b1029b95248846b315689e392a0a490051dbeaab2776547a4b6dcebed3585064

Analysis

max time kernel
123s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Android Fastboot & mini ADB Drivers/UniversalAdbDriverSetup.msi
Size

16.3MB
MD5

a0b1cc7c5c26044738798ba2e5e8c217
SHA1

745bb99063748a2f309888467aac70c3c7ef6a2e
SHA256

4e77e303bba6cf84588bdb6da91f7a875d406f7930cbe9f4d2aae0b643c0c928
SHA512

2030a9e6cc935b40ac173bdcad434e200c36854b321da4324411e3ac58852445270a7aca379fd7c46ac95bf72a34fa924667cba5c7050af97d42880892e983f4
SSDEEP

393216:Hc2Ryzq2+0lkPEezmlMUH9n0sEf0/c++oLw525IgfLJ5pz3:azHPKmVB0MUzMw525ljpz

Score

8^/10

Malware Config

Signatures

Manipulates Digital Signatures 1 TTPs 2 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

Processes:

UniversalAdbDriverInstaller.exeDrvInst.exe

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\957808C44F0FFF0431E8F86705FD40B4145A701F\Blob = 030000000100000014000000957808c44f0fff0431e8f86705fd40b4145a701f200000000100000000030000308202fc308201e8a0030201020210bc76d154f48bc986401337d65adabf1c300906052b0e03021d05003017311530130603550403130c556e6976657273616c414442301e170d3234303131393135303934375a170d3339313233313233353935395a3017311530130603550403130c556e6976657273616c41444230820122300d06092a864886f70d01010105000382010f003082010a028201010085a2129987af5a1baa120a6bff0357ab7913b619bc618b8cd59ba1ffd0dec13670e3ffeae7a975023f171ac3391bdcf44fa01fec6be612048248e3727532aab9c7d7b772cd29b0847c975666c52ccf78e8c533b4a24e0d342cb6426a5e220b5aa706cc5349b7d0590be2065ba7ceb70830c10b6809df3147f5ae1447869e11eab7062726d1933de3b402a4b86265fe61b3605366dca738b3e10c92f8a8b6f8e9b2156a8510497d49ba2ffa80f32b4ffb217c6d6d8542faca064809b18b9570a14c7fff14860bb41c6162f9489167966fcdbb0d22d9ff2e915d931c49dcfa7956e4bc6d5dc996aa7846f8f4f89973e4696d34a8c57c878d94f0a614b347accf810203010001a34c304a30480603551d010441303f8010491dfcffe40969b470d98275051398aca1193017311530130603550403130c556e6976657273616c4144428210bc76d154f48bc986401337d65adabf1c300906052b0e03021d050003820101007573bd52d405877fa1de9b75407864147fa51a93292faf9fd54773e7d932538fe67a05b07a0b7aff77627c0f91b8dc5c18369fbc7a0aece82b16bb9d486ed69bbb83b9a5c47d21be490d4c766bcedde7d72f88e0f9ad2bb07f940db43d2eb00ecc90f4dd2ce68392714b4473b97f89473e510a1ef54e3899ebed75800125a26010ecbe257fb253f6cdecc3cd7071970a714218493678e798e17a42c1f5146e00882cfc37d0676031e5251aec07dfa842d8a7a46fdc465a358439a1c501fd72a641e2966cb8dfbc1a906d5f191caecc54258b4e337b4b7263f6d7115c11c49a2478f6b6394bbd80c5e3e8283675f62a590fa497f4ec15990d2c830f7966a10be5	UniversalAdbDriverInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\957808C44F0FFF0431E8F86705FD40B4145A701F\Blob = 0f0000000100000014000000f2829d55721077e5fc7444f8136ce015541a9cb0030000000100000014000000957808c44f0fff0431e8f86705fd40b4145a701f200000000100000000030000308202fc308201e8a0030201020210bc76d154f48bc986401337d65adabf1c300906052b0e03021d05003017311530130603550403130c556e6976657273616c414442301e170d3234303131393135303934375a170d3339313233313233353935395a3017311530130603550403130c556e6976657273616c41444230820122300d06092a864886f70d01010105000382010f003082010a028201010085a2129987af5a1baa120a6bff0357ab7913b619bc618b8cd59ba1ffd0dec13670e3ffeae7a975023f171ac3391bdcf44fa01fec6be612048248e3727532aab9c7d7b772cd29b0847c975666c52ccf78e8c533b4a24e0d342cb6426a5e220b5aa706cc5349b7d0590be2065ba7ceb70830c10b6809df3147f5ae1447869e11eab7062726d1933de3b402a4b86265fe61b3605366dca738b3e10c92f8a8b6f8e9b2156a8510497d49ba2ffa80f32b4ffb217c6d6d8542faca064809b18b9570a14c7fff14860bb41c6162f9489167966fcdbb0d22d9ff2e915d931c49dcfa7956e4bc6d5dc996aa7846f8f4f89973e4696d34a8c57c878d94f0a614b347accf810203010001a34c304a30480603551d010441303f8010491dfcffe40969b470d98275051398aca1193017311530130603550403130c556e6976657273616c4144428210bc76d154f48bc986401337d65adabf1c300906052b0e03021d050003820101007573bd52d405877fa1de9b75407864147fa51a93292faf9fd54773e7d932538fe67a05b07a0b7aff77627c0f91b8dc5c18369fbc7a0aece82b16bb9d486ed69bbb83b9a5c47d21be490d4c766bcedde7d72f88e0f9ad2bb07f940db43d2eb00ecc90f4dd2ce68392714b4473b97f89473e510a1ef54e3899ebed75800125a26010ecbe257fb253f6cdecc3cd7071970a714218493678e798e17a42c1f5146e00882cfc37d0676031e5251aec07dfa842d8a7a46fdc465a358439a1c501fd72a641e2966cb8dfbc1a906d5f191caecc54258b4e337b4b7263f6d7115c11c49a2478f6b6394bbd80c5e3e8283675f62a590fa497f4ec15990d2c830f7966a10be5	DrvInst.exe

