a25ad4c0e6622986b7b25e85ee0f89c32457703ae67398df440200649fcf25e4

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28/08/2023, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Windows7-Windows10_2.0.2.exe
Size

4.6MB
MD5

c0023b71f42e0703cedfee3a1b18e308
SHA1

b96c96227e25b373e3bfcd7503a26e4015cb3a79
SHA256

a25ad4c0e6622986b7b25e85ee0f89c32457703ae67398df440200649fcf25e4
SHA512

a613953983dd43a0490cbb6733b57d713c1bca0cce342a8bbca498c30008ebe58ff3268111eeb49f14f9db9f2fce7228029c63c9c92b50f888f8d8324678db31
SSDEEP

98304:n5il9zT8snnr1EFBvPmLpQS9GqWZaZ7dBw2Jg5fxdwBKw:a90ynBEzCQ8GqNldBw2Afpw

Score

8^/10

persistence

Malware Config

Signatures

Drops file in Drivers directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRIVERS\SETEBF4.tmp	DrvInst.exe
File created	C:\Windows\system32\DRIVERS\SETEBF4.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\vmon_func.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\SETEC24.tmp	DrvInst.exe
File created	C:\Windows\system32\DRIVERS\SETEC24.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\DRIVERS\WdfCoInstaller01009.dll	DrvInst.exe

Executes dropped EXE 4 IoCs

pid	Process
2796	Windows7-Windows10_2.0.2.tmp
2884	devcon.exe
2336	devcon.exe
2480	devcon.exe

Loads dropped DLL 11 IoCs

pid	Process
2216	Windows7-Windows10_2.0.2.exe
2796	Windows7-Windows10_2.0.2.tmp
2796	Windows7-Windows10_2.0.2.tmp
2796	Windows7-Windows10_2.0.2.tmp
2796	Windows7-Windows10_2.0.2.tmp
2796	Windows7-Windows10_2.0.2.tmp
3032	Process not Found
2796	Windows7-Windows10_2.0.2.tmp
588	Process not Found
2796	Windows7-Windows10_2.0.2.tmp
1948	Process not Found

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Usb Display = "C:\\Program Files\\XXX USB Display\\WinUsbDisplay.exe"	Windows7-Windows10_2.0.2.tmp

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\MSUSBDisplay.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msusbdisplay.inf_amd64_neutral_546e87e3e8a2d400\msusbdisplay.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	devcon.exe
File created	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\amd64\SETFFB4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\x64\vmon_func.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\virtual_monitor.inf_amd64_neutral_91cca5843883c6d6\virtual_monitor.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\virtual_monitor1.inf_amd64_neutral_bffd672eb4dd2f10\virtual_monitor1.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	devcon.exe
File created	C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\x64\SET7F9C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	devcon.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\SETF893.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\x64\SETF8A3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\msusbdisplay.inf_amd64_neutral_546e87e3e8a2d400\MSUSBDisplay.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\SETF892.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\SETF892.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\amd64\libusb0.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\x64\SET7F9B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\SET7FAD.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\virtual_monitor.inf_amd64_neutral_91cca5843883c6d6\virtual_monitor.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\x86\libusb0_x86.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\SET7FAE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\virtual_monitor1.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	devcon.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\x64\vmon_func1.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\amd64\libusb0.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\SETFFC4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\x64	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	devcon.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\amd64\SETFFB3.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\amd64\SETFFB3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\amd64\SETFFB4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	devcon.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\x86\SETFFD6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\x64\SET7F9C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\virtual_monitor1.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\x64\SETF8A4.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\x64\SETF8A4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\virtual_monitor1.inf_amd64_neutral_bffd672eb4dd2f10\virtual_monitor1.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\SETFFC5.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\virtual_monitor.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\SETF893.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\SETFFC5.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\x86\SETFFD6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\x64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	devcon.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\x86	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\x64\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\x64\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\SET7FAE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\x64\SETF8A3.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\msusbdisplay.inf_amd64_neutral_546e87e3e8a2d400\msusbdisplay.PNF	DrvInst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver0\x64\indirectdisplaydriver0.dll	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\lib_usb\x86\libusb0_x86.dll	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\is-I9FMK.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\is-UQM8M.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor1\is-M06EP.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor1\x86\is-5FOF3.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver1\is-7HP7Q.tmp	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver1\x64\IndirectDisplayDriver1.dll	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\WinUsbDisplay.exe	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor1\x64\is-TMCLD.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver1\x64\is-2SI7B.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver2\x64\is-VNPNA.tmp	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor2\x86\WdfCoinstaller01009.dll	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver0\x86\indirectdisplaydriver0.dll	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\lib_usb\amd64\libusb0.dll	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\tool\x86\is-BROGG.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\lib_usb\is-KT1U7.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor1\x86\is-FBDGC.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver0\is-UJKRA.tmp	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor1\x64\WdfCoinstaller01009.dll	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor0\x64\WdfCoinstaller01009.dll	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\is-7L983.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor2\x64\is-34JQC.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver1\x86\is-00HTB.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver2\is-UGHD6.tmp	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver2\x86\IndirectDisplayDriver2.dll	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\lib_usb\x86\is-6P6FC.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor1\x64\is-JMHCM.tmp	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\msvcr120.dll	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\tool\x86\devcon.exe	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor2\x64\WdfCoinstaller01009.dll	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\is-45Q7P.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor0\x64\is-6M2PK.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor1\is-Q0HTN.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver0\is-N6KEQ.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\tool\x64\is-RQIPC.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaybus\is-PFDOE.tmp	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver2\x64\IndirectDisplayDriver2.dll	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\libyuv.dll	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\lib_usb\is-GQD88.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\lib_usb\amd64\is-7B07M.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaybus\is-P8HDB.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaybus\x64\is-KF2B6.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver0\x86\is-R8G5C.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\tool\x64\is-5SJD0.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\tool\x86\is-3A488.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor2\x86\is-BD6TI.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor2\x86\is-L8VRG.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver0\x64\is-25FHH.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver2\x86\is-JM28A.tmp	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver1\x86\IndirectDisplayDriver1.dll	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor1\x86\WdfCoinstaller01009.dll	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\is-9BJKF.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor0\is-V07J2.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor0\x86\is-SVATI.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor2\is-U5F5S.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor2\is-SN8A3.tmp	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\unins000.dat	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\tool\x64\dpinst.exe	Windows7-Windows10_2.0.2.tmp
File opened for modification	C:\Program Files\XXX USB Display\tool\x86\dpinst.exe	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\is-5UO3M.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\idd\indirectdisplaydriver1\is-8ACG6.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\is-M2M2Q.tmp	Windows7-Windows10_2.0.2.tmp
File created	C:\Program Files\XXX USB Display\lib_usb\amd64\is-A8B73.tmp	Windows7-Windows10_2.0.2.tmp

