aea59b94cf3618da7381e146ba36aac665fc91255e77a8cd2673014a1cee05d9

Analysis

max time kernel
333s
max time network
330s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IS_Setup_ICS_011916_1.5.39.173.exe
Size

42.9MB
MD5

1a6a772e87d6b5925cc72d677ce4af2a
SHA1

7eacbe8d086b8e204e931fd94d894031f2ffc2cc
SHA256

aea59b94cf3618da7381e146ba36aac665fc91255e77a8cd2673014a1cee05d9
SHA512

70bf96b624198012297340747a9bb0f6d45efbd02049fe76175457e9569847a5aadbba5316ba1fb569bcd45e40d0ec0b3e1e80575aa5e09970707b690ceac67f
SSDEEP

786432:882V0VMyOFqa98ToBMYVQM0k368U4hTh6IxGHfcWFdmdPZGLuFD:882SGUjomYZf68lhh6IxGHf33g

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 24 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\FW_7601.bin	RaIOx64.exe
File opened for modification	C:\Windows\system32\drivers\FW_7601.bin	RaIOx64.exe
File opened for modification	C:\Windows\SysWOW64\drivers\FW_7610.bin	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Windows\SysWOW64\drivers\Patch_7662.bin	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Windows\SysWOW64\drivers\FW_2870.bin	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Windows\system32\drivers\FW_2870.bin	RaIOx64.exe
File opened for modification	C:\Windows\SysWOW64\drivers\FW_3573.bin	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Windows\SysWOW64\drivers\FW_7acd6.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Windows\system32\drivers\Patch_7662.bin	RaIOx64.exe
File created	C:\Windows\system32\drivers\FW_3573.bin	RaIOx64.exe
File created	C:\Windows\system32\drivers\FW_7610.bin	RaIOx64.exe
File opened for modification	C:\Windows\system32\drivers\FW_7610.bin	RaIOx64.exe
File created	C:\Windows\SysWOW64\drivers\FW_7add0.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Windows\SysWOW64\drivers\FW_7662.bin	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Windows\system32\drivers\FW_7662.bin	RaIOx64.exe
File created	C:\Windows\SysWOW64\drivers\FW_2abec.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Windows\system32\drivers\FW_2870.bin	RaIOx64.exe
File opened for modification	C:\Windows\SysWOW64\drivers\FW_7601.bin	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Windows\SysWOW64\drivers\FW_7ad34.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Windows\system32\drivers\FW_7662.bin	RaIOx64.exe
File created	C:\Windows\SysWOW64\drivers\FW_3ac69.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Windows\system32\drivers\FW_3573.bin	RaIOx64.exe
File created	C:\Windows\SysWOW64\drivers\Patcae2e.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Windows\system32\drivers\Patch_7662.bin	RaIOx64.exe

Executes dropped EXE 9 IoCs

pid	Process
652	ISBEW64.exe
7452	RaIOx64.exe
4456	RaIOx64.exe
520	RaIOx64.exe
2748	RaIOx64.exe
4984	RaIOx64.exe
8180	RaIOx64.exe
7876	RaIOx64.exe
7940	RaInst64.exe

Loads dropped DLL 10 IoCs

pid	Process
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET2DB5.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\netr28ux.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.PNF	RaInst64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\FW_7662.bin	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\RaCoInst.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD5BF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET2DB4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}	DrvInst.exe
File created	C:\Windows\SysWOW64\RaCoab6f.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Windows\system32\RaCoInst.dat	RaIOx64.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\RaCoInst.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD59F.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD5BF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\Patch_7662.bin	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD57D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\RaCoInstx.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD59E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\Patch_7662.bin	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\FW_7662.bin	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET266B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\netr28ux.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\netr28ux.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\netr28ux.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\RaCoInstx.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\RaCoInst.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	RaInst64.exe
File created	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD58D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD5C0.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\FW_7662.bin	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET2DB3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD57D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD58D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\netr28ux.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\FW_7662.bin	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\RaCoInst.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET266C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET2DB3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\Patch_7662.bin	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET267D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD5D1.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET266B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\netr28ux.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET266C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET2DB5.tmp	DrvInst.exe
File created	C:\Windows\system32\RaCoInst.dat	RaIOx64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD5C0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET267E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\Patch_7662.bin	DrvInst.exe
File opened for modification	C:\Windows\SysWOW64\RaCoInst.dat	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Windows\System32\DriverStore\Temp\{4223bbfb-5333-ea46-805f-c45db7bbf523}\SETD59F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\RaCoInstx.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{82381faa-8f82-af41-a6cb-ba7f65b7a470}\SET267D.tmp	DrvInst.exe

Drops file in Program Files directory 50 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0419.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setua1ea.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x041f.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\MediatekWiFi\RT2870 Wireless LAN Card\Driver\RaIOa1f9.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\dataa073.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0804.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x04a19b.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setua1bb.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\layoa073.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x040b.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\MediatekWiFi\RT2870 Wireless LAN Card\Driver\RaIOa1f9.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0405.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0ca0a1.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x041b.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0416.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0408.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0410.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0412.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0409.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0415.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x040a.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\data1.cab	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x04a0a1.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0413.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x04a0c1.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.exe	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x08a0a1.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x040c.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0407.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\layout.bin	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\data1.hdr	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\ISSetup.dll	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\ISSea092.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0411.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0816.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x04a0d0.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x04a1ab.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.inx	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x041d.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0404.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.isn	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0406.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x04a0b1.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x08a0e0.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x04a0e0.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File created	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setua092.rra	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0c0c.ini	IS_Setup_ICS_011916_1.5.39.173.exe
File opened for modification	C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0414.ini	IS_Setup_ICS_011916_1.5.39.173.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	RaInst64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.pnf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 63 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	RaInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	RaInst64.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	RaInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	RaInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	RaInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	RaInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	RaInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	RaInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	RaInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	RaInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	RaInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	RaInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	RaInst64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	RaInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000cda81468adccd8050000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000cda814680000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900cda81468000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dcda81468000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000cda8146800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	RaInst64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	RaInst64.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeBackupPrivilege	7288	vssvc.exe
Token: SeRestorePrivilege	7288	vssvc.exe
Token: SeAuditPrivilege	7288	vssvc.exe
Token: SeBackupPrivilege	5172	srtasks.exe
Token: SeRestorePrivilege	5172	srtasks.exe
Token: SeSecurityPrivilege	5172	srtasks.exe
Token: SeTakeOwnershipPrivilege	5172	srtasks.exe
Token: SeBackupPrivilege	5172	srtasks.exe
Token: SeRestorePrivilege	5172	srtasks.exe
Token: SeSecurityPrivilege	5172	srtasks.exe
Token: SeTakeOwnershipPrivilege	5172	srtasks.exe
Token: SeAuditPrivilege	5880	svchost.exe
Token: SeSecurityPrivilege	5880	svchost.exe
Token: SeLoadDriverPrivilege	3628	IS_Setup_ICS_011916_1.5.39.173.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe
3628	IS_Setup_ICS_011916_1.5.39.173.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 652	3628	IS_Setup_ICS_011916_1.5.39.173.exe	89
PID 3628 wrote to memory of 652	3628	IS_Setup_ICS_011916_1.5.39.173.exe	89
PID 3628 wrote to memory of 7452	3628	IS_Setup_ICS_011916_1.5.39.173.exe	118
PID 3628 wrote to memory of 7452	3628	IS_Setup_ICS_011916_1.5.39.173.exe	118
PID 3628 wrote to memory of 4456	3628	IS_Setup_ICS_011916_1.5.39.173.exe	120
PID 3628 wrote to memory of 4456	3628	IS_Setup_ICS_011916_1.5.39.173.exe	120
PID 3628 wrote to memory of 520	3628	IS_Setup_ICS_011916_1.5.39.173.exe	122
PID 3628 wrote to memory of 520	3628	IS_Setup_ICS_011916_1.5.39.173.exe	122
PID 3628 wrote to memory of 2748	3628	IS_Setup_ICS_011916_1.5.39.173.exe	124
PID 3628 wrote to memory of 2748	3628	IS_Setup_ICS_011916_1.5.39.173.exe	124
PID 3628 wrote to memory of 4984	3628	IS_Setup_ICS_011916_1.5.39.173.exe	126
PID 3628 wrote to memory of 4984	3628	IS_Setup_ICS_011916_1.5.39.173.exe	126
PID 3628 wrote to memory of 8180	3628	IS_Setup_ICS_011916_1.5.39.173.exe	129
PID 3628 wrote to memory of 8180	3628	IS_Setup_ICS_011916_1.5.39.173.exe	129
PID 3628 wrote to memory of 7876	3628	IS_Setup_ICS_011916_1.5.39.173.exe	130
PID 3628 wrote to memory of 7876	3628	IS_Setup_ICS_011916_1.5.39.173.exe	130
PID 3628 wrote to memory of 7940	3628	IS_Setup_ICS_011916_1.5.39.173.exe	132
PID 3628 wrote to memory of 7940	3628	IS_Setup_ICS_011916_1.5.39.173.exe	132
PID 5880 wrote to memory of 5960	5880	svchost.exe	135
PID 5880 wrote to memory of 5960	5880	svchost.exe	135
PID 5880 wrote to memory of 556	5880	svchost.exe	136
PID 5880 wrote to memory of 556	5880	svchost.exe	136