Executes dropped EXE 4 IoCs

Processes:

UniversalAdbDriverInstaller.exemakecert.exesigntool.exesigntool.exe

pid	Process
2520	UniversalAdbDriverInstaller.exe
1688	makecert.exe
320	signtool.exe
2992	signtool.exe

Loads dropped DLL 4 IoCs

Processes:

MsiExec.exeMsiExec.exe

pid	Process
2752	MsiExec.exe
2752	MsiExec.exe
2192	MsiExec.exe
2192	MsiExec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	Process
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe

Drops file in System32 directory 28 IoCs

Processes:

DrvInst.exeUniversalAdbDriverInstaller.exe

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\WinUSBCoInstaller.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FCA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	UniversalAdbDriverInstaller.exe
File created	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FB9.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\android_winusb.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\SET2FDC.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\android_winusb.inf_amd64_neutral_8934a46ee8218e5f\android_winusb.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\INFCACHE.0	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	UniversalAdbDriverInstaller.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FC9.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\SET2FCB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstrng.dat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infpub.dat	UniversalAdbDriverInstaller.exe
File created	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FCA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\SET2FCB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\WdfCoInstaller01007.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\WdfCoInstaller01009.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\androidwinusba64.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\infstor.dat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\android_winusb.inf_amd64_neutral_8934a46ee8218e5f\android_winusb.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FB8.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\WinUSBCoInstaller2.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FB9.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FC9.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\SET2FDC.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FB8.tmp	DrvInst.exe

Drops file in Program Files directory 34 IoCs

Processes:

msiexec.exemakecert.exesigntool.exesigntool.exe

description	ioc	Process
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\androidwinusba64.cat	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\UniversalAdbDriverInstaller.exe.config	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\UniversalADB.cer	makecert.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\androidwinusb86.cat	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\i386\WdfCoInstaller01007.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\i386\WdfCoInstaller01009.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\Newtonsoft.Json.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\UniversalAdbDriverInstaller.exe	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\makecert.exe	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\AdbWinUsbApi.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\source.properties	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\AdbNativeMessaging.exe	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\amd64\winusbcoinstaller2.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\i386\WUDFUpdate_01007.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\signtool.exe	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\nmh-manifest.json	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\i386\NOTICE.txt	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\i386\winusbcoinstaller.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\androidwinusba64.cat	signtool.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\android_winusb.inf	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\amd64\WdfCoInstaller01009.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\amd64\WUDFUpdate_01009.dll	msiexec.exe
File opened for modification	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\androidwinusb86.cat	signtool.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\UniversalAdbDriverInstaller.exe.manifest	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\amd64\WUDFUpdate_01007.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\i386\winusbcoinstaller2.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\amd64\WdfCoInstaller01007.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\amd64\NOTICE.txt	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\i386\WUDFUpdate_01009.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\adb.exe	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\AdbNativeMessaging.exe.config	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\BouncyCastle.Crypto.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\amd64\winusbcoinstaller.dll	msiexec.exe
File created	C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\AdbWinApi.dll	msiexec.exe

Drops file in Windows directory 18 IoCs

Processes:

msiexec.exeDrvInst.exeDrvInst.exeUniversalAdbDriverInstaller.exe

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\{C0E08D8D-6076-4117-B644-2AF34F35B757}\_376EF0DA1723590BE67F63.exe	msiexec.exe
File created	C:\Windows\Installer\f771d8f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1DDD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1EA9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f771d90.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\f771d8f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1F94.tmp	msiexec.exe
File created	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\oem2.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File created	C:\Windows\Installer\f771d90.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	UniversalAdbDriverInstaller.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\{C0E08D8D-6076-4117-B644-2AF34F35B757}\_376EF0DA1723590BE67F63.exe	msiexec.exe
File created	C:\Windows\Installer\f771d92.msi	msiexec.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

DrvInst.exesigntool.exeDrvInst.exeUniversalAdbDriverInstaller.exesigntool.exemakecert.exe

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2e\52C64B7E	UniversalAdbDriverInstaller.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	signtool.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0074000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	signtool.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\System32\fveui.dll,-844 = "BitLocker Data Recovery Agent"	UniversalAdbDriverInstaller.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	signtool.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\PrivateCertStore\CRLs	makecert.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	signtool.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\4e-ee-df-9e-22-c8	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\p2pcollab.dll,-8042 = "Peer to Peer Trust"	UniversalAdbDriverInstaller.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\@%SystemRoot%\system32\qagentrt.dll,-10 = "System Health Authentication"	UniversalAdbDriverInstaller.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	signtool.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	signtool.exe

Modifies registry class 30 IoCs

Processes:

