f92ad1e92780a039397fd62d04affe97f1a65d04e7a41c9b5da6dd3fd265967e

Analysis

max time kernel
170s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DroidCam_6.5.2.exe
Size

15.6MB
MD5

d952d907646a522caf6ec5d00d114ce1
SHA1

75ad9bacb60ded431058a50a220e22a35e3d03f7
SHA256

f92ad1e92780a039397fd62d04affe97f1a65d04e7a41c9b5da6dd3fd265967e
SHA512

3bfaee91d161de09c66ef7a85ad402f180624293cdc13d048edbeec5a3c4ad2bc84d5fde92383feb9b9f2d83e40a3e9ff27e81a32e605513611b6001f284b9fe
SSDEEP

393216:oZsfK4YUD12zS7SEOegn4j7BgNE9O+wcDGFdClu8ZLzzpC4:gsfKPUD1kS7249O3cDGvClnlC4

Score

8^/10

discovery persistence

Malware Config

Signatures

Drops file in Drivers directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\SET8A2F.tmp	DrvInst.exe
File created	C:\Windows\System32\drivers\SET8A2F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\droidcam.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\drmk.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\portcls.sys	DrvInst.exe

Drops file in System32 directory 43 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{fb3f4574-a915-2945-a9e6-00c0dd4d7fee}\SET854F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be13829e-0c74-c14f-9594-cdb52f96b71d}\droidcam.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be13829e-0c74-c14f-9594-cdb52f96b71d}\SET8879.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\droidcam.inf_amd64_c14a386568f95d09\droidcam.PNF	insdrv.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fb3f4574-a915-2945-a9e6-00c0dd4d7fee}\droidcamvideo.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.PNF	insdrv.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\System32\DriverStore\Temp\{fb3f4574-a915-2945-a9e6-00c0dd4d7fee}\SET854E.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\System32\DriverStore\Temp\{be13829e-0c74-c14f-9594-cdb52f96b71d}\SET8879.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be13829e-0c74-c14f-9594-cdb52f96b71d}\droidcam.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{be13829e-0c74-c14f-9594-cdb52f96b71d}\SET889B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be13829e-0c74-c14f-9594-cdb52f96b71d}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fb3f4574-a915-2945-a9e6-00c0dd4d7fee}\SET854D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{fb3f4574-a915-2945-a9e6-00c0dd4d7fee}\SET854D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fb3f4574-a915-2945-a9e6-00c0dd4d7fee}\droidcamvideo.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.inf	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fb3f4574-a915-2945-a9e6-00c0dd4d7fee}\SET854E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\droidcamvideo.inf_amd64_47e18363cbf3dfe0\droidcamvideo.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be13829e-0c74-c14f-9594-cdb52f96b71d}\SET889B.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\droidcam.inf_amd64_c14a386568f95d09\droidcam.inf	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fb3f4574-a915-2945-a9e6-00c0dd4d7fee}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be13829e-0c74-c14f-9594-cdb52f96b71d}\SET889A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{be13829e-0c74-c14f-9594-cdb52f96b71d}\SET889A.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{be13829e-0c74-c14f-9594-cdb52f96b71d}\droidcam.inf	DrvInst.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fb3f4574-a915-2945-a9e6-00c0dd4d7fee}\droidcamvideo.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{fb3f4574-a915-2945-a9e6-00c0dd4d7fee}\SET854F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\droidcam.inf_amd64_c14a386568f95d09\droidcam.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\droidcam.inf_amd64_c14a386568f95d09\droidcam.cat	DrvInst.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 33 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DroidCam\adb\AdbWinApi.dll	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\vc_redist.x86.exe	DroidCam_6.5.2.exe
File opened for modification	C:\Program Files (x86)\DroidCam\lib\droidcamvideo.inf	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\Toggle HD Mode.lnk	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\lib\install.bat	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\lib\droidcamvideo.inf	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\lib\droidcam.inf	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\avutil-56.dll	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\loading.gif	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\Uninstall.exe	DroidCam_6.5.2.exe
File opened for modification	C:\Program Files (x86)\DroidCam\vc_redist.x86.exe	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\lib\insdrv.exe	DroidCam_6.5.2.exe
File opened for modification	C:\Program Files (x86)\DroidCam\lib\droidcam.sys	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\swscale-5.dll	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\lib\droidcamvideo.sys	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\avcodec-58.dll	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\adb\adb.exe	DroidCam_6.5.2.exe
File opened for modification	C:\Program Files (x86)\DroidCam\lib\droidcam.cat	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\libwinpthread-1.dll	DroidCam_6.5.2.exe
File opened for modification	C:\Program Files (x86)\DroidCam\lib\droidcamvideo.sys	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\adb\AdbWinUsbApi.dll	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\plist.dll	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\usbmuxd.dll	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\Licence.txt	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\lib\DroidCamFilter32.ax	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\lib\droidcam.sys	DroidCam_6.5.2.exe
File opened for modification	C:\Program Files (x86)\DroidCam\lib\droidcamvideo.cat	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\lib\DroidCamFilter64.ax	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\lib\droidcam.cat	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\DroidCamApp.exe	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\lib\droidcamvideo.cat	DroidCam_6.5.2.exe
File opened for modification	C:\Program Files (x86)\DroidCam\lib\droidcam.inf	DroidCam_6.5.2.exe
File created	C:\Program Files (x86)\DroidCam\With Stats.lnk	DroidCam_6.5.2.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\INF\c_media.PNF	insdrv.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	insdrv.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	insdrv.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe