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\IS_Setup_ICS_011916_1.5.39.173.exe
"C:\Users\Admin\AppData\Local\Temp\IS_Setup_ICS_011916_1.5.39.173.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\ISBEW64.exe
  C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E9C20564-8984-455C-80B5-567575303415}
  2⤵
  - Executes dropped EXE
  PID:652
- C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe
  "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe" copy RaCoInst.dat C:\Windows\system32\RaCoInst.dat
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:7452
- C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe
  "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe" copy FW_2870.bin C:\Windows\system32\drivers\FW_2870.bin
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  PID:4456
- C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe
  "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe" copy FW_3573.bin C:\Windows\system32\drivers\FW_3573.bin
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  PID:520
- C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe
  "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe" copy FW_7601.bin C:\Windows\system32\drivers\FW_7601.bin
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  PID:2748
- C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe
  "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe" copy FW_7610.bin C:\Windows\system32\drivers\FW_7610.bin
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  PID:4984
- C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe
  "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe" copy FW_7662.bin C:\Windows\system32\drivers\FW_7662.bin
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  PID:8180
- C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe
  "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe" copy Patch_7662.bin C:\Windows\system32\drivers\Patch_7662.bin
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  PID:7876
- C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaInst64.exe
  "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaInst64.exe" Install "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\netr28ux.inf"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:7940

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:7288

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5880
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{4fb0dce6-db34-9a45-83cd-48c4a15f7ac1}\netr28ux.inf" "9" "4e592dfdf" "0000000000000128" "WinSta0\Default" "0000000000000154" "208" "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:5960
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "20" "C:\Users\Admin\AppData\Local\Temp\{9312f071-80d7-3f43-be5f-088cec057aeb}\netr28ux.inf" "9" "4e592dfdf" "0000000000000100" "WinSta0\Default" "0000000000000178" "208" "C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~3\MEDIAT~1\RT2870~1\Driver\RACOIN~1.DLL

Filesize
335KB

MD5
be7847e3c8589153cca0b85bf1ff4561

SHA1
9fe380890c68b400e7bcf2cea72a4fee09c3fd87

SHA256
b407adea4773eaa54410292eb918532b689075193a7c8a5353d103f3fcddc539

SHA512
4b3c653df182043c8f740c3dca0205cf61ff6dd3dfcd74701c38e27e86f97128279f3d47a1d2e3c2fa953b01643b9f7181633eb7dda09b98d119d7813f491e04

Download Submit
C:\PROGRA~3\MEDIAT~1\RT2870~1\Driver\netr28ux.cat

Filesize
37KB

MD5
798c128ba1e91010e51e8f7e759869f1

SHA1
7904b2d06ef5552aca75e06aa8ffd8c64c0af9b6

SHA256
864a3eef80765823c4bf522d749748c33b357823749e3cfe3cba27ada458fc72

SHA512
6d5e5ea7d31b674fcf80aa9c5e10ad292e517e12d2548ee873c42a22da73020de78db562e61c223764be1d1caf2cfa0ed37eb4ab10e225488148d24e1bc24905

Download Submit
C:\PROGRA~3\MEDIAT~1\RT2870~1\Driver\netr28ux.sys

Filesize
2.1MB

MD5
7071e73bdd8b5cdf236312864d0fc1cb

SHA1
36442fa941aaa9f3916d1e63abeeb6c2a2b8d546

SHA256
ade38351a626dc0a6bcde1d09b214c94a65ba89fc9b0a69045019ecbf27bef59

SHA512
1c1fafe9ea8959b144aa5468681583df4378d8fcb823eeb16b943f050eeee81168a4f79657023b7c7001de6ed2f8dc63fb141bbefa2b9a6ed58533b0c0deb68d

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0404.ini

Filesize
10KB

MD5
72469ff091c1e7e79e3b6d75b3a5bf9a

SHA1
a52012537b4bc58d70773141639004d44968b4e1

SHA256
fa35802ae3b19bb897898c1cac8c57d5f013ad1c3a6a73865422f39d5313d027

SHA512
f9441efec931af4a03206a974bb80943860ba50e517886832fb730817690b641984ac65f032966c6024ba3f40bdb4dd3ee92683cb63b108801e09b576c522f39

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0405.ini

Filesize
22KB

MD5
9fb56981dd06830b30cd9cadf54270d6

SHA1
314a35f80259531ef558bad6ca0d5c320f30d0ae

SHA256
9302a3e694de8cc84947b41350a7f8ae0880e5d2f3fdbd67cd56444bf0bc3a43

SHA512
23c68295d638b9b0d01f1340566073864606f469a78eb5e5294ffee7616f97642ce6900c040fcda72ad78d5f04b337afe3305f936f6e38c8638b370d6a636e31

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0406.ini

Filesize
23KB

MD5
7c6ad5705b8c076697c1ca0eb6229f6f

SHA1
2e65200833dafba72f6455afa86e6a28eb0468a8

SHA256
fad1187df234b8b2b27c3f866b218036e377469871e0816fa6cc38c391d5ad93

SHA512
1dd912b65ff65348ab69b26b5812078baa96acbaecfabba361622d9053e6b301c8e12ed45a729b007d286b5d906974cfdc233dd9feb5254421a2ba2be97fd50c

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0407.ini

Filesize
25KB

MD5
b6ac0c1ced36bf87bc0c6da529af99af

SHA1
21df51e7cbfd69f7da5384cb1e842f7f68b67dc4

SHA256
cba80a94ffb73171d8d54580346459cc927e1de8264b8b423a4e6eebeaaad6e7

SHA512
b12a98352b30af9322b72253341f975951e03c486c7b0e747f8e441490e258176add62c2484ca73d6115ae7b9426533b9da5ddddbb67e065c226e285450e1207

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0408.ini

Filesize
26KB

MD5
c7a740c71fb3779c8ae2626729a44389

SHA1
1622381c204607ec09f1592fa93d1f14ffb21031

SHA256
d9610bf29ee0e73843595f246a58699abe499b340ad9982831d068067161c120

SHA512
85f946cbb08ddfe69e84d0226717ef5c000eeb9170391658eb78ae06233f021b0f71e74c9240385145664530529bd96825325ba010094d4177876e38e3fc08b0

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x040a.ini

Filesize
24KB

MD5
e872c54c58eef055bc791d3eead093c3

SHA1
fc7ba9cef237686c06dd63fd2ccbfe037518e378

SHA256
1739d42ed181f36ab4f524c01b57a4102c2f7510661d973a1077a4e88ac34b97

SHA512
e8512974d4851b7fb504292f3330d318f72c2646ec3db2c54ed7938eb73249ec1ce867916d15c6a36b3feb39f0fe98dd1781e5ec938bb2427059b4ee2dc00e1d

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x040b.ini

Filesize
22KB

MD5
48dd00b7d72fb37f937db5714bf8a725

SHA1
66f2f1696d45071bc8fc1e88c510d2f7b5e20c64

SHA256
aa0097e47caa4933793155e45fc91eef6b035daaf22f9ea32eb509cc4811dd5c

SHA512
569be6b6f850dcbd2125fa6cb449524b6089946742742bc56e033b07306ecb9b697768b0351dae6939fd0b6c985ed416f4a370343bc773ed3faee0f72ea5162f

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x040c.ini

Filesize
25KB

MD5
35989450c8121207917f04d1ebe4ca2a

SHA1
0037ec09f27d222cad447288bd2462d63aba2520

SHA256
b14d9d7afc505868407c425cb5a78c891baa8a6ac8eb35cfb3d71c71f5bee1fa

SHA512
1cf2a0130679ab238c5e41bb1de21f6f915595af7cc9b90ecfce2d05075cf3ba92ccab464a7291efd1ee4cdba54a01d61beb75b919ad687fba178a95486b26f8

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0410.ini

Filesize
24KB

MD5
f89fc24fce7b72a6c9a6e1f9e7b22d8a

SHA1
cd13c5dbd8c58ddc1f1727d45362358afac7fcf2

SHA256
2970bb63e5bc3de4c693de313d715c0c5f93bd35e18cdaec56954034cc7653a6

SHA512
a55209b9419b9fef4d6107956131e6bda36bd281c94416c39788aa8e926a7a44dae19544a46c84cd2337678a3a4af753fad73e024bae19da4d536186a061013a

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0411.ini

Filesize
14KB

MD5
172d4d355115b38848d2d99f57aecf2c

SHA1
a5fcd9b612146e3182dd897a2a9a2d19029f302e

SHA256
b04655ea596d27e6eac5f96ddfad84954be42dad223931a3ed081d569d02f290

SHA512
912a7e065b55edf9c26f97ddbac56e63450c3291ab699f5fdcfc2c91c0ed2c56329c72d3a6f0c9c2c310e31a3939f2ef5a4b33d6bf2742f446bb9effef505270

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0412.ini

Filesize
13KB

MD5
71f4edca53576557433f9d50f9469811

SHA1
a408f7dea697ab0f301413b9b346febdeda9f727

SHA256
99c660779cbe3d213cbc3a2c4d5ef53168c6fad0d8c17524efb75c1aae1f0a2b

SHA512
945a61f52e4ccf96229aa6fdad5cc7ee33dab4b0aded5cdda8c34bfeac747c35255b1ef42dd8aa301d69f7ad65d8cafbb7de52cb00ac1a21d50e14e712f7cadd

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0413.ini

Filesize
24KB

MD5
dc1c05a9fce06cf659c20aed317dd417

SHA1
2447c12e75ed0f4b5bd9d4c6acb29aee35562f23

SHA256
98d6ceef6a444b9e8450abefc5b72bd6b0df1cd5d7c7cd2822eb1bd186ff8526

SHA512
2cdd4932e279988b0dfeefd86e5b997a9d5f5bc6780819d80293baf5a9b0b56c9d0aa597150cadc1c7b2c329f5feaf308f97fa22dd4b915050bcc6d911cdda96

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0414.ini

Filesize
23KB

MD5
e526541768a0b9a3618a2894a8e2447e

SHA1
e06078517baafa6eb077ef7fe19170e2de037ed1

SHA256
7020c177a60a340c836576d5357305cafedaa4add1a8ad18a3e207d40bfcead4

SHA512
70f32aa31c0c4b96add20417f26ced38ca7cc6a25c95a4cc461ead94414ca9d746a18e7f45688ad354448a048e9c722eb32c330a01ffda620e835697a26ea492