Drops file in Windows directory 28 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	devcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	devcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev2	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	devcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File created	C:\Windows\INF\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File created	C:\Windows\INF\oem3.PNF	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	devcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	devcon.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File created	C:\Windows\INF\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File created	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\oem3.inf	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2796	Windows7-Windows10_2.0.2.tmp
2796	Windows7-Windows10_2.0.2.tmp

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	2884	devcon.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	692	rundll32.exe
Token: SeRestorePrivilege	692	rundll32.exe
Token: SeRestorePrivilege	692	rundll32.exe
Token: SeRestorePrivilege	692	rundll32.exe
Token: SeRestorePrivilege	692	rundll32.exe
Token: SeRestorePrivilege	692	rundll32.exe
Token: SeRestorePrivilege	692	rundll32.exe
Token: SeBackupPrivilege	2084	vssvc.exe
Token: SeRestorePrivilege	2084	vssvc.exe
Token: SeAuditPrivilege	2084	vssvc.exe
Token: SeBackupPrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1672	DrvInst.exe
Token: SeRestorePrivilege	1852	DrvInst.exe
Token: SeRestorePrivilege	1852	DrvInst.exe
Token: SeRestorePrivilege	1852	DrvInst.exe
Token: SeRestorePrivilege	1852	DrvInst.exe
Token: SeRestorePrivilege	1852	DrvInst.exe
Token: SeRestorePrivilege	1852	DrvInst.exe
Token: SeRestorePrivilege	1852	DrvInst.exe
Token: SeLoadDriverPrivilege	1852	DrvInst.exe
Token: SeLoadDriverPrivilege	1852	DrvInst.exe
Token: SeLoadDriverPrivilege	1852	DrvInst.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe
Token: SeRestorePrivilege	2336	devcon.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2796	Windows7-Windows10_2.0.2.tmp

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2796	2216	Windows7-Windows10_2.0.2.exe	28
PID 2216 wrote to memory of 2796	2216	Windows7-Windows10_2.0.2.exe	28
PID 2216 wrote to memory of 2796	2216	Windows7-Windows10_2.0.2.exe	28
PID 2216 wrote to memory of 2796	2216	Windows7-Windows10_2.0.2.exe	28
PID 2216 wrote to memory of 2796	2216	Windows7-Windows10_2.0.2.exe	28
PID 2216 wrote to memory of 2796	2216	Windows7-Windows10_2.0.2.exe	28
PID 2216 wrote to memory of 2796	2216	Windows7-Windows10_2.0.2.exe	28
PID 2796 wrote to memory of 2884	2796	Windows7-Windows10_2.0.2.tmp	31
PID 2796 wrote to memory of 2884	2796	Windows7-Windows10_2.0.2.tmp	31
PID 2796 wrote to memory of 2884	2796	Windows7-Windows10_2.0.2.tmp	31
PID 2796 wrote to memory of 2884	2796	Windows7-Windows10_2.0.2.tmp	31
PID 1672 wrote to memory of 692	1672	DrvInst.exe	34
PID 1672 wrote to memory of 692	1672	DrvInst.exe	34
PID 1672 wrote to memory of 692	1672	DrvInst.exe	34
PID 2796 wrote to memory of 2336	2796	Windows7-Windows10_2.0.2.tmp	38
PID 2796 wrote to memory of 2336	2796	Windows7-Windows10_2.0.2.tmp	38
PID 2796 wrote to memory of 2336	2796	Windows7-Windows10_2.0.2.tmp	38
PID 2796 wrote to memory of 2336	2796	Windows7-Windows10_2.0.2.tmp	38
PID 2660 wrote to memory of 1632	2660	DrvInst.exe	41
PID 2660 wrote to memory of 1632	2660	DrvInst.exe	41
PID 2660 wrote to memory of 1632	2660	DrvInst.exe	41
PID 2796 wrote to memory of 2480	2796	Windows7-Windows10_2.0.2.tmp	44
PID 2796 wrote to memory of 2480	2796	Windows7-Windows10_2.0.2.tmp	44
PID 2796 wrote to memory of 2480	2796	Windows7-Windows10_2.0.2.tmp	44
PID 2796 wrote to memory of 2480	2796	Windows7-Windows10_2.0.2.tmp	44
PID 2260 wrote to memory of 1344	2260	DrvInst.exe	47
PID 2260 wrote to memory of 1344	2260	DrvInst.exe	47
PID 2260 wrote to memory of 1344	2260	DrvInst.exe	47

C:\Users\Admin\AppData\Local\Temp\Windows7-Windows10_2.0.2.exe
"C:\Users\Admin\AppData\Local\Temp\Windows7-Windows10_2.0.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Users\Admin\AppData\Local\Temp\is-BNTMK.tmp\Windows7-Windows10_2.0.2.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-BNTMK.tmp\Windows7-Windows10_2.0.2.tmp" /SL5="$80122,4579221,146432,C:\Users\Admin\AppData\Local\Temp\Windows7-Windows10_2.0.2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Program Files\XXX USB Display\tool\x64\devcon.exe
    "C:\Program Files\XXX USB Display\tool\x64\devcon.exe" dp_add "C:\Program Files\XXX USB Display\lib_usb\MSUSBDisplay.inf" USB\VID_534D&PID_6021&MI_03
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Suspicious use of AdjustPrivilegeToken
    PID:2884
- - C:\Program Files\XXX USB Display\tool\x64\devcon.exe
    "C:\Program Files\XXX USB Display\tool\x64\devcon.exe" install "C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor0\virtual_monitor.inf" root\virtual_monitor
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Suspicious use of AdjustPrivilegeToken
    PID:2336
- - C:\Program Files\XXX USB Display\tool\x64\devcon.exe
    "C:\Program Files\XXX USB Display\tool\x64\devcon.exe" install "C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor1\virtual_monitor1.inf" root\virtual_monitor1
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    PID:2480
- - C:\Program Files\XXX USB Display\tool\x64\devcon.exe
    "C:\Program Files\XXX USB Display\tool\x64\devcon.exe" install "C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor2\virtual_monitor2.inf" root\virtual_monitor2
    3⤵
    PID:1548

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{021b803d-79c5-4491-3551-ce2a38207c23}\MSUSBDisplay.inf" "9" "679d0b0d7" "0000000000000394" "WinSta0\Default" "0000000000000564" "208" "C:\Program Files\XXX USB Display\lib_usb"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{6e7aad23-4c39-30ec-d759-410ff4b62f65} Global\{00ddb937-56dd-6ecb-2ae4-b335297b661d} C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\MSUSBDisplay.inf C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\MSUSBDisplay.cat
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:692

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2084

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005D0" "00000000000005B0"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1852

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{62d6ab56-4c9c-1800-01f2-ee21adfb321d}\virtual_monitor.inf" "9" "689cb248f" "0000000000000564" "WinSta0\Default" "000000000000057C" "208" "c:\program files\xxx usb display\virtual_monitor\virtual_monitor0"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{74ec2b91-3c17-5b8d-861d-721881ef6447} Global\{3ca080ec-7e49-348c-4fe5-da0df1ac401f} C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\virtual_monitor.inf C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\virtual_monitor.cat
  2⤵
  PID:1632

