49da21c128612a77de7cff9e7dd48685136a0b83a56885153afa62e75fd2207d

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2023, 16:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Setup_PCsetgraphic.exe
Size

143.3MB
MD5

ec58c3815696c699bb0119de4748f94a
SHA1

dcae329992c8d5c7c02c484f8eeb7e8df2437546
SHA256

49da21c128612a77de7cff9e7dd48685136a0b83a56885153afa62e75fd2207d
SHA512

c8ef5f1215f204a115bcbe79605760b81657982908069778eec97fa69aee239106d02163b15fd25cf28ed23a82e70d03bb38b34010ce6b9164d1be3510193dab
SSDEEP

3145728:xR57LXfJ4EZ59BiUsmElrQRPgDS1pixh6h3MA:xRhTTZ4Ut8DopyM/

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4652	Setup_PCsetgraphic.exe
4360	dpinst64.exe

Loads dropped DLL 6 IoCs

pid	Process
1520	MsiExec.exe
2788	MsiExec.exe
4240	MsiExec.exe
4240	MsiExec.exe
4240	MsiExec.exe
2788	MsiExec.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	MSIEXEC.EXE
File opened (read-only)	\??\K:	MSIEXEC.EXE
File opened (read-only)	\??\S:	MSIEXEC.EXE
File opened (read-only)	\??\W:	MSIEXEC.EXE
File opened (read-only)	\??\Y:	MSIEXEC.EXE
File opened (read-only)	\??\H:	MSIEXEC.EXE
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\V:	MSIEXEC.EXE
File opened (read-only)	\??\P:	MSIEXEC.EXE
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\N:	MSIEXEC.EXE
File opened (read-only)	\??\O:	MSIEXEC.EXE
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	MSIEXEC.EXE
File opened (read-only)	\??\L:	MSIEXEC.EXE
File opened (read-only)	\??\R:	MSIEXEC.EXE
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	MSIEXEC.EXE
File opened (read-only)	\??\I:	MSIEXEC.EXE
File opened (read-only)	\??\M:	MSIEXEC.EXE
File opened (read-only)	\??\T:	MSIEXEC.EXE
File opened (read-only)	\??\Z:	MSIEXEC.EXE
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	MSIEXEC.EXE
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	MSIEXEC.EXE
File opened (read-only)	\??\Q:	MSIEXEC.EXE
File opened (read-only)	\??\U:	MSIEXEC.EXE
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\B:	MSIEXEC.EXE
File opened (read-only)	\??\W:	msiexec.exe

Drops file in System32 directory 37 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\rusbio_x64.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET425.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\rusbio_x64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\SET932.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\SET932.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\SET933.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\reiner-usbcom.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\reiner-usbcom.inf_amd64_e6885d390b00c679\reiner-usbcom.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\reiner-usbcom.inf_amd64_e6885d390b00c679\reiner-usbcom.PNF	dpinst64.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	dpinst64.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rusbio_x64.inf_amd64_780b3e1f13d29e05\rusbio_x64.PNF	dpinst64.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\reiner-usbcom.inf_amd64_e6885d390b00c679\reiner-usbcom.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET412.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET424.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\reiner-usbcom.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\SET934.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\rusbio_x64.inf_amd64_780b3e1f13d29e05\rusbio_x64.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET412.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\WdfCoInstaller01011.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET424.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\reiner-usbcom.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\reiner-usbcom.inf_amd64_e6885d390b00c679\reiner-usbcom.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\rusbio_x64.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\SET934.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\rusbio_x64.inf_amd64_780b3e1f13d29e05\rusbio_x64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\rusbio_x64.inf_amd64_780b3e1f13d29e05\rusbio_x64.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET423.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET423.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET425.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\reiner-usbcom.inf_amd64_e6885d390b00c679\WdfCoInstaller01011.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\SET933.tmp	DrvInst.exe

Drops file in Program Files directory 22 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\REINER_BA_940_GB.pdf	msiexec.exe
File created	C:\PROGRA~1\DIFX\4A7292F75FEBBD3C\dpinst64.exe	dpinst64.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\RMbasicAPI32.dll	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\PCsetgraphic.exe	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\FreeImage32.dll	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\rusbio_x64.cat	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\RPSGPreviewHandler.dll	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\reiner-usbcom.sys	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\WdfCoInstaller01011.dll	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\REINER_Help_970_GB.chm	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\reiner-usbcom.inf	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\dpinst64.exe	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\reimage.dll	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\RMAPI32.dll	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\REINER_Help_940_GB.chm	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\REINER_Help_JETSTAMP1025_GB.chm	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\reiner-usbcom.cat	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\rusbio_x64.inf	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\rusbio_x64.sys	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\REbarcode32.dll	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\REINER_BA_970_GB.pdf	msiexec.exe
File created	C:\Program Files (x86)\Reiner\REINER PCset graphic\REINER_BA_JETSTAMP1025_GB.pdf	msiexec.exe

Drops file in Windows directory 31 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\Reiner blind.ttf	msiexec.exe
File created	C:\Windows\Fonts\Reiner F1.ttf	msiexec.exe
File opened for modification	C:\Windows\Installer\{00FE79D0-095A-4656-B128-380AFC6E0FF0}\ARPPRODUCTICON.exe	msiexec.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\Installer\e57e995.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{00FE79D0-095A-4656-B128-380AFC6E0FF0}	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF02D.tmp	msiexec.exe
File created	C:\Windows\Installer\{00FE79D0-095A-4656-B128-380AFC6E0FF0}\ARPPRODUCTICON.exe	msiexec.exe
File created	C:\Windows\Installer\e57e998.msi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF35B.tmp	msiexec.exe
File created	C:\Windows\Installer\{00FE79D0-095A-4656-B128-380AFC6E0FF0}\1033.MST	msiexec.exe
File opened for modification	C:\Windows\DPINST.LOG	dpinst64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\e57e996.mst	msiexec.exe
File opened for modification	C:\Windows\Installer\{00FE79D0-095A-4656-B128-380AFC6E0FF0}\1033.MST	msiexec.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	dpinst64.exe
File opened for modification	C:\Windows\Installer\e57e995.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEF71.tmp	msiexec.exe
File created	C:\Windows\Fonts\Reiner Narrow F1.ttf	msiexec.exe
File created	C:\Windows\Fonts\Reiner F1 Bold.ttf	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\e57e996.mst	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF8AB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIFD40.tmp	msiexec.exe