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0415.ini

Filesize
23KB

MD5
9707fadc4578896571702b841d341310

SHA1
211abb8aa4ded7a7a11ce472624ed2f23d0c724a

SHA256
c8474614e2181b9da87100d29f984fee1d1416f20034be8634897539df110c55

SHA512
e5d87d2bc440c6c8d9fc466876431b8bb48d29e570b95c004010a892c6ba2fa2cfc06ddc8a2b5ee04956b33b5ee321820c25e0a20342b8c2df34759d6e87a4b0

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0416.ini

Filesize
23KB

MD5
88cf36612986147152bc34798d847fc8

SHA1
c626eb6ca21d0bd8148c4990ca9bc3955a84ac2e

SHA256
fd410ce6cea3fe21e0d45ba8a3a95459502275052c318971ecd548970dfccdcf

SHA512
d5768cf9ecb1e158b3a9196cd340eb8db5b294bb20433554d4d605c7a3ab4f7ca6027791fd63f011e68325af52eb18d734b45f2fd670d109ff60e93b97d9a20d

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0419.ini

Filesize
22KB

MD5
d12957cbc8d709ddacb854ccb7e09bea

SHA1
332f16c47a6f77390421e8dd9e1e5cd10625c46c

SHA256
79fe5a9a1dcd35ed68016fc5aa3720945f87a34c7b85f14763dc08f55796485e

SHA512
75351baa104682fedcc4b237c1df1804c3c1ec2671e0200eaa4e37f26d1d28e3a6a33c93f6ff35cec58e7701fa6a0961efd7a2cbb44ed6c2cbd29d7c5db057f5

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x041b.ini

Filesize
22KB

MD5
ae9e29150b1c6641876a381dc40ab441

SHA1
b84e68a2ebc5f7a955a0fbaca94026fc24f3a9ef

SHA256
71b872b85f4a40103db4bc26aa68fe47e015561a8172d345d3c49f1996dce018

SHA512
3c7dd39b5eb598719467db5db73c1d609ebcdb3fc37330a6c5a1987e7c57a66610caeec57e22d7c48e0f3b89fe9dd7e6c587cd908f2de97b35c63d8b12b35814

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x041d.ini

Filesize
22KB

MD5
93369d4b2cce8b9de7c55e8e5fcedc30

SHA1
250cf3de891f460874fc58ffc96606c3c901fd03

SHA256
9e71b18fa3278c951db2033b913e1e945ae13e2e51f0d79c7913e8c07fc03556

SHA512
f7d6b278588303180d743158aa08c3fb4c5ec371633896a60977ede2b8c822a31d520f286a0468b949f54401dc86ed606e3352b1281715593ec0462132232b03

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x041f.ini

Filesize
22KB

MD5
a27cbe2097f5b565ef28aa45ede705d8

SHA1
78c9b61d6fe0438dd898da6bbd0f5c537421f739

SHA256
24291186fa6965adda3aadc800c5c35418f47b314fbc9dfa49a72f79cd4467fd

SHA512
06da424eb0dbcd7597ad2b57a7ce15490bdd57eef78b0b3b780bb09816794d2251c94d0ec490c9fe4099a7ed5768225aceb2d6f9f04d6f216482575c30a231a9

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0804.ini

Filesize
10KB

MD5
3d94ea458231bb249e464a3246e47d39

SHA1
a1660eface2d76b3bab6e21980d64ec5da9a3844

SHA256
b1422d24b8b703541404776badf70d377df435d519cc5fff2ee6666581ce407c

SHA512
46bfbd5d1d86cffceef1316b13815b1d9a099e247ecb7ca12974107f921787eaa917ddc04bb937c7bf293eaff12a45b56952174c1059eb42b325dbbc48ce4fa4

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0816.ini

Filesize
24KB

MD5
f5647ec2fa6f96103629860955aaed3c

SHA1
960398a7f4406f91f37148de2e83a86b660cfad3

SHA256
c1ed2933a2ccb3b82f7a952741bf4c6d4f653d4997855c341f365671fcb9e87d

SHA512
ccdab8b0884bdd7c55736ee419aad5713b36dd9590232ea6bbcdfce2a05058aaf708f0d19d42c450c2e3e7b82ad72d860b1cd21ea0c3671236da5efddfcebc5f

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\0x0c0c.ini

Filesize
25KB

MD5
62888396ed6fa3cacd828b6819a2cedf

SHA1
a0622a4dd30fe7dd417d6732a6ac2d501d1765a5

SHA256
c3883b7c750df5e262a9abe6234e0f8de920bef31ddf454f21c6b967a9f5c9c2

SHA512
c5dc4fa2fd92585856a3811fb436131f425e9b13268821dcd1eaab8ca222e22c2f918ad8f004f714940dc66e73926f4f5f13bfb7f0df0d84dc741dc010deb8ca

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\data1.cab

Filesize
2.7MB

MD5
93ad0d59a83c88290d2742a2e46d0969

SHA1
82bf7d3e620b7a6a69f3c895f36ddf89b19c9478

SHA256
ee631282434bba0e064e18bace25bae8c89b0b5448f4d8b8bad6a7e6adeb3e14

SHA512
807e555626f1491e357544c797fd45cd1d01f70856516522096b7a0bb5fd82403cb632b3add3158e2db3be2ea773b9d42c68b2618daa02449c9efe5e18f29be7

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\dataa073.rra

Filesize
145KB

MD5
3cd8e1cc8b0751ad816959e84dcc24e3

SHA1
642605569b3c189514cbe00b4b31ce19735b2f5a

SHA256
cd0d90edde33a504ad578c642b3508a5ef9513f8adee640f3b9b3f8d37962634

SHA512
c3023924d2200092d38634cd5528e162b421697bf80449a2497196e1261f6a08d2022a6e453c6bab72c452625d11657b0a36874bc0c557fc08556fb806d0f770

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\layout.bin

Filesize
1KB

MD5
cd10e849c38877a095dce2058b331aea

SHA1
9ddcdd8e8089f5ef4a9969b9a63f8974777ad0fd

SHA256
989d298c31e599b959f10efb3ec7bbb5b9f968b9994edc16c8ef4af0c4e7d4df

SHA512
6a0cecf40375b2a0530703ef9f2b66f25be45e9fce9c624181ef7722b3c0f5fd253d1f198595d5a552cda889e1ab4c0c4a7ed7453ffd024c865a43476d7a612c

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.exe

Filesize
785KB

MD5
cf96d2b2c2261b5d8744af5e624d563b

SHA1
37babdc576bdd3d5c2637f7c5ee8cee611da0085

SHA256
c0a83a264bf8a32f3ab98041d29f3c90b8cf3c03311133b3768de95823fe03c1

SHA512
2b7de9fa4e4b5312b5aca65e5e483dc9cdb8a2e8dedb722d2ec37389d48185fd3891793d2fca684ab47baecf28affa5f75ff0f422a454f39fe25e7ef09e769e6

Download Submit
C:\Program Files (x86)\InstallShield Installation Information\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\setup.ini

Filesize
2KB

MD5
14fce867876b5d2e3bb8adfd367c638d

SHA1
26377d63b006d21e2c009f42f45fcd84917c00c5

SHA256
6ea60254a0ebf3c0090fc21370a8fd7c624c93dd02c5524d72e802a9cf4be362

SHA512
7329b685bc1ef60f4fd0fe7114a7e8af608241fa36cf89f34d6bf78bf42c29c10b072dfee83bee24e173430919b0053f2f96675ff144e0265df25311a47d465e

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\FW_2870.bin

Filesize
8KB

MD5
4dff0e78204c9af33b4d606caa177d41

SHA1
3cb9783622b7929bcfa005018536a8c8b1667404

SHA256
9a8d0060c62e277f7999ab72876b77e85b9d5646572118b1300f6422a0a1c55a

SHA512
2c3bf24ad8a00b5ba03ff9441b7a476b38f1e1b8f66de9a0fe1e0f134e889844abe6eee1d6faf118cef895fb2ead0ce1d9f9afc9cf392c0952e126b2df02e82e

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\FW_2a8fe.rra

Filesize
8KB

MD5
4dff0e78204c9af33b4d606caa177d41

SHA1
3cb9783622b7929bcfa005018536a8c8b1667404

SHA256
9a8d0060c62e277f7999ab72876b77e85b9d5646572118b1300f6422a0a1c55a

SHA512
2c3bf24ad8a00b5ba03ff9441b7a476b38f1e1b8f66de9a0fe1e0f134e889844abe6eee1d6faf118cef895fb2ead0ce1d9f9afc9cf392c0952e126b2df02e82e

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\FW_3573.bin

Filesize
4KB

MD5
c4eabbfc47523a71e520cc8c9ae3e32e

SHA1
0d8c716365b6e7f4e6cfaf54cb688465d4e1b2ee

SHA256
b3243a07ec01a7e6c9b7694b025b83cf7e071c552f739d4535145dd86d3ebeac

SHA512
9a6340e609f5a4e93c1173d0fd0d2485d69e3f7b46a6f197aa95b4b89b4b1afe6eb17fc474b5150bf98f15a193cc6a6d5374c36d1d06f1a0b95b0d0ef744ef42

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\FW_3a8fe.rra

Filesize
4KB

MD5
c4eabbfc47523a71e520cc8c9ae3e32e

SHA1
0d8c716365b6e7f4e6cfaf54cb688465d4e1b2ee

SHA256
b3243a07ec01a7e6c9b7694b025b83cf7e071c552f739d4535145dd86d3ebeac

SHA512
9a6340e609f5a4e93c1173d0fd0d2485d69e3f7b46a6f197aa95b4b89b4b1afe6eb17fc474b5150bf98f15a193cc6a6d5374c36d1d06f1a0b95b0d0ef744ef42