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot20" "" "" "65dbac317" "0000000000000000" "00000000000005B0" "0000000000000590"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:2352

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\SYSTEM\0001" "C:\Windows\INF\oem3.inf" "virtual_monitor.inf:vmon_func.NTamd64:vmon_func_install:1.0.0.1:root\virtual_monitor" "689cb248f" "0000000000000564" "00000000000003C0" "00000000000005EC"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1836

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{55b29047-cf78-5ad8-e6db-405637c96e70}\virtual_monitor1.inf" "9" "63e316187" "0000000000000590" "WinSta0\Default" "00000000000005E0" "208" "c:\program files\xxx usb display\virtual_monitor\virtual_monitor1"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{3b6c54f3-083e-1614-626f-5421c7fec012} Global\{1d1fc8bc-8668-3868-5629-6e0cd5d27d2e} C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\virtual_monitor1.inf C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\virtual_monitor1.cat
  2⤵
  PID:1344

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot21" "" "" "6f9bf5bcb" "0000000000000000" "00000000000004AC" "000000000000061C"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1392

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\SYSTEM\0002" "C:\Windows\INF\oem4.inf" "virtual_monitor1.inf:vmon_func1.NTamd64:vmon_func1_install:1.0.0.1:root\virtual_monitor1" "63e316187" "0000000000000590" "000000000000061C" "00000000000005D0"
1⤵
PID:2792

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{66c27978-6618-5dd9-6f7c-123971c69d24}\virtual_monitor2.inf" "9" "6c57461fb" "00000000000005B0" "WinSta0\Default" "0000000000000564" "208" "c:\program files\xxx usb display\virtual_monitor\virtual_monitor2"
1⤵
PID:2860
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{5b9b053a-370c-42b2-f65d-187add241953} Global\{0fdc2965-44be-4e81-5c1a-3c499f918369} C:\Windows\System32\DriverStore\Temp\{7801fdaf-6466-6a49-0d85-d06b4692181d}\virtual_monitor2.inf C:\Windows\System32\DriverStore\Temp\{7801fdaf-6466-6a49-0d85-d06b4692181d}\virtual_monitor2.cat
  2⤵
  PID:1828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~1\XXXUSB~1\lib_usb\amd64\libusb0.dll

Filesize
73KB

MD5
136fdf85fd90f166af828cad5d45cd99

SHA1
a61b25e71328388c5af8954f29381b91a83467f2

SHA256
ff5e4cc0fea9eaf44be4723868f28abcc202b8283b4eeb424cd083866d7300d1

SHA512
6e46eda9149fbb0f726b355fd694efa759c617805565f76106a219088fa909b9c4be2ecdcbe60ba881d29d3cbbd274a5f376ed332192e373689cf52e7e00175f

Download Submit
C:\PROGRA~1\XXXUSB~1\lib_usb\amd64\libusb0.sys

Filesize
42KB

MD5
285954c6c6ef43b78ab84034750fac6a

SHA1
e1f94320eafa98d472004bc58184d70a81d96da6

SHA256
1ed9090015b2a896ef44c072e9662dcf78f044ff05a6b0174f2933af11b252d1

SHA512
6cb8ece91b88f542108e8c743293dd8ccff5b703279e4947abe2866726804defa028e2b2e9f5907beb553ce25bb64ebb1657bf75a45df834abeada410c9428bb

Download Submit
C:\PROGRA~1\XXXUSB~1\lib_usb\x86\libusb0_x86.dll

Filesize
65KB

MD5
6c12d8b1aa5e44af62efac5a5b25c6da

SHA1
00b614ac1eb075bc529afa56a086e8cdf05939a1

SHA256
fa16629b7c112c2a22fad27c2d5e5867866fd49e534f4a5161f97467c09698c3

SHA512
bac5f7276a3b06949adc1a88502273e6e700639668ff86e4adb6c4abe47fa0a4946729becf900e9724b2d0f7a1d28a5536a8f1dfd41576a232ba87b0a21675e1

Download Submit
C:\Program Files\XXX USB Display\WinUsbDisplay.exe

Filesize
1.4MB

MD5
eeb8caa1b42960397f343cd75b46d553

SHA1
ecb73d7ac2e00cb3d24cfbbb68599d8ccf064ce9

SHA256
c9a49d5fda42b4c4587fa48ed08e525bf8045595949ced4e22e68e4cd4864309

SHA512
6b7325b98d46bcdaf4f70ce9a1e23cf0d1d82a3b2588c908b9e5e59589870ee1ee3532675f8e76e5c75b9c890b1050e17ab21035b2e86710963b1be8625299f5

Download Submit
C:\Program Files\XXX USB Display\lib_usb\MSUSBDisplay.cat

Filesize
10KB

MD5
3eeb9433c75badfd43aedc1ed2a8e5b2

SHA1
7ba204d490e78ea0251648aa4757a18b17cf859a

SHA256
7c122949efb1c2b30cec85df2023e6a1c1a6c81437e11f3704d22813fa113b65

SHA512
ed17cbfc8a719fc41a8ca4e4931cee7f1f02c605403b25934c876c7e8fd1882f1f5b08cb95ab1d5e151a92075e7f4ba721ccb57fe26ac949b9032627767e40c7

Download Submit
C:\Program Files\XXX USB Display\lib_usb\MSUSBDisplay.inf

Filesize
4KB

MD5
7fbdf8233a1351b5a3ca91fa15b18d58

SHA1
54a2c94583602d4c661cc5aff39a8ed8ad34ab28

SHA256
556b29a93c8232173b20791d63dd897c13e31d08b5782f681865e5cf96bf5746

SHA512
dd252636d3bf17d8bbef7a1a9e350eab6a718a8c1c86fdcbcbd08066d56267300c3ea0aa3c8bc0d1bd538f997ea399be7b5711725a7abc55cbeb7a56690839a7

Download Submit
C:\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
C:\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
C:\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
C:\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor0\virtual_monitor.inf

Filesize
2KB

MD5
b3a6778f1159348ba5c07f1dfcc5b0df

SHA1
e651fb45d12ada81d50087e0256d1b33527d7e92

SHA256
9ad8cf50bae43700256c1a56b1b42872e3905dc8d1df972af0d8285d45847cd4

SHA512
32c6635b2d0d22ad0246abf26ee5c902a3ed8a912a0d32dddfc0af2fdd550cfb07a7af752bf1d921959c5df9ee403fa49c1832130b12fb34feb7dc4a9803d173

Download Submit
C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor1\virtual_monitor1.inf

Filesize
2KB

MD5
83eb4d9c7a5757f46390f1b6f76be215

SHA1
3b442ab4364b9d407a720c0d5f7dca6e86c21992

SHA256
a22f8667a6ca8ac85a0c37f6318862e3246cb0f5d3c5252c07ecfea2d72d6844

SHA512
f05a97c7a92fce08302cfe8e6b06bf8793200fb4b1b3542746240413a336ae6e5de4c28311b06844a744c824a381002a8ab912ab3fa5dab0cba057cc538f9918