Checks SCSI registry key(s) 3 TTPs 63 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000ee997c5502e070a80000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000ee997c550000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d012000000000000000032000000ffffffff000000000700010000680900ee997c55000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01232000000000020ed0d000000ffffffff000000000700010000680919ee997c55000000000000d0123200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000ee997c5500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dpinst64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	dpinst64.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\{78A573CA-297E-4D9F-A5FC-7F6E5EEA6FC9} = "PCsetgraphicFilesPreviewHandler"	MsiExec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe

Modifies registry class 42 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\Transforms = "C:\\Windows\\Installer\\{00FE79D0-095A-4656-B128-380AFC6E0FF0}\\1033.MST"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rpsg\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f}\ = "{78A573CA-297E-4D9F-A5FC-7F6E5EEA6FC9}"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78A573CA-297E-4D9F-A5FC-7F6E5EEA6FC9}\AppID = "{2992DE27-3526-48C5-B765-E55278ECBE9D}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78A573CA-297E-4D9F-A5FC-7F6E5EEA6FC9}\InprocServer32\ThreadingModel = "Apartment"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{2992DE27-3526-48C5-B765-E55278ECBE9D}\DllSurrogate = "%SystemRoot%\\SysWow64\\prevhost.exe"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0D97EF00A59065641B8283A0CFE6F00F\USB_driver_x64	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5950E766C8A7E6144B4284BFE5A54CFB	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\{B251A6C4-DC88-4999-8683-F998D951C84A}\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78A573CA-297E-4D9F-A5FC-7F6E5EEA6FC9}\ = "RPSGPreviewHandler.PCsetgraphicFilesPreviewHandler Class"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rpsg\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f}\ = "{78A573CA-297E-4D9F-A5FC-7F6E5EEA6FC9}"	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0D97EF00A59065641B8283A0CFE6F00F\PCset_graphic_Files	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\Version = "118095872"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{B251A6C4-DC88-4999-8683-F998D951C84A}\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78A573CA-297E-4D9F-A5FC-7F6E5EEA6FC9}\InprocServer32\ = "C:\\Program Files (x86)\\Reiner\\REINER PCset graphic\\RPSGPreviewHandler.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0D97EF00A59065641B8283A0CFE6F00F	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\SourceList\Net	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{2992DE27-3526-48C5-B765-E55278ECBE9D}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5950E766C8A7E6144B4284BFE5A54CFB\0D97EF00A59065641B8283A0CFE6F00F	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rpsg	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0D97EF00A59065641B8283A0CFE6F00F\USB_driver_x86	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\PackageCode = "AF36A6FF5B3A65341975DAB3F5882348"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rpsg\shellex	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\ProductName = "REINER PCset graphic"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\ProductIcon = "C:\\Windows\\Installer\\{00FE79D0-095A-4656-B128-380AFC6E0FF0}\\ARPPRODUCTICON.exe"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\SourceList\Media\1 = "DISK1;1"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.rpsg\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f}	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78A573CA-297E-4D9F-A5FC-7F6E5EEA6FC9}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rpsg\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f}	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\Language = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\SourceList\PackageName = "REINER PCset graphic.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rpsg\shellex\{8895b1c6-b41f-4c1c-a562-0d564250836f}	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{78A573CA-297E-4D9F-A5FC-7F6E5EEA6FC9}\InprocServer32	MsiExec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0D97EF00A59065641B8283A0CFE6F00F\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4544	msiexec.exe
4544	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	532	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	532	MSIEXEC.EXE
Token: SeSecurityPrivilege	4544	msiexec.exe
Token: SeCreateTokenPrivilege	532	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	532	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	532	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	532	MSIEXEC.EXE
Token: SeMachineAccountPrivilege	532	MSIEXEC.EXE
Token: SeTcbPrivilege	532	MSIEXEC.EXE
Token: SeSecurityPrivilege	532	MSIEXEC.EXE
Token: SeTakeOwnershipPrivilege	532	MSIEXEC.EXE
Token: SeLoadDriverPrivilege	532	MSIEXEC.EXE
Token: SeSystemProfilePrivilege	532	MSIEXEC.EXE
Token: SeSystemtimePrivilege	532	MSIEXEC.EXE
Token: SeProfSingleProcessPrivilege	532	MSIEXEC.EXE
Token: SeIncBasePriorityPrivilege	532	MSIEXEC.EXE
Token: SeCreatePagefilePrivilege	532	MSIEXEC.EXE
Token: SeCreatePermanentPrivilege	532	MSIEXEC.EXE
Token: SeBackupPrivilege	532	MSIEXEC.EXE
Token: SeRestorePrivilege	532	MSIEXEC.EXE
Token: SeShutdownPrivilege	532	MSIEXEC.EXE
Token: SeDebugPrivilege	532	MSIEXEC.EXE
Token: SeAuditPrivilege	532	MSIEXEC.EXE
Token: SeSystemEnvironmentPrivilege	532	MSIEXEC.EXE
Token: SeChangeNotifyPrivilege	532	MSIEXEC.EXE
Token: SeRemoteShutdownPrivilege	532	MSIEXEC.EXE
Token: SeUndockPrivilege	532	MSIEXEC.EXE
Token: SeSyncAgentPrivilege	532	MSIEXEC.EXE
Token: SeEnableDelegationPrivilege	532	MSIEXEC.EXE
Token: SeManageVolumePrivilege	532	MSIEXEC.EXE
Token: SeImpersonatePrivilege	532	MSIEXEC.EXE
Token: SeCreateGlobalPrivilege	532	MSIEXEC.EXE
Token: SeCreateTokenPrivilege	532	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	532	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	532	MSIEXEC.EXE
Token: SeIncreaseQuotaPrivilege	532	MSIEXEC.EXE
Token: SeMachineAccountPrivilege	532	MSIEXEC.EXE
Token: SeTcbPrivilege	532	MSIEXEC.EXE
Token: SeSecurityPrivilege	532	MSIEXEC.EXE
Token: SeTakeOwnershipPrivilege	532	MSIEXEC.EXE
Token: SeLoadDriverPrivilege	532	MSIEXEC.EXE
Token: SeSystemProfilePrivilege	532	MSIEXEC.EXE
Token: SeSystemtimePrivilege	532	MSIEXEC.EXE
Token: SeProfSingleProcessPrivilege	532	MSIEXEC.EXE
Token: SeIncBasePriorityPrivilege	532	MSIEXEC.EXE
Token: SeCreatePagefilePrivilege	532	MSIEXEC.EXE
Token: SeCreatePermanentPrivilege	532	MSIEXEC.EXE
Token: SeBackupPrivilege	532	MSIEXEC.EXE
Token: SeRestorePrivilege	532	MSIEXEC.EXE
Token: SeShutdownPrivilege	532	MSIEXEC.EXE
Token: SeDebugPrivilege	532	MSIEXEC.EXE
Token: SeAuditPrivilege	532	MSIEXEC.EXE
Token: SeSystemEnvironmentPrivilege	532	MSIEXEC.EXE
Token: SeChangeNotifyPrivilege	532	MSIEXEC.EXE
Token: SeRemoteShutdownPrivilege	532	MSIEXEC.EXE
Token: SeUndockPrivilege	532	MSIEXEC.EXE
Token: SeSyncAgentPrivilege	532	MSIEXEC.EXE
Token: SeEnableDelegationPrivilege	532	MSIEXEC.EXE
Token: SeManageVolumePrivilege	532	MSIEXEC.EXE
Token: SeImpersonatePrivilege	532	MSIEXEC.EXE
Token: SeCreateGlobalPrivilege	532	MSIEXEC.EXE
Token: SeCreateTokenPrivilege	532	MSIEXEC.EXE
Token: SeAssignPrimaryTokenPrivilege	532	MSIEXEC.EXE
Token: SeLockMemoryPrivilege	532	MSIEXEC.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
532	MSIEXEC.EXE