msiexec.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|ClockworkMod\|Universal Adb Driver\|Newtonsoft.Json.dll	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\SourceList\PackageName = "UniversalAdbDriverSetup.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\DeploymentFlags = "3"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|ClockworkMod\|Universal Adb Driver\|BouncyCastle.Crypto.dll\BouncyCastle.Crypto,Version="1.7.4114.6375",Culture="neutral",PublicKeyToken="0E99375E54769942",ProcessorArchitecture=" = 3600360034007e0066005700780036007700380041003200210031007700670027004100340044003e005400510074005d003000560029005600300041004d004e0060003f00300038006b005b007a00680000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|ClockworkMod\|Universal Adb Driver\|Newtonsoft.Json.dll\Newtonsoft.Json,Version="7.0.0.0",Culture="neutral",PublicKeyToken="30AD4FE6B2A6AEED",ProcessorArchitecture="MSIL" = 3600360034007e0066005700780036007700380041003200210031007700670027004100340044003e003800570072003700630053004500350052004f0073006c007800650066005a00570060007000760000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|ClockworkMod\|Universal Adb Driver\|AdbNativeMessaging.exe	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D8D80E0C670671146B44A23FF4537B75	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AD77274441F6F0747B3726635069FC05	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\Version = "16777220"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\InstanceType = "0"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|ClockworkMod\|Universal Adb Driver\|UniversalAdbDriverInstaller.exe\UniversalAdbDriverInstaller,Version="1.0.0.0",Culture="neutral",ProcessorArchitecture="MSIL" = 3600360034007e0066005700780036007700380041003200210031007700670027004100340044003e0028003800280049003600520064003f0024005500470030006f002500250031005100530059003f0000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\ProductName = "Universal Adb Driver"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\AD77274441F6F0747B3726635069FC05\D8D80E0C670671146B44A23FF4537B75	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\Android Fastboot & mini ADB Drivers\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|ClockworkMod\|Universal Adb Driver\|AdbNativeMessaging.exe\AdbNativeMessaging,Version="1.0.0.0",Culture="neutral",ProcessorArchitecture="MSIL" = 3600360034007e0066005700780036007700380041003200210031007700670027004100340044003e00280046007000500042004300660072005f002b00750055007500440069004d00470034005900480000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D8D80E0C670671146B44A23FF4537B75\DefaultFeature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\PackageCode = "D4EEA6B6A6409C14FB260B293D7040D9"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Android Fastboot & mini ADB Drivers\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|ClockworkMod\|Universal Adb Driver\|BouncyCastle.Crypto.dll	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:\|Program Files (x86)\|ClockworkMod\|Universal Adb Driver\|UniversalAdbDriverInstaller.exe	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D8D80E0C670671146B44A23FF4537B75\SourceList	msiexec.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