Executes dropped EXE 5 IoCs

pid	Process
1556	vc_redist.x86.exe
2820	vc_redist.x86.exe
1436	insdrv.exe
1768	insdrv.exe
2836	DroidCamApp.exe

Loads dropped DLL 13 IoCs

pid	Process
4568	DroidCam_6.5.2.exe
4568	DroidCam_6.5.2.exe
4568	DroidCam_6.5.2.exe
4568	DroidCam_6.5.2.exe
4568	DroidCam_6.5.2.exe
2820	vc_redist.x86.exe
2424	regsvr32.exe
3988	regsvr32.exe
3932	regsvr32.exe
2836	DroidCamApp.exe
2836	DroidCamApp.exe
2836	DroidCamApp.exe
2836	DroidCamApp.exe

Registers COM server for autorun 1 TTPs 21 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "%SystemRoot%\\System32\\ksxbar.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "%SystemRoot%\\System32\\ksxbar.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "%SystemRoot%\\System32\\ksxbar.ax"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ = "%SystemRoot%\\System32\\kstvtune.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "%SystemRoot%\\System32\\ksxbar.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\InprocServer32\ = "C:\\Program Files (x86)\\DroidCam\\lib\\DroidCamFilter64.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ = "%SystemRoot%\\System32\\kstvtune.ax"	DrvInst.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	insdrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	insdrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	insdrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	insdrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	insdrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	insdrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	insdrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	insdrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	insdrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	insdrv.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\InprocServer32\ = "C:\\Program Files (x86)\\DroidCam\\lib\\DroidCamFilter32.ax"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4aa8-BFA9-4B196644964C}	DroidCam_6.5.2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{A799A802-A46D-11d0-A18C-00A02401DCD4}\CLSID = "{A799A802-A46D-11d0-A18C-00A02401DCD4}"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\ = "TV Audio Property Page"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\CLSID = "{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{A799A801-A46D-11d0-A18C-00A02401DCD4}\FriendlyName = "WDM Streaming Crossbar Devices"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{7A5DE1D3-01A1-452C-B481-4FA2B96271E8}	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\FriendlyName = "DroidCam Source 2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\ = "WDM Analog Crossbar"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\DevicePath = "droidcam:2"	DroidCam_6.5.2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "%SystemRoot%\\System32\\ksxbar.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\FilterData = 02000000000060000100000000000000307069330800000000000000010000000000000000000000307479330000000038000000480000007669647300001000800000aa00389b7100000000000000000000000000000000	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{A799A801-A46D-11d0-A18C-00A02401DCD4}\CLSID = "{A799A801-A46D-11d0-A18C-00A02401DCD4}"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96460-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "%SystemRoot%\\System32\\ksxbar.ax"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\CLSID = "{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{A799A801-A46D-11d0-A18C-00A02401DCD4}	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96463-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "%SystemRoot%\\System32\\ksxbar.ax"	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-21-3316742141-2240921845-2885234760-1000_Classes\Local Settings	mspaint.