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\FW_7601.bin

Filesize
45KB

MD5
6d71d5aa570a7dccb59cfd4237c96eee

SHA1
21c6c8d06bcd00317897bf9f613a83951a59291a

SHA256
b83d000dee6b5285ec7296dbcd642df07c69d0979e88d31ebb2d718d5ddd4c4d

SHA512
60ad0a9040bac46b8f24b5ffab10424a89fa07ce4093f57fd67d9e46fd46d447f24fb193fa3fa136ed41d8f383240f5cd6383927cf75f8e5872c0a8fb76ca888

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\FW_7610.bin

Filesize
78KB

MD5
e590c2f0446903c1408e8f78d2fe0c6e

SHA1
d32637684fd2196da7f98788bbff72167d0f9af1

SHA256
4c10e01d51455bad01e08a94f6ee7b04c223b45843b84dc17fc758e30b5feb52

SHA512
b625e10a24a299603f5d667bb9423f0d45fb741a3f3b2c52d65734b5726299a19cf0bb9c620d60d0b6d85a529c69713bae32a6cdd2eee9cef8ab370f39e0f372

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\FW_7662.bin

Filesize
77KB

MD5
f891a407e9300e4e70d013b971ab61ed

SHA1
392dcaf637fbe1a268241fac54a1d4920836abea

SHA256
24b20cf1357e9f86af4582f713c3ecadb73b43a019e4c9efd5d02833081fb083

SHA512
d48a6814416443141821a6ad69e8fc03c4691c430aaf2d64920891b6a1784bb363e44326115ae574881f1264f05ec125ea046f4c0a4224908135e8539eef30e5

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\FW_7a8fe.rra

Filesize
45KB

MD5
6d71d5aa570a7dccb59cfd4237c96eee

SHA1
21c6c8d06bcd00317897bf9f613a83951a59291a

SHA256
b83d000dee6b5285ec7296dbcd642df07c69d0979e88d31ebb2d718d5ddd4c4d

SHA512
60ad0a9040bac46b8f24b5ffab10424a89fa07ce4093f57fd67d9e46fd46d447f24fb193fa3fa136ed41d8f383240f5cd6383927cf75f8e5872c0a8fb76ca888

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\FW_7a90e.rra

Filesize
78KB

MD5
e590c2f0446903c1408e8f78d2fe0c6e

SHA1
d32637684fd2196da7f98788bbff72167d0f9af1

SHA256
4c10e01d51455bad01e08a94f6ee7b04c223b45843b84dc17fc758e30b5feb52

SHA512
b625e10a24a299603f5d667bb9423f0d45fb741a3f3b2c52d65734b5726299a19cf0bb9c620d60d0b6d85a529c69713bae32a6cdd2eee9cef8ab370f39e0f372

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\Patch_7662.bin

Filesize
20KB

MD5
cd641eb06904d8a73b44d4b8b373ea2f

SHA1
79c5843b62dd82274323c68846829e0e5d1e7caa

SHA256
856f0f58217d90d4a8d55488eb2f70ea67953fd6712d4b570d96cfcf77dc1cf4

SHA512
440a946eda6fa814e36427af3d1a864972627bcbdb3b625e3a4949c3ce560923672e1456630d481b3b4fe03378ef62189a3aad1bc541ba1f9f7206128442623b

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaCoInst.dat

Filesize
16KB

MD5
daf91704a9550175c10bb256dc08c957

SHA1
e0162d36d2b8fd617f0c2cfef23296fc46d52794

SHA256
3c24e7b4bd0e83bb031bc297a9045cb1c10269b2c92289f1455dc9fc4aceeb29

SHA512
0f504b94dfcadbed96ce8e6d40113e44db8466a29fdace8132335025014445446150c4ca3632a0ca3e8c9e471c7e54959dc41fc98f4af4a48d4f53d09324482d

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaCoaa94.rra

Filesize
244KB

MD5
31e32064fc1166db6032ad60a0e0be05

SHA1
26d0199a7d6069a30ac654247a0f73b3a0130f27

SHA256
77516ba384fb866420c0a6e93b054815bd25fe99160b8cd7bbfd807a2438046a

SHA512
ffa6f2a309bfa9b06412e3d7e2e1193e238776bd52cd82020785f5facedcad3b1d84459d0c89eed5afb166662af280c3bc8abbb980b121cd4b846097533bf7e6

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe

Filesize
51KB

MD5
f6e913a95e6357b7a14a90a1fbe3f3bc

SHA1
3dfd96ece367a55a4afd056124174a97cf840ad7

SHA256
ba6afd01da7cbc02e1b345d3d3d5261d3549643d7b26189aed45ff13fe74bdd4

SHA512
29577684f759e05e0e95381bf804666bfc1bcf1524011e3562e056476a45397f9334adbd45b45163031ebda38b4f73505d7e9f7c9bc3060b40758a6f760a6bf2

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe

Filesize
51KB

MD5
f6e913a95e6357b7a14a90a1fbe3f3bc

SHA1
3dfd96ece367a55a4afd056124174a97cf840ad7

SHA256
ba6afd01da7cbc02e1b345d3d3d5261d3549643d7b26189aed45ff13fe74bdd4

SHA512
29577684f759e05e0e95381bf804666bfc1bcf1524011e3562e056476a45397f9334adbd45b45163031ebda38b4f73505d7e9f7c9bc3060b40758a6f760a6bf2

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe

Filesize
51KB

MD5
f6e913a95e6357b7a14a90a1fbe3f3bc

SHA1
3dfd96ece367a55a4afd056124174a97cf840ad7

SHA256
ba6afd01da7cbc02e1b345d3d3d5261d3549643d7b26189aed45ff13fe74bdd4

SHA512
29577684f759e05e0e95381bf804666bfc1bcf1524011e3562e056476a45397f9334adbd45b45163031ebda38b4f73505d7e9f7c9bc3060b40758a6f760a6bf2

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe

Filesize
51KB

MD5
f6e913a95e6357b7a14a90a1fbe3f3bc

SHA1
3dfd96ece367a55a4afd056124174a97cf840ad7

SHA256
ba6afd01da7cbc02e1b345d3d3d5261d3549643d7b26189aed45ff13fe74bdd4

SHA512
29577684f759e05e0e95381bf804666bfc1bcf1524011e3562e056476a45397f9334adbd45b45163031ebda38b4f73505d7e9f7c9bc3060b40758a6f760a6bf2

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe

Filesize
51KB

MD5
f6e913a95e6357b7a14a90a1fbe3f3bc

SHA1
3dfd96ece367a55a4afd056124174a97cf840ad7

SHA256
ba6afd01da7cbc02e1b345d3d3d5261d3549643d7b26189aed45ff13fe74bdd4

SHA512
29577684f759e05e0e95381bf804666bfc1bcf1524011e3562e056476a45397f9334adbd45b45163031ebda38b4f73505d7e9f7c9bc3060b40758a6f760a6bf2

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe

Filesize
51KB

MD5
f6e913a95e6357b7a14a90a1fbe3f3bc

SHA1
3dfd96ece367a55a4afd056124174a97cf840ad7

SHA256
ba6afd01da7cbc02e1b345d3d3d5261d3549643d7b26189aed45ff13fe74bdd4

SHA512
29577684f759e05e0e95381bf804666bfc1bcf1524011e3562e056476a45397f9334adbd45b45163031ebda38b4f73505d7e9f7c9bc3060b40758a6f760a6bf2

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe

Filesize
51KB

MD5
f6e913a95e6357b7a14a90a1fbe3f3bc

SHA1
3dfd96ece367a55a4afd056124174a97cf840ad7

SHA256
ba6afd01da7cbc02e1b345d3d3d5261d3549643d7b26189aed45ff13fe74bdd4

SHA512
29577684f759e05e0e95381bf804666bfc1bcf1524011e3562e056476a45397f9334adbd45b45163031ebda38b4f73505d7e9f7c9bc3060b40758a6f760a6bf2

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe

Filesize
51KB

MD5
f6e913a95e6357b7a14a90a1fbe3f3bc

SHA1
3dfd96ece367a55a4afd056124174a97cf840ad7

SHA256
ba6afd01da7cbc02e1b345d3d3d5261d3549643d7b26189aed45ff13fe74bdd4

SHA512
29577684f759e05e0e95381bf804666bfc1bcf1524011e3562e056476a45397f9334adbd45b45163031ebda38b4f73505d7e9f7c9bc3060b40758a6f760a6bf2

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaIOx64.exe

Filesize
51KB

MD5
f6e913a95e6357b7a14a90a1fbe3f3bc

SHA1
3dfd96ece367a55a4afd056124174a97cf840ad7

SHA256
ba6afd01da7cbc02e1b345d3d3d5261d3549643d7b26189aed45ff13fe74bdd4

SHA512
29577684f759e05e0e95381bf804666bfc1bcf1524011e3562e056476a45397f9334adbd45b45163031ebda38b4f73505d7e9f7c9bc3060b40758a6f760a6bf2

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaInst64.exe

Filesize
886KB

MD5
81cc2bf1f5ac4a7baf0ad1eec89c752f

SHA1
d704aa3f72965fe3c553f73d0dcf99eade8b896d

SHA256
c3e80c6331f2526b36224ac099180541d76107ad3e85bb2cee0b237b7f8a303d

SHA512
2be17e664117345e2cc392a4c29cf303b905948fbebed1e35c8812fd2c4e7355c2e9e36fffb650c209b1c9f298bfda10ff7e8e36145c2fd882df44461bef940e