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 4652	2156	Setup_PCsetgraphic.exe	83
PID 2156 wrote to memory of 4652	2156	Setup_PCsetgraphic.exe	83
PID 2156 wrote to memory of 4652	2156	Setup_PCsetgraphic.exe	83
PID 4652 wrote to memory of 532	4652	Setup_PCsetgraphic.exe	86
PID 4652 wrote to memory of 532	4652	Setup_PCsetgraphic.exe	86
PID 4652 wrote to memory of 532	4652	Setup_PCsetgraphic.exe	86
PID 4544 wrote to memory of 1520	4544	msiexec.exe	90
PID 4544 wrote to memory of 1520	4544	msiexec.exe	90
PID 4544 wrote to memory of 1520	4544	msiexec.exe	90
PID 4544 wrote to memory of 3512	4544	msiexec.exe	95
PID 4544 wrote to memory of 3512	4544	msiexec.exe	95
PID 4544 wrote to memory of 2788	4544	msiexec.exe	97
PID 4544 wrote to memory of 2788	4544	msiexec.exe	97
PID 4544 wrote to memory of 2788	4544	msiexec.exe	97
PID 4544 wrote to memory of 4240	4544	msiexec.exe	98
PID 4544 wrote to memory of 4240	4544	msiexec.exe	98
PID 4544 wrote to memory of 4240	4544	msiexec.exe	98
PID 532 wrote to memory of 4360	532	MSIEXEC.EXE	100
PID 532 wrote to memory of 4360	532	MSIEXEC.EXE	100
PID 4768 wrote to memory of 2864	4768	svchost.exe	102
PID 4768 wrote to memory of 2864	4768	svchost.exe	102
PID 4768 wrote to memory of 4120	4768	svchost.exe	103
PID 4768 wrote to memory of 4120	4768	svchost.exe	103

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Setup_PCsetgraphic.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_PCsetgraphic.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\Setup_PCsetgraphic.exe
  C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\Setup_PCsetgraphic.exe /q"C:\Users\Admin\AppData\Local\Temp\Setup_PCsetgraphic.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}" /IS_temp
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4652
- - C:\Windows\SysWOW64\MSIEXEC.EXE
    "C:\Windows\system32\MSIEXEC.EXE" /i "C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\REINER PCset graphic.msi" TRANSFORMS="C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\1033.MST" SETUPEXEDIR="C:\Users\Admin\AppData\Local\Temp" SETUPEXENAME="Setup_PCsetgraphic.exe"
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:532
  - - C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\dpinst64.exe
      "C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\dpinst64.exe" /SW
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Program Files directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      PID:4360

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 1ACBFB8769895216908F21B4AFBCA63B C
  2⤵
  - Loads dropped DLL
  PID:1520
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3512
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding EE5B61B6C080E19388E4DA1F55E47659
  2⤵
  - Loads dropped DLL
  PID:2788
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 92680A2E5960B80A60387722D0CD6B92 E Global\MSI0000
  2⤵
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:4240

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{2b72cddc-0eb1-d84b-b1ff-6a1cb58bef59}\reiner-usbcom.inf" "9" "490b81a5f" "000000000000014C" "WinSta0\Default" "0000000000000164" "208" "c:\program files (x86)\reiner\reiner pcset graphic\driver\x64"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2864
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{c12ad399-5f3e-0b46-9f73-46d724d394f4}\rusbio_x64.inf" "9" "4957286f7" "0000000000000164" "WinSta0\Default" "0000000000000184" "208" "c:\program files (x86)\reiner\reiner pcset graphic\driver\x64"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4120

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57e997.rbs

Filesize
14KB

MD5
05e256872f8aaed60b84d7b6a487d5bd

SHA1
a0299cd9cad2ac7870618594411d5eb808cc29b2

SHA256
fee29f1975749110ff2fedfe202707cc40aec63f67909b1fa33726f383f3b73b

SHA512
f042d826e6d983da5b533ca0b4fadabbcb311449cfd386c0868f5f499052b36ef6356d955740c926f8e31ec93e4678013d1118714063d6dac4442e544fd1836c

Download Submit
C:\Program Files (x86)\Reiner\REINER PCset graphic\PCsetgraphic.exe

Filesize
6.9MB

MD5
21799881bbcb3d319f5f0329c94bd597

SHA1
e53273cde6aec063c5b8aa4ff8faffa06fbb2919

SHA256
291fe02f0292033aa5a493a3513bd52b7044ea51471f8e20753837251313cd3a

SHA512
017f1a06aa9eba5d75f07f63a501e8fa03e1ceea9e920004220f674772f551f2fbb14a813896218483fd05a444d99ec040b3b666ce83287bb5e622932c45a42f

Download Submit
C:\Program Files (x86)\Reiner\REINER PCset graphic\RPSGPreviewHandler.dll

Filesize
116KB

MD5
fedee413412059a03b5af1b98815dc4b

SHA1
c8af002200b80a7708a4afb91a41cf0dc8b1e9d9

SHA256
284c7031b9f7d9901fe9898cca41a5ee9af930ab043fcb53f84c29c0484fdd7c

SHA512
4e5ea54faee178d1119964ac95072607d3a622b1e2705c4fb48280353fcd7e5ed860518ce7cb54bafdd1dd164e23edd0e5c51ee2c0c03ce278b3ec0d2e4996b7