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\ = "DroidCam Source 2"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\ = "DroidCam Source 2"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{7A5DE1D3-01A1-452C-B481-4FA2B96271E8}\CLSID = "{7A5DE1D3-01A1-452C-B481-4FA2B96271E8}"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ = "%SystemRoot%\\System32\\kstvtune.ax"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{A799A802-A46D-11d0-A18C-00A02401DCD4}	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\ = "WDM TV Tuner"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32\ = "%SystemRoot%\\System32\\kstvtune.ax"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\ = "WDM TV Audio"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE41-6C63-11cf-8A03-00AA006ECB65}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ = "%SystemRoot%\\System32\\ksxbar.ax"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4AA8-BFA9-4B196644964C}\FriendlyName = "DroidCam Source 2"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{860BB310-5D01-11d0-BD3B-00A0C911CE86}\Instance\{9E2FBAC0-C951-4aa8-BFA9-4B196644964C}	DroidCam_6.5.2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{A799A800-A46D-11d0-A18C-00A02401DCD4}	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{da4e3da0-d07d-11d0-bd50-00a0c911ce86}\Instance\{19689BF6-C384-48FD-AD51-90E58C79F70B}	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{266EEE40-6C63-11cf-8A03-00AA006ECB65}\InprocServer32	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96462-78F3-11d0-A18C-00A0C9118956}\InprocServer32\ThreadingModel = "Both"	DrvInst.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{19689BF6-C384-48FD-AD51-90E58C79F70B}\CLSID = "{19689BF6-C384-48FD-AD51-90E58C79F70B}"	DrvInst.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{71F96461-78F3-11d0-A18C-00A0C9118956}	DrvInst.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
116	mspaint.exe
116	mspaint.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeAuditPrivilege	1476	svchost.exe
Token: SeSecurityPrivilege	1476	svchost.exe
Token: SeLoadDriverPrivilege	1436	insdrv.exe
Token: SeLoadDriverPrivilege	2600	DrvInst.exe
Token: SeLoadDriverPrivilege	2600	DrvInst.exe
Token: SeLoadDriverPrivilege	2600	DrvInst.exe
Token: SeLoadDriverPrivilege	1768	insdrv.exe
Token: SeRestorePrivilege	2008	DrvInst.exe
Token: SeBackupPrivilege	2008	DrvInst.exe
Token: SeRestorePrivilege	2008	DrvInst.exe
Token: SeBackupPrivilege	2008	DrvInst.exe
Token: SeRestorePrivilege	2008	DrvInst.exe
Token: SeBackupPrivilege	2008	DrvInst.exe
Token: SeLoadDriverPrivilege	2008	DrvInst.exe
Token: SeLoadDriverPrivilege	2008	DrvInst.exe
Token: SeLoadDriverPrivilege	2008	DrvInst.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2836	DroidCamApp.exe
2836	DroidCamApp.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2836	DroidCamApp.exe
2836	DroidCamApp.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
116	mspaint.exe
2936	OpenWith.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 1556	4568	DroidCam_6.5.2.exe	94
PID 4568 wrote to memory of 1556	4568	DroidCam_6.5.2.exe	94
PID 4568 wrote to memory of 1556	4568	DroidCam_6.5.2.exe	94
PID 1556 wrote to memory of 2820	1556	vc_redist.x86.exe	95
PID 1556 wrote to memory of 2820	1556	vc_redist.x86.exe	95
PID 1556 wrote to memory of 2820	1556	vc_redist.x86.exe	95
PID 4568 wrote to memory of 2356	4568	DroidCam_6.5.2.exe	96
PID 4568 wrote to memory of 2356	4568	DroidCam_6.5.2.exe	96
PID 4568 wrote to memory of 2356	4568	DroidCam_6.5.2.exe	96
PID 2356 wrote to memory of 2424	2356	cmd.exe	98
PID 2356 wrote to memory of 2424	2356	cmd.exe	98
PID 2356 wrote to memory of 2424	2356	cmd.exe	98
PID 2356 wrote to memory of 3988	2356	cmd.exe	99
PID 2356 wrote to memory of 3988	2356	cmd.exe	99
PID 2356 wrote to memory of 3988	2356	cmd.exe	99
PID 3988 wrote to memory of 3932	3988	regsvr32.exe	100
PID 3988 wrote to memory of 3932	3988	regsvr32.exe	100
PID 4568 wrote to memory of 1436	4568	DroidCam_6.5.2.exe	101
PID 4568 wrote to memory of 1436	4568	DroidCam_6.5.2.exe	101
PID 1476 wrote to memory of 4176	1476	svchost.exe	104
PID 1476 wrote to memory of 4176	1476	svchost.exe	104
PID 1476 wrote to memory of 2600	1476	svchost.exe	105
PID 1476 wrote to memory of 2600	1476	svchost.exe	105
PID 4568 wrote to memory of 1768	4568	DroidCam_6.5.2.exe	107
PID 4568 wrote to memory of 1768	4568	DroidCam_6.5.2.exe	107
PID 1476 wrote to memory of 4116	1476	svchost.exe	109
PID 1476 wrote to memory of 4116	1476	svchost.exe	109
PID 1476 wrote to memory of 2008	1476	svchost.exe	110
PID 1476 wrote to memory of 2008	1476	svchost.exe	110