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\RaInst64.exe

Filesize
886KB

MD5
81cc2bf1f5ac4a7baf0ad1eec89c752f

SHA1
d704aa3f72965fe3c553f73d0dcf99eade8b896d

SHA256
c3e80c6331f2526b36224ac099180541d76107ad3e85bb2cee0b237b7f8a303d

SHA512
2be17e664117345e2cc392a4c29cf303b905948fbebed1e35c8812fd2c4e7355c2e9e36fffb650c209b1c9f298bfda10ff7e8e36145c2fd882df44461bef940e

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\Win10\FW_7662.bin

Filesize
77KB

MD5
f891a407e9300e4e70d013b971ab61ed

SHA1
392dcaf637fbe1a268241fac54a1d4920836abea

SHA256
24b20cf1357e9f86af4582f713c3ecadb73b43a019e4c9efd5d02833081fb083

SHA512
d48a6814416443141821a6ad69e8fc03c4691c430aaf2d64920891b6a1784bb363e44326115ae574881f1264f05ec125ea046f4c0a4224908135e8539eef30e5

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\Win10\Patch_7662.bin

Filesize
20KB

MD5
cd641eb06904d8a73b44d4b8b373ea2f

SHA1
79c5843b62dd82274323c68846829e0e5d1e7caa

SHA256
856f0f58217d90d4a8d55488eb2f70ea67953fd6712d4b570d96cfcf77dc1cf4

SHA512
440a946eda6fa814e36427af3d1a864972627bcbdb3b625e3a4949c3ce560923672e1456630d481b3b4fe03378ef62189a3aad1bc541ba1f9f7206128442623b

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\Win10\RaCoInst.dat

Filesize
16KB

MD5
daf91704a9550175c10bb256dc08c957

SHA1
e0162d36d2b8fd617f0c2cfef23296fc46d52794

SHA256
3c24e7b4bd0e83bb031bc297a9045cb1c10269b2c92289f1455dc9fc4aceeb29

SHA512
0f504b94dfcadbed96ce8e6d40113e44db8466a29fdace8132335025014445446150c4ca3632a0ca3e8c9e471c7e54959dc41fc98f4af4a48d4f53d09324482d

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\Win10\RaCoInstx.dll

Filesize
335KB

MD5
be7847e3c8589153cca0b85bf1ff4561

SHA1
9fe380890c68b400e7bcf2cea72a4fee09c3fd87

SHA256
b407adea4773eaa54410292eb918532b689075193a7c8a5353d103f3fcddc539

SHA512
4b3c653df182043c8f740c3dca0205cf61ff6dd3dfcd74701c38e27e86f97128279f3d47a1d2e3c2fa953b01643b9f7181633eb7dda09b98d119d7813f491e04

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\Win10\Readme.txt

Filesize
6B

MD5
0420dcd0a9b3fc40a86ae7e7b530bcbf

SHA1
a95877f2bbbc2b6b30acd1b9e35c27481beb6ba4

SHA256
d61d9b699f596666b85ab18baa578f881751c296bc24cf6787e5fa0ae6c4c863

SHA512
e6147cae1cd35ecd2033ff1213355dbce65f6e39a9219f9a5b038a2a08029bf2730c53d3d3da4b30bd047b9d1f5f09163ce831fa0b09ad11d66047b8232bbb9a

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\Win10\netr28ux.cat

Filesize
37KB

MD5
798c128ba1e91010e51e8f7e759869f1

SHA1
7904b2d06ef5552aca75e06aa8ffd8c64c0af9b6

SHA256
864a3eef80765823c4bf522d749748c33b357823749e3cfe3cba27ada458fc72

SHA512
6d5e5ea7d31b674fcf80aa9c5e10ad292e517e12d2548ee873c42a22da73020de78db562e61c223764be1d1caf2cfa0ed37eb4ab10e225488148d24e1bc24905

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\Win10\netr28ux.inf

Filesize
887KB

MD5
10cfa664d12cfb1cf7e198a7d547713c

SHA1
66d0983dcc7f686bcb1a7cc4683faa3158224fd7

SHA256
31e57d6f314ef0296ec95c20fcb7c4b2cc9f15366a0356b41131035c8b8209e2

SHA512
5001b85717fc0d6d2789c70ac3825e540c199e26caded68cfcf1fbed91dc6c09d0a6db95a42bb879b6cdc079c903cf4baeecf289f50485467098348b46df596a

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\Win10\netra38f.rra

Filesize
2.1MB

MD5
7071e73bdd8b5cdf236312864d0fc1cb

SHA1
36442fa941aaa9f3916d1e63abeeb6c2a2b8d546

SHA256
ade38351a626dc0a6bcde1d09b214c94a65ba89fc9b0a69045019ecbf27bef59

SHA512
1c1fafe9ea8959b144aa5468681583df4378d8fcb823eeb16b943f050eeee81168a4f79657023b7c7001de6ed2f8dc63fb141bbefa2b9a6ed58533b0c0deb68d

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\devcon64.exe

Filesize
84KB

MD5
394ea0490d4a382627d5d3951633de16

SHA1
28c8a480da622ff2dd5de57e19ad909442b52c34

SHA256
4cb21382963628d137c3990d1b6666d9ec253aa038395ab24aaf3cc832731269

SHA512
a81744ed3b9c4f351bb6c4f945c10090733f5f70f48c9d01a50175de72ce76e89edb98b336c3db8e40a0b359556d193524cb206ab121741442dc65e143e90ec6

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\netr28ux.inf

Filesize
887KB

MD5
10cfa664d12cfb1cf7e198a7d547713c

SHA1
66d0983dcc7f686bcb1a7cc4683faa3158224fd7

SHA256
31e57d6f314ef0296ec95c20fcb7c4b2cc9f15366a0356b41131035c8b8209e2

SHA512
5001b85717fc0d6d2789c70ac3825e540c199e26caded68cfcf1fbed91dc6c09d0a6db95a42bb879b6cdc079c903cf4baeecf289f50485467098348b46df596a

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\netra93d.rra

Filesize
39KB

MD5
2826ebf9b479a2a3c278eb2aa593addd

SHA1
46f9691b829a2a19685161e608292316277b0e03

SHA256
cd9694d06a8394b1998d85924bdd882e57cbf173b0a0890e683509c07b9c9fcf

SHA512
7f3b4e515b7db3f6cd9e8536ed5384109663f329d9ff6947bd4aef8cafbdad63a37bfa6a81ae3b2adfc7df9c9bcf6213e9128317e8706b37f945ff9114467e3b

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\netra94c.rra

Filesize
887KB

MD5
e8ab213eba2776fad1ef3eb38ca250b2

SHA1
ffec21cfdae5652b99d70ce43619bb9fa2770969

SHA256
176be0b16f0800d9a5d70021a0d219b833b967f3634d778ea961dfe8b2c37d70

SHA512
75b2a89aff37914afce60a1250ad1b2fdb7c5b7ebe05083cfd572f9cbf9c94caa4e6e639af14106450b965a07734dd938f1851b835f313752dadfe37421442f6

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Driver\netra9aa.rra

Filesize
1.8MB

MD5
adffc3bb01ef446de2810fee583dc121

SHA1
b9cfe1a0123bb122044c858b0b3ca1f04751efbd

SHA256
274c34bb847fe5b79332e949b3f2a2c850097124d32752bc7c70596abc035085

SHA512
4a7e8dfde9b19f7ac574b8eab7f229f74311aac8f383f2e541ed9fac49f369d76a9aa57d601f929b86faaa3f08a44e642e83fee89900b83a6ec950eb334287ff

Download Submit
C:\ProgramData\Mediatek Driver\RT2870 Wireless LAN Card\Res\logo.ico

Filesize
4KB

MD5
da2be88f4c44d3b119c5ab8bef107edc

SHA1
5968ddf61471069b7c735d47897bb50e3c4b377e

SHA256
8ec7d97959620c6d17000c1e721a0f849d4ce34031d56a66e4bb5f9633102fc8

SHA512
3d1118b8192d06fce6a131f789c77eb8739d8c1200fb95b1a12dd458044baa94b3ab3395b54fb7b103c7f7634a8c35f2b07eee8da2b516c50739eb98ddd5f379

Download Submit
C:\Users\Admin\AppData\Local\Temp\isprb798.rra

Filesize
352KB

MD5
2db4cebab63356b818fdee0740eaf7b2

SHA1
ab9d3aeafaf0066fa6db718d669d734651b432f3

SHA256
8808d4ff7869a17ca937fee890a1f91c98f565e1dd0ae1692e1b86298fab76dc

SHA512
100c7f98f6cd1ae677146704c4a30de9d77feb05d25e76c5ab805391333ded30a8a7b21b726a6cc6b646ef260ade390479d8a35c9624b980aa4fa96a1b4a022f

Download Submit
C:\Users\Admin\AppData\Local\Temp\skinaa88.rra

Filesize
24KB

MD5
0818b1568c46736db86c033cd634d66d

SHA1
ed8de800f28a9ea48b851e7dd4927da322902ce8

SHA256
2a2d2f1def93c26430de8197bf07ac6049b58b373f7acb8d267d025d47e25907

SHA512
8a964948a8894eb29d3e77e8cb9c40689f088f71c81bcc392edbed58d77510a3c7d2cd895364c6c22973560150dad8daa13ebeb3680205e3712ef9246e57c9d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4FB0D~1\FW_7662.bin

Filesize
77KB

MD5
f891a407e9300e4e70d013b971ab61ed

SHA1
392dcaf637fbe1a268241fac54a1d4920836abea

SHA256
24b20cf1357e9f86af4582f713c3ecadb73b43a019e4c9efd5d02833081fb083

SHA512
d48a6814416443141821a6ad69e8fc03c4691c430aaf2d64920891b6a1784bb363e44326115ae574881f1264f05ec125ea046f4c0a4224908135e8539eef30e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4FB0D~1\Patch_7662.bin