signtool.exeUniversalAdbDriverInstaller.exe

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\957808C44F0FFF0431E8F86705FD40B4145A701F\Blob = 0f0000000100000014000000f2829d55721077e5fc7444f8136ce015541a9cb0030000000100000014000000957808c44f0fff0431e8f86705fd40b4145a701f200000000100000000030000308202fc308201e8a0030201020210bc76d154f48bc986401337d65adabf1c300906052b0e03021d05003017311530130603550403130c556e6976657273616c414442301e170d3234303131393135303934375a170d3339313233313233353935395a3017311530130603550403130c556e6976657273616c41444230820122300d06092a864886f70d01010105000382010f003082010a028201010085a2129987af5a1baa120a6bff0357ab7913b619bc618b8cd59ba1ffd0dec13670e3ffeae7a975023f171ac3391bdcf44fa01fec6be612048248e3727532aab9c7d7b772cd29b0847c975666c52ccf78e8c533b4a24e0d342cb6426a5e220b5aa706cc5349b7d0590be2065ba7ceb70830c10b6809df3147f5ae1447869e11eab7062726d1933de3b402a4b86265fe61b3605366dca738b3e10c92f8a8b6f8e9b2156a8510497d49ba2ffa80f32b4ffb217c6d6d8542faca064809b18b9570a14c7fff14860bb41c6162f9489167966fcdbb0d22d9ff2e915d931c49dcfa7956e4bc6d5dc996aa7846f8f4f89973e4696d34a8c57c878d94f0a614b347accf810203010001a34c304a30480603551d010441303f8010491dfcffe40969b470d98275051398aca1193017311530130603550403130c556e6976657273616c4144428210bc76d154f48bc986401337d65adabf1c300906052b0e03021d050003820101007573bd52d405877fa1de9b75407864147fa51a93292faf9fd54773e7d932538fe67a05b07a0b7aff77627c0f91b8dc5c18369fbc7a0aece82b16bb9d486ed69bbb83b9a5c47d21be490d4c766bcedde7d72f88e0f9ad2bb07f940db43d2eb00ecc90f4dd2ce68392714b4473b97f89473e510a1ef54e3899ebed75800125a26010ecbe257fb253f6cdecc3cd7071970a714218493678e798e17a42c1f5146e00882cfc37d0676031e5251aec07dfa842d8a7a46fdc465a358439a1c501fd72a641e2966cb8dfbc1a906d5f191caecc54258b4e337b4b7263f6d7115c11c49a2478f6b6394bbd80c5e3e8283675f62a590fa497f4ec15990d2c830f7966a10be5	signtool.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\SystemCertificates\PrivateCertStore	UniversalAdbDriverInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\957808C44F0FFF0431E8F86705FD40B4145A701F	UniversalAdbDriverInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\957808C44F0FFF0431E8F86705FD40B4145A701F	UniversalAdbDriverInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\957808C44F0FFF0431E8F86705FD40B4145A701F	signtool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\PrivateCertStore\CRLs	UniversalAdbDriverInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\PrivateCertStore\CTLs	UniversalAdbDriverInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\957808C44F0FFF0431E8F86705FD40B4145A701F\Blob = 030000000100000014000000957808c44f0fff0431e8f86705fd40b4145a701f200000000100000000030000308202fc308201e8a0030201020210bc76d154f48bc986401337d65adabf1c300906052b0e03021d05003017311530130603550403130c556e6976657273616c414442301e170d3234303131393135303934375a170d3339313233313233353935395a3017311530130603550403130c556e6976657273616c41444230820122300d06092a864886f70d01010105000382010f003082010a028201010085a2129987af5a1baa120a6bff0357ab7913b619bc618b8cd59ba1ffd0dec13670e3ffeae7a975023f171ac3391bdcf44fa01fec6be612048248e3727532aab9c7d7b772cd29b0847c975666c52ccf78e8c533b4a24e0d342cb6426a5e220b5aa706cc5349b7d0590be2065ba7ceb70830c10b6809df3147f5ae1447869e11eab7062726d1933de3b402a4b86265fe61b3605366dca738b3e10c92f8a8b6f8e9b2156a8510497d49ba2ffa80f32b4ffb217c6d6d8542faca064809b18b9570a14c7fff14860bb41c6162f9489167966fcdbb0d22d9ff2e915d931c49dcfa7956e4bc6d5dc996aa7846f8f4f89973e4696d34a8c57c878d94f0a614b347accf810203010001a34c304a30480603551d010441303f8010491dfcffe40969b470d98275051398aca1193017311530130603550403130c556e6976657273616c4144428210bc76d154f48bc986401337d65adabf1c300906052b0e03021d050003820101007573bd52d405877fa1de9b75407864147fa51a93292faf9fd54773e7d932538fe67a05b07a0b7aff77627c0f91b8dc5c18369fbc7a0aece82b16bb9d486ed69bbb83b9a5c47d21be490d4c766bcedde7d72f88e0f9ad2bb07f940db43d2eb00ecc90f4dd2ce68392714b4473b97f89473e510a1ef54e3899ebed75800125a26010ecbe257fb253f6cdecc3cd7071970a714218493678e798e17a42c1f5146e00882cfc37d0676031e5251aec07dfa842d8a7a46fdc465a358439a1c501fd72a641e2966cb8dfbc1a906d5f191caecc54258b4e337b4b7263f6d7115c11c49a2478f6b6394bbd80c5e3e8283675f62a590fa497f4ec15990d2c830f7966a10be5	UniversalAdbDriverInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\957808C44F0FFF0431E8F86705FD40B4145A701F\Blob = 030000000100000014000000957808c44f0fff0431e8f86705fd40b4145a701f200000000100000000030000308202fc308201e8a0030201020210bc76d154f48bc986401337d65adabf1c300906052b0e03021d05003017311530130603550403130c556e6976657273616c414442301e170d3234303131393135303934375a170d3339313233313233353935395a3017311530130603550403130c556e6976657273616c41444230820122300d06092a864886f70d01010105000382010f003082010a028201010085a2129987af5a1baa120a6bff0357ab7913b619bc618b8cd59ba1ffd0dec13670e3ffeae7a975023f171ac3391bdcf44fa01fec6be612048248e3727532aab9c7d7b772cd29b0847c975666c52ccf78e8c533b4a24e0d342cb6426a5e220b5aa706cc5349b7d0590be2065ba7ceb70830c10b6809df3147f5ae1447869e11eab7062726d1933de3b402a4b86265fe61b3605366dca738b3e10c92f8a8b6f8e9b2156a8510497d49ba2ffa80f32b4ffb217c6d6d8542faca064809b18b9570a14c7fff14860bb41c6162f9489167966fcdbb0d22d9ff2e915d931c49dcfa7956e4bc6d5dc996aa7846f8f4f89973e4696d34a8c57c878d94f0a614b347accf810203010001a34c304a30480603551d010441303f8010491dfcffe40969b470d98275051398aca1193017311530130603550403130c556e6976657273616c4144428210bc76d154f48bc986401337d65adabf1c300906052b0e03021d050003820101007573bd52d405877fa1de9b75407864147fa51a93292faf9fd54773e7d932538fe67a05b07a0b7aff77627c0f91b8dc5c18369fbc7a0aece82b16bb9d486ed69bbb83b9a5c47d21be490d4c766bcedde7d72f88e0f9ad2bb07f940db43d2eb00ecc90f4dd2ce68392714b4473b97f89473e510a1ef54e3899ebed75800125a26010ecbe257fb253f6cdecc3cd7071970a714218493678e798e17a42c1f5146e00882cfc37d0676031e5251aec07dfa842d8a7a46fdc465a358439a1c501fd72a641e2966cb8dfbc1a906d5f191caecc54258b4e337b4b7263f6d7115c11c49a2478f6b6394bbd80c5e3e8283675f62a590fa497f4ec15990d2c830f7966a10be5	UniversalAdbDriverInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\PrivateCertStore\Certificates	UniversalAdbDriverInstaller.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msiexec.exe

pid	Process
2644	msiexec.exe
2644	msiexec.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