Download Submit
C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor2\x64\is-4GQK1.tmp

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Program Files\XXX USB Display\virtual_monitor\virtual_monitor2\x86\is-L8VRG.tmp

Filesize
1.4MB

MD5
a9970042be512c7981b36e689c5f3f9f

SHA1
b0ba0de22ade0ee5324eaa82e179f41d2c67b63e

SHA256
7a6bf1f950684381205c717a51af2d9c81b203cb1f3db0006a4602e2df675c77

SHA512
8377049f0aaef7ffcb86d40e22ce8aa16e24cad78da1fb9b24edfbc7561e3d4fd220d19414fa06964692c54e5cbc47ec87b1f3e2e63440c6986cb985a65ce27d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7DBA.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7E0B.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BNTMK.tmp\Windows7-Windows10_2.0.2.tmp

Filesize
783KB

MD5
1fdd4368d6b3b32e254143ae65d1fe37

SHA1
b52127beb6622bb2026448194d6ba2bbe35611d6

SHA256
9e366c237e2f6cb880943eae92bd99ba3190c2976a9fdec65e875e9ee38d4cf5

SHA512
d9969a7ad0452f91bf949c85016d9c8a807d1cbc3be5e73b4c630ac35c90c6afd4ecd81222e082eacda33bec19a2f02c38db1ba647c148e922f1abc1c94469e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-BNTMK.tmp\Windows7-Windows10_2.0.2.tmp

Filesize
783KB

MD5
1fdd4368d6b3b32e254143ae65d1fe37

SHA1
b52127beb6622bb2026448194d6ba2bbe35611d6

SHA256
9e366c237e2f6cb880943eae92bd99ba3190c2976a9fdec65e875e9ee38d4cf5

SHA512
d9969a7ad0452f91bf949c85016d9c8a807d1cbc3be5e73b4c630ac35c90c6afd4ecd81222e082eacda33bec19a2f02c38db1ba647c148e922f1abc1c94469e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{021B8~1\amd64\libusb0.dll

Filesize
73KB

MD5
136fdf85fd90f166af828cad5d45cd99

SHA1
a61b25e71328388c5af8954f29381b91a83467f2

SHA256
ff5e4cc0fea9eaf44be4723868f28abcc202b8283b4eeb424cd083866d7300d1

SHA512
6e46eda9149fbb0f726b355fd694efa759c617805565f76106a219088fa909b9c4be2ecdcbe60ba881d29d3cbbd274a5f376ed332192e373689cf52e7e00175f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{021B8~1\amd64\libusb0.sys

Filesize
42KB

MD5
285954c6c6ef43b78ab84034750fac6a

SHA1
e1f94320eafa98d472004bc58184d70a81d96da6

SHA256
1ed9090015b2a896ef44c072e9662dcf78f044ff05a6b0174f2933af11b252d1

SHA512
6cb8ece91b88f542108e8c743293dd8ccff5b703279e4947abe2866726804defa028e2b2e9f5907beb553ce25bb64ebb1657bf75a45df834abeada410c9428bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{021B8~1\x86\libusb0_x86.dll

Filesize
65KB

MD5
6c12d8b1aa5e44af62efac5a5b25c6da

SHA1
00b614ac1eb075bc529afa56a086e8cdf05939a1

SHA256
fa16629b7c112c2a22fad27c2d5e5867866fd49e534f4a5161f97467c09698c3

SHA512
bac5f7276a3b06949adc1a88502273e6e700639668ff86e4adb6c4abe47fa0a4946729becf900e9724b2d0f7a1d28a5536a8f1dfd41576a232ba87b0a21675e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{021b803d-79c5-4491-3551-ce2a38207c23}\MSUSBDisplay.cat

Filesize
10KB

MD5
3eeb9433c75badfd43aedc1ed2a8e5b2

SHA1
7ba204d490e78ea0251648aa4757a18b17cf859a

SHA256
7c122949efb1c2b30cec85df2023e6a1c1a6c81437e11f3704d22813fa113b65

SHA512
ed17cbfc8a719fc41a8ca4e4931cee7f1f02c605403b25934c876c7e8fd1882f1f5b08cb95ab1d5e151a92075e7f4ba721ccb57fe26ac949b9032627767e40c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{021b803d-79c5-4491-3551-ce2a38207c23}\MSUSBDisplay.cat

Filesize
10KB

MD5
3eeb9433c75badfd43aedc1ed2a8e5b2

SHA1
7ba204d490e78ea0251648aa4757a18b17cf859a

SHA256
7c122949efb1c2b30cec85df2023e6a1c1a6c81437e11f3704d22813fa113b65

SHA512
ed17cbfc8a719fc41a8ca4e4931cee7f1f02c605403b25934c876c7e8fd1882f1f5b08cb95ab1d5e151a92075e7f4ba721ccb57fe26ac949b9032627767e40c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{021b803d-79c5-4491-3551-ce2a38207c23}\MSUSBDisplay.inf

Filesize
4KB

MD5
7fbdf8233a1351b5a3ca91fa15b18d58

SHA1
54a2c94583602d4c661cc5aff39a8ed8ad34ab28

SHA256
556b29a93c8232173b20791d63dd897c13e31d08b5782f681865e5cf96bf5746

SHA512
dd252636d3bf17d8bbef7a1a9e350eab6a718a8c1c86fdcbcbd08066d56267300c3ea0aa3c8bc0d1bd538f997ea399be7b5711725a7abc55cbeb7a56690839a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{021b803d-79c5-4491-3551-ce2a38207c23}\MSUSBDisplay.inf

Filesize
4KB

MD5
7fbdf8233a1351b5a3ca91fa15b18d58

SHA1
54a2c94583602d4c661cc5aff39a8ed8ad34ab28

SHA256
556b29a93c8232173b20791d63dd897c13e31d08b5782f681865e5cf96bf5746

SHA512
dd252636d3bf17d8bbef7a1a9e350eab6a718a8c1c86fdcbcbd08066d56267300c3ea0aa3c8bc0d1bd538f997ea399be7b5711725a7abc55cbeb7a56690839a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{021b803d-79c5-4491-3551-ce2a38207c23}\amd64\libusb0.dll

Filesize
73KB

MD5
136fdf85fd90f166af828cad5d45cd99

SHA1
a61b25e71328388c5af8954f29381b91a83467f2

SHA256
ff5e4cc0fea9eaf44be4723868f28abcc202b8283b4eeb424cd083866d7300d1

SHA512
6e46eda9149fbb0f726b355fd694efa759c617805565f76106a219088fa909b9c4be2ecdcbe60ba881d29d3cbbd274a5f376ed332192e373689cf52e7e00175f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{021b803d-79c5-4491-3551-ce2a38207c23}\amd64\libusb0.sys

