1c2df64413c29b713cd02d9bf4cab3531044b2fa6b3f47e29b9ecdbe769fde86

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
04/11/2023, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UsbDk_1.0.22_x64.msi
Size

6.1MB
MD5

163a9d11b9fdec29027abc090059c08d
SHA1

5df419114f2697c053b3cff414950eb5166ecbf2
SHA256

91f6f695e1e13c656024e6d3b55620bf08d8835ef05ee0496935ba6bb62466a5
SHA512

9e80cad0be81e13827f7cba3d44ef23847bca0d2c8c1663c75a833e8f26dacb626d69b7ee9b8191111847996a034daf181756ca07b5956058a07856bbcaedaf0
SSDEEP

196608:A3yzLWzWg+LC2dVZyL0MU6diS+fWe7/00la:sHz/2dKL7jdiPOe7/00

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\Drivers\UsbDk.sys	UsbDkInstHelper.exe
File opened for modification	C:\Windows\System32\Drivers\UsbDk.sys	UsbDkInstHelper.exe

Executes dropped EXE 1 IoCs

pid	Process
2620	UsbDkInstHelper.exe

Loads dropped DLL 5 IoCs

pid	Process
2060	msiexec.exe
2620	UsbDkInstHelper.exe
2620	UsbDkInstHelper.exe
2620	UsbDkInstHelper.exe
2620	UsbDkInstHelper.exe

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	1108	msiexec.exe
5	2060	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\UsbDk Runtime Library\UsbDk.sys	msiexec.exe
File created	C:\Program Files\UsbDk Runtime Library\UsbDk.tmf	msiexec.exe
File created	C:\Program Files\UsbDk Runtime Library\UsbDkController.exe	msiexec.exe
File created	C:\Program Files\UsbDk Runtime Library\UsbDkHelper.dll	msiexec.exe
File created	C:\Program Files\UsbDk Runtime Library\UsbDkInstHelper.exe	msiexec.exe
File created	C:\Program Files\UsbDk Runtime Library\WdfCoinstaller01011.dll	msiexec.exe
File created	C:\Program Files\UsbDk Runtime Library\UsbDkHelper_x86.dll	msiexec.exe
File created	C:\Program Files\UsbDk Runtime Library\UsbDk.inf	msiexec.exe