msiexec.exe

pid	Process
1672	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

msiexec.exemsiexec.exe

description	pid	Process
Token: SeShutdownPrivilege	1672	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1672	msiexec.exe
Token: SeRestorePrivilege	2644	msiexec.exe
Token: SeTakeOwnershipPrivilege	2644	msiexec.exe
Token: SeSecurityPrivilege	2644	msiexec.exe
Token: SeCreateTokenPrivilege	1672	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1672	msiexec.exe
Token: SeLockMemoryPrivilege	1672	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1672	msiexec.exe
Token: SeMachineAccountPrivilege	1672	msiexec.exe
Token: SeTcbPrivilege	1672	msiexec.exe
Token: SeSecurityPrivilege	1672	msiexec.exe
Token: SeTakeOwnershipPrivilege	1672	msiexec.exe
Token: SeLoadDriverPrivilege	1672	msiexec.exe
Token: SeSystemProfilePrivilege	1672	msiexec.exe
Token: SeSystemtimePrivilege	1672	msiexec.exe
Token: SeProfSingleProcessPrivilege	1672	msiexec.exe
Token: SeIncBasePriorityPrivilege	1672	msiexec.exe
Token: SeCreatePagefilePrivilege	1672	msiexec.exe
Token: SeCreatePermanentPrivilege	1672	msiexec.exe
Token: SeBackupPrivilege	1672	msiexec.exe
Token: SeRestorePrivilege	1672	msiexec.exe
Token: SeShutdownPrivilege	1672	msiexec.exe
Token: SeDebugPrivilege	1672	msiexec.exe
Token: SeAuditPrivilege	1672	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1672	msiexec.exe
Token: SeChangeNotifyPrivilege	1672	msiexec.exe
Token: SeRemoteShutdownPrivilege	1672	msiexec.exe
Token: SeUndockPrivilege	1672	msiexec.exe
Token: SeSyncAgentPrivilege	1672	msiexec.exe
Token: SeEnableDelegationPrivilege	1672	msiexec.exe
Token: SeManageVolumePrivilege	1672	msiexec.exe
Token: SeImpersonatePrivilege	1672	msiexec.exe
Token: SeCreateGlobalPrivilege	1672	msiexec.exe
Token: SeCreateTokenPrivilege	1672	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1672	msiexec.exe
Token: SeLockMemoryPrivilege	1672	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1672	msiexec.exe
Token: SeMachineAccountPrivilege	1672	msiexec.exe
Token: SeTcbPrivilege	1672	msiexec.exe
Token: SeSecurityPrivilege	1672	msiexec.exe
Token: SeTakeOwnershipPrivilege	1672	msiexec.exe
Token: SeLoadDriverPrivilege	1672	msiexec.exe
Token: SeSystemProfilePrivilege	1672	msiexec.exe
Token: SeSystemtimePrivilege	1672	msiexec.exe
Token: SeProfSingleProcessPrivilege	1672	msiexec.exe
Token: SeIncBasePriorityPrivilege	1672	msiexec.exe
Token: SeCreatePagefilePrivilege	1672	msiexec.exe
Token: SeCreatePermanentPrivilege	1672	msiexec.exe
Token: SeBackupPrivilege	1672	msiexec.exe
Token: SeRestorePrivilege	1672	msiexec.exe
Token: SeShutdownPrivilege	1672	msiexec.exe
Token: SeDebugPrivilege	1672	msiexec.exe
Token: SeAuditPrivilege	1672	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1672	msiexec.exe
Token: SeChangeNotifyPrivilege	1672	msiexec.exe
Token: SeRemoteShutdownPrivilege	1672	msiexec.exe
Token: SeUndockPrivilege	1672	msiexec.exe
Token: SeSyncAgentPrivilege	1672	msiexec.exe
Token: SeEnableDelegationPrivilege	1672	msiexec.exe
Token: SeManageVolumePrivilege	1672	msiexec.exe
Token: SeImpersonatePrivilege	1672	msiexec.exe
Token: SeCreateGlobalPrivilege	1672	msiexec.exe
Token: SeCreateTokenPrivilege	1672	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

msiexec.exe

pid	Process
1672	msiexec.exe

Suspicious use of WriteProcessMemory 29 IoCs

Processes:

msiexec.exeUniversalAdbDriverInstaller.exe

description	pid	Process	procid_target
PID 2644 wrote to memory of 2752	2644	msiexec.exe	29
PID 2644 wrote to memory of 2752	2644	msiexec.exe	29
PID 2644 wrote to memory of 2752	2644	msiexec.exe	29
PID 2644 wrote to memory of 2752	2644	msiexec.exe	29
PID 2644 wrote to memory of 2752	2644	msiexec.exe	29
PID 2644 wrote to memory of 2752	2644	msiexec.exe	29
PID 2644 wrote to memory of 2752	2644	msiexec.exe	29
PID 2644 wrote to memory of 2192	2644	msiexec.exe	35
PID 2644 wrote to memory of 2192	2644	msiexec.exe	35
PID 2644 wrote to memory of 2192	2644	msiexec.exe	35
PID 2644 wrote to memory of 2192	2644	msiexec.exe	35
PID 2644 wrote to memory of 2192	2644	msiexec.exe	35
PID 2644 wrote to memory of 2192	2644	msiexec.exe	35
PID 2644 wrote to memory of 2192	2644	msiexec.exe	35
PID 2644 wrote to memory of 2520	2644	msiexec.exe	37
PID 2644 wrote to memory of 2520	2644	msiexec.exe	37
PID 2644 wrote to memory of 2520	2644	msiexec.exe	37
PID 2520 wrote to memory of 1688	2520	UniversalAdbDriverInstaller.exe	38
PID 2520 wrote to memory of 1688	2520	UniversalAdbDriverInstaller.exe	38
PID 2520 wrote to memory of 1688	2520	UniversalAdbDriverInstaller.exe	38
PID 2520 wrote to memory of 1688	2520	UniversalAdbDriverInstaller.exe	38
PID 2520 wrote to memory of 320	2520	UniversalAdbDriverInstaller.exe	40
PID 2520 wrote to memory of 320	2520	UniversalAdbDriverInstaller.exe	40
PID 2520 wrote to memory of 320	2520	UniversalAdbDriverInstaller.exe	40
PID 2520 wrote to memory of 320	2520	UniversalAdbDriverInstaller.exe	40
PID 2520 wrote to memory of 2992	2520	UniversalAdbDriverInstaller.exe	42
PID 2520 wrote to memory of 2992	2520	UniversalAdbDriverInstaller.exe	42
PID 2520 wrote to memory of 2992	2520	UniversalAdbDriverInstaller.exe	42
PID 2520 wrote to memory of 2992	2520	UniversalAdbDriverInstaller.exe	42

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\Android Fastboot & mini ADB Drivers\UniversalAdbDriverSetup.msi"
1⤵
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1672

