c6ef09a052c53678f8ecf1a2cc318d8701f052e3558685c3783b55e11e0ca960

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2023 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PL23XX_Prolific_DriverInstaller_v206/PL23XX-M_LogoDriver_Setup_v206_20210513.exe
Size

9.8MB
MD5

4ccaafca77f5545dc8bff68e4e06eec0
SHA1

0aab501ac2f40df0ae2b88303de61a42b8192a17
SHA256

d7d5e58f826db224a1a89525bf5fe390746aa18b02f88f0460a475441b8e0321
SHA512

b4c9ad3dc0dc7567c90fdeb65cca3948d97ec532bfa35b375e9a9a8ae13696f492fef48eb8da8aad00711ecd60ea81ecb863cbb344b1d79d7679c5843b1f4918
SSDEEP

196608:csurI2/CxxI2/Cxg4EX1GzCoSL4EX1GzCoSTtdrhBzkp:cjk2/N2/HXkuoSnXkuoSp9hB4p

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1172	ISBEW64.exe
224	dpinst64.exe

Loads dropped DLL 10 IoCs

pid	Process
2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 43 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\SET6B58.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\SET6B69.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ser2pl.inf_amd64_8a89c06f6bce3622\ser2pl.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\SET66E3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\SET66E4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\ser2pl64.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\amd64\SET6B6A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\amd64\ser2pl.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\plser.inf_amd64_521800cdcda46d20\plser.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\SET6B48.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\ser2pl.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\amd64	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\SET66F4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\plser.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\amd64\SET6705.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\amd64\plser.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ser2pl.inf_amd64_8a89c06f6bce3622\ser2pl.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ser2pl.inf_amd64_8a89c06f6bce3622\ser2pl.PNF	dpinst64.exe
File created	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\SET66E4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\plser.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	dpinst64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\ser2pl.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\SET66F4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ser2pl.inf_amd64_8a89c06f6bce3622\amd64\ser2pl.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\plser.inf_amd64_521800cdcda46d20\amd64\plser.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\SET6B48.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\SET6B69.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\plser.inf_amd64_521800cdcda46d20\plser64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\plser.inf_amd64_521800cdcda46d20\plser.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\SET66E3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\plser64.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\amd64\SET6705.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ser2pl.inf_amd64_8a89c06f6bce3622\ser2pl64.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{95734e29-d225-6342-94fd-26e34816fbf5}\amd64	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\plser.inf_amd64_521800cdcda46d20\plser.PNF	dpinst64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\SET6B58.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{b3a33aa0-e11e-0744-b3c0-d8e79996dbea}\amd64\SET6B6A.tmp	DrvInst.exe

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\layout.bin	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\setup.exe	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\_Set60e8.rra	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\setup.ini	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\data60a9.rra	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\data1.hdr	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\ISSetup.dll	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\setu6184.rra	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\setup.inx	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\layo60a9.rra	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\data1.cab	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\setu60d8.rra	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\ISSe6145.rra	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\_Setup.dll	PL23XX-M_LogoDriver_Setup_v206_20210513.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\setu6174.rra	PL23XX-M_LogoDriver_Setup_v206_20210513.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	dpinst64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\DPINST.LOG	dpinst64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 63 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dpinst64.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	dpinst64.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000002d5e0d994d17e0d40000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800002d5e0d990000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809002d5e0d99000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d2d5e0d99000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000002d5e0d9900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dpinst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	dpinst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeBackupPrivilege	3764	vssvc.exe
Token: SeRestorePrivilege	3764	vssvc.exe
Token: SeAuditPrivilege	3764	vssvc.exe
Token: SeAuditPrivilege	2144	svchost.exe
Token: SeSecurityPrivilege	2144	svchost.exe
Token: SeBackupPrivilege	4440	srtasks.exe
Token: SeRestorePrivilege	4440	srtasks.exe
Token: SeSecurityPrivilege	4440	srtasks.exe
Token: SeTakeOwnershipPrivilege	4440	srtasks.exe
Token: SeBackupPrivilege	4440	srtasks.exe
Token: SeRestorePrivilege	4440	srtasks.exe
Token: SeSecurityPrivilege	4440	srtasks.exe
Token: SeTakeOwnershipPrivilege	4440	srtasks.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 1172	2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe	84
PID 2208 wrote to memory of 1172	2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe	84
PID 2208 wrote to memory of 224	2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe	104
PID 2208 wrote to memory of 224	2208	PL23XX-M_LogoDriver_Setup_v206_20210513.exe	104
PID 2144 wrote to memory of 4836	2144	svchost.exe	106
PID 2144 wrote to memory of 4836	2144	svchost.exe	106
PID 2144 wrote to memory of 4088	2144	svchost.exe	108
PID 2144 wrote to memory of 4088	2144	svchost.exe	108

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\PL23XX_Prolific_DriverInstaller_v206\PL23XX-M_LogoDriver_Setup_v206_20210513.exe
"C:\Users\Admin\AppData\Local\Temp\PL23XX_Prolific_DriverInstaller_v206\PL23XX-M_LogoDriver_Setup_v206_20210513.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\ISBEW64.exe
  C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10E8EA4F-F1E0-4F32-8AC8-B2F638655637}
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\dpinst64.exe
  C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\dpinst64.exe /PATH C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\VISTA\ /SW /LM /SA
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:224