Download Submit
C:\Program Files (x86)\Reiner\REINER PCset graphic\RPSGPreviewHandler.dll

Filesize
116KB

MD5
fedee413412059a03b5af1b98815dc4b

SHA1
c8af002200b80a7708a4afb91a41cf0dc8b1e9d9

SHA256
284c7031b9f7d9901fe9898cca41a5ee9af930ab043fcb53f84c29c0484fdd7c

SHA512
4e5ea54faee178d1119964ac95072607d3a622b1e2705c4fb48280353fcd7e5ed860518ce7cb54bafdd1dd164e23edd0e5c51ee2c0c03ce278b3ec0d2e4996b7

Download Submit
C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\dpinst64.exe

Filesize
1.0MB

MD5
be3c79033fa8302002d9d3a6752f2263

SHA1
a01147731f2e500282eca5ece149bcc5423b59d6

SHA256
181bf85d3b5900ff8abed34bc415afc37fc322d9d7702e14d144f96a908f5cab

SHA512
77097f220cc6d22112b314d3e42b6eedb9ccd72beb655b34656326c2c63fb9209977ddac20e9c53c4ec7ccc8ea6910f400f050f4b0cb98c9f42f89617965aaea

Download Submit
C:\Program Files (x86)\Reiner\REINER PCset graphic\driver\x64\dpinst64.exe

Filesize
1.0MB

MD5
be3c79033fa8302002d9d3a6752f2263

SHA1
a01147731f2e500282eca5ece149bcc5423b59d6

SHA256
181bf85d3b5900ff8abed34bc415afc37fc322d9d7702e14d144f96a908f5cab

SHA512
77097f220cc6d22112b314d3e42b6eedb9ccd72beb655b34656326c2c63fb9209977ddac20e9c53c4ec7ccc8ea6910f400f050f4b0cb98c9f42f89617965aaea

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI1F11.tmp

Filesize
165KB

MD5
b4404fbe8e2dff187b143c88da903c82

SHA1
6c5117d6ac6a88401363c41403fffb7f96a3319d

SHA256
d64807070c6b57700ecaaef8d0fdf6637f348dc2dc6aa49db65ed578d054f906

SHA512
44e6c18bf7b7f431af17c44e8a1d6f1f89cabdf449b4f0937862a44583a237605ab3035937689409fbd063126a51b83e77ba334c01ddcf4cd5c17f33ec9e5c07

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI1F11.tmp

Filesize
165KB

MD5
b4404fbe8e2dff187b143c88da903c82

SHA1
6c5117d6ac6a88401363c41403fffb7f96a3319d

SHA256
d64807070c6b57700ecaaef8d0fdf6637f348dc2dc6aa49db65ed578d054f906

SHA512
44e6c18bf7b7f431af17c44e8a1d6f1f89cabdf449b4f0937862a44583a237605ab3035937689409fbd063126a51b83e77ba334c01ddcf4cd5c17f33ec9e5c07

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2B72C~1\WdfCoInstaller01011.dll

Filesize
1.7MB

MD5
1774c1db7787321d0adb5c6d26f28c4c

SHA1
edd34d4038b81cb6f0020772c03f133575797c0c

SHA256
54d52661dfc342be210c75c2409cdb572fb963b2aeb5fac6144d9ce531499a99

SHA512
5b8359c63b22b1465194fb90d1a3731e15a175f0bf728519e1af0de3d38972ed97720a313178e15fce4675a2aa152c486920d033201c887bb2830d9d2cdff083

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2B72C~1\reiner-usbcom.cat

Filesize
8KB

MD5
08841afae2c615552f84ed0085fd9542

SHA1
d7e47828c7a6f6ec7f3359edb6bcd9e79d9aca91

SHA256
8805c79aa76ece562625d521407bf63f63afbb95e1a8bf7e7686787500b75e7b

SHA512
7f8e9db33a4c697cedaa6471001655751dc5568d5cc631a0472ad3e7c38039f088df9df7c8e575d9388442144cd1ca690d8f37c00e3561a1017a0b962f285f16

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2B72C~1\reiner-usbcom.sys

Filesize
99KB

MD5
10e9910c25e44650daecc47f272d9ae3

SHA1
36a37b9314b92e6672dee5378e111e7698f5afe1

SHA256
2d2a78f897b3e2ec3ee6bdf5bb254b76ba2772261b580a947667bb0c1d79d52c

SHA512
810a6dd0118c3de46ccf8119ce06f34ae31316e010559aeec7c01c2869ae155091d714853ddae71cbe0be69b2a1256f58669f249ed0795a2e187abed8280bc65

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2b72cddc-0eb1-d84b-b1ff-6a1cb58bef59}\reiner-usbcom.inf

Filesize
8KB

MD5
0dd1dd3a86383a9123f45803f2ab0ba1

SHA1
51c73589ff9524309217c6ede94b9824b9507bbe

SHA256
80a1534e258f27b5315294828bf674126008c25cc6e00b93b24855ebc69d2312

SHA512
adfd66f05dde2860559804138ff4582e5990bc6d61ccbf7532b9486e346cc24e7739f6339d8ce3c23e7c38e9eff8d8298f1e459d23b104f0e40c282df53730ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\0x0409.ini

Filesize
21KB

MD5
a108f0030a2cda00405281014f897241

SHA1
d112325fa45664272b08ef5e8ff8c85382ebb991

SHA256
8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948

SHA512
d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\1033.MST

Filesize
20KB

MD5
4919e497a7d2f248badf5194450225e3

SHA1
f66d83f0067a86c62cc0c85b4ed80f1461347994

SHA256
ca0f2e2a2882a8a2bf65ef70e4c14b241a3e10103cfdb39c8556c0f9998a81ee

SHA512
61781f8f2769f722a7e5a7309f5043e65023c89770d4740f4682abd755c612d81271aea64d53e3e349e2f76e06488697ff0f8cace46fc97521a37ae5bef20422

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\REINER PCset graphic.msi

Filesize
143.0MB

MD5
20069b0034e25ca9c0382ecbe9952b70

SHA1
b78fd7794a1b196cf869694bce4859902da5e477

SHA256
b857869c214463ffd3a2bb095442c390b8bc7e8b9a896d5cc078125201ad0e8e

SHA512
74e51dc1549e61e25f6d456513b6798a5158768b591a56d533bf88e483f611375b54d97aedc06d3cb7ea358a355ca36b8ac610be041a1f8879b0acd2bef7d109

