f9e34cca46a64f7643fba0caf151587672629cb1c1dd9d7c69342e201d6741fc

Analysis

max time kernel
224s
max time network
121s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
21/08/2023, 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lan Adaptor/CH9152DRV/PSetup.exe
Size

6KB
MD5

bc0b5f20a2dd4e96084d7604cdb6aec5
SHA1

c78246bbd5fd00ae6b0b867d9be7a76cdc70d075
SHA256

a290256623a01ed19f5b05f45017e3cadac2e246476f86ac08bd61d8fcc4fb2d
SHA512

684a765ba893a41b847c60b1cd5e2e4d6836a506af6ea8782256432065e9b509934edaa345becfb4702dbe88cfc16d8b2bbea189c264355fc5713137ea724ae0
SSDEEP

96:tDqqr/Z8l9fgmuTV9TexmtIAKyPtboynh0GFQ+xX+vqp:tDqeZ8l9fg/TzIALP1oynhbQ23

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\SETCC44.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\SETCC44.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\WCHUSBNIC.CAT	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\WCHUSBNIC.INF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	PSetup.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\WCHUSBNICA64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\SETCC55.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\SETCC55.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\wchusbnic.inf_amd64_neutral_e8f8c49c4a90f2b5\WCHUSBNIC.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\wchusbnic.inf_amd64_neutral_e8f8c49c4a90f2b5\wchusbnic.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\SETCC65.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\SETCC65.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wchusbnic.inf_amd64_neutral_e8f8c49c4a90f2b5\wchusbnic.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}	DrvInst.exe

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	PSetup.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\oem2.inf	DrvInst.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

description	pid	Process
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2080	PSetup.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2156	rundll32.exe
Token: SeRestorePrivilege	2156	rundll32.exe
Token: SeRestorePrivilege	2156	rundll32.exe
Token: SeRestorePrivilege	2156	rundll32.exe
Token: SeRestorePrivilege	2156	rundll32.exe
Token: SeRestorePrivilege	2156	rundll32.exe
Token: SeRestorePrivilege	2156	rundll32.exe
Token: SeBackupPrivilege	2976	vssvc.exe
Token: SeRestorePrivilege	2976	vssvc.exe
Token: SeAuditPrivilege	2976	vssvc.exe
Token: SeBackupPrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2640	DrvInst.exe
Token: SeRestorePrivilege	2020	DrvInst.exe
Token: SeRestorePrivilege	2020	DrvInst.exe
Token: SeRestorePrivilege	2020	DrvInst.exe
Token: SeRestorePrivilege	2020	DrvInst.exe
Token: SeRestorePrivilege	2020	DrvInst.exe
Token: SeRestorePrivilege	2020	DrvInst.exe
Token: SeRestorePrivilege	2020	DrvInst.exe
Token: SeLoadDriverPrivilege	2020	DrvInst.exe
Token: SeLoadDriverPrivilege	2020	DrvInst.exe
Token: SeLoadDriverPrivilege	2020	DrvInst.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2156	2640	DrvInst.exe	29
PID 2640 wrote to memory of 2156	2640	DrvInst.exe	29
PID 2640 wrote to memory of 2156	2640	DrvInst.exe	29

C:\Users\Admin\AppData\Local\Temp\Lan Adaptor\CH9152DRV\PSetup.exe
"C:\Users\Admin\AppData\Local\Temp\Lan Adaptor\CH9152DRV\PSetup.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2080

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{3dcc336d-6d0f-2594-3829-3c460faf901a}\WCHUSBNIC.INF" "9" "6edb606f7" "0000000000000564" "WinSta0\Default" "00000000000004C4" "208" "C:\Users\Admin\AppData\Local\Temp\Lan Adaptor\CH9152DRV"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{76f1c763-2ef0-67ee-2922-3b6f72b91e2c} Global\{09736cc3-e957-18e1-203d-6004630aa535} C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\WCHUSBNIC.INF C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\WCHUSBNIC.CAT
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2156

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2976

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005E4" "0000000000000584"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2020