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3764

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{ee98a7bf-4ab5-874c-a1a3-b8310dae70a3}\plser.inf" "9" "495f78923" "000000000000014C" "WinSta0\Default" "0000000000000158" "208" "c:\users\admin\appdata\local\temp\{2ad955e8-6c3c-413d-ad26-b1cd1a5e5376}\{bc40b9a3-568c-4e39-8ef5-b3883d7152ac}\vista"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4836
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{7a72dc44-1994-1049-821b-329719eafb7b}\ser2pl.inf" "9" "4b914df4f" "0000000000000158" "WinSta0\Default" "0000000000000164" "208" "c:\users\admin\appdata\local\temp\{2ad955e8-6c3c-413d-ad26-b1cd1a5e5376}\{bc40b9a3-568c-4e39-8ef5-b3883d7152ac}\vista"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\data1.cab

Filesize
1.2MB

MD5
65c25509acd25c71dde6a2566243e9a2

SHA1
3815d5771cfc494725f302e0ad735cbc8f1b3f90

SHA256
553fac967bb42d0393ec0cc9272ab116769fe4924a15c6ddc3f3760620f1a850

SHA512
8644bc8c01cf948eb2bf117783f695905a996f9e038f239000a31cfcdd07cfd3dfa18ab07c60f5fa5d4bd37c649d8a05de53b06afdcd477afa5ad74ded3e1bb7

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\data1.hdr

Filesize
16KB

MD5
874198b083d21dba0aef05a97728a915

SHA1
3e2004f90d026c510f741e8d704e3285682314e7

SHA256
1dce77035d87059e62ecf8e9e7baccf20be33fd62a59676f916b774d30c74490

SHA512
91ad629b62048bf2df1600d35a304c69607967dfb0b7a2eee2c0b3a285b46158d6d3984fcca782c5b42a0bf101dbfc18022b017dd9467996045f6ec894f245cd

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\layout.bin

Filesize
473B

MD5
d4f9960f539ac60619f0aefd4d359a21

SHA1
0289b41ec3893f4b2c2f5fe1ffcb6a0ead755d62

SHA256
3184f75a545f8bb5237379f0d947b52895d486d6c1debfffa4dc53384479ce22

SHA512
ee89789595a45d18b882e8e44acc2ef5c9de6dd01ffa9eedbd8ee096a2c352f4cde3350c765144bf8076ed84f845f2d8ec4a0a417d911d460f19256e16b33b0a

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\setu60d8.rra

Filesize
364KB

MD5
6f58a1d8e7b031c6f2a60ba04d1a0b7d

SHA1
64ced7781de492d15f0d443faffd2d0244b43e56

SHA256
b7a82904d92b096cb6ab537365f9c7f24b1ecefaa6ea7974c24e8102b1746f4b

SHA512
81371904cbe4dd5062e9ede60c3a0429adcd8c7b62dcb5f45b122280d2e3fb5d1ddd4b0f109d972b919e67cde99636cdd952082cd74b567769211ea389a89912

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\setup.ini

Filesize
560B

MD5
e4a0893964b37df72a95eebf6deae729

SHA1
2833199b8743b71c4af0a5724448ab8e2af518d3

SHA256
0598bb1b820fb33f200ca7f4796c324d6769838b8da2f88abde08bd3684065a3

SHA512
faf281b5df180ce1e7b65e39e14c3544e07ba849bb9f8a14af8397ba6c6604d3b5311d8a76675fca0c151cb5fe0404d4034b7225e5ea4741827f5f3026497ce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\ISBEW64.exe

Filesize
117KB

MD5
8407fc98ee367ccb196894f7cd218792

SHA1
6f280cf374fba172426b8912170b5cbafe3d88cd

SHA256
e1890e4ef7fe9c2242e1fa65da8162687c893d1a025fef254b827940d03a0d5a

SHA512
5850b48b374cb243d6eacf011f11e31050ff04118939424804a62e52da335cea6a7ea8dc363d49895ea29929b518c69dccc8320074693e7b50540580d477956c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\ISBEW64.exe

Filesize
117KB

MD5
8407fc98ee367ccb196894f7cd218792

SHA1
6f280cf374fba172426b8912170b5cbafe3d88cd

SHA256
e1890e4ef7fe9c2242e1fa65da8162687c893d1a025fef254b827940d03a0d5a

SHA512
5850b48b374cb243d6eacf011f11e31050ff04118939424804a62e52da335cea6a7ea8dc363d49895ea29929b518c69dccc8320074693e7b50540580d477956c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\DIFxData.ini

Filesize
86B

MD5
10baa5b67536f4433f37534b9c8bb828

SHA1
82e5c34b1279afda223b639b49078d03c52875f5

SHA256
1b9fd5c1f18357bd459be20bfcbf47ee18fa0c5d5cc42f6aed2705d5868b65f4

SHA512
49c6798ebb3b6137cafb78b88350d02094367523dcf8f9e580de1941e514b8b3df786d1d817090e5dab80ac4d0d015796b2ce28b296db31d111e0d0bbaeebb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\FontData.ini

Filesize
39B

MD5
00f313e3e007599349a0c4d81c7807c4

SHA1
f0171f15aab836a1979d3833e46b5e59e4ea32e0

SHA256
766ee687d90b0217eb41cb85aca04375bdc24db986a33536631f864b7ce1a08a

SHA512
8bb25a62c0b1640dec36403a493ed54c05f7cde7b7357c8faea785a79c4b76bbe6a3d6fe78db52b558a37abac90c2b2e8b13868a76294554d51670e9fa8764ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\_ISUser.dll