Filesize
20KB

MD5
cd641eb06904d8a73b44d4b8b373ea2f

SHA1
79c5843b62dd82274323c68846829e0e5d1e7caa

SHA256
856f0f58217d90d4a8d55488eb2f70ea67953fd6712d4b570d96cfcf77dc1cf4

SHA512
440a946eda6fa814e36427af3d1a864972627bcbdb3b625e3a4949c3ce560923672e1456630d481b3b4fe03378ef62189a3aad1bc541ba1f9f7206128442623b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4FB0D~1\RaCoInst.dat

Filesize
16KB

MD5
daf91704a9550175c10bb256dc08c957

SHA1
e0162d36d2b8fd617f0c2cfef23296fc46d52794

SHA256
3c24e7b4bd0e83bb031bc297a9045cb1c10269b2c92289f1455dc9fc4aceeb29

SHA512
0f504b94dfcadbed96ce8e6d40113e44db8466a29fdace8132335025014445446150c4ca3632a0ca3e8c9e471c7e54959dc41fc98f4af4a48d4f53d09324482d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4FB0D~1\RaCoInstx.dll

Filesize
335KB

MD5
be7847e3c8589153cca0b85bf1ff4561

SHA1
9fe380890c68b400e7bcf2cea72a4fee09c3fd87

SHA256
b407adea4773eaa54410292eb918532b689075193a7c8a5353d103f3fcddc539

SHA512
4b3c653df182043c8f740c3dca0205cf61ff6dd3dfcd74701c38e27e86f97128279f3d47a1d2e3c2fa953b01643b9f7181633eb7dda09b98d119d7813f491e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4FB0D~1\netr28ux.cat

Filesize
37KB

MD5
798c128ba1e91010e51e8f7e759869f1

SHA1
7904b2d06ef5552aca75e06aa8ffd8c64c0af9b6

SHA256
864a3eef80765823c4bf522d749748c33b357823749e3cfe3cba27ada458fc72

SHA512
6d5e5ea7d31b674fcf80aa9c5e10ad292e517e12d2548ee873c42a22da73020de78db562e61c223764be1d1caf2cfa0ed37eb4ab10e225488148d24e1bc24905

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4FB0D~1\netr28ux.sys

Filesize
2.1MB

MD5
7071e73bdd8b5cdf236312864d0fc1cb

SHA1
36442fa941aaa9f3916d1e63abeeb6c2a2b8d546

SHA256
ade38351a626dc0a6bcde1d09b214c94a65ba89fc9b0a69045019ecbf27bef59

SHA512
1c1fafe9ea8959b144aa5468681583df4378d8fcb823eeb16b943f050eeee81168a4f79657023b7c7001de6ed2f8dc63fb141bbefa2b9a6ed58533b0c0deb68d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4fb0dce6-db34-9a45-83cd-48c4a15f7ac1}\netr28ux.inf

Filesize
887KB

MD5
10cfa664d12cfb1cf7e198a7d547713c

SHA1
66d0983dcc7f686bcb1a7cc4683faa3158224fd7

SHA256
31e57d6f314ef0296ec95c20fcb7c4b2cc9f15366a0356b41131035c8b8209e2

SHA512
5001b85717fc0d6d2789c70ac3825e540c199e26caded68cfcf1fbed91dc6c09d0a6db95a42bb879b6cdc079c903cf4baeecf289f50485467098348b46df596a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9312F~1\FW_7662.bin

Filesize
77KB

MD5
f891a407e9300e4e70d013b971ab61ed

SHA1
392dcaf637fbe1a268241fac54a1d4920836abea

SHA256
24b20cf1357e9f86af4582f713c3ecadb73b43a019e4c9efd5d02833081fb083

SHA512
d48a6814416443141821a6ad69e8fc03c4691c430aaf2d64920891b6a1784bb363e44326115ae574881f1264f05ec125ea046f4c0a4224908135e8539eef30e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9312F~1\Patch_7662.bin

Filesize
20KB

MD5
cd641eb06904d8a73b44d4b8b373ea2f

SHA1
79c5843b62dd82274323c68846829e0e5d1e7caa

SHA256
856f0f58217d90d4a8d55488eb2f70ea67953fd6712d4b570d96cfcf77dc1cf4

SHA512
440a946eda6fa814e36427af3d1a864972627bcbdb3b625e3a4949c3ce560923672e1456630d481b3b4fe03378ef62189a3aad1bc541ba1f9f7206128442623b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9312F~1\RaCoInst.dat

Filesize
16KB

MD5
daf91704a9550175c10bb256dc08c957

SHA1
e0162d36d2b8fd617f0c2cfef23296fc46d52794

SHA256
3c24e7b4bd0e83bb031bc297a9045cb1c10269b2c92289f1455dc9fc4aceeb29

SHA512
0f504b94dfcadbed96ce8e6d40113e44db8466a29fdace8132335025014445446150c4ca3632a0ca3e8c9e471c7e54959dc41fc98f4af4a48d4f53d09324482d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9312F~1\RaCoInstx.dll

Filesize
335KB

MD5
be7847e3c8589153cca0b85bf1ff4561

SHA1
9fe380890c68b400e7bcf2cea72a4fee09c3fd87

SHA256
b407adea4773eaa54410292eb918532b689075193a7c8a5353d103f3fcddc539

SHA512
4b3c653df182043c8f740c3dca0205cf61ff6dd3dfcd74701c38e27e86f97128279f3d47a1d2e3c2fa953b01643b9f7181633eb7dda09b98d119d7813f491e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9312F~1\netr28ux.cat

Filesize
37KB

MD5
798c128ba1e91010e51e8f7e759869f1

SHA1
7904b2d06ef5552aca75e06aa8ffd8c64c0af9b6

SHA256
864a3eef80765823c4bf522d749748c33b357823749e3cfe3cba27ada458fc72

SHA512
6d5e5ea7d31b674fcf80aa9c5e10ad292e517e12d2548ee873c42a22da73020de78db562e61c223764be1d1caf2cfa0ed37eb4ab10e225488148d24e1bc24905

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9312F~1\netr28ux.sys

Filesize
2.1MB

MD5
7071e73bdd8b5cdf236312864d0fc1cb

SHA1
36442fa941aaa9f3916d1e63abeeb6c2a2b8d546

SHA256
ade38351a626dc0a6bcde1d09b214c94a65ba89fc9b0a69045019ecbf27bef59

SHA512
1c1fafe9ea8959b144aa5468681583df4378d8fcb823eeb16b943f050eeee81168a4f79657023b7c7001de6ed2f8dc63fb141bbefa2b9a6ed58533b0c0deb68d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9312f071-80d7-3f43-be5f-088cec057aeb}\netr28ux.inf

Filesize
887KB

MD5
10cfa664d12cfb1cf7e198a7d547713c

SHA1
66d0983dcc7f686bcb1a7cc4683faa3158224fd7

SHA256
31e57d6f314ef0296ec95c20fcb7c4b2cc9f15366a0356b41131035c8b8209e2

SHA512
5001b85717fc0d6d2789c70ac3825e540c199e26caded68cfcf1fbed91dc6c09d0a6db95a42bb879b6cdc079c903cf4baeecf289f50485467098348b46df596a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\ISBEW64.exe

Filesize
104KB

MD5
b83d2774cdaf5016cd8765a630fa1150

SHA1
50b7f86488926c6b06322af6a5176e4c7786058d

SHA256
4935372daa99f6c10033accf0cd6403b6f7061477500c1eb65d7ca2dedbcbfd8

SHA512
90fd6c47d658491acfd54a1cb7d76bb01c3e6f58b4df4466998411d73e497a305dac13798182448289052f836c92958ca42b69bb14549d51aea4a0f92e665727

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\ISBEW64.exe

Filesize
104KB

MD5
b83d2774cdaf5016cd8765a630fa1150

SHA1
50b7f86488926c6b06322af6a5176e4c7786058d

SHA256
4935372daa99f6c10033accf0cd6403b6f7061477500c1eb65d7ca2dedbcbfd8

SHA512
90fd6c47d658491acfd54a1cb7d76bb01c3e6f58b4df4466998411d73e497a305dac13798182448289052f836c92958ca42b69bb14549d51aea4a0f92e665727

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\DIFxData.ini

Filesize
84B

MD5
1eb6253dee328c2063ca12cf657be560

SHA1
46e01bcbb287873cf59c57b616189505d2bb1607

SHA256
6bc8b890884278599e4c0ca4095cefdf0f5394c5796012d169cc0933e03267a1

SHA512
7c573896abc86d899afbce720690454c06dbfafa97b69bc49b8e0ddec5590ce16f3cc1a30408314db7c4206aa95f5c684a6587ea2da033aecc4f70720fc6189e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\DisplaybyHWID.ini

Filesize
890B

MD5
0d8c11e8ff749dc12e9d3349ffc14a12

SHA1
c343b41eb1baa85351bfbaf3e56011a0c2dde6e5

SHA256
ae1fcefe7ab22d438f6e8645d51ad29c28deb3a3b24f7e2af8d2f88a90525a5f

SHA512
09058c33e11bc3b00924364e18f41eb514c7d6b05e45180e557b1dcf474c2c195f0d8db5b89336a3e2c82c7f920be03514abdbdf88f79668b02db71e136fe498

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\FontData.ini

Filesize
37B

MD5
8ce28395a49eb4ada962f828eca2f130

SHA1
270730e2969b8b03db2a08ba93dfe60cbfb36c5f

SHA256
a7e91b042ce33490353c00244c0420c383a837e73e6006837a60d3c174102932

SHA512
bb712043cddbe62b5bfdd79796299b0c4de0883a39f79cd006d3b04a1a2bed74b477df985f7a89b653e20cb719b94fa255fdaa0819a8c6180c338c01f39b8382