Filesize
42KB

MD5
285954c6c6ef43b78ab84034750fac6a

SHA1
e1f94320eafa98d472004bc58184d70a81d96da6

SHA256
1ed9090015b2a896ef44c072e9662dcf78f044ff05a6b0174f2933af11b252d1

SHA512
6cb8ece91b88f542108e8c743293dd8ccff5b703279e4947abe2866726804defa028e2b2e9f5907beb553ce25bb64ebb1657bf75a45df834abeada410c9428bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{021b803d-79c5-4491-3551-ce2a38207c23}\x86\SETFF4A.tmp

Filesize
65KB

MD5
6c12d8b1aa5e44af62efac5a5b25c6da

SHA1
00b614ac1eb075bc529afa56a086e8cdf05939a1

SHA256
fa16629b7c112c2a22fad27c2d5e5867866fd49e534f4a5161f97467c09698c3

SHA512
bac5f7276a3b06949adc1a88502273e6e700639668ff86e4adb6c4abe47fa0a4946729becf900e9724b2d0f7a1d28a5536a8f1dfd41576a232ba87b0a21675e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{55B29~1\x64\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\AppData\Local\Temp\{55B29~1\x64\vmon_func1.sys

Filesize
46KB

MD5
c083d09dac2135352828ad24b47b5580

SHA1
ee456eef639a06114b62962b2056a147da96a0f1

SHA256
54c22fae4b487994961707cdefe9ff27402a261edb8c6062f3403559f3b81e2c

SHA512
3de907b2d7ca80bb37ccd9d2774ba63f2b3598804052dd3bf231c04f3087cadf203ac397a5fdde312b549dbac2e78729face63fe618200af3cc3df6ccfd87d67

Download Submit
C:\Users\Admin\AppData\Local\Temp\{55b29047-cf78-5ad8-e6db-405637c96e70}\virtual_monitor1.cat

Filesize
10KB

MD5
bc01119b395bf56ba17b07c842380893

SHA1
d9c9c6d66cf33fc52cac28a43e0be28d497dc91e

SHA256
2ee065711791dcb72b019083490a78ecb52afa51c140ae39f1761b1a67da6151

SHA512
212af5ff3a01a6bb8edf56d8015ce90ad1a7f243a06f8bd3a2257c86c955ba30f61fb5b0419dc456bade0fc476ab53d364e8341fb933e59d11ecb94b22938070

Download Submit
C:\Users\Admin\AppData\Local\Temp\{55b29047-cf78-5ad8-e6db-405637c96e70}\virtual_monitor1.cat

Filesize
10KB

MD5
bc01119b395bf56ba17b07c842380893

SHA1
d9c9c6d66cf33fc52cac28a43e0be28d497dc91e

SHA256
2ee065711791dcb72b019083490a78ecb52afa51c140ae39f1761b1a67da6151

SHA512
212af5ff3a01a6bb8edf56d8015ce90ad1a7f243a06f8bd3a2257c86c955ba30f61fb5b0419dc456bade0fc476ab53d364e8341fb933e59d11ecb94b22938070

Download Submit
C:\Users\Admin\AppData\Local\Temp\{55b29047-cf78-5ad8-e6db-405637c96e70}\virtual_monitor1.inf

Filesize
2KB

MD5
83eb4d9c7a5757f46390f1b6f76be215

SHA1
3b442ab4364b9d407a720c0d5f7dca6e86c21992

SHA256
a22f8667a6ca8ac85a0c37f6318862e3246cb0f5d3c5252c07ecfea2d72d6844

SHA512
f05a97c7a92fce08302cfe8e6b06bf8793200fb4b1b3542746240413a336ae6e5de4c28311b06844a744c824a381002a8ab912ab3fa5dab0cba057cc538f9918

Download Submit
C:\Users\Admin\AppData\Local\Temp\{55b29047-cf78-5ad8-e6db-405637c96e70}\virtual_monitor1.inf

Filesize
2KB

MD5
83eb4d9c7a5757f46390f1b6f76be215

SHA1
3b442ab4364b9d407a720c0d5f7dca6e86c21992

SHA256
a22f8667a6ca8ac85a0c37f6318862e3246cb0f5d3c5252c07ecfea2d72d6844

SHA512
f05a97c7a92fce08302cfe8e6b06bf8793200fb4b1b3542746240413a336ae6e5de4c28311b06844a744c824a381002a8ab912ab3fa5dab0cba057cc538f9918

Download Submit
C:\Users\Admin\AppData\Local\Temp\{55b29047-cf78-5ad8-e6db-405637c96e70}\x64\vmon_func1.sys

Filesize
46KB

MD5
c083d09dac2135352828ad24b47b5580

SHA1
ee456eef639a06114b62962b2056a147da96a0f1

SHA256
54c22fae4b487994961707cdefe9ff27402a261edb8c6062f3403559f3b81e2c

SHA512
3de907b2d7ca80bb37ccd9d2774ba63f2b3598804052dd3bf231c04f3087cadf203ac397a5fdde312b549dbac2e78729face63fe618200af3cc3df6ccfd87d67

Download Submit
C:\Users\Admin\AppData\Local\Temp\{62D6A~1\x64\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\AppData\Local\Temp\{62D6A~1\x64\vmon_func.sys

Filesize
46KB

MD5
0e0f65fc73d65ff31eb93a5908d6b0e4

SHA1
5a886bccc620f61b3323debd8c1dbe121ba02f45

SHA256
23d5af31effc0d219678d8adc9781188f6ce40492a13aab46edf3fa843f072b4

SHA512
7c43def3364bb28a248c347adbfa31433f65dd38284ccb6f17912c0b8d121c27a4db370b0a409a2ef46ff76d3494c167493048f5deae22383bec0d68ba5da2d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{62d6ab56-4c9c-1800-01f2-ee21adfb321d}\virtual_monitor.cat

Filesize
10KB

MD5
53d82d48cc9234390c520dc070a52b46

SHA1
e08e8f31bcc7ba1c62d7f322525f015d69e7203d

SHA256
0192219aeb1b9de9a16c87e6d02204253dcf4eb33c25df19a754b2c867d8c947

SHA512
7cfe293f1878fc3e6a019f8bccc5763d9a5d70f491bfbd54ec9a7e204b57292b485baffe9c8065cf458be47c682db2d6e0385a9bef2e76c2741423a357aeb4ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\{62d6ab56-4c9c-1800-01f2-ee21adfb321d}\virtual_monitor.cat

Filesize
10KB

MD5
53d82d48cc9234390c520dc070a52b46

SHA1
e08e8f31bcc7ba1c62d7f322525f015d69e7203d

SHA256
0192219aeb1b9de9a16c87e6d02204253dcf4eb33c25df19a754b2c867d8c947

SHA512
7cfe293f1878fc3e6a019f8bccc5763d9a5d70f491bfbd54ec9a7e204b57292b485baffe9c8065cf458be47c682db2d6e0385a9bef2e76c2741423a357aeb4ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\{62d6ab56-4c9c-1800-01f2-ee21adfb321d}\virtual_monitor.inf