Filesize
16KB

MD5
0562fd7d1267a94fe13d74da2493b162

SHA1
605a357405599d02121fd2b74d45702ae775a8d1

SHA256
a76e1ef1f892d01b5bed9347298701dcfedca90a0f72e2202cda234ca1a0bd86

SHA512
1dc9a6c206db8fd47248d8ed394e3a74bde3d879c094fa2a98b64048ef642c59e4a925002ce93e7b32ab119a20b4cbb7720c7acb1c0575b8abe2366240f9a245

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\_ISUser.dll

Filesize
16KB

MD5
0562fd7d1267a94fe13d74da2493b162

SHA1
605a357405599d02121fd2b74d45702ae775a8d1

SHA256
a76e1ef1f892d01b5bed9347298701dcfedca90a0f72e2202cda234ca1a0bd86

SHA512
1dc9a6c206db8fd47248d8ed394e3a74bde3d879c094fa2a98b64048ef642c59e4a925002ce93e7b32ab119a20b4cbb7720c7acb1c0575b8abe2366240f9a245

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\_ISUser.dll

Filesize
16KB

MD5
0562fd7d1267a94fe13d74da2493b162

SHA1
605a357405599d02121fd2b74d45702ae775a8d1

SHA256
a76e1ef1f892d01b5bed9347298701dcfedca90a0f72e2202cda234ca1a0bd86

SHA512
1dc9a6c206db8fd47248d8ed394e3a74bde3d879c094fa2a98b64048ef642c59e4a925002ce93e7b32ab119a20b4cbb7720c7acb1c0575b8abe2366240f9a245

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\_IsRes.dll

Filesize
123KB

MD5
898515a4ae2fb9d74ae2a905cf82b074

SHA1
ed751342f4bbd131de393975e08019ea56355107

SHA256
ed38584275b7248ce51254bc34fbe247af641c416660342689d19e6559623b13

SHA512
35ab0a7082cbfd90324748b539b521791ea644eeddb6042f3a47e4d98eb22721d133442acb1b33a4c90fd72a560892ab2978c29edebe94e443a13c6116f17ebd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\_IsRes.dll

Filesize
123KB

MD5
898515a4ae2fb9d74ae2a905cf82b074

SHA1
ed751342f4bbd131de393975e08019ea56355107

SHA256
ed38584275b7248ce51254bc34fbe247af641c416660342689d19e6559623b13

SHA512
35ab0a7082cbfd90324748b539b521791ea644eeddb6042f3a47e4d98eb22721d133442acb1b33a4c90fd72a560892ab2978c29edebe94e443a13c6116f17ebd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\_IsRes.dll

Filesize
123KB

MD5
898515a4ae2fb9d74ae2a905cf82b074

SHA1
ed751342f4bbd131de393975e08019ea56355107

SHA256
ed38584275b7248ce51254bc34fbe247af641c416660342689d19e6559623b13

SHA512
35ab0a7082cbfd90324748b539b521791ea644eeddb6042f3a47e4d98eb22721d133442acb1b33a4c90fd72a560892ab2978c29edebe94e443a13c6116f17ebd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\dpinst64.exe

Filesize
1.0MB

MD5
be3c79033fa8302002d9d3a6752f2263

SHA1
a01147731f2e500282eca5ece149bcc5423b59d6

SHA256
181bf85d3b5900ff8abed34bc415afc37fc322d9d7702e14d144f96a908f5cab

SHA512
77097f220cc6d22112b314d3e42b6eedb9ccd72beb655b34656326c2c63fb9209977ddac20e9c53c4ec7ccc8ea6910f400f050f4b0cb98c9f42f89617965aaea

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\dpinst64.exe

Filesize
1.0MB

MD5
be3c79033fa8302002d9d3a6752f2263

SHA1
a01147731f2e500282eca5ece149bcc5423b59d6

SHA256
181bf85d3b5900ff8abed34bc415afc37fc322d9d7702e14d144f96a908f5cab

SHA512
77097f220cc6d22112b314d3e42b6eedb9ccd72beb655b34656326c2c63fb9209977ddac20e9c53c4ec7ccc8ea6910f400f050f4b0cb98c9f42f89617965aaea

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\isrt.dll

Filesize
216KB

MD5
77a3125a2059f39a9bef961953a8db8d

SHA1
2ffb52f60c570d1d73caab095f3784dc8454e5e6

SHA256
d6cd68fa4468878d8bc045ea518235f7c6cbebbd525486ddcec7d1069d83f119

SHA512
00863cb19420f4764ab0f71ae0d788e22ad340d9f7aa074bda2f8fd8317012567e46335802fdfc800f671c22c1e74618819613c4adb6adeeaa2e74cd66401605

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\isrt.dll

Filesize
216KB

MD5
77a3125a2059f39a9bef961953a8db8d

SHA1
2ffb52f60c570d1d73caab095f3784dc8454e5e6

SHA256
d6cd68fa4468878d8bc045ea518235f7c6cbebbd525486ddcec7d1069d83f119

SHA512
00863cb19420f4764ab0f71ae0d788e22ad340d9f7aa074bda2f8fd8317012567e46335802fdfc800f671c22c1e74618819613c4adb6adeeaa2e74cd66401605