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\Setup_PCsetgraphic.exe

Filesize
143.3MB

MD5
ec58c3815696c699bb0119de4748f94a

SHA1
dcae329992c8d5c7c02c484f8eeb7e8df2437546

SHA256
49da21c128612a77de7cff9e7dd48685136a0b83a56885153afa62e75fd2207d

SHA512
c8ef5f1215f204a115bcbe79605760b81657982908069778eec97fa69aee239106d02163b15fd25cf28ed23a82e70d03bb38b34010ce6b9164d1be3510193dab

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\Setup_PCsetgraphic.exe

Filesize
143.3MB

MD5
ec58c3815696c699bb0119de4748f94a

SHA1
dcae329992c8d5c7c02c484f8eeb7e8df2437546

SHA256
49da21c128612a77de7cff9e7dd48685136a0b83a56885153afa62e75fd2207d

SHA512
c8ef5f1215f204a115bcbe79605760b81657982908069778eec97fa69aee239106d02163b15fd25cf28ed23a82e70d03bb38b34010ce6b9164d1be3510193dab

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\_ISMSIDEL.INI

Filesize
644B

MD5
089f4b5cfb8cab9e7bdc525ed13c8ec3

SHA1
2570116c8810d94a22bda6327ca7d640f908742f

SHA256
2a641a529770971d672a398e6c2d5d9fa8d265fac7c904e8668a716bc46b3518

SHA512
857d34e5713ddc7ec4d53e316b8c7556fd75ccdd16e802ba1a00831a96f6f23f5657231452a2cda70cdb14282c349ad845a200cd0b4552e1237a9ecfaa704c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B251A6C4-DC88-4999-8683-F998D951C84A}\_ISMSIDEL.INI

Filesize
644B

MD5
089f4b5cfb8cab9e7bdc525ed13c8ec3

SHA1
2570116c8810d94a22bda6327ca7d640f908742f

SHA256
2a641a529770971d672a398e6c2d5d9fa8d265fac7c904e8668a716bc46b3518

SHA512
857d34e5713ddc7ec4d53e316b8c7556fd75ccdd16e802ba1a00831a96f6f23f5657231452a2cda70cdb14282c349ad845a200cd0b4552e1237a9ecfaa704c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C12AD~1\rusbio_x64.cat

Filesize
8KB

MD5
04731b8bc1365e9793639c1285febf28

SHA1
d9c6422f17a874794ebd8ca6d20129cb231a142b

SHA256
23c9ef29cb43a7cd4540244e451fd5ffce6c14cb363fd9cb98b580b111eb30fb

SHA512
76ca7d1d70eca51a37314df179e7b35bd85da0bbd09e1d069a87465854fbddeee7c30efb85d3f7b268e1c052d9297167eeed3fc25661819fea1a209c9ebf9f6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C12AD~1\rusbio_x64.sys

Filesize
38KB

MD5
c71b27c9701325cf00ee03280cd72a5d

SHA1
a4a11e870c4617c0230db0f9515051aaa773ea13

SHA256
50a80427a84a43fcf9f7054fcb9980efefb5bf08227efde0cb95599a3f1ef018

SHA512
e0e2c348b41bdc94c6747a4cc9a182fdedbb8fd0bbb654c8cdcd467aaeca69a7f8293083aed42616fb7dee369e5f850b62a6d395f662689cbb8fcebcc1a67c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{c12ad399-5f3e-0b46-9f73-46d724d394f4}\rusbio_x64.inf

Filesize
3KB

MD5
64336b819f9e1e3f87e32cb6638ec362

SHA1
5c1db74edf9c29d4d83a601486c92bc11048a9f8

SHA256
ba63ad3c4832deac39f207e80172a8e64725cea05e388bdb01c7d7a909bc6fd8

SHA512
6900b9e8e626c9740f57187f9376c986835bd8a70f9830f541d50a84f06a8a996e097acfcb074c17eea62022af8173a0d958ffc7a523b6b701288cd7dbc43254

Download Submit
C:\Users\Admin\AppData\Local\Temp\~A186.tmp

Filesize
5KB

MD5
712a819876d85b8a07f7875365a421ec

SHA1
359d5ac00511cbe33cdf083ae06de7f3edab9e15

SHA256
2f5ef6fa9821ad663a13f05f3de908782ba3af4eff1e0e61e1a6beea8f8259e4

SHA512
b75d1b6b5412c9ce575fc9c4a520bfd3c6c8a2923be856ee3948530aa6526e76aff45a22d8cd902ac9d08142e89dc61b4be90847eca4f505006f641edd163c6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\~F136.tmp

Filesize
732B

MD5
22657a31a848a17eb012b03902449e07

SHA1
6ce429e29cdde93e4d6475e24dc4ca5c0485882f

SHA256
6aeae0d50bad337aa7d054b527859396598c6f52b2f3527ade2526a0fcac922b

SHA512
709c0a3fc343c19f3cff75211e0d622e6f27c76c6622327189395ba32121f7727e7013167b90d933e744b31832540a3b8a3f2a505abd5342fef1cf6a555ac41e

Download Submit
C:\Users\Admin\AppData\Local\Temp\~F136.tmp

Filesize
720B

MD5
b11cceca45909dbfc95cd049933b8997

SHA1
a8d28ea0ffcf91955202d1812102582e4a9c9431

SHA256
b70f3754cf6bb32d26b375c104dabdfd9239d984c6336add8fa7dfa2fdd3c6d1

SHA512
c23cea4223822d4ea8f4471c3054981b2687092136c506e653fc1b3e31d85115d25f2ad49674d855d77f6658055d44a7d352f862975c61bf836a02e51f7fe8f9

Download Submit
C:\Windows\Installer\MSIF02D.tmp

Filesize
244KB

MD5
93994a07cd41462d3698f1fd4781dae7

SHA1
e6d3fed4b14f4de80d8bc7478d1a0461948836b8

SHA256
408827b8fa7ae437dd23b825020ea53b8ab833627dd8944fc48fade1129990e1

SHA512
0a55a09fcecd62078702df15ca144962e2c92eb9e2749a4b567eb1c52e66f59d374622ad9b8271c86b0dc0df736ce8a1650f5d0b6ae00361b948e1c9d5860b4e