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\InstAPI.dll

Filesize
100KB

MD5
f9c98d2afd931917d469ece04a7b66d9

SHA1
20844ee19297eb6668b00dcdd2d6aceaecfccaad

SHA256
2685cd211c493115e0ea2ac6f69cc6cd8a2bce525566d6311318ef84f67a47a5

SHA512
276bf2b312c68a9280b5272fa91d97604606a36b0b706657587563e5d255dc0d5104fd1e74682e8c2c0d2ea59e83fe0a02191b4fc35f30156fd181ab91e777f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\InstAPI.dll

Filesize
100KB

MD5
f9c98d2afd931917d469ece04a7b66d9

SHA1
20844ee19297eb6668b00dcdd2d6aceaecfccaad

SHA256
2685cd211c493115e0ea2ac6f69cc6cd8a2bce525566d6311318ef84f67a47a5

SHA512
276bf2b312c68a9280b5272fa91d97604606a36b0b706657587563e5d255dc0d5104fd1e74682e8c2c0d2ea59e83fe0a02191b4fc35f30156fd181ab91e777f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\InstAPI.dll

Filesize
100KB

MD5
f9c98d2afd931917d469ece04a7b66d9

SHA1
20844ee19297eb6668b00dcdd2d6aceaecfccaad

SHA256
2685cd211c493115e0ea2ac6f69cc6cd8a2bce525566d6311318ef84f67a47a5

SHA512
276bf2b312c68a9280b5272fa91d97604606a36b0b706657587563e5d255dc0d5104fd1e74682e8c2c0d2ea59e83fe0a02191b4fc35f30156fd181ab91e777f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\_isres_0x0409.dll

Filesize
380KB

MD5
74f3c0fe8cae9f03bf2a1aa3a0407d01

SHA1
c3c154f0bbd508483d58c2cb78498689f7b7c192

SHA256
1d2f9bb9b2f0612265f9606d2a08889229faf75d2f9f32ce048c5891c1f9f99a

SHA512
acf7a94e8e20c87ab16edaf56c51ad99178af30ad2dded93652a27ad95b09d6d448bf7821419eb447108c7f603e2467857d8c318ddcf7fbba15f7e3dbe13cc1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\_isres_0x0409.dll

Filesize
380KB

MD5
74f3c0fe8cae9f03bf2a1aa3a0407d01

SHA1
c3c154f0bbd508483d58c2cb78498689f7b7c192

SHA256
1d2f9bb9b2f0612265f9606d2a08889229faf75d2f9f32ce048c5891c1f9f99a

SHA512
acf7a94e8e20c87ab16edaf56c51ad99178af30ad2dded93652a27ad95b09d6d448bf7821419eb447108c7f603e2467857d8c318ddcf7fbba15f7e3dbe13cc1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\_isres_0x0409.dll

Filesize
380KB

MD5
74f3c0fe8cae9f03bf2a1aa3a0407d01

SHA1
c3c154f0bbd508483d58c2cb78498689f7b7c192

SHA256
1d2f9bb9b2f0612265f9606d2a08889229faf75d2f9f32ce048c5891c1f9f99a

SHA512
acf7a94e8e20c87ab16edaf56c51ad99178af30ad2dded93652a27ad95b09d6d448bf7821419eb447108c7f603e2467857d8c318ddcf7fbba15f7e3dbe13cc1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\_isuser_0x0409.dll

Filesize
12KB

MD5
f7494691cfe255e6793463387c710b80

SHA1
137cb0efa74d2c8aec100652653dccf48d1c7bf2

SHA256
3f92d8bf82cb54a85413ac3d9b80fa96317167aaa09bf5cb18853a63f1da8d2b

SHA512
38f35fc31b898642c6a4af30befb88c2d53277573b93abcd0edebcfbd216982eea5b05dbf04a341ac25bf13c3e1a112003633fa58eb2a21be69d0dfba8cace7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\_isuser_0x0409.dll

Filesize
12KB

MD5
f7494691cfe255e6793463387c710b80

SHA1
137cb0efa74d2c8aec100652653dccf48d1c7bf2

SHA256
3f92d8bf82cb54a85413ac3d9b80fa96317167aaa09bf5cb18853a63f1da8d2b

SHA512
38f35fc31b898642c6a4af30befb88c2d53277573b93abcd0edebcfbd216982eea5b05dbf04a341ac25bf13c3e1a112003633fa58eb2a21be69d0dfba8cace7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\_isuser_0x0409.dll

Filesize
12KB

MD5
f7494691cfe255e6793463387c710b80

SHA1
137cb0efa74d2c8aec100652653dccf48d1c7bf2

SHA256
3f92d8bf82cb54a85413ac3d9b80fa96317167aaa09bf5cb18853a63f1da8d2b

SHA512
38f35fc31b898642c6a4af30befb88c2d53277573b93abcd0edebcfbd216982eea5b05dbf04a341ac25bf13c3e1a112003633fa58eb2a21be69d0dfba8cace7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\isrt.dll

Filesize
258KB

MD5
3795427182d2dc8ce5609a342bc65313

SHA1
0e53a85d991526a9191d3b0f3007363b3649faf0

SHA256
f82e52e2a5176c01312f95b300b66ab1d2a0b0bc2556500c8f42a61390cc49cd

SHA512
6c3669b38b67ee37d99f452ad6b0f58102fd0db952e9f146b8e0ec409ce5bc61052d4cdb23c2eed4183b18baf529c86ac95bae420a90908d58d5f4399b0e1b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\isrt.dll

Filesize
258KB

MD5
3795427182d2dc8ce5609a342bc65313

SHA1
0e53a85d991526a9191d3b0f3007363b3649faf0

SHA256
f82e52e2a5176c01312f95b300b66ab1d2a0b0bc2556500c8f42a61390cc49cd

SHA512
6c3669b38b67ee37d99f452ad6b0f58102fd0db952e9f146b8e0ec409ce5bc61052d4cdb23c2eed4183b18baf529c86ac95bae420a90908d58d5f4399b0e1b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\{B06E01BC-66C0-467C-84F8-445B03B2CBED}\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}\isrt.dll

Filesize
258KB

MD5
3795427182d2dc8ce5609a342bc65313

SHA1
0e53a85d991526a9191d3b0f3007363b3649faf0

SHA256
f82e52e2a5176c01312f95b300b66ab1d2a0b0bc2556500c8f42a61390cc49cd

SHA512
6c3669b38b67ee37d99f452ad6b0f58102fd0db952e9f146b8e0ec409ce5bc61052d4cdb23c2eed4183b18baf529c86ac95bae420a90908d58d5f4399b0e1b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C0C5D875-7095-455B-B690-81E0C227D7C2}\0x0409.ini

Filesize
21KB

MD5
be345d0260ae12c5f2f337b17e07c217

SHA1
0976ba0982fe34f1c35a0974f6178e15c238ed7b

SHA256
e994689a13b9448c074f9b471edeec9b524890a0d82925e98ab90b658016d8f3

SHA512
77040dbee29be6b136a83b9e444d8b4f71ff739f7157e451778fb4fccb939a67ff881a70483de16bcb6ae1fea64a89e00711a33ec26f4d3eea8e16c9e9553eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C0C5D875-7095-455B-B690-81E0C227D7C2}\Disk1\ISSetup.dll

Filesize
566KB

MD5
c5e7c495ed4644f46dec884cdd2acd54

SHA1
836acfe7444bd6589adf78b14058430724d67da1

SHA256
da30a9e6304c22feb626e5fb41f44aed11ae3ad36d50676f97250c6a1da6d052

SHA512
a1e00ad65aed84ca8dc87746ed616bf3568cc6472796f3028f5bf635b9e42e94c35c549e41efd4c7cb2c74925361d32bb44857018756036e67088b47385242ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C0C5D875-7095-455B-B690-81E0C227D7C2}\Disk1\ISSetup.dll

Filesize
566KB

MD5
c5e7c495ed4644f46dec884cdd2acd54

SHA1
836acfe7444bd6589adf78b14058430724d67da1

SHA256
da30a9e6304c22feb626e5fb41f44aed11ae3ad36d50676f97250c6a1da6d052

SHA512
a1e00ad65aed84ca8dc87746ed616bf3568cc6472796f3028f5bf635b9e42e94c35c549e41efd4c7cb2c74925361d32bb44857018756036e67088b47385242ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C0C5D875-7095-455B-B690-81E0C227D7C2}\Disk1\ISSetup.dll

Filesize
566KB

MD5
c5e7c495ed4644f46dec884cdd2acd54

SHA1
836acfe7444bd6589adf78b14058430724d67da1

SHA256
da30a9e6304c22feb626e5fb41f44aed11ae3ad36d50676f97250c6a1da6d052

SHA512
a1e00ad65aed84ca8dc87746ed616bf3568cc6472796f3028f5bf635b9e42e94c35c549e41efd4c7cb2c74925361d32bb44857018756036e67088b47385242ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C0C5D875-7095-455B-B690-81E0C227D7C2}\Disk1\setup.inx

Filesize
389KB

MD5
03f1d4a210ec2c4754940d013ca308c8

SHA1
8c5a591d6f42d4ed7ba05fbaf9d29581f920df42

SHA256
66839bbb05dffebdae4c97203ba7006529cf8df4096ac185c6fb7af89ccc0613

SHA512
73a10a8592b69db7eefd2941d228bc9a7af57c12a9f6ceeb25e3a2b1c543a4f02f21aae1813304bffbebf58f2ff176729a6c3b0bb9d206f589a6d09eeb3e4797

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C0C5D875-7095-455B-B690-81E0C227D7C2}\setup.ini