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\isrt.dll

Filesize
216KB

MD5
77a3125a2059f39a9bef961953a8db8d

SHA1
2ffb52f60c570d1d73caab095f3784dc8454e5e6

SHA256
d6cd68fa4468878d8bc045ea518235f7c6cbebbd525486ddcec7d1069d83f119

SHA512
00863cb19420f4764ab0f71ae0d788e22ad340d9f7aa074bda2f8fd8317012567e46335802fdfc800f671c22c1e74618819613c4adb6adeeaa2e74cd66401605

Download Submit
C:\Users\Admin\AppData\Local\Temp\{2AD955E8-6C3C-413D-AD26-B1CD1A5E5376}\{BC40B9A3-568C-4E39-8EF5-B3883D7152AC}\setup.inx

Filesize
232KB

MD5
4c0b0d89e460effcb51f01b654e9f2ef

SHA1
1d48fb93c2c285b54e1e2f9c6b0ed39c4b0f8061

SHA256
b0b25d840db97bd29d7b883ff90ede44691ce6f46153432e3ca355d9039e4b0b

SHA512
5a8e48f00871de5af249a32f6e35af6b2bc5ac958af7f9873e34bcd03014f1696a68b810f3e6cfeb63f243a997152219e8451441cdae578e65c8d89cb18debfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7A72D~1\amd64\ser2pl.dll

Filesize
84KB

MD5
d207302d8ff87e5e74ef99b24f5403c7

SHA1
20641cb5462fbaf3a0abc466c707861683b2be11

SHA256
29898087c7e0b4624de23093b9fcc88b9b3402830205f22052325ee74cb5b66c

SHA512
91a1f16317b80535ed6ed35ef882c4b0c3eab34e19ce6cf22aff898af979b8c1a14217dde1806eef26192336ec0154bb483fa3e78e1f0623176453a7567cc4d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7A72D~1\ser2pl.cat

Filesize
11KB

MD5
09eb504cde972dbf836a7b9da88c28d3

SHA1
b38d3e563dafa76f89658b17c73fb20012280970

SHA256
a46ced6988bd591be4fe723093978bf1282250aff8b2310f5fe03f1839f1a061

SHA512
6207daf631a108e7120167fb9da346e46fcd84211ba6e976d537864bfff4d69e1705bd802778cc842b1c09d7b5c6a9872ac2ea2d033e57de5b1c55721d27c5d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7A72D~1\ser2pl64.sys

Filesize
275KB

MD5
5b95fa49b37ee38a6ce9ceaf00033b4a

SHA1
79fec6b47c679054ab128edfc614f7aeefe9e7e3

SHA256
dd371a3af47fa8d07071676113187d5fe00f42632f705ec6d084d36233073ef5

SHA512
2b41155a03d8fec7c74592c1c235c4e41857ec8c457d750258f80d926ba8f611a6b5e2a3a73c8e6a2936e767c402ccb9b6cabdbe49cf5fb5ea2a03ab82625837

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7a72dc44-1994-1049-821b-329719eafb7b}\amd64\SET6B01.tmp

Filesize
84KB

MD5
d207302d8ff87e5e74ef99b24f5403c7

SHA1
20641cb5462fbaf3a0abc466c707861683b2be11

SHA256
29898087c7e0b4624de23093b9fcc88b9b3402830205f22052325ee74cb5b66c

SHA512
91a1f16317b80535ed6ed35ef882c4b0c3eab34e19ce6cf22aff898af979b8c1a14217dde1806eef26192336ec0154bb483fa3e78e1f0623176453a7567cc4d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7a72dc44-1994-1049-821b-329719eafb7b}\ser2pl.inf

Filesize
4KB

MD5
e665e92925a92d3a7828421f035be7aa

SHA1
45cc89aa732c60fe915cda82d99e7c47ad683df6

SHA256
cf09ceb0d034e550c0da8913bec95d3f9894373f6716b24281d7862b3755c17f

SHA512
a047fb37d8f8ccc0fd30a693bddcdd6c7273b35d85011dd846bc871cf42faf5760d6e8d0e29ff940bb8619b6cdc58695be17491848b2901a773b8d2d221b9cde

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EE98A~1\amd64\plser.dll

Filesize
101KB

MD5
a84cdd8102581aa55c128fa3981efa49

SHA1
1fc8699f52c98b5946826c38745c3eb9e0ee4fbe

SHA256
79e4cd2b2661aea60ea99e138faad221ce5a2475ac1ad8b356a0a1ac96e8ddaa

SHA512
a966ff785050b6d5c088711c7eb4899f835e76fc437cbac863a1b696537b0faadea2965dec86c3258776555b1300f841f0879bdd925463507eb427f5a94c714e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EE98A~1\plser.cat

Filesize
12KB

MD5
14ee3739f555b54051ab51b12d99fd6b

SHA1
0464b24707908e391eeabc838bd56a37fd91b09a

SHA256
e9ecd65f59a43002bcfa3b65b1b83f08d223094d52d941b5feb3a94f2a54b007

SHA512
529a8a86a742c31c9bfdfb30ca80505145a5b3c58eaef0d854e1391bb350d641a575100799f7ec9a1fda677258334f08c54bba4aa53fdcddaaa63a1b006fb416