Filesize
2KB

MD5
b3a6778f1159348ba5c07f1dfcc5b0df

SHA1
e651fb45d12ada81d50087e0256d1b33527d7e92

SHA256
9ad8cf50bae43700256c1a56b1b42872e3905dc8d1df972af0d8285d45847cd4

SHA512
32c6635b2d0d22ad0246abf26ee5c902a3ed8a912a0d32dddfc0af2fdd550cfb07a7af752bf1d921959c5df9ee403fa49c1832130b12fb34feb7dc4a9803d173

Download Submit
C:\Users\Admin\AppData\Local\Temp\{62d6ab56-4c9c-1800-01f2-ee21adfb321d}\virtual_monitor.inf

Filesize
2KB

MD5
b3a6778f1159348ba5c07f1dfcc5b0df

SHA1
e651fb45d12ada81d50087e0256d1b33527d7e92

SHA256
9ad8cf50bae43700256c1a56b1b42872e3905dc8d1df972af0d8285d45847cd4

SHA512
32c6635b2d0d22ad0246abf26ee5c902a3ed8a912a0d32dddfc0af2fdd550cfb07a7af752bf1d921959c5df9ee403fa49c1832130b12fb34feb7dc4a9803d173

Download Submit
C:\Users\Admin\AppData\Local\Temp\{62d6ab56-4c9c-1800-01f2-ee21adfb321d}\x64\vmon_func.sys

Filesize
46KB

MD5
0e0f65fc73d65ff31eb93a5908d6b0e4

SHA1
5a886bccc620f61b3323debd8c1dbe121ba02f45

SHA256
23d5af31effc0d219678d8adc9781188f6ce40492a13aab46edf3fa843f072b4

SHA512
7c43def3364bb28a248c347adbfa31433f65dd38284ccb6f17912c0b8d121c27a4db370b0a409a2ef46ff76d3494c167493048f5deae22383bec0d68ba5da2d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66c27978-6618-5dd9-6f7c-123971c69d24}\virtual_monitor2.cat

Filesize
10KB

MD5
e1560e00fbe088e654e70702e0c71189

SHA1
440568026e5f7bc8c76dc82206665b5777d842e5

SHA256
3d8c9610c7eb0c1cb6e0307f9ebf0ce87a87d717ddc7343e0ce78a60550f036a

SHA512
c0dab1dbddfe01befecbfc08e825644f6b483b3ac4458f3eefedce1153f277a9f03c7609122b16256ee1319c2ae76ad9886ba5c5f025fc71f26c7ef3e9d20665

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66c27978-6618-5dd9-6f7c-123971c69d24}\virtual_monitor2.inf

Filesize
2KB

MD5
e0c74b713195400e197f8f711f9c3577

SHA1
17d3320d0d57be252288f93f01ff593761c3bad6

SHA256
12bbdc0c4100543f6d77f8c2158abdc7e913b806a022f19f3c1d3d1c57296d48

SHA512
33f379acd0e3aeb4ff82c122e40251daa14d0bb8443eaa80dabc4284c6b1179208e569211974715c68884d765c3bcfcef4b0f656f48e8ec303bf1be5ac1abb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66c27978-6618-5dd9-6f7c-123971c69d24}\x64\vmon_func2.sys

Filesize
46KB

MD5
426800db65c0c1ea0b88e0df8d435030

SHA1
10d38a6a442110f8003b035056cdc519b05c3edb

SHA256
ebd649a9a751978ced5a9303daea3325ef05426740a3863d28ea4e9ec7a3a08e

SHA512
b7bb4aa97fe0ff76bb3c00f08bcebd83f21910d77ce6f303e8d480db7778a95d9a84a967e7bbdba8825ca76cdbd36df3db83e0091c572e7f685af1d40aba75b1

Download Submit
C:\Windows\INF\oem3.inf

Filesize
2KB

MD5
b3a6778f1159348ba5c07f1dfcc5b0df

SHA1
e651fb45d12ada81d50087e0256d1b33527d7e92

SHA256
9ad8cf50bae43700256c1a56b1b42872e3905dc8d1df972af0d8285d45847cd4

SHA512
32c6635b2d0d22ad0246abf26ee5c902a3ed8a912a0d32dddfc0af2fdd550cfb07a7af752bf1d921959c5df9ee403fa49c1832130b12fb34feb7dc4a9803d173

Download Submit
C:\Windows\INF\oem4.inf

Filesize
2KB

MD5
83eb4d9c7a5757f46390f1b6f76be215

SHA1
3b442ab4364b9d407a720c0d5f7dca6e86c21992

SHA256
a22f8667a6ca8ac85a0c37f6318862e3246cb0f5d3c5252c07ecfea2d72d6844

SHA512
f05a97c7a92fce08302cfe8e6b06bf8793200fb4b1b3542746240413a336ae6e5de4c28311b06844a744c824a381002a8ab912ab3fa5dab0cba057cc538f9918

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
194KB

MD5
60211efc51ccab19f0d940152947620a

SHA1
edb41d4d4af2a915cd4e38b006b0db850bafadd6

SHA256
eec81a89154d785ff956395295f3409ef3e66fa0483b5f65c7203ace3b7c2269

SHA512
665dd25e43d367e9f9fd01a5fe41c55b9db9c8c4e0dba0489e1d720a510224807c898279081dee9b3f8cbf7be0b05bb9e6e4543d376e0533179057d75d24a764

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
194KB

MD5
ffc9db6a5a537d7f84c42425652edacc

SHA1
84b61de8c073fc1edde8563ea37a1de5920c7cc6

SHA256
e7ae79aa1fd2406a05af7e85a8f143814db03e1791cc07609e95ff4efcfda07a

SHA512
80b017ad97569ad0f0f6c05d46472cb2e7d0313ea49fc60d5e5cecce47536fc5b012a2bfd1353cb0f4e473dca3b5b0b6363a119dc975112220ec774155071ab2

Download Submit
C:\Windows\System32\DRIVER~1\FILERE~1\VIRTUA~1.INF\x64\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Windows\System32\DRIVER~1\FILERE~1\VIRTUA~1.INF\x64\vmon_func.sys

Filesize
46KB

MD5
0e0f65fc73d65ff31eb93a5908d6b0e4

SHA1
5a886bccc620f61b3323debd8c1dbe121ba02f45

SHA256
23d5af31effc0d219678d8adc9781188f6ce40492a13aab46edf3fa843f072b4

SHA512
7c43def3364bb28a248c347adbfa31433f65dd38284ccb6f17912c0b8d121c27a4db370b0a409a2ef46ff76d3494c167493048f5deae22383bec0d68ba5da2d0

Download Submit
C:\Windows\System32\DriverStore\FileRepository\virtual_monitor.inf_amd64_neutral_91cca5843883c6d6\virtual_monitor.PNF