Drops file in Windows directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\f76e215.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File created	C:\Windows\Installer\f76e215.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE9C2.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File created	C:\Windows\Installer\f76e216.ipi	msiexec.exe
File created	C:\Windows\wusa.lock	wusa.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	wusa.exe
File opened for modification	C:\Windows\WindowsUpdate.log	wusa.exe
File opened for modification	C:\Windows\Installer\f76e216.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	UsbDkInstHelper.exe
File opened for modification	C:\Windows\setupact.log	UsbDkInstHelper.exe
File opened for modification	C:\Windows\setuperr.log	UsbDkInstHelper.exe
File opened for modification	C:\Windows\Logs\DPX\setupact.log	wusa.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2060	msiexec.exe
2060	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1108	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1108	msiexec.exe
Token: SeRestorePrivilege	2060	msiexec.exe
Token: SeTakeOwnershipPrivilege	2060	msiexec.exe
Token: SeSecurityPrivilege	2060	msiexec.exe
Token: SeCreateTokenPrivilege	1108	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1108	msiexec.exe
Token: SeLockMemoryPrivilege	1108	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1108	msiexec.exe
Token: SeMachineAccountPrivilege	1108	msiexec.exe
Token: SeTcbPrivilege	1108	msiexec.exe
Token: SeSecurityPrivilege	1108	msiexec.exe
Token: SeTakeOwnershipPrivilege	1108	msiexec.exe
Token: SeLoadDriverPrivilege	1108	msiexec.exe
Token: SeSystemProfilePrivilege	1108	msiexec.exe
Token: SeSystemtimePrivilege	1108	msiexec.exe
Token: SeProfSingleProcessPrivilege	1108	msiexec.exe
Token: SeIncBasePriorityPrivilege	1108	msiexec.exe
Token: SeCreatePagefilePrivilege	1108	msiexec.exe
Token: SeCreatePermanentPrivilege	1108	msiexec.exe
Token: SeBackupPrivilege	1108	msiexec.exe
Token: SeRestorePrivilege	1108	msiexec.exe
Token: SeShutdownPrivilege	1108	msiexec.exe
Token: SeDebugPrivilege	1108	msiexec.exe
Token: SeAuditPrivilege	1108	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1108	msiexec.exe
Token: SeChangeNotifyPrivilege	1108	msiexec.exe
Token: SeRemoteShutdownPrivilege	1108	msiexec.exe
Token: SeUndockPrivilege	1108	msiexec.exe
Token: SeSyncAgentPrivilege	1108	msiexec.exe
Token: SeEnableDelegationPrivilege	1108	msiexec.exe
Token: SeManageVolumePrivilege	1108	msiexec.exe
Token: SeImpersonatePrivilege	1108	msiexec.exe
Token: SeCreateGlobalPrivilege	1108	msiexec.exe
Token: SeBackupPrivilege	2696	vssvc.exe
Token: SeRestorePrivilege	2696	vssvc.exe
Token: SeAuditPrivilege	2696	vssvc.exe
Token: SeBackupPrivilege	2060	msiexec.exe
Token: SeRestorePrivilege	2060	msiexec.exe
Token: SeRestorePrivilege	880	DrvInst.exe
Token: SeRestorePrivilege	880	DrvInst.exe
Token: SeRestorePrivilege	880	DrvInst.exe
Token: SeRestorePrivilege	880	DrvInst.exe
Token: SeRestorePrivilege	880	DrvInst.exe
Token: SeRestorePrivilege	880	DrvInst.exe
Token: SeRestorePrivilege	880	DrvInst.exe
Token: SeLoadDriverPrivilege	880	DrvInst.exe
Token: SeLoadDriverPrivilege	880	DrvInst.exe
Token: SeLoadDriverPrivilege	880	DrvInst.exe
Token: SeRestorePrivilege	2060	msiexec.exe
Token: SeTakeOwnershipPrivilege	2060	msiexec.exe
Token: SeRestorePrivilege	2060	msiexec.exe
Token: SeTakeOwnershipPrivilege	2060	msiexec.exe
Token: SeRestorePrivilege	2060	msiexec.exe
Token: SeTakeOwnershipPrivilege	2060	msiexec.exe
Token: SeLoadDriverPrivilege	2620	UsbDkInstHelper.exe
Token: SeLoadDriverPrivilege	2620	UsbDkInstHelper.exe
Token: SeRestorePrivilege	2620	UsbDkInstHelper.exe
Token: SeRestorePrivilege	2620	UsbDkInstHelper.exe
Token: SeRestorePrivilege	2620	UsbDkInstHelper.exe
Token: SeRestorePrivilege	2620	UsbDkInstHelper.exe
Token: SeRestorePrivilege	2620	UsbDkInstHelper.exe
Token: SeRestorePrivilege	2620	UsbDkInstHelper.exe
Token: SeRestorePrivilege	2620	UsbDkInstHelper.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1108	msiexec.exe
1108	msiexec.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2620	2060	msiexec.exe	34
PID 2060 wrote to memory of 2620	2060	msiexec.exe	34
PID 2060 wrote to memory of 2620	2060	msiexec.exe	34
PID 2620 wrote to memory of 2476	2620	UsbDkInstHelper.exe	36
PID 2620 wrote to memory of 2476	2620	UsbDkInstHelper.exe	36
PID 2620 wrote to memory of 2476	2620	UsbDkInstHelper.exe	36

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\UsbDk_1.0.22_x64.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1108

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files\UsbDk Runtime Library\UsbDkInstHelper.exe
  "C:\Program Files\UsbDk Runtime Library\\UsbDkInstHelper.exe" i
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Windows\system32\wusa.exe
    C:\Windows\system32\wusa.exe "C:\Windows\Temp\WdfTemp\Kmdf-1.11-Win-6.1.msu" /quiet /norestart
    3⤵
    - Drops file in Windows directory
    PID:2476