Download Submit
C:\Users\Admin\AppData\Local\Temp\{EE98A~1\plser64.sys

Filesize
262KB

MD5
0bcf488d3c682a77d5eeb184d4dbced4

SHA1
407003e2539cf212f69d1aab428f155edecd5633

SHA256
66de041346e837c8fb2e3fb1603c14df847130afb4f04f539cc25cea7bd22332

SHA512
a9f4a3dc1eda84eafaf03ddbda6988266cbcd7e78fe079ee27b719379ba014c02151261e2669cf61d330aa2d108edb71a73bbe9ed2305cec8fdf65cc22973730

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FCFDF06D-5952-4822-80AF-A2669171E429}\Disk1\ISSetup.dll

Filesize
523KB

MD5
6c48e05107eb494620ab0dc96d3c5b80

SHA1
e6ced277de082bd8e2ccbfad7a1d5cd1e9db85ab

SHA256
13223e7fbeb3dac968de77e6be974a36f86dc07884cc0e80eabf8b817ccb4a04

SHA512
983e3d3012114af3da009c5d46ce467c7a9c6023766b54afe58137654bb5a1c1eda2fd1ff4b1902102e8315b80557efa58dbcf01641dde07924285bd015a196a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FCFDF06D-5952-4822-80AF-A2669171E429}\Disk1\ISSetup.dll

Filesize
523KB

MD5
6c48e05107eb494620ab0dc96d3c5b80

SHA1
e6ced277de082bd8e2ccbfad7a1d5cd1e9db85ab

SHA256
13223e7fbeb3dac968de77e6be974a36f86dc07884cc0e80eabf8b817ccb4a04

SHA512
983e3d3012114af3da009c5d46ce467c7a9c6023766b54afe58137654bb5a1c1eda2fd1ff4b1902102e8315b80557efa58dbcf01641dde07924285bd015a196a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FCFDF06D-5952-4822-80AF-A2669171E429}\Disk1\ISSetup.dll

Filesize
523KB

MD5
6c48e05107eb494620ab0dc96d3c5b80

SHA1
e6ced277de082bd8e2ccbfad7a1d5cd1e9db85ab

SHA256
13223e7fbeb3dac968de77e6be974a36f86dc07884cc0e80eabf8b817ccb4a04

SHA512
983e3d3012114af3da009c5d46ce467c7a9c6023766b54afe58137654bb5a1c1eda2fd1ff4b1902102e8315b80557efa58dbcf01641dde07924285bd015a196a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FCFDF06D-5952-4822-80AF-A2669171E429}\_Setup.dll

Filesize
152KB

MD5
6fd5033f836dbc81fda60620d9c0ba52

SHA1
9df510d394ffb881e528b87cde06598194698223

SHA256
e6bffea778b079decb73a492115de691ec64902b89b2adac67ae282708c58676

SHA512
f7ff350ea5ddda17f2bcb034c3bc321ee7c67e748c1b6bda32e66bfa91652fb698f6be5924af6a17dd0c6ce315d9f3a58e0d32510e8a9341cdb56f15ed1f2c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FCFDF06D-5952-4822-80AF-A2669171E429}\_Setup.dll

Filesize
152KB

MD5
6fd5033f836dbc81fda60620d9c0ba52

SHA1
9df510d394ffb881e528b87cde06598194698223

SHA256
e6bffea778b079decb73a492115de691ec64902b89b2adac67ae282708c58676

SHA512
f7ff350ea5ddda17f2bcb034c3bc321ee7c67e748c1b6bda32e66bfa91652fb698f6be5924af6a17dd0c6ce315d9f3a58e0d32510e8a9341cdb56f15ed1f2c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FCFDF06D-5952-4822-80AF-A2669171E429}\_Setup.dll

Filesize
152KB

MD5
6fd5033f836dbc81fda60620d9c0ba52

SHA1
9df510d394ffb881e528b87cde06598194698223

SHA256
e6bffea778b079decb73a492115de691ec64902b89b2adac67ae282708c58676

SHA512
f7ff350ea5ddda17f2bcb034c3bc321ee7c67e748c1b6bda32e66bfa91652fb698f6be5924af6a17dd0c6ce315d9f3a58e0d32510e8a9341cdb56f15ed1f2c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\{FCFDF06D-5952-4822-80AF-A2669171E429}\setup.ini

Filesize
486B

MD5
f21d11c663be44efda1bcba2bb0f09bf

SHA1
c13940b9aa0a44950355cc6431e83715d5550c2c

SHA256
c458471928a11c27188cb05e48ed22a1cdf8f24e9361fa1dee71899bc97d78fb

SHA512
a8ac4ca6b09d763a2d64fdb0880e3f77ba233ef17ab3837c8fef2dd94694fa7b7df9ccc3ad5402c5e6435a504001a16f9a63b2c68479981eb3ca1855b8f00aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ee98a7bf-4ab5-874c-a1a3-b8310dae70a3}\amd64\SET661B.tmp

Filesize
101KB

MD5
a84cdd8102581aa55c128fa3981efa49

SHA1
1fc8699f52c98b5946826c38745c3eb9e0ee4fbe

SHA256
79e4cd2b2661aea60ea99e138faad221ce5a2475ac1ad8b356a0a1ac96e8ddaa

SHA512
a966ff785050b6d5c088711c7eb4899f835e76fc437cbac863a1b696537b0faadea2965dec86c3258776555b1300f841f0879bdd925463507eb427f5a94c714e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ee98a7bf-4ab5-874c-a1a3-b8310dae70a3}\plser.inf