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B6C9334699919FD420047603C14DF4F1 C
  2⤵
  - Loads dropped DLL
  PID:2752
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 569364DB5FD812313471C1C57DC05159
  2⤵
  - Loads dropped DLL
  PID:2192
- C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\UniversalAdbDriverInstaller.exe
  "C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\UniversalAdbDriverInstaller.exe"
  2⤵
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Modifies data under HKEY_USERS
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\makecert.exe
    "C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\makecert.exe" -r -pe -ss PrivateCertStore -n CN=UniversalADB "C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\UniversalADB.cer"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies data under HKEY_USERS
    PID:1688
- - C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\signtool.exe
    "C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\signtool.exe" sign /v /s PrivateCertStore /n UniversalADB /t http://timestamp.verisign.com/scripts/timstamp.dll usb_driver\androidwinusb86.cat
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies data under HKEY_USERS
    - Modifies system certificate store
    PID:320
- - C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\signtool.exe
    "C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\signtool.exe" sign /v /s PrivateCertStore /n UniversalADB /t http://timestamp.verisign.com/scripts/timstamp.dll usb_driver\androidwinusba64.cat
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies data under HKEY_USERS
    PID:2992

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1440

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003EC" "00000000000005B4"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1772

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{4a22fe92-c38e-2921-a3b7-7a4e71670d2b}\android_winusb.inf" "9" "676e57edb" "00000000000003FC" "WinSta0\Default" "00000000000003EC" "208" "C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver"
1⤵
- Manipulates Digital Signatures
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f771d91.rbs

Filesize
16KB

MD5
9c3813967081c09dc03f6d2c633dc0ab

SHA1
758bdc126e1ea246384ca066d0ef926b65b43191

SHA256
8b80f143970c2b7fe37840bfadcd8c8d1ea190c080d0780993ed28a6cb971035

SHA512
8429ddfc1f6498ecf41139d4d840d6a42f86b10c2689584620d0c17225628ef03e110ea3b7e29abbec0643afb41feb82a0df77292b28c36ef9356b0d8aa868ff

Download Submit
C:\PROGRA~2\CLOCKW~1\UNIVER~1\USB_DR~1\amd64\WdfCoInstaller01007.dll

Filesize
271KB

MD5
8bd8504982ddf594e9cfe6ff9fb6f3d3

SHA1
573848229bd40431f5f9626d7eb469ee367208cd

SHA256
53b4a7b56bd78d5b5ce40174e9e4d609291d2d8f0f50086ad8c87cc805a36d46

SHA512
fc0704e5e5d0aa43a0c4934c3a7dd84672a48c8a0618285496ff4ff13fe9534164d46f6db0edbc96deb6fb55653681c1953c967a5548b5e0431534790d61a1a7

Download Submit
C:\PROGRA~2\CLOCKW~1\UNIVER~1\USB_DR~1\amd64\WdfCoInstaller01009.dll

Filesize
215KB

MD5
e0ae12773e0476574559ebad0cf8b69f

SHA1
00c012583af0585d861f638000153c3b9b98d6e9

SHA256
82f4e49aba9cc1829471fb64f76b9c33a016bf3c567aab64482b70fb654be13f

SHA512
2812368d0b6ec22cd0a44506e549fbc50ae1ae0c5f49116bda27b84f622dea62553e50f947881f22904b58c8d5e77998a02ed16db842ad485625205a744de585

Download Submit
C:\PROGRA~2\CLOCKW~1\UNIVER~1\USB_DR~1\amd64\WinUSBCoInstaller.dll

Filesize
374KB

MD5
32c749234ae8364e942406a7a0feb751

SHA1
9862f635441b97b89e44a94d1fea4ca16a51234f

SHA256
50ac2b5158ac664bac1f800c1a2fb571df9aaf28dc29c95ca38e2509f5508e3d

SHA512
a242af098307e9f7b15c25a6f70fb42d2834826eb69071d709e7b111fa2fcbaa11cc657c09b9f11fa962e0467b34b3f615811743cab4647d97fd34110813e2ab

Download Submit
C:\PROGRA~2\CLOCKW~1\UNIVER~1\USB_DR~1\amd64\WinUSBCoInstaller2.dll

Filesize
272KB

MD5
89d786e8fce3e41384214960ddd1ae80

SHA1
ab5df5a4b20545f100f148b959dc53756601654e

SHA256
caa796306bd246fd80e6110f930550b4caf65d6c17b462e168f39dcda98d9e25

SHA512
15500f452aedc52a1703935f228135dc6936c3c12acbbf9c09f2050f132c0cb8595419c5a1fc887449142c43fe26f7f07d5202aed971b85303531c766f12a233

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\UniversalADB.cer

Filesize
768B

MD5
968bff0b728a4cb717c890bb3c074931

SHA1
957808c44f0fff0431e8f86705fd40b4145a701f

SHA256
2c9942d1917bf21bf7daa06330b0ceb68651e304f23b6881d476cf2a5e3a7de0

SHA512
7b3d610d98e3dfe3467eeac0b90dea05fb6fd97c71fc605352b780af1738c16993c32653921d397c38ea273bdf6cbda6e4bd6d03f31586e8b006b95dd0c0e58e

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\UniversalAdbDriverInstaller.exe

Filesize
12KB

MD5
f5505412d4949a5c441a5962ae9323a3

SHA1
cb62690e8c017e89c0d25a1104c4328e1849d958

SHA256
7b66a3480b497c14507f4224dafa20075d1e512c963ca24bbdedbd4a6aebec25

SHA512
458c6e6da1d87cde65363647e4f917ca96fba12b8f993cde9560fc7e56af836bcb715790ea04de52f3a501bac55bc137e470a58331a02c471827a535d241f964

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\UniversalAdbDriverInstaller.exe.config

Filesize
202B

MD5
377952bf3fb33097b8a8f2d0f05292f1

SHA1
146034e88d422fd1387db51f36eb6a974a3a092f

SHA256
5337691cc5bfe9d40ecbd8fda2362647fc558a5530978758d0b8fc8b4d3502e4

SHA512
acb5839ea6ab716ec23f70fee4661188b0cc273befc8648c72585ce5bb9d5693c524897933dc6b3f16dffb390384fe051d2289640a87924c0eeb0f8f1d77a14a