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2696

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003C8" "0000000000000328"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:880

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\UsbDk Runtime Library\UsbDk.inf

Filesize
301B

MD5
701e82189769259b5062f48e187b2545

SHA1
93250a3e4100b42b1de8d31b71c1986a340ca9ff

SHA256
54a523c3203d77def6a190c7ffcfab6c029b299d8c3aa5bdbae78564ed2f9ee0

SHA512
7a3a459f1ee21a7fded9ebae2fdb020753ec3416134e058bf62ae227b6d9c29e22bee36f0919ad3c590d0b1059ec5f3507cbfa6663ccd06314af0b86a542c1ed

Download Submit
C:\Program Files\UsbDk Runtime Library\UsbDk.sys

Filesize
91KB

MD5
a5b98b5b446c5b7fe5874c9a1949fceb

SHA1
9adb529cea0d61f7b6422ddac6921dd897f9e474

SHA256
074cb675445172e3af3a6de82fb3de55083769f257f6830e7306adb1d3369249

SHA512
fe51570b30ef9bcb47ba4f64e971494ebc806102b65f39bf6c2f64f4b04c73ad27c88db6a5c5fc185db992ead81e5f96cb45a6e105ae96263c4f15960a0c7c9a

Download Submit
C:\Program Files\UsbDk Runtime Library\UsbDkHelper.dll

Filesize
328KB

MD5
8b6e20096b1cdc5304a75069dbe53b9e

SHA1
c802a0d8fa3e8ed2c996bd63753110e29e8c451e

SHA256
b34f26a20d2bd951cd29ace50837e3f1bac1559bbe32a75457ae2d9159fda2e1

SHA512
74347f69f785c406e23591fb961936ec32a837bda58730e50601387e2cb76a4ba1140bd679fbdcaa1275e14ce89611aa0b335024ea0d6dc27e076ada08241d67

Download Submit
C:\Program Files\UsbDk Runtime Library\UsbDkInstHelper.exe

Filesize
96KB

MD5
fe5563e025ae19b98cb9ce9dd4ee28c4

SHA1
2e1070dc9f782dc474d565fc2a5e11eebac7fa72

SHA256
f6861c22403a5bf26151d6babac61de0a77f0b36774bad2dfba02613ccd9a59e

SHA512
7c39d1c4b81bc585559fb9c6b28d4e9a988fbc717caddd9561c8963e05ec3d02889e0f3a5885131636512dce00caad8394c2a0ab8dc18a9dc257d0305e866938

Download Submit
C:\Program Files\UsbDk Runtime Library\WdfCoInstaller01011.dll

Filesize
1.7MB

MD5
d10864c1730172780c2d4be633b9220a

SHA1
b85d02ba0e8de4aeded1a2f5679505cd403bd201

SHA256
f6fb39a8578f19616570d5a3dc7212c84a9da232b30a03376bbf08f4264fedf2

SHA512
c161bfa9118e04eb60a885bf99758843c4b1349ac58d2e501dabbd7efc0480ec902ac9a2be16f850b218e97b022a90fcc44925d7b6e5113766621f7ade38b040

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32e83edf2e52f21a321741a981d2df0f

SHA1
704ba16c60591ebb0ac9ecf061535875525e0912

SHA256
8adf05ce381a1b0ebb624708a00aa8bfdb5f581ea85d419c416e7cd4ebc672ed

SHA512
0d40319e7fba471fddec6d0380559bb2afb9d07b42bc574ab5fc51de16a2f1a03c0387993c3d8fcffa20253e066a55a1335953a11f6d5cd9836c737dd0f029c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab845E.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8471.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
C:\Windows\Temp\WdfTemp\Kmdf-1.11-Win-6.1.msu