Filesize
6KB

MD5
5e8bd23784d709662254061a00d17083

SHA1
9a0adc45afc6c66e6da8ee73bc7f9de5c574813c

SHA256
4e264d48ec5ad9a2587f7caf20929ff0e571274b38cdcc802be0e266b5c6c10f

SHA512
7550d2dfae81c20012ca4fcd7ad503c82fc2a8f12dbf27b74dc48a192d2d3d4446450ef06cbcd9afbf9cc0cd5de237c707a81a20e89718fae9d36fa91acc1d8d

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
42709c38680f1a2e7e2610729f84b25f

SHA1
b05daf1196875ee41d3de3481c9298cde4883e2f

SHA256
b18bc4ace31bc3a8276c9ffb58d59d1cd1919c32b042014880f0d0e105b0107a

SHA512
cb829c4d5987093d5e7b5bcb7f06a102b917c1c6c09e631fd4ebf162d523c330aaad44d4906390acfc13ba00cbb79f04394d5f550ac54f36dcc8a7d7af673e67

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
221e3b54b49638ea4a0df043811a0778

SHA1
50610b9a4cc4440e29509a58945c56a0774c0224

SHA256
32105e1bbafd6496650fea6a89370288d711e5b41f400b82f4ffde160e87c786

SHA512
d78f4f7f95a2a9dd4a3b759b5bad7bde2d6edf14a0bb19b61e299f5f18c695db2d44963385536af7b0c2294e05888fb845039deb179f3348342e000d5d67b961

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
147KB

MD5
4e86e51622edcf03621fb59d26f68003

SHA1
b6e06d1074b0e3190ab1902f7e9f3009ec95f329

SHA256
f3a8c4604170fcb913e97b0325aa41a9e3027de7814420e6cbc3cbeb2de68e19

SHA512
6f747370e7fc16505b4b52cb82f7e6c02174a3e5c78db45aee20fd7a117783bc65ae29dfd50069f0feeb873b8702a965a551f9d9613602b8cb748156ff2acb3b

Download Submit
C:\Windows\System32\DriverStore\FileRepository\plser.inf_amd64_521800cdcda46d20\plser.cat

Filesize
12KB

MD5
14ee3739f555b54051ab51b12d99fd6b

SHA1
0464b24707908e391eeabc838bd56a37fd91b09a

SHA256
e9ecd65f59a43002bcfa3b65b1b83f08d223094d52d941b5feb3a94f2a54b007

SHA512
529a8a86a742c31c9bfdfb30ca80505145a5b3c58eaef0d854e1391bb350d641a575100799f7ec9a1fda677258334f08c54bba4aa53fdcddaaa63a1b006fb416

Download Submit
C:\Windows\System32\DriverStore\FileRepository\plser.inf_amd64_521800cdcda46d20\plser.inf

Filesize
6KB

MD5
5e8bd23784d709662254061a00d17083

SHA1
9a0adc45afc6c66e6da8ee73bc7f9de5c574813c

SHA256
4e264d48ec5ad9a2587f7caf20929ff0e571274b38cdcc802be0e266b5c6c10f

SHA512
7550d2dfae81c20012ca4fcd7ad503c82fc2a8f12dbf27b74dc48a192d2d3d4446450ef06cbcd9afbf9cc0cd5de237c707a81a20e89718fae9d36fa91acc1d8d

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ser2pl.inf_amd64_8a89c06f6bce3622\ser2pl.cat

Filesize
11KB

MD5
09eb504cde972dbf836a7b9da88c28d3

SHA1
b38d3e563dafa76f89658b17c73fb20012280970

SHA256
a46ced6988bd591be4fe723093978bf1282250aff8b2310f5fe03f1839f1a061

SHA512
6207daf631a108e7120167fb9da346e46fcd84211ba6e976d537864bfff4d69e1705bd802778cc842b1c09d7b5c6a9872ac2ea2d033e57de5b1c55721d27c5d6

Download Submit
C:\Windows\System32\DriverStore\FileRepository\ser2pl.inf_amd64_8a89c06f6bce3622\ser2pl.inf

Filesize
4KB

MD5
e665e92925a92d3a7828421f035be7aa

SHA1
45cc89aa732c60fe915cda82d99e7c47ad683df6

SHA256
cf09ceb0d034e550c0da8913bec95d3f9894373f6716b24281d7862b3755c17f

SHA512
a047fb37d8f8ccc0fd30a693bddcdd6c7273b35d85011dd846bc871cf42faf5760d6e8d0e29ff940bb8619b6cdc58695be17491848b2901a773b8d2d221b9cde

Download Submit
C:\Windows\Temp\PL-2303_backup\plser.cat

Filesize
12KB

MD5
14ee3739f555b54051ab51b12d99fd6b

SHA1
0464b24707908e391eeabc838bd56a37fd91b09a

SHA256
e9ecd65f59a43002bcfa3b65b1b83f08d223094d52d941b5feb3a94f2a54b007

SHA512
529a8a86a742c31c9bfdfb30ca80505145a5b3c58eaef0d854e1391bb350d641a575100799f7ec9a1fda677258334f08c54bba4aa53fdcddaaa63a1b006fb416

Download Submit
C:\Windows\Temp\PL-2303_backup\plser.inf

Filesize
6KB

MD5
5e8bd23784d709662254061a00d17083

SHA1
9a0adc45afc6c66e6da8ee73bc7f9de5c574813c

SHA256
4e264d48ec5ad9a2587f7caf20929ff0e571274b38cdcc802be0e266b5c6c10f

SHA512
7550d2dfae81c20012ca4fcd7ad503c82fc2a8f12dbf27b74dc48a192d2d3d4446450ef06cbcd9afbf9cc0cd5de237c707a81a20e89718fae9d36fa91acc1d8d