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{3DCC3~1\WCHUSBNICA64.sys

Filesize
59KB

MD5
a41beaa61247e9864ab666025c820d1b

SHA1
57b29779767a6d7dd180514be84285489b43e42b

SHA256
f7740bd11e8c6688c7142fb8ded05197f38feef249cbc33434ffbc83925ef4c5

SHA512
518401a96ab52ffcc63c06a2e392ef4ba4bf516bdd43ee3de05b611b71932b33f08e24619ec8f9664fd040ce3cbdf82fe0b19800220869dfc599806b5de83c81

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3dcc336d-6d0f-2594-3829-3c460faf901a}\WCHUSBNIC.CAT

Filesize
12KB

MD5
e673c56519d4a7dacb6234355e9c017b

SHA1
cf4b61c6808c11ef1d4b2d0a0f2ac4e5a50ceb51

SHA256
30c19a3e7e65b79646ccc479b1a54d1b2e17058bea90a59c8e8ced4522c1f3ae

SHA512
1a0867a5bfa3219da4ca5f4e6de3dd2e5a1b2435dbaf78847f62a700bf5e3dc80d1cc07e02c9856ee627817bc3a39e47e801d2293275afc11c0708d6e9426007

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3dcc336d-6d0f-2594-3829-3c460faf901a}\WCHUSBNIC.INF

Filesize
15KB

MD5
da8885e49970cb971221ac59d0234ac3

SHA1
c6ab9b14d5e69aee4427d517897b66d8a5293987

SHA256
b790b2442ab3a40d87247d9d70e37220f8914075d4af300afbb725159ab830ee

SHA512
5dbd3f3c248f10125dec7485f796d70864bf314d52f1d2ef3438c893e6a4e5fda35aee9eede7fe6bb40107d48e037a7e14740974546f9620c0aa52478efbe5c4

Download Submit
C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\SETCC44.tmp

Filesize
59KB

MD5
a41beaa61247e9864ab666025c820d1b

SHA1
57b29779767a6d7dd180514be84285489b43e42b

SHA256
f7740bd11e8c6688c7142fb8ded05197f38feef249cbc33434ffbc83925ef4c5

SHA512
518401a96ab52ffcc63c06a2e392ef4ba4bf516bdd43ee3de05b611b71932b33f08e24619ec8f9664fd040ce3cbdf82fe0b19800220869dfc599806b5de83c81

Download Submit
C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\SETCC55.tmp

Filesize
12KB

MD5
e673c56519d4a7dacb6234355e9c017b

SHA1
cf4b61c6808c11ef1d4b2d0a0f2ac4e5a50ceb51

SHA256
30c19a3e7e65b79646ccc479b1a54d1b2e17058bea90a59c8e8ced4522c1f3ae

SHA512
1a0867a5bfa3219da4ca5f4e6de3dd2e5a1b2435dbaf78847f62a700bf5e3dc80d1cc07e02c9856ee627817bc3a39e47e801d2293275afc11c0708d6e9426007

Download Submit
C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\SETCC65.tmp

Filesize
15KB

MD5
da8885e49970cb971221ac59d0234ac3

SHA1
c6ab9b14d5e69aee4427d517897b66d8a5293987

SHA256
b790b2442ab3a40d87247d9d70e37220f8914075d4af300afbb725159ab830ee

SHA512
5dbd3f3c248f10125dec7485f796d70864bf314d52f1d2ef3438c893e6a4e5fda35aee9eede7fe6bb40107d48e037a7e14740974546f9620c0aa52478efbe5c4

Download Submit
C:\Windows\System32\DriverStore\Temp\{65d6f5b9-ca72-66b8-10f5-3764483de001}\WCHUSBNIC.INF

Filesize
15KB

MD5
da8885e49970cb971221ac59d0234ac3

SHA1
c6ab9b14d5e69aee4427d517897b66d8a5293987

SHA256
b790b2442ab3a40d87247d9d70e37220f8914075d4af300afbb725159ab830ee

SHA512
5dbd3f3c248f10125dec7485f796d70864bf314d52f1d2ef3438c893e6a4e5fda35aee9eede7fe6bb40107d48e037a7e14740974546f9620c0aa52478efbe5c4

Download Submit
C:\Windows\Temp\CabCD21.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\TarCD72.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
memory/2156-176-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2156-177-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download