Filesize
8KB

MD5
79442a3eb32defa6d4b557eacabf82a4

SHA1
07a6d04695076825f98aaa602d828bfc17517911

SHA256
fb7377345aba1e8dd1b6c996f21f6cfc1e26b0f41af1d2e2e28d995907e57fa2

SHA512
d3847ba39d306852ae96a1f68003a0d63aa0a05228e5e1aef1b0f1c855a5f1e1da783c03f90c38574d465807fbbdb4d40f3d0c153ea1630ce7589736b39a70b2

Download Submit
C:\Windows\System32\DriverStore\FileRepository\virtual_monitor.inf_amd64_neutral_91cca5843883c6d6\virtual_monitor.cat

Filesize
10KB

MD5
53d82d48cc9234390c520dc070a52b46

SHA1
e08e8f31bcc7ba1c62d7f322525f015d69e7203d

SHA256
0192219aeb1b9de9a16c87e6d02204253dcf4eb33c25df19a754b2c867d8c947

SHA512
7cfe293f1878fc3e6a019f8bccc5763d9a5d70f491bfbd54ec9a7e204b57292b485baffe9c8065cf458be47c682db2d6e0385a9bef2e76c2741423a357aeb4ed

Download Submit
C:\Windows\System32\DriverStore\FileRepository\virtual_monitor1.inf_amd64_neutral_bffd672eb4dd2f10\virtual_monitor1.PNF

Filesize
8KB

MD5
17751bcb31dd0449d83f10a94dfe8937

SHA1
f3586f4e05546098a1b4f1b4ea42d7fa61b93984

SHA256
fb346f255d3366c9a7ac77f5009851ffbc504ddb1b52af1d6b231be56e8d55d1

SHA512
7067ef2140b04521f65ab76f6c06494717d0b6e6e3ff53f8ba7e8500c93ee22a0a22ea463d898e71d617ee8714375c92f65f927e96642183eb3c9e7d10126088

Download Submit
C:\Windows\System32\DriverStore\FileRepository\virtual_monitor1.inf_amd64_neutral_bffd672eb4dd2f10\virtual_monitor1.cat

Filesize
10KB

MD5
bc01119b395bf56ba17b07c842380893

SHA1
d9c9c6d66cf33fc52cac28a43e0be28d497dc91e

SHA256
2ee065711791dcb72b019083490a78ecb52afa51c140ae39f1761b1a67da6151

SHA512
212af5ff3a01a6bb8edf56d8015ce90ad1a7f243a06f8bd3a2257c86c955ba30f61fb5b0419dc456bade0fc476ab53d364e8341fb933e59d11ecb94b22938070

Download Submit
C:\Windows\System32\DriverStore\FileRepository\virtual_monitor1.inf_amd64_neutral_bffd672eb4dd2f10\x64\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Windows\System32\DriverStore\INFCACHE.1

Filesize
1.4MB

MD5
acd77a2051494ee2b58febc38c9aca21

SHA1
6f56cdb9b9db20193189242b215ee97ccec5c7ad

SHA256
a3929de425155109cca378986d2a0986c543c30c624436c49ef19a7ed6004600

SHA512
96fe1f1d6aec862208a6369f87f8fa7cd355c37de248633839d69f2563060d8534bf504c19c37462b5c60b0dcfd543d4cf5f11d1a90d288d0c8c3e8e563bcc86

Download Submit
C:\Windows\System32\DriverStore\INFCACHE.1

Filesize
1.4MB

MD5
a3327e42d019242e7d93a46a06028db5

SHA1
43ff6c3a07165d0697b6f99fe210a3dffcc1cd9b

SHA256
c24911a9fc607c6875b13718c681d44d205a73ec54ff4bfb1be41de76d812c05

SHA512
679ed08cf65a6762ba1a0dbfb8fdfd0583fb28ae2e6feff646d8610bd7e5f10c40831039ba4f306aa91bfa88a12bc2259f6c6d32c725c18288d7816a3e953053

Download Submit
C:\Windows\System32\DriverStore\INFCACHE.1

Filesize
1.4MB

MD5
b0fc2530f62cbc0f2d5d4341cf3749f5

SHA1
f74f453b25a3ae8a9479137a752f4bad33204046

SHA256
ba54911e9247b2c0c3ee03c3560a79dc1c6faf4a3fb16ed9468003f0aae03dd1

SHA512
0f842f9f64985be821d3bb927548a238231e7af06272194246675e169e3ea31b2c82e2928f0c530ace074106a927a89df631bfbc1bac7fae57cc4bcc29c3a22b

Download Submit
C:\Windows\System32\DriverStore\Temp\{12512c07-8805-3709-d263-af4ff9029f10}\virtual_monitor1.inf

Filesize
2KB

MD5
83eb4d9c7a5757f46390f1b6f76be215

SHA1
3b442ab4364b9d407a720c0d5f7dca6e86c21992

SHA256
a22f8667a6ca8ac85a0c37f6318862e3246cb0f5d3c5252c07ecfea2d72d6844

SHA512
f05a97c7a92fce08302cfe8e6b06bf8793200fb4b1b3542746240413a336ae6e5de4c28311b06844a744c824a381002a8ab912ab3fa5dab0cba057cc538f9918

Download Submit
C:\Windows\System32\DriverStore\Temp\{4391ca3c-39c9-2b9e-4687-8821a3ae676d}\MSUSBDisplay.inf

Filesize
4KB

MD5
7fbdf8233a1351b5a3ca91fa15b18d58

SHA1
54a2c94583602d4c661cc5aff39a8ed8ad34ab28

SHA256
556b29a93c8232173b20791d63dd897c13e31d08b5782f681865e5cf96bf5746

SHA512
dd252636d3bf17d8bbef7a1a9e350eab6a718a8c1c86fdcbcbd08066d56267300c3ea0aa3c8bc0d1bd538f997ea399be7b5711725a7abc55cbeb7a56690839a7

Download Submit
C:\Windows\System32\DriverStore\Temp\{6e788766-42c1-4423-b71b-cb7a5b5eed61}\virtual_monitor.inf

Filesize
2KB

MD5
b3a6778f1159348ba5c07f1dfcc5b0df

SHA1
e651fb45d12ada81d50087e0256d1b33527d7e92

SHA256
9ad8cf50bae43700256c1a56b1b42872e3905dc8d1df972af0d8285d45847cd4

SHA512
32c6635b2d0d22ad0246abf26ee5c902a3ed8a912a0d32dddfc0af2fdd550cfb07a7af752bf1d921959c5df9ee403fa49c1832130b12fb34feb7dc4a9803d173

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
194KB

MD5
60211efc51ccab19f0d940152947620a

SHA1
edb41d4d4af2a915cd4e38b006b0db850bafadd6

SHA256
eec81a89154d785ff956395295f3409ef3e66fa0483b5f65c7203ace3b7c2269

SHA512
665dd25e43d367e9f9fd01a5fe41c55b9db9c8c4e0dba0489e1d720a510224807c898279081dee9b3f8cbf7be0b05bb9e6e4543d376e0533179057d75d24a764