C:\Users\Admin\AppData\Local\Temp\DroidCam_6.5.2.exe
"C:\Users\Admin\AppData\Local\Temp\DroidCam_6.5.2.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
  "C:\Program Files (x86)\DroidCam\vc_redist.x86.exe" /install /quiet
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Program Files (x86)\DroidCam\vc_redist.x86.exe
    "C:\Program Files (x86)\DroidCam\vc_redist.x86.exe" /install /quiet -burn.unelevated BurnPipe.{DA351114-F132-4A9E-9475-28D292F56503} {3F261A21-3662-474A-A708-0EB0C36077E0} 1556
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2820
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c install.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2356
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "DroidCamFilter32.ax"
    3⤵
    - Loads dropped DLL
    - Modifies registry class
    PID:2424
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "DroidCamFilter64.ax"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3988
  - - C:\Windows\system32\regsvr32.exe
      /s "DroidCamFilter64.ax"
      4⤵
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:3932
- C:\Program Files (x86)\DroidCam\lib\insdrv.exe
  "C:\Program Files (x86)\DroidCam\lib\insdrv.exe" +v
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Executes dropped EXE
  - Checks SCSI registry key(s)
  - Suspicious use of AdjustPrivilegeToken
  PID:1436
- C:\Program Files (x86)\DroidCam\lib\insdrv.exe
  "C:\Program Files (x86)\DroidCam\lib\insdrv.exe" +a
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Executes dropped EXE
  - Checks SCSI registry key(s)
  - Suspicious use of AdjustPrivilegeToken
  PID:1768

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{af44838c-a1d0-8b46-b2fe-7818a740f787}\droidcamvideo.inf" "9" "41e7d49db" "000000000000014C" "WinSta0\Default" "0000000000000164" "208" "c:\program files (x86)\droidcam\lib"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4176
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:c14ce8845b5e8bf3:DroidCamVideo.Device:21.4.1.0:droidcamvideo," "41e7d49db" "0000000000000178"
  2⤵
  - Drops file in Windows directory
  - Registers COM server for autorun
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:2600
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{38dc8598-d49b-9649-bb1e-2219a9f8ced6}\droidcam.inf" "9" "4e67c8bbf" "0000000000000184" "WinSta0\Default" "0000000000000178" "208" "c:\program files (x86)\droidcam\lib"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4116
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\MEDIA\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:ed86ca11f01d07d6:DroidCam_PCMEX:1.0.0.0:droidcam," "4e67c8bbf" "0000000000000184"
  2⤵
  - Drops file in Drivers directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious use of AdjustPrivilegeToken
  PID:2008

C:\Program Files (x86)\DroidCam\DroidCamApp.exe
"C:\Program Files (x86)\DroidCam\DroidCamApp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2836

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:688

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\WriteStop.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:116

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:2748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DroidCam\DroidCamApp.exe

Filesize
256KB

MD5
f7d633475f0dba11154d302a47cd6b78

SHA1
2d50f7621bfe4aa2a38d1cc6183e05fcaa2f6ca2

SHA256
ee4d8953d8be9c9456aa3718bb3fd9e0492513710a75f4e403dbb8efbfe3cea8

SHA512
be44a314b98c5ef9686e723a734c2e3c142076b6fbf0ac8fe3950fbe40b54ccac274bea127506bce1623ffd7dc9b1739835a37b4632e1258a1a118eec2bf3cfe