Download Submit
C:\Windows\Installer\MSIF02D.tmp

Filesize
244KB

MD5
93994a07cd41462d3698f1fd4781dae7

SHA1
e6d3fed4b14f4de80d8bc7478d1a0461948836b8

SHA256
408827b8fa7ae437dd23b825020ea53b8ab833627dd8944fc48fade1129990e1

SHA512
0a55a09fcecd62078702df15ca144962e2c92eb9e2749a4b567eb1c52e66f59d374622ad9b8271c86b0dc0df736ce8a1650f5d0b6ae00361b948e1c9d5860b4e

Download Submit
C:\Windows\Installer\MSIF35B.tmp

Filesize
244KB

MD5
93994a07cd41462d3698f1fd4781dae7

SHA1
e6d3fed4b14f4de80d8bc7478d1a0461948836b8

SHA256
408827b8fa7ae437dd23b825020ea53b8ab833627dd8944fc48fade1129990e1

SHA512
0a55a09fcecd62078702df15ca144962e2c92eb9e2749a4b567eb1c52e66f59d374622ad9b8271c86b0dc0df736ce8a1650f5d0b6ae00361b948e1c9d5860b4e

Download Submit
C:\Windows\Installer\MSIF35B.tmp

Filesize
244KB

MD5
93994a07cd41462d3698f1fd4781dae7

SHA1
e6d3fed4b14f4de80d8bc7478d1a0461948836b8

SHA256
408827b8fa7ae437dd23b825020ea53b8ab833627dd8944fc48fade1129990e1

SHA512
0a55a09fcecd62078702df15ca144962e2c92eb9e2749a4b567eb1c52e66f59d374622ad9b8271c86b0dc0df736ce8a1650f5d0b6ae00361b948e1c9d5860b4e

Download Submit
C:\Windows\Installer\MSIF8AB.tmp

Filesize
244KB

MD5
93994a07cd41462d3698f1fd4781dae7

SHA1
e6d3fed4b14f4de80d8bc7478d1a0461948836b8

SHA256
408827b8fa7ae437dd23b825020ea53b8ab833627dd8944fc48fade1129990e1

SHA512
0a55a09fcecd62078702df15ca144962e2c92eb9e2749a4b567eb1c52e66f59d374622ad9b8271c86b0dc0df736ce8a1650f5d0b6ae00361b948e1c9d5860b4e

Download Submit
C:\Windows\Installer\MSIF8AB.tmp

Filesize
244KB

MD5
93994a07cd41462d3698f1fd4781dae7

SHA1
e6d3fed4b14f4de80d8bc7478d1a0461948836b8

SHA256
408827b8fa7ae437dd23b825020ea53b8ab833627dd8944fc48fade1129990e1

SHA512
0a55a09fcecd62078702df15ca144962e2c92eb9e2749a4b567eb1c52e66f59d374622ad9b8271c86b0dc0df736ce8a1650f5d0b6ae00361b948e1c9d5860b4e

Download Submit
C:\Windows\Installer\MSIF8AB.tmp

Filesize
244KB

MD5
93994a07cd41462d3698f1fd4781dae7

SHA1
e6d3fed4b14f4de80d8bc7478d1a0461948836b8

SHA256
408827b8fa7ae437dd23b825020ea53b8ab833627dd8944fc48fade1129990e1

SHA512
0a55a09fcecd62078702df15ca144962e2c92eb9e2749a4b567eb1c52e66f59d374622ad9b8271c86b0dc0df736ce8a1650f5d0b6ae00361b948e1c9d5860b4e

Download Submit
C:\Windows\Installer\MSIFD40.tmp

Filesize
244KB

MD5
93994a07cd41462d3698f1fd4781dae7

SHA1
e6d3fed4b14f4de80d8bc7478d1a0461948836b8

SHA256
408827b8fa7ae437dd23b825020ea53b8ab833627dd8944fc48fade1129990e1

SHA512
0a55a09fcecd62078702df15ca144962e2c92eb9e2749a4b567eb1c52e66f59d374622ad9b8271c86b0dc0df736ce8a1650f5d0b6ae00361b948e1c9d5860b4e

Download Submit
C:\Windows\Installer\MSIFD40.tmp

Filesize
244KB

MD5
93994a07cd41462d3698f1fd4781dae7

SHA1
e6d3fed4b14f4de80d8bc7478d1a0461948836b8

SHA256
408827b8fa7ae437dd23b825020ea53b8ab833627dd8944fc48fade1129990e1

SHA512
0a55a09fcecd62078702df15ca144962e2c92eb9e2749a4b567eb1c52e66f59d374622ad9b8271c86b0dc0df736ce8a1650f5d0b6ae00361b948e1c9d5860b4e

Download Submit
C:\Windows\Installer\e57e995.msi

Filesize
143.0MB

MD5
20069b0034e25ca9c0382ecbe9952b70

SHA1
b78fd7794a1b196cf869694bce4859902da5e477

SHA256
b857869c214463ffd3a2bb095442c390b8bc7e8b9a896d5cc078125201ad0e8e

SHA512
74e51dc1549e61e25f6d456513b6798a5158768b591a56d533bf88e483f611375b54d97aedc06d3cb7ea358a355ca36b8ac610be041a1f8879b0acd2bef7d109

Download Submit
C:\Windows\Installer\e57e996.mst

Filesize
20KB

MD5
4919e497a7d2f248badf5194450225e3

SHA1
f66d83f0067a86c62cc0c85b4ed80f1461347994

SHA256
ca0f2e2a2882a8a2bf65ef70e4c14b241a3e10103cfdb39c8556c0f9998a81ee

SHA512
61781f8f2769f722a7e5a7309f5043e65023c89770d4740f4682abd755c612d81271aea64d53e3e349e2f76e06488697ff0f8cace46fc97521a37ae5bef20422

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
978689dfde222fc2ea866d437ad33d28

SHA1
d904fc5007fa00d39a9bd432f677e72377e7cad5

SHA256
15a6960afeeb04d1a43ab4c153db36ceb29f9632dc2a0f0e3dd5fee9a44bdc0d

SHA512
9234f74e7ed79c92cc3c184a6e4f98425067a3da592840ce9cd6f9bfa16b903e2add0228438c2ca0bb7a2c7cd484015be8fae0d43f476c55f016d95e79895f8e

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
0e4b154ff42554c33396bb76191af5a1

SHA1
24a0154aca566a11cde169d2dd5f54cb247e5320

SHA256
53ea2b40caee2b7d43bdcd6bd00c609f88b1e69702f35a0404f26c3af02fb368

SHA512
88ca911c7819c07b5d811012d30ada60923c5cb212380d09f509d729042f0f4caaff8cc5a4f881492297c3092b4d82f17abbbc7da5cd2cacbce4a1fdeaf6e7ce