Download Submit
C:\Windows\Temp\PL-2303_backup\plser.sys

Filesize
219KB

MD5
d8a11cd31f5096687668f1dce9b54ea9

SHA1
acd35419c9c0618045a63a1053f279d6c383b48c

SHA256
6f0a3639c05a1d44dd525909b3810d5bc95dc63797b2bf5e1b8d8801b7fb21c9

SHA512
e6f63921fa0f0346240e6ba70d716151361951859e3e8c2a5ad08aeb3f44722f49b665b71242a2067cc234f3cd9d6aa75ffc9034714d9143093c96130e230494

Download Submit
C:\Windows\Temp\PL-2303_backup\plser64.sys

Filesize
262KB

MD5
0bcf488d3c682a77d5eeb184d4dbced4

SHA1
407003e2539cf212f69d1aab428f155edecd5633

SHA256
66de041346e837c8fb2e3fb1603c14df847130afb4f04f539cc25cea7bd22332

SHA512
a9f4a3dc1eda84eafaf03ddbda6988266cbcd7e78fe079ee27b719379ba014c02151261e2669cf61d330aa2d108edb71a73bbe9ed2305cec8fdf65cc22973730

Download Submit
C:\Windows\Temp\PL-2303_backup\ser2pl.cat

Filesize
11KB

MD5
09eb504cde972dbf836a7b9da88c28d3

SHA1
b38d3e563dafa76f89658b17c73fb20012280970

SHA256
a46ced6988bd591be4fe723093978bf1282250aff8b2310f5fe03f1839f1a061

SHA512
6207daf631a108e7120167fb9da346e46fcd84211ba6e976d537864bfff4d69e1705bd802778cc842b1c09d7b5c6a9872ac2ea2d033e57de5b1c55721d27c5d6

Download Submit
C:\Windows\Temp\PL-2303_backup\ser2pl.inf

Filesize
4KB

MD5
e665e92925a92d3a7828421f035be7aa

SHA1
45cc89aa732c60fe915cda82d99e7c47ad683df6

SHA256
cf09ceb0d034e550c0da8913bec95d3f9894373f6716b24281d7862b3755c17f

SHA512
a047fb37d8f8ccc0fd30a693bddcdd6c7273b35d85011dd846bc871cf42faf5760d6e8d0e29ff940bb8619b6cdc58695be17491848b2901a773b8d2d221b9cde

Download Submit
C:\Windows\Temp\PL-2303_backup\ser2pl.sys

Filesize
231KB

MD5
141b92d531c5846da50371a094ba1f2a

SHA1
c801e4c6d548ce206f850c489f0eda400ae49098

SHA256
6a4fd9fcdf8af9dc61f56f0f7c9cef157fbea54a5ef71ccd704b8356132ae517

SHA512
5b401e66ec22f76882066fe0d913b5a53aab236afe0cf7dfc7683ea0437db153b6015916579fd7e8c18f7d7a0d446d50afb1db97042d53b9a56a553636a41cfa

Download Submit
C:\Windows\Temp\PL-2303_backup\ser2pl64.sys

Filesize
275KB

MD5
5b95fa49b37ee38a6ce9ceaf00033b4a

SHA1
79fec6b47c679054ab128edfc614f7aeefe9e7e3

SHA256
dd371a3af47fa8d07071676113187d5fe00f42632f705ec6d084d36233073ef5

SHA512
2b41155a03d8fec7c74592c1c235c4e41857ec8c457d750258f80d926ba8f611a6b5e2a3a73c8e6a2936e767c402ccb9b6cabdbe49cf5fb5ea2a03ab82625837

Download Submit
\??\c:\users\admin\appdata\local\temp\{2AD95~1\{BC40B~1\vista\amd64\plser.dll

Filesize
101KB

MD5
a84cdd8102581aa55c128fa3981efa49

SHA1
1fc8699f52c98b5946826c38745c3eb9e0ee4fbe

SHA256
79e4cd2b2661aea60ea99e138faad221ce5a2475ac1ad8b356a0a1ac96e8ddaa

SHA512
a966ff785050b6d5c088711c7eb4899f835e76fc437cbac863a1b696537b0faadea2965dec86c3258776555b1300f841f0879bdd925463507eb427f5a94c714e

Download Submit
\??\c:\users\admin\appdata\local\temp\{2AD95~1\{BC40B~1\vista\amd64\ser2pl.dll

Filesize
84KB

MD5
d207302d8ff87e5e74ef99b24f5403c7

SHA1
20641cb5462fbaf3a0abc466c707861683b2be11

SHA256
29898087c7e0b4624de23093b9fcc88b9b3402830205f22052325ee74cb5b66c

SHA512
91a1f16317b80535ed6ed35ef882c4b0c3eab34e19ce6cf22aff898af979b8c1a14217dde1806eef26192336ec0154bb483fa3e78e1f0623176453a7567cc4d2

Download Submit
\??\c:\users\admin\appdata\local\temp\{2AD95~1\{BC40B~1\vista\plser.cat