Download Submit
C:\Windows\Temp\Cab3.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\Tar15.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
C:\Windows\system32\DRIVERS\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
\??\c:\PROGRA~1\XXXUSB~1\VIRTUA~1\VIRTUA~1\x64\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
\??\c:\PROGRA~1\XXXUSB~1\VIRTUA~1\VIRTUA~1\x64\vmon_func.sys

Filesize
46KB

MD5
0e0f65fc73d65ff31eb93a5908d6b0e4

SHA1
5a886bccc620f61b3323debd8c1dbe121ba02f45

SHA256
23d5af31effc0d219678d8adc9781188f6ce40492a13aab46edf3fa843f072b4

SHA512
7c43def3364bb28a248c347adbfa31433f65dd38284ccb6f17912c0b8d121c27a4db370b0a409a2ef46ff76d3494c167493048f5deae22383bec0d68ba5da2d0

Download Submit
\??\c:\PROGRA~1\XXXUSB~1\VIRTUA~1\VIRTUA~2\x64\WdfCoInstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
\??\c:\PROGRA~1\XXXUSB~1\VIRTUA~1\VIRTUA~2\x64\vmon_func1.sys

Filesize
46KB

MD5
c083d09dac2135352828ad24b47b5580

SHA1
ee456eef639a06114b62962b2056a147da96a0f1

SHA256
54c22fae4b487994961707cdefe9ff27402a261edb8c6062f3403559f3b81e2c

SHA512
3de907b2d7ca80bb37ccd9d2774ba63f2b3598804052dd3bf231c04f3087cadf203ac397a5fdde312b549dbac2e78729face63fe618200af3cc3df6ccfd87d67

Download Submit
\??\c:\program files\xxx usb display\virtual_monitor\virtual_monitor0\virtual_monitor.cat

Filesize
10KB

MD5
53d82d48cc9234390c520dc070a52b46

SHA1
e08e8f31bcc7ba1c62d7f322525f015d69e7203d

SHA256
0192219aeb1b9de9a16c87e6d02204253dcf4eb33c25df19a754b2c867d8c947

SHA512
7cfe293f1878fc3e6a019f8bccc5763d9a5d70f491bfbd54ec9a7e204b57292b485baffe9c8065cf458be47c682db2d6e0385a9bef2e76c2741423a357aeb4ed

Download Submit
\??\c:\program files\xxx usb display\virtual_monitor\virtual_monitor1\virtual_monitor1.cat

Filesize
10KB

MD5
bc01119b395bf56ba17b07c842380893

SHA1
d9c9c6d66cf33fc52cac28a43e0be28d497dc91e

SHA256
2ee065711791dcb72b019083490a78ecb52afa51c140ae39f1761b1a67da6151

SHA512
212af5ff3a01a6bb8edf56d8015ce90ad1a7f243a06f8bd3a2257c86c955ba30f61fb5b0419dc456bade0fc476ab53d364e8341fb933e59d11ecb94b22938070

Download Submit
\Program Files\XXX USB Display\WinUsbDisplay.exe

Filesize
1.4MB

MD5
eeb8caa1b42960397f343cd75b46d553

SHA1
ecb73d7ac2e00cb3d24cfbbb68599d8ccf064ce9

SHA256
c9a49d5fda42b4c4587fa48ed08e525bf8045595949ced4e22e68e4cd4864309

SHA512
6b7325b98d46bcdaf4f70ce9a1e23cf0d1d82a3b2588c908b9e5e59589870ee1ee3532675f8e76e5c75b9c890b1050e17ab21035b2e86710963b1be8625299f5

Download Submit
\Program Files\XXX USB Display\WinUsbDisplay.exe

Filesize
1.4MB

MD5
eeb8caa1b42960397f343cd75b46d553

SHA1
ecb73d7ac2e00cb3d24cfbbb68599d8ccf064ce9

SHA256
c9a49d5fda42b4c4587fa48ed08e525bf8045595949ced4e22e68e4cd4864309

SHA512
6b7325b98d46bcdaf4f70ce9a1e23cf0d1d82a3b2588c908b9e5e59589870ee1ee3532675f8e76e5c75b9c890b1050e17ab21035b2e86710963b1be8625299f5

Download Submit
\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
\Program Files\XXX USB Display\tool\x64\devcon.exe

Filesize
80KB

MD5
79c8395d54fa2e32425a56807240523b

SHA1
69452105b209cb757b83b11e22158049a4744fe8

SHA256
8181eb7df558d3a42a0c55be96a19d1bd88b77e0228b8e69bd4704821ca88510

SHA512
694dab10bc6dfd05924a9301257f9130ac0b3a667499734972d2aefe16d07b443dd939894fe3472e0f52af4547457540a65f07d0742abbced95d1f79cf4b138a

Download Submit
\Program Files\XXX USB Display\unins000.exe

Filesize
794KB

MD5
9733369807f170de2aa6962593c349cc

SHA1
7eb9022b605b02decdc824ef7ba562bffe008410

SHA256
ea915669d2317147ffcfed211f228a674294941ba1a9c53fcd3b24d9e0876e2c

SHA512
50644f16430cf3ae226f28b2b31d474894d19132f353a5650581dd045bd86e2cdf609ccadd1fa66112c0f602a916f5c0df5df1c02cf3d515879ccacf099c1019

Download Submit
\Users\Admin\AppData\Local\Temp\is-BNTMK.tmp\Windows7-Windows10_2.0.2.tmp

Filesize
783KB

MD5
1fdd4368d6b3b32e254143ae65d1fe37

SHA1
b52127beb6622bb2026448194d6ba2bbe35611d6

SHA256
9e366c237e2f6cb880943eae92bd99ba3190c2976a9fdec65e875e9ee38d4cf5

SHA512
d9969a7ad0452f91bf949c85016d9c8a807d1cbc3be5e73b4c630ac35c90c6afd4ecd81222e082eacda33bec19a2f02c38db1ba647c148e922f1abc1c94469e5

Download Submit
memory/692-298-0x0000000001D20000-0x0000000001D21000-memory.dmp

Filesize
4KB

Download
memory/692-295-0x0000000001D20000-0x0000000001D21000-memory.dmp

Filesize
4KB

Download
memory/1344-1102-0x0000000001BC0000-0x0000000001BC1000-memory.dmp

Filesize
4KB

Download
memory/1344-1099-0x0000000001BC0000-0x0000000001BC1000-memory.dmp

Filesize
4KB

Download
memory/1632-579-0x0000000001B80000-0x0000000001B81000-memory.dmp

Filesize
4KB

Download
memory/1632-582-0x0000000001B80000-0x0000000001B81000-memory.dmp

Filesize
4KB

Download
memory/1828-1612-0x0000000001CE0000-0x0000000001CE1000-memory.dmp

Filesize
4KB

Download
memory/2216-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2216-9-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2796-1101-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/2796-16-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/2796-12-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2796-297-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/2796-11-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/2796-581-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/2796-7-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download