Download Submit
C:\Program Files (x86)\DroidCam\DroidCamApp.exe

Filesize
942KB

MD5
f8c12fc1b20887fdb70c7f02f0d7bfb3

SHA1
28d18fd281e17c919f81eda3a2f0d8765f57049f

SHA256
082f5c3fd2fd80505cbd4dbdbb7c50e83c2e81f033a04ea53832dbf0a3fc4933

SHA512
97c5d158abb119e076ace4b1398de19029b5d44566d9a293811bf7edbb0db120354cc396aed72bf62766799dc5db266d4b2ee7aee3ffc2818d8be77a4665ad2f

Download Submit
C:\Program Files (x86)\DroidCam\avcodec-58.dll

Filesize
1.9MB

MD5
5faf0e59bf7ab03adde5f146cc08a777

SHA1
edbdf307186c45d90bee94ca468642f248737635

SHA256
03ff2145b20ed54e35830545a830a6aefe7804c775e4ff1cfda6fe91ab6e052b

SHA512
e2842fe5f4119d0e5e5da881167b1ccc9891a033873619ad2f9ca28a0a150cf8307f7297fb0f70ba1ba5dc44ea5da712cdc5320dff906f81193e809bee9799d4

Download Submit
C:\Program Files (x86)\DroidCam\avutil-56.dll

Filesize
812KB

MD5
f1493a182787b87e272745d7cf8d13d2

SHA1
aa71e51fb0c157780ec85b8121941b2e1e884a23

SHA256
620a6ce8a2101a9472e54ebf219aa0fb8260f99248922ca3ac057f21cc9ceb0d

SHA512
f95254d4e32b3ae7af963dc9a83612ce9f3dbd78c6db549e74a236da68966d2ebfaceedd102f9af7cf800f5de438d6522369c2da3b8495a820c22c3ea6c1d2d1

Download Submit
C:\Program Files (x86)\DroidCam\lib\DroidCamFilter32.ax

Filesize
84KB

MD5
efe71ae8a02ca59a0855cd649f5e58b8

SHA1
0a5ba3257ad82f71890c0fa55a5f7405d0b6b4ac

SHA256
ffb22ab7b98ecc98c22cf675bfab61c875127137277e1f66bc3d7269c3b42652

SHA512
bad93c560355019f739158d2a25e7643a08cdcb000b378099aa2431ba4d023aa72741e674912d738b0ac6d21e44417f5406eee67f16035f6a783a5226b0d65a4

Download Submit
C:\Program Files (x86)\DroidCam\lib\DroidCamFilter64.ax

Filesize
157KB

MD5
78022c387da1e93dc0442b656837953e

SHA1
e2adf94ec9854e7e57ec0c885a67aa2b9444b233

SHA256
c85b89c5d77a8b41b1a8213783f3ebfcc2fbed959149c5e5ed0f48204d9c4d09

SHA512
1673125e743874f2ff155a0ea2aaeb31b1aac013a8db2995752f0fbcd6794d41a8f75a7acfeeec6e91e4954423304f9c5d876638a528845054496100e700a539

Download Submit
C:\Program Files (x86)\DroidCam\lib\insdrv.exe

Filesize
13KB

MD5
fdabbeb1ee62a56fb695ca6e8ad3d4a1

SHA1
2c8851470a122da74de43de371c94c39befa0696

SHA256
d18438bf03d25002e5aa161669a7cb01d0b2c83d2fa5dc2f9217c3b656eb6b9f

SHA512
97e42153bd5ce9bffdf166630dd677bc1e4945d24cb732dcaa616563b892046d4b9a70d556a9bf907947a8bfcf1c28edbd2dac11bfa4bf40a14db3399e6420d9

Download Submit
C:\Program Files (x86)\DroidCam\lib\install.bat

Filesize
254B

MD5
cfaaa32cc4fd40e36512f768bd75a0e1

SHA1
6ed1063ab547f65aace2fd98713df6d29834c19a

SHA256
d7b86a37b02fed2794904cb28c0fa64a1e0d2218fab608250c8531c1b9ddc439

SHA512
d2fe74d8e10b6378c48b72c9e22515a31592859d1f725bc86d9e48fcce9f7421e7afe477feb1c2041ff46b2620ad4244c887c670dc25e8acd70029e2166a0a93

Download Submit
C:\Program Files (x86)\DroidCam\libwinpthread-1.dll

Filesize
77KB

MD5
f154be41738cfcc36f571602666ea751

SHA1
22aefe1948b666232e3aae0c80731a0721be0c93

SHA256
66a2686d2fcdd3f3bfcf39a219519dbe597a8c5f94b4426da5d0e01f3a2d42cd

SHA512
2d6cbd710a290cb9d413798455c450fe985dbc50eabb4405f3588f3cd8a49f4d49bdf2553b3ff7e809814eaadae9d26caf16f50525609a2dd3fd44d32ebec8b9