Filesize
791KB

MD5
8f2169ac64728668ff5dee9433ad370b

SHA1
191e09df632b70fd4f4b27d4cb9227f7c5a1c98c

SHA256
c1aa0a453e4a886d7670da2209872737323baa9e36145ea838c9f8ffd7e7d7e7

SHA512
0b86c61c082fe21c51bf356c07d617a687049f4d41c5beb9710efb47d965e42ef5455bd82ff945d03cf4e3f088ea71a1be336dc3a402139ca0b90c0ad1a09db8

Download Submit
C:\Windows\setupact.log

Filesize
22KB

MD5
4eee506f105cfa753f1eabf29589595a

SHA1
0864179f5eac559b36e5a10b11f7eae7f8c4b0fa

SHA256
1e4d49b9caf4e5118c619a006c962afe9a5f78b917298de77192c9430ecbffe4

SHA512
8f52d5ac5697262f7b7d8086b9884b82773b62fcf85e578a75b03a667dfaab757d4eb26b11c725ed59295377e12b8509d0cdaecf5c69eb44b27c3f7962f2c521

Download Submit
\Program Files\UsbDk Runtime Library\UsbDkHelper.dll

Filesize
328KB

MD5
8b6e20096b1cdc5304a75069dbe53b9e

SHA1
c802a0d8fa3e8ed2c996bd63753110e29e8c451e

SHA256
b34f26a20d2bd951cd29ace50837e3f1bac1559bbe32a75457ae2d9159fda2e1

SHA512
74347f69f785c406e23591fb961936ec32a837bda58730e50601387e2cb76a4ba1140bd679fbdcaa1275e14ce89611aa0b335024ea0d6dc27e076ada08241d67

Download Submit
\Program Files\UsbDk Runtime Library\UsbDkInstHelper.exe

Filesize
96KB

MD5
fe5563e025ae19b98cb9ce9dd4ee28c4

SHA1
2e1070dc9f782dc474d565fc2a5e11eebac7fa72

SHA256
f6861c22403a5bf26151d6babac61de0a77f0b36774bad2dfba02613ccd9a59e

SHA512
7c39d1c4b81bc585559fb9c6b28d4e9a988fbc717caddd9561c8963e05ec3d02889e0f3a5885131636512dce00caad8394c2a0ab8dc18a9dc257d0305e866938

Download Submit
\Program Files\UsbDk Runtime Library\WdfCoinstaller01011.dll

Filesize
1.7MB

MD5
d10864c1730172780c2d4be633b9220a

SHA1
b85d02ba0e8de4aeded1a2f5679505cd403bd201

SHA256
f6fb39a8578f19616570d5a3dc7212c84a9da232b30a03376bbf08f4264fedf2

SHA512
c161bfa9118e04eb60a885bf99758843c4b1349ac58d2e501dabbd7efc0480ec902ac9a2be16f850b218e97b022a90fcc44925d7b6e5113766621f7ade38b040

Download Submit
\Program Files\UsbDk Runtime Library\WdfCoinstaller01011.dll

Filesize
1.7MB

MD5
d10864c1730172780c2d4be633b9220a

SHA1
b85d02ba0e8de4aeded1a2f5679505cd403bd201

SHA256
f6fb39a8578f19616570d5a3dc7212c84a9da232b30a03376bbf08f4264fedf2

SHA512
c161bfa9118e04eb60a885bf99758843c4b1349ac58d2e501dabbd7efc0480ec902ac9a2be16f850b218e97b022a90fcc44925d7b6e5113766621f7ade38b040

Download Submit
\Program Files\UsbDk Runtime Library\WdfCoinstaller01011.dll

Filesize
1.7MB

MD5
d10864c1730172780c2d4be633b9220a

SHA1
b85d02ba0e8de4aeded1a2f5679505cd403bd201

SHA256
f6fb39a8578f19616570d5a3dc7212c84a9da232b30a03376bbf08f4264fedf2

SHA512
c161bfa9118e04eb60a885bf99758843c4b1349ac58d2e501dabbd7efc0480ec902ac9a2be16f850b218e97b022a90fcc44925d7b6e5113766621f7ade38b040

Download Submit
memory/2620-286-0x0000000001ED0000-0x0000000001F74000-memory.dmp

Filesize
656KB

Download