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
6ca97cae3d1c579b5687502150e0024c

SHA1
d137f0e37297c2228c03d9a391bc1d262d39745c

SHA256
1c7fd71102468f957306da265e8c4ba03e572025b67694c62f1ba256dcb9f125

SHA512
3b2cafc9f62d794d9a596309068aa6ffe2a204a6c660605d37ed4933d66835ac666d05262665430f7a62bb46e891dec795636dd0864aae114758683af7607eaf

Download Submit
C:\Windows\System32\DriverStore\FileRepository\reiner-usbcom.inf_amd64_e6885d390b00c679\reiner-usbcom.cat

Filesize
8KB

MD5
08841afae2c615552f84ed0085fd9542

SHA1
d7e47828c7a6f6ec7f3359edb6bcd9e79d9aca91

SHA256
8805c79aa76ece562625d521407bf63f63afbb95e1a8bf7e7686787500b75e7b

SHA512
7f8e9db33a4c697cedaa6471001655751dc5568d5cc631a0472ad3e7c38039f088df9df7c8e575d9388442144cd1ca690d8f37c00e3561a1017a0b962f285f16

Download Submit
C:\Windows\System32\DriverStore\FileRepository\reiner-usbcom.inf_amd64_e6885d390b00c679\reiner-usbcom.inf

Filesize
8KB

MD5
0dd1dd3a86383a9123f45803f2ab0ba1

SHA1
51c73589ff9524309217c6ede94b9824b9507bbe

SHA256
80a1534e258f27b5315294828bf674126008c25cc6e00b93b24855ebc69d2312

SHA512
adfd66f05dde2860559804138ff4582e5990bc6d61ccbf7532b9486e346cc24e7739f6339d8ce3c23e7c38e9eff8d8298f1e459d23b104f0e40c282df53730ca

Download Submit
C:\Windows\System32\DriverStore\FileRepository\rusbio_x64.inf_amd64_780b3e1f13d29e05\rusbio_x64.cat

Filesize
8KB

MD5
04731b8bc1365e9793639c1285febf28

SHA1
d9c6422f17a874794ebd8ca6d20129cb231a142b

SHA256
23c9ef29cb43a7cd4540244e451fd5ffce6c14cb363fd9cb98b580b111eb30fb

SHA512
76ca7d1d70eca51a37314df179e7b35bd85da0bbd09e1d069a87465854fbddeee7c30efb85d3f7b268e1c052d9297167eeed3fc25661819fea1a209c9ebf9f6c

Download Submit
C:\Windows\System32\DriverStore\FileRepository\rusbio_x64.inf_amd64_780b3e1f13d29e05\rusbio_x64.inf

Filesize
3KB

MD5
64336b819f9e1e3f87e32cb6638ec362

SHA1
5c1db74edf9c29d4d83a601486c92bc11048a9f8

SHA256
ba63ad3c4832deac39f207e80172a8e64725cea05e388bdb01c7d7a909bc6fd8

SHA512
6900b9e8e626c9740f57187f9376c986835bd8a70f9830f541d50a84f06a8a996e097acfcb074c17eea62022af8173a0d958ffc7a523b6b701288cd7dbc43254

Download Submit
C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\SET932.tmp

Filesize
8KB

MD5
04731b8bc1365e9793639c1285febf28

SHA1
d9c6422f17a874794ebd8ca6d20129cb231a142b

SHA256
23c9ef29cb43a7cd4540244e451fd5ffce6c14cb363fd9cb98b580b111eb30fb

SHA512
76ca7d1d70eca51a37314df179e7b35bd85da0bbd09e1d069a87465854fbddeee7c30efb85d3f7b268e1c052d9297167eeed3fc25661819fea1a209c9ebf9f6c

Download Submit
C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\SET933.tmp

Filesize
3KB

MD5
64336b819f9e1e3f87e32cb6638ec362

SHA1
5c1db74edf9c29d4d83a601486c92bc11048a9f8

SHA256
ba63ad3c4832deac39f207e80172a8e64725cea05e388bdb01c7d7a909bc6fd8

SHA512
6900b9e8e626c9740f57187f9376c986835bd8a70f9830f541d50a84f06a8a996e097acfcb074c17eea62022af8173a0d958ffc7a523b6b701288cd7dbc43254

Download Submit
C:\Windows\System32\DriverStore\Temp\{be203420-525b-e04a-bb1f-cdf0af6ec522}\SET934.tmp

Filesize
38KB

MD5
c71b27c9701325cf00ee03280cd72a5d

SHA1
a4a11e870c4617c0230db0f9515051aaa773ea13

SHA256
50a80427a84a43fcf9f7054fcb9980efefb5bf08227efde0cb95599a3f1ef018

SHA512
e0e2c348b41bdc94c6747a4cc9a182fdedbb8fd0bbb654c8cdcd467aaeca69a7f8293083aed42616fb7dee369e5f850b62a6d395f662689cbb8fcebcc1a67c4e

Download Submit
C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET412.tmp

Filesize
1.7MB

MD5
1774c1db7787321d0adb5c6d26f28c4c

SHA1
edd34d4038b81cb6f0020772c03f133575797c0c

SHA256
54d52661dfc342be210c75c2409cdb572fb963b2aeb5fac6144d9ce531499a99

SHA512
5b8359c63b22b1465194fb90d1a3731e15a175f0bf728519e1af0de3d38972ed97720a313178e15fce4675a2aa152c486920d033201c887bb2830d9d2cdff083

Download Submit
C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET423.tmp

Filesize
8KB

MD5
08841afae2c615552f84ed0085fd9542

SHA1
d7e47828c7a6f6ec7f3359edb6bcd9e79d9aca91

SHA256
8805c79aa76ece562625d521407bf63f63afbb95e1a8bf7e7686787500b75e7b

SHA512
7f8e9db33a4c697cedaa6471001655751dc5568d5cc631a0472ad3e7c38039f088df9df7c8e575d9388442144cd1ca690d8f37c00e3561a1017a0b962f285f16

Download Submit
C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET424.tmp

Filesize
8KB

MD5
0dd1dd3a86383a9123f45803f2ab0ba1

SHA1
51c73589ff9524309217c6ede94b9824b9507bbe

SHA256
80a1534e258f27b5315294828bf674126008c25cc6e00b93b24855ebc69d2312

SHA512
adfd66f05dde2860559804138ff4582e5990bc6d61ccbf7532b9486e346cc24e7739f6339d8ce3c23e7c38e9eff8d8298f1e459d23b104f0e40c282df53730ca