Filesize
12KB

MD5
14ee3739f555b54051ab51b12d99fd6b

SHA1
0464b24707908e391eeabc838bd56a37fd91b09a

SHA256
e9ecd65f59a43002bcfa3b65b1b83f08d223094d52d941b5feb3a94f2a54b007

SHA512
529a8a86a742c31c9bfdfb30ca80505145a5b3c58eaef0d854e1391bb350d641a575100799f7ec9a1fda677258334f08c54bba4aa53fdcddaaa63a1b006fb416

Download Submit
\??\c:\users\admin\appdata\local\temp\{2AD95~1\{BC40B~1\vista\plser64.sys

Filesize
262KB

MD5
0bcf488d3c682a77d5eeb184d4dbced4

SHA1
407003e2539cf212f69d1aab428f155edecd5633

SHA256
66de041346e837c8fb2e3fb1603c14df847130afb4f04f539cc25cea7bd22332

SHA512
a9f4a3dc1eda84eafaf03ddbda6988266cbcd7e78fe079ee27b719379ba014c02151261e2669cf61d330aa2d108edb71a73bbe9ed2305cec8fdf65cc22973730

Download Submit
\??\c:\users\admin\appdata\local\temp\{2AD95~1\{BC40B~1\vista\ser2pl.cat

Filesize
11KB

MD5
09eb504cde972dbf836a7b9da88c28d3

SHA1
b38d3e563dafa76f89658b17c73fb20012280970

SHA256
a46ced6988bd591be4fe723093978bf1282250aff8b2310f5fe03f1839f1a061

SHA512
6207daf631a108e7120167fb9da346e46fcd84211ba6e976d537864bfff4d69e1705bd802778cc842b1c09d7b5c6a9872ac2ea2d033e57de5b1c55721d27c5d6

Download Submit
\??\c:\users\admin\appdata\local\temp\{2AD95~1\{BC40B~1\vista\ser2pl64.sys

Filesize
275KB

MD5
5b95fa49b37ee38a6ce9ceaf00033b4a

SHA1
79fec6b47c679054ab128edfc614f7aeefe9e7e3

SHA256
dd371a3af47fa8d07071676113187d5fe00f42632f705ec6d084d36233073ef5

SHA512
2b41155a03d8fec7c74592c1c235c4e41857ec8c457d750258f80d926ba8f611a6b5e2a3a73c8e6a2936e767c402ccb9b6cabdbe49cf5fb5ea2a03ab82625837

Download Submit
\??\c:\users\admin\appdata\local\temp\{2ad955e8-6c3c-413d-ad26-b1cd1a5e5376}\{bc40b9a3-568c-4e39-8ef5-b3883d7152ac}\vista\plser.inf

Filesize
6KB

MD5
5e8bd23784d709662254061a00d17083

SHA1
9a0adc45afc6c66e6da8ee73bc7f9de5c574813c

SHA256
4e264d48ec5ad9a2587f7caf20929ff0e571274b38cdcc802be0e266b5c6c10f

SHA512
7550d2dfae81c20012ca4fcd7ad503c82fc2a8f12dbf27b74dc48a192d2d3d4446450ef06cbcd9afbf9cc0cd5de237c707a81a20e89718fae9d36fa91acc1d8d

Download Submit
\??\c:\users\admin\appdata\local\temp\{2ad955e8-6c3c-413d-ad26-b1cd1a5e5376}\{bc40b9a3-568c-4e39-8ef5-b3883d7152ac}\vista\ser2pl.inf

Filesize
4KB

MD5
e665e92925a92d3a7828421f035be7aa

SHA1
45cc89aa732c60fe915cda82d99e7c47ad683df6

SHA256
cf09ceb0d034e550c0da8913bec95d3f9894373f6716b24281d7862b3755c17f

SHA512
a047fb37d8f8ccc0fd30a693bddcdd6c7273b35d85011dd846bc871cf42faf5760d6e8d0e29ff940bb8619b6cdc58695be17491848b2901a773b8d2d221b9cde

Download Submit
memory/2208-111-0x0000000004CE0000-0x0000000004D67000-memory.dmp

Filesize
540KB

Download
memory/2208-28-0x0000000002890000-0x0000000002A21000-memory.dmp

Filesize
1.6MB

Download
memory/2208-113-0x0000000004520000-0x0000000004522000-memory.dmp

Filesize
8KB

Download
memory/2208-26-0x0000000002890000-0x0000000002A21000-memory.dmp

Filesize
1.6MB

Download
memory/2208-31-0x0000000000610000-0x0000000000612000-memory.dmp

Filesize
8KB

Download
memory/2208-108-0x0000000004CE0000-0x0000000004D67000-memory.dmp

Filesize
540KB

Download
memory/2208-25-0x0000000002890000-0x0000000002A21000-memory.dmp

Filesize
1.6MB

Download
memory/2208-124-0x0000000005000000-0x000000000508F000-memory.dmp

Filesize
572KB

Download
memory/2208-156-0x0000000002890000-0x0000000002A21000-memory.dmp

Filesize
1.6MB

Download
memory/2208-151-0x0000000004CE0000-0x0000000004D67000-memory.dmp

Filesize
540KB

Download
memory/2208-149-0x0000000002890000-0x0000000002A21000-memory.dmp

Filesize
1.6MB

Download
memory/2208-128-0x0000000004E90000-0x0000000004E92000-memory.dmp

Filesize
8KB

Download
memory/2208-480-0x0000000002890000-0x0000000002A21000-memory.dmp

Filesize
1.6MB

Download