Filesize
2KB

MD5
11c44cd2b38618224323f6f82252c97b

SHA1
5d70a72afa876caa381f16e60d58b9955565efcf

SHA256
69ea91564dd7ee283a289ee619c2013ae69a54f3bb465b4d8b4f0bad570f856c

SHA512
a0731798786db9c094dd5bd86e5026a364a0a66461df0003dfb0d6c06def997bd07dd68413de7fe846d2350d9fe09740b75d0f309cbefb4e0f0bf9fb2b00f894

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
5c7f83ebfb2c29d5038875c35b613550

SHA1
5ffb81a023d8cd48fa63890036424dc9e1e71b60

SHA256
c30c661062395205689cb186c7ba51aaac2d64a7ccaac7768b05a7c81f44a5d5

SHA512
edb879d4fba139360d8b42dfc1df3ca0b0573bc3251f7a8d65002030adc20e3044d97c010fa1dec331e65198c1dbe7cd358dc0a38650212d64b17bbfde2df48b

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
ffdac5596d38567cdc1aec0cb571a7e1

SHA1
4398a461da5303ebfdde71ab2911b8c3ac203db3

SHA256
fd3708b163e56438783ae7db658bef7c75e0bcabcb19e46a9a596787deafc700

SHA512
450f5b13a38975d24ca2c5fda0830a782ce1271b0fc6c6684f7ca596ac175701163f54b6635527fab5d7b41821254a8c2f0af69d191b9fb08ede75c0d63e521f

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
146KB

MD5
c7b238a2f399ed60d8fa433d4b34505f

SHA1
9eebdff3fe646746aa3785d4483dac48983f4f35

SHA256
09a8c168fd312f6efdbbc88ebea071ff155c535b2119dcb93aa845c6b49d74eb

SHA512
26777a196901c61f44b3959a1a185fc49ea328654ba771be29c1313b71d3b88ea91e269c01023c8f46fa8937993645de25af1c45ce2c4e09a44e7d20de3b7ce4

Download Submit
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\FW_7662.bin

Filesize
77KB

MD5
f891a407e9300e4e70d013b971ab61ed

SHA1
392dcaf637fbe1a268241fac54a1d4920836abea

SHA256
24b20cf1357e9f86af4582f713c3ecadb73b43a019e4c9efd5d02833081fb083

SHA512
d48a6814416443141821a6ad69e8fc03c4691c430aaf2d64920891b6a1784bb363e44326115ae574881f1264f05ec125ea046f4c0a4224908135e8539eef30e5

Download Submit
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\Patch_7662.bin

Filesize
20KB

MD5
cd641eb06904d8a73b44d4b8b373ea2f

SHA1
79c5843b62dd82274323c68846829e0e5d1e7caa

SHA256
856f0f58217d90d4a8d55488eb2f70ea67953fd6712d4b570d96cfcf77dc1cf4

SHA512
440a946eda6fa814e36427af3d1a864972627bcbdb3b625e3a4949c3ce560923672e1456630d481b3b4fe03378ef62189a3aad1bc541ba1f9f7206128442623b

Download Submit
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\RaCoInst.dat

Filesize
16KB

MD5
daf91704a9550175c10bb256dc08c957

SHA1
e0162d36d2b8fd617f0c2cfef23296fc46d52794

SHA256
3c24e7b4bd0e83bb031bc297a9045cb1c10269b2c92289f1455dc9fc4aceeb29

SHA512
0f504b94dfcadbed96ce8e6d40113e44db8466a29fdace8132335025014445446150c4ca3632a0ca3e8c9e471c7e54959dc41fc98f4af4a48d4f53d09324482d

Download Submit
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\RaCoInstx.dll

Filesize
335KB

MD5
be7847e3c8589153cca0b85bf1ff4561

SHA1
9fe380890c68b400e7bcf2cea72a4fee09c3fd87

SHA256
b407adea4773eaa54410292eb918532b689075193a7c8a5353d103f3fcddc539

SHA512
4b3c653df182043c8f740c3dca0205cf61ff6dd3dfcd74701c38e27e86f97128279f3d47a1d2e3c2fa953b01643b9f7181633eb7dda09b98d119d7813f491e04

Download Submit
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.cat

Filesize
37KB

MD5
798c128ba1e91010e51e8f7e759869f1

SHA1
7904b2d06ef5552aca75e06aa8ffd8c64c0af9b6

SHA256
864a3eef80765823c4bf522d749748c33b357823749e3cfe3cba27ada458fc72

SHA512
6d5e5ea7d31b674fcf80aa9c5e10ad292e517e12d2548ee873c42a22da73020de78db562e61c223764be1d1caf2cfa0ed37eb4ab10e225488148d24e1bc24905

Download Submit
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.cat

Filesize
37KB

MD5
798c128ba1e91010e51e8f7e759869f1

SHA1
7904b2d06ef5552aca75e06aa8ffd8c64c0af9b6

SHA256
864a3eef80765823c4bf522d749748c33b357823749e3cfe3cba27ada458fc72

SHA512
6d5e5ea7d31b674fcf80aa9c5e10ad292e517e12d2548ee873c42a22da73020de78db562e61c223764be1d1caf2cfa0ed37eb4ab10e225488148d24e1bc24905

Download Submit
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.inf

Filesize
887KB

MD5
10cfa664d12cfb1cf7e198a7d547713c

SHA1
66d0983dcc7f686bcb1a7cc4683faa3158224fd7

SHA256
31e57d6f314ef0296ec95c20fcb7c4b2cc9f15366a0356b41131035c8b8209e2

SHA512
5001b85717fc0d6d2789c70ac3825e540c199e26caded68cfcf1fbed91dc6c09d0a6db95a42bb879b6cdc079c903cf4baeecf289f50485467098348b46df596a

Download Submit
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.inf

Filesize
887KB

MD5
10cfa664d12cfb1cf7e198a7d547713c

SHA1
66d0983dcc7f686bcb1a7cc4683faa3158224fd7

SHA256
31e57d6f314ef0296ec95c20fcb7c4b2cc9f15366a0356b41131035c8b8209e2

SHA512
5001b85717fc0d6d2789c70ac3825e540c199e26caded68cfcf1fbed91dc6c09d0a6db95a42bb879b6cdc079c903cf4baeecf289f50485467098348b46df596a

Download Submit
C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_9d775036bc0afa79\netr28ux.sys

Filesize
2.1MB

MD5
7071e73bdd8b5cdf236312864d0fc1cb

SHA1
36442fa941aaa9f3916d1e63abeeb6c2a2b8d546

SHA256
ade38351a626dc0a6bcde1d09b214c94a65ba89fc9b0a69045019ecbf27bef59

SHA512
1c1fafe9ea8959b144aa5468681583df4378d8fcb823eeb16b943f050eeee81168a4f79657023b7c7001de6ed2f8dc63fb141bbefa2b9a6ed58533b0c0deb68d

Download Submit
C:\Windows\inf\oem3.inf

Filesize
887KB

MD5
10cfa664d12cfb1cf7e198a7d547713c

SHA1
66d0983dcc7f686bcb1a7cc4683faa3158224fd7

SHA256
31e57d6f314ef0296ec95c20fcb7c4b2cc9f15366a0356b41131035c8b8209e2

SHA512
5001b85717fc0d6d2789c70ac3825e540c199e26caded68cfcf1fbed91dc6c09d0a6db95a42bb879b6cdc079c903cf4baeecf289f50485467098348b46df596a

Download Submit
memory/3628-10275-0x0000000002430000-0x00000000025D8000-memory.dmp

Filesize
1.7MB

Download
memory/3628-10293-0x0000000002430000-0x00000000025D8000-memory.dmp

Filesize
1.7MB

Download
memory/3628-10309-0x0000000002430000-0x00000000025D8000-memory.dmp

Filesize
1.7MB

Download
memory/3628-10308-0x0000000002430000-0x00000000025D8000-memory.dmp

Filesize
1.7MB

Download
memory/3628-10276-0x0000000005BD0000-0x0000000005C76000-memory.dmp

Filesize
664KB

Download
memory/3628-10306-0x0000000002430000-0x00000000025D8000-memory.dmp

Filesize
1.7MB

Download
memory/3628-87-0x0000000002430000-0x00000000025D8000-memory.dmp

Filesize
1.7MB

Download
memory/3628-10303-0x0000000005BD0000-0x0000000005C76000-memory.dmp

Filesize
664KB

Download
memory/3628-10910-0x0000000005BD0000-0x0000000005C76000-memory.dmp

Filesize
664KB

Download
memory/3628-10277-0x0000000002430000-0x00000000025D8000-memory.dmp

Filesize
1.7MB

Download
memory/3628-10909-0x0000000002430000-0x00000000025D8000-memory.dmp

Filesize
1.7MB

Download
memory/3628-10307-0x0000000005BD0000-0x0000000005C76000-memory.dmp

Filesize
664KB

Download
memory/3628-200-0x0000000000C20000-0x0000000000C22000-memory.dmp

Filesize
8KB

Download
memory/3628-10294-0x0000000005BD0000-0x0000000005C76000-memory.dmp

Filesize
664KB

Download
memory/3628-439-0x0000000002430000-0x00000000025D8000-memory.dmp

Filesize
1.7MB

Download
memory/3628-5220-0x0000000005BD0000-0x0000000005C76000-memory.dmp

Filesize
664KB

Download
memory/3628-5222-0x0000000005BD0000-0x0000000005C76000-memory.dmp

Filesize
664KB

Download
memory/3628-5223-0x0000000004F10000-0x0000000004F12000-memory.dmp

Filesize
8KB

Download
memory/3628-11171-0x0000000000A10000-0x0000000000A2A000-memory.dmp

Filesize
104KB

Download
memory/3628-11175-0x0000000002430000-0x00000000025D8000-memory.dmp

Filesize
1.7MB

Download
memory/3628-11176-0x0000000005BD0000-0x0000000005C76000-memory.dmp

Filesize
664KB

Download