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\makecert.exe

Filesize
63KB

MD5
4763d2e71bf8ecf38914d50cb86ff9e6

SHA1
1252c425093868b3170e2e76cced342f3a4c0d70

SHA256
dbb7d51da7e4c55328ab5193295d344cb7826302e9e973520e26969e3d97dc38

SHA512
091b3ede4264c5ab34151b3d15375b222febf4aeae001e7400c51132c842d4033286a9ed5d785ee0054ee4a15032422286177fdf984a7ea2980f8ec2b94a4bab

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\signtool.exe

Filesize
193KB

MD5
0801bbd0ef73c17a85b6c4e5809016ad

SHA1
36e73e8c9cc960aad16385020ffa9989deadcae6

SHA256
f26e79d767c8c4f44be2b32f63db863bf548bf8431d3c1e7c6b346a1cafed70a

SHA512
fe35484f36d5b1deb77aa95f3fb278b6ce66af5a0bc583ea19542850725c0a660dbb0ce8003a30d7dc13e13e97b89e7b55770bea55b0ac7bc34e033702aeb35d

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\signtool.exe

Filesize
134KB

MD5
db5d143c1066dabe71c2bf44d480d8ed

SHA1
8da45ce34474d0956442877a490cd7744b93ba1d

SHA256
0fbf5e913c87204dfb2929a3d89a2875c6dd3666b135558631cb5baf2c4cf893

SHA512
fb501a0f5aa2c9546a519b4ebe009a97b13726b81fcfac98a15ebec5ea672f32f88a1ed8de741f37f097736bb0489533e4230f1cfa9ff5d3d03520604c5ba811

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\signtool.exe

Filesize
316KB

MD5
4e59611e0aee53efde76a3af6dac87ce

SHA1
b8f4cc3ba01f6a4520d2bffb79afe7faa096bdb0

SHA256
870c044ab4d8542c6b4485f46c73e975b0a38f76dda0e97e82ebcfd2074e818d

SHA512
dc4582bef7c7ed649286f7724593503738f6eff79ee38677c912ea67419ecb5eb5bd5649d6b7db7518976e90342fa31ddcbc04fb3b2d05e81337b57b8fd42f7c

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\android_winusb.inf

Filesize
96KB

MD5
ae47e079a64f0ce5510c2b2b13ab8b5f

SHA1
d1b7f36993b087d4ead4ce1e8981d63460869908

SHA256
6a2d9d1cd771f5d0d7f02da480b655548aad2783b4fcbea2c149dfc992d59527

SHA512
140816ad38eb2f1f4c288dd495f25665f30c5b72d06c8e20a7d46c4acaa7a0d7b98befae1369868508a90d14da3598034fe211790be1d72a1dab53e99deeac88

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\androidwinusb86.cat

Filesize
75KB

MD5
b8968c9777fd502b294d1642c1e9b5f2

SHA1
3635c35a2eec4f750349ecaae9c90697299f662e

SHA256
6eeaf13a805d6ab2493f208528ddf7304c980b64bf3822d245346948d0ca890d

SHA512
9794ac7c9fd2de128df55ebde5f23871e553a8fb13534101ef12862c4fde8b6dcaf0d4360a54777a80f6078b63f02a1c36601c9ec59d149a359acc78149e035a

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\androidwinusb86.cat

Filesize
75KB

MD5
70e931ac4af3538a490a2adb82e8f8d6

SHA1
b9fbfd1bdb96502b13395cdc776242478e0d75a3

SHA256
87c560579982ad5b05850e03505e9c2ff4e88f6336e4f38ce4a32be920f54ffd

SHA512
8d27ff1e50d123af7f2d413212d073db402a576dff23b9cf92fce7841f558cab819496f23b45aeaffb2a99e09874d4800e04ededaff5ef17c0911e3df2655b4c

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\androidwinusba64.cat

Filesize
74KB

MD5
5796fe83000633829fecf5ddd0972201

SHA1
6981f2d022532ffbef173a1d9210525e4f0d485f

SHA256
0d48bcf7bf5418475600fe52dbbf91d0b08194f392fa31b698960f978355a802

SHA512
9be971cde2f4279662efc429abeb2bf3e3f2397d6adc569d8682f7db09623327416731e0e3aabc261ca0f0d077752a57020c86037cc03bb421e1499180a05ecb

Download Submit
C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\androidwinusba64.cat

Filesize
75KB

MD5
3db121046a9915577f58ab2f2a240ea6

SHA1
e9610553f2a42a1f0e9187e42eb2faf50f8b2f0a

SHA256
6f2dea12314aca607a717be2d312275f5700d431fbda4a9950092c4b01cc111c

SHA512
1918a27af5293f8cabd63164fd79b8671d50dd2a7597f5b2e35e1f96e7b7b7122f43ad7fa801ecd98f865b92fef1d469693d45b61cd3aa7e91f92a98e843cbc2

Download Submit
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\052932e5a19e88221e567d49e8dacfbf_cafc355f-bda0-4202-a315-0ec6d3e43fd4

Filesize
2KB

MD5
97d2e3481d330c667c9bcdad9693a551

SHA1
3418509849f95a4353b33b4929639c4fe5c56281

SHA256
048fa882775622b5c3886940f27f265bf142b42f5f7f6bde49764894851aef7d

SHA512
267b41dbdb216524d3cb27aa07aad797df358519d86847060faf9b76b2bfa927b49c7ee9e777770149a8544d687dd634ac15da074cfcdeec3e8e76bfaab78286

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB85.tmp

Filesize
231KB

MD5
5494165b1384faeefdd3d5133df92f5a

SHA1
b7b82805f1a726c4eee39152d1a6a59031d7798c

SHA256
ba0ad3a4d2112b269e379a2231128e7ebe23e95d5d04878d6ee8815e657bb055

SHA512
ecd5012df2a060fa58664e856a84716f162d3420e7a7a1368612451ec65f2dcd674c7031d780a6c9d357700f6baeb31325748bc29270850ee4070079f15be613