Download Submit
C:\Windows\System32\DriverStore\Temp\{cfb2bbff-fe8f-c74e-9f1b-8367f6458f44}\SET425.tmp

Filesize
99KB

MD5
10e9910c25e44650daecc47f272d9ae3

SHA1
36a37b9314b92e6672dee5378e111e7698f5afe1

SHA256
2d2a78f897b3e2ec3ee6bdf5bb254b76ba2772261b580a947667bb0c1d79d52c

SHA512
810a6dd0118c3de46ccf8119ce06f34ae31316e010559aeec7c01c2869ae155091d714853ddae71cbe0be69b2a1256f58669f249ed0795a2e187abed8280bc65

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
23.0MB

MD5
15794c0ad84c9585cd3c1bd7714a971e

SHA1
9c40252a77ecd6f75ecec53f1a6d919d0e6b70bb

SHA256
8826f3ebe7a0960fffe48c9a2bd86837d2bbf7f2c3b5c17f7f50f26930c75645

SHA512
2f7cbc0af8f0babf6b37f8b32c7bedbaa8f9e84adcde4a276412178670191d3a6b5b4f6d360b158fa8ce77acf7fa1370c927b15fc1e508aba9ea6beca817f746

Download Submit
\??\Volume{557c99ee-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{4e1af1e9-92c8-4474-8b8f-ddc60cca606e}_OnDiskSnapshotProp

Filesize
5KB

MD5
c18b6727e210dc52a63a66cc6532c03b

SHA1
2ea6639392ca346b7696d9a8ce8d3b3c87bbf0f2

SHA256
4201c50034aef13eb8987af2fc29916233cec466a8bc7417cc50b579cc34c113

SHA512
20727077aad3948ebec23b19cfe4aa72972330eb259c2683051401b0e4a82b981f21d308587e00f26f4c59a7cd52bd702cfc1c588d923439edddf127e3c8d562

Download Submit
\??\c:\PROGRA~2\reiner\REINER~1\driver\x64\REINER~1.CAT

Filesize
8KB

MD5
08841afae2c615552f84ed0085fd9542

SHA1
d7e47828c7a6f6ec7f3359edb6bcd9e79d9aca91

SHA256
8805c79aa76ece562625d521407bf63f63afbb95e1a8bf7e7686787500b75e7b

SHA512
7f8e9db33a4c697cedaa6471001655751dc5568d5cc631a0472ad3e7c38039f088df9df7c8e575d9388442144cd1ca690d8f37c00e3561a1017a0b962f285f16

Download Submit
\??\c:\PROGRA~2\reiner\REINER~1\driver\x64\REINER~1.SYS

Filesize
99KB

MD5
10e9910c25e44650daecc47f272d9ae3

SHA1
36a37b9314b92e6672dee5378e111e7698f5afe1

SHA256
2d2a78f897b3e2ec3ee6bdf5bb254b76ba2772261b580a947667bb0c1d79d52c

SHA512
810a6dd0118c3de46ccf8119ce06f34ae31316e010559aeec7c01c2869ae155091d714853ddae71cbe0be69b2a1256f58669f249ed0795a2e187abed8280bc65

Download Submit
\??\c:\PROGRA~2\reiner\REINER~1\driver\x64\RUSBIO~1.CAT

Filesize
8KB

MD5
04731b8bc1365e9793639c1285febf28

SHA1
d9c6422f17a874794ebd8ca6d20129cb231a142b

SHA256
23c9ef29cb43a7cd4540244e451fd5ffce6c14cb363fd9cb98b580b111eb30fb

SHA512
76ca7d1d70eca51a37314df179e7b35bd85da0bbd09e1d069a87465854fbddeee7c30efb85d3f7b268e1c052d9297167eeed3fc25661819fea1a209c9ebf9f6c

Download Submit
\??\c:\PROGRA~2\reiner\REINER~1\driver\x64\RUSBIO~1.SYS

Filesize
38KB

MD5
c71b27c9701325cf00ee03280cd72a5d

SHA1
a4a11e870c4617c0230db0f9515051aaa773ea13

SHA256
50a80427a84a43fcf9f7054fcb9980efefb5bf08227efde0cb95599a3f1ef018

SHA512
e0e2c348b41bdc94c6747a4cc9a182fdedbb8fd0bbb654c8cdcd467aaeca69a7f8293083aed42616fb7dee369e5f850b62a6d395f662689cbb8fcebcc1a67c4e

Download Submit
\??\c:\PROGRA~2\reiner\REINER~1\driver\x64\WDFCOI~1.DLL

Filesize
1.7MB

MD5
1774c1db7787321d0adb5c6d26f28c4c

SHA1
edd34d4038b81cb6f0020772c03f133575797c0c

SHA256
54d52661dfc342be210c75c2409cdb572fb963b2aeb5fac6144d9ce531499a99

SHA512
5b8359c63b22b1465194fb90d1a3731e15a175f0bf728519e1af0de3d38972ed97720a313178e15fce4675a2aa152c486920d033201c887bb2830d9d2cdff083

Download Submit
\??\c:\program files (x86)\reiner\reiner pcset graphic\driver\x64\reiner-usbcom.inf

Filesize
8KB

MD5
0dd1dd3a86383a9123f45803f2ab0ba1

SHA1
51c73589ff9524309217c6ede94b9824b9507bbe

SHA256
80a1534e258f27b5315294828bf674126008c25cc6e00b93b24855ebc69d2312

SHA512
adfd66f05dde2860559804138ff4582e5990bc6d61ccbf7532b9486e346cc24e7739f6339d8ce3c23e7c38e9eff8d8298f1e459d23b104f0e40c282df53730ca

Download Submit
\??\c:\program files (x86)\reiner\reiner pcset graphic\driver\x64\rusbio_x64.inf

Filesize
3KB

MD5
64336b819f9e1e3f87e32cb6638ec362

SHA1
5c1db74edf9c29d4d83a601486c92bc11048a9f8

SHA256
ba63ad3c4832deac39f207e80172a8e64725cea05e388bdb01c7d7a909bc6fd8

SHA512
6900b9e8e626c9740f57187f9376c986835bd8a70f9830f541d50a84f06a8a996e097acfcb074c17eea62022af8173a0d958ffc7a523b6b701288cd7dbc43254

Download Submit