3bf7005edeb53b4aba2d30a0c99

        SHA256

        c65d9acba88d2c56422ec4aba235b0ae25bb3261bf400cd30efe11de0c4330e4

        SHA512

        dc55452698966b77c157a81eb458984b17e3e3a0d3ff885479f7c823b847eb739a07782f140ced12eac75fdddd7416f923c885a9d8e8b0a10010fc07bef3da45

        Download Submit

      • memory/2004-62-0x0000000000140000-0x000000000017C000-memory.dmp

        Filesize

        240KB

        Download

      • memory/2004-65-0x00000000027E0000-0x000000000289F000-memory.dmp

        Filesize

        764KB

        Download

      • memory/2004-63-0x0000000002250000-0x0000000002351000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/2004-281-0x0000000000900000-0x0000000000901000-memory.dmp

        Filesize

        4KB

        Download