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4A22F~1\amd64\WdfCoInstaller01007.dll

Filesize
179KB

MD5
a8778fecf8412321d72c4b67df04b16b

SHA1
f3372cb749fa93f4f9f24687f31d1b1f27069a9e

SHA256
1581a32ee9c9572f21ea1a03769cc9ade2965224e3115d265f8aa5e78f86ce10

SHA512
ec7216f8f5c4aea8edb724138f61f44a1bdb97895001bb136d9cb46ea220380bf14c19bdb9637754917de6539f9db4db2da6819004cc974e2b8cdbcb2990c46f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4A22F~1\amd64\WdfCoInstaller01009.dll

Filesize
267KB

MD5
1ec1c0f1ff8305a0b1afc2a85d506469

SHA1
783a3ead86cd45f69a95e9b5b171778725aec6a8

SHA256
4a3d1c5783fbc068e0393b5a2a07a8823c414a3dd24080d3a15d1970b4f4c3f0

SHA512
a17f1e3d13f1f748d35fe8a920ffdf9f92d2d0f34a334ac0729bdf8368eae2ea4cd76808ffe715109a16b7f0d316c2485b8b5ebe5aefbb34d8c9e3e993a0f71c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4A22F~1\amd64\WinUSBCoInstaller.dll

Filesize
350KB

MD5
646d63d618f7294c37f673e1461b5ac6

SHA1
2d9a2506ff92edf37c1a07bcde5902306a27599a

SHA256
3b8b101c9c7c0e641da4f03ff4416eb5b8f40a2b46e0fdc36e54f61f805000ab

SHA512
775827f77fec6a5d07c2d4982f1cc480b3b391298645742d96ba6e66d7025429a7714a87419cfda6b3af9aaed9ff820fbb1428f547a61e4d6b2da8d6375f8fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{4A22F~1\amd64\WinUSBCoInstaller2.dll

Filesize
404KB

MD5
79dbdec59ce95d5840db4ad835e0f832

SHA1
7f3119709296815cc17857358258a9b19d4268ac

SHA256
3fd6c50da96637b92a1ef1ae4c3056bcdd0a41711561258a15bbf7a3abb8be72

SHA512
7f018267c39d1f6f985f7782bc854be7fb9ba5f2c9209dddae40842ceb37e8e3536d3b48e76ac650e763afe2f4ec23f27f0aac5935e0f98e5f2c8c443c736ea6

Download Submit
C:\Windows\Installer\f771d8f.msi

Filesize
195KB

MD5
e62c62414760ce6aa3ad9e4b65f1453a

SHA1
2f418f3eb804f4bfab1ffe12920a9f7ff8bad6fd

SHA256
f0c2cf07193d0b29c77ae92939138c5bf033248ce41e95c669e62b3d10740fce

SHA512
d5085c542d75df72e90fdc4ac38a78e2bc4ba83f241418c7afda3fa5095e4207f231afa56fabab1ae94b11bf17bede4276b3f8608106e8628bd03a0e7fb97dbf

Download Submit
C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FB8.tmp

Filesize
341KB

MD5
7ccd7a2c1c4db99309cf577bd38dce0d

SHA1
dc11e9db032d2b0cc6c65dc55c7f1056146025af

SHA256
58c1539f8900adb13798af6161f675f94cb5177b04f1482f69c19bea9862e8cd

SHA512
aec1a4abc92a1de7eff3d4d078cabd3edf24232a5884bccaee89cf3190d9189a39821846afb1a7e5aa7bf3db75861b8fc9afb9eb203945aacb8bd7fde13831cd

Download Submit
C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FB9.tmp

Filesize
284KB

MD5
c0fac17dced3eb31a482a4dd07317edb

SHA1
8dad64d8d5e2b81d4bf41f4653473faf9fea0c21

SHA256
bb14aecdd79a10310f4ff0792dac219d1338e84011434caff102383d940c1db6

SHA512
bc1f640261d6aab2a98595b2c4bf7e9f014e4183b7e56709c6ef3e2dac5ab2e693475767056a047d889cbbd61cf524e37c4d4a2fca11b1b7c6bfc3366cfb1072

Download Submit
C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FC9.tmp

Filesize
454KB

MD5
192585f190c53805d906f7b89bb98eec

SHA1
459ca92e63c71de006e509f48dcf965bc743caa3

SHA256
06c04209915ede89c4a8885a71e4b919bbb527b75d7c0095a3d98894e331a4eb

SHA512
b70dee721e0971e90262af784048847d91b4018f852d9103ae0c8525826a7d6693ede2fd4c7a1920bcb3f60ccfc42b61b7943b3d5c8341f74194721a4bc5b8a1

Download Submit
C:\Windows\System32\DriverStore\Temp\{6b3134bf-c738-1427-12e6-4c70e2d02d58}\amd64\SET2FCA.tmp

Filesize
210KB

MD5
3372ff837db001b4d2f5e0ad90d71b8c

SHA1
44433463a5f800af79f30668ca87e46e1eea5590

SHA256
0662d533250728e3dca1f6275463c5ec8982b93628f617f897beb6283bce375d

SHA512
feab9cc71eb0adbfd5073aab5f931c8e2fb0337dc8d2cc4c96340dcf1b2ed47f69e38609c33ddb17f6dd7ea294dd2dceffdbf11737ae5d2f363ca7e78c513041

Download Submit
memory/2520-74-0x0000000000BC0000-0x0000000000C40000-memory.dmp

Filesize
512KB

Download
memory/2520-73-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp

Filesize
9.6MB

Download
memory/2520-195-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp

Filesize
9.6MB

Download