Download Submit
C:\Program Files (x86)\DroidCam\swscale-5.dll

Filesize
636KB

MD5
050f6892cb1f9c76d482b967e891615f

SHA1
e37f60aefa9caff1772c7750ce97e23a79380c89

SHA256
c345bb33691f6a483b9da275c38a67974c8648f9e65800abb3057510dc7e81b7

SHA512
678ddc355bc0f0f9d17aab9c054d727cbf7db414e2744f6715e6aad715cd944bea04005ab4e0e2571e95b9aa9149e92edcd83bf5feaecc5457d765513619d0ac

Download Submit
C:\Program Files (x86)\DroidCam\vc_redist.x86.exe

Filesize
13.1MB

MD5
1a15e6606bac9647e7ad3caa543377cf

SHA1
bfb74e498c44d3a103ca3aa2831763fb417134d1

SHA256
fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14

SHA512
e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd

Download Submit
C:\Program Files (x86)\DroidCam\vc_redist.x86.exe

Filesize
11.3MB

MD5
9c50ae8119776752b622854e21706bf6

SHA1
313c19e04c8173bf006e709938d9746c0e4043a3

SHA256
f9cd3dbe1186e3425cb698d1009baf6d54af8ff537bc55a5d9d2888263d12acd

SHA512
ae6207b6bafdeae59386e12aea1dd7b9b1aca23ac00f3295f015061dfdcd71912f668bf93cc580dbbcf597c5e1f38ecf695292bfed7029cf202150329ca2dbed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb3D0A.tmp\System.dll

Filesize
11KB

MD5
c9473cb90d79a374b2ba6040ca16e45c

SHA1
ab95b54f12796dce57210d65f05124a6ed81234a

SHA256
b80a5cba69d1853ed5979b0ca0352437bf368a5cfb86cb4528edadd410e11352

SHA512
eafe7d5894622bc21f663bca4dd594392ee0f5b29270b6b56b0187093d6a3a103545464ff6398ad32d2cf15dab79b1f133218ba9ba337ddc01330b5ada804d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb3D0A.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb3D0A.tmp\nsDialogs.dll

Filesize
9KB

MD5
12465ce89d3853918ed3476d70223226

SHA1
4c9f4b8b77a254c2aeace08c78c1cffbb791640d

SHA256
5157fe688cca27d348171bd5a8b117de348c0844ca5cb82bc68cbd7d873a3fdc

SHA512
20495270bcd0cae3102ffae0a3e783fad5f0218a5e844c767b07a10d2cfab2fab0afb5e07befa531ba466393a3d6255741f89c6def21ec2887234f49adceea2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb3D0A.tmp\nsExec.dll

Filesize
6KB

MD5
0a6f707fa22c3f3e5d1abb54b0894ad6

SHA1
610cb2c3623199d0d7461fc775297e23cef88c4e

SHA256
370e47364561fa501b1300b056fb53fae12b1639fdf5f113275bee03546081c0

SHA512
af0c8ca0c892f1b757fbd700061f3d81417dff11d89bdff45e977de81ad51c97862406cf7e230e76cf99497f93f57bf09609740953cd81b0d795465ac2623ea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\wixstdba.dll

Filesize
118KB

MD5
4d20a950a3571d11236482754b4a8e76

SHA1
e68bd784ac143e206d52ecaf54a7e3b8d4d75c9c

SHA256
a9295ad4e909f979e2b6cb2b2495c3d35c8517e689cd64a918c690e17b49078b

SHA512
8b9243d1f9edbcbd6bdaf6874dc69c806bb29e909bd733781fde8ac80ca3fff574d786ca903871d1e856e73fd58403bebb58c9f23083ea7cd749ba3e890af3d2

Download Submit
C:\Windows\INF\c_media.PNF

Filesize
12KB

MD5
d6f787534eea52824abfef940379b071

SHA1
b200fb5e314de41c743ac84fc973584dee668946

SHA256
feedfdacbcff878dd0f877736f880b045941e25cd3c4013357d4e2a293a1e7d8

SHA512
7ba2d3f0858a5aea61486ba8eb96fed621384258b5055e97a314d9cde71081545d881059d9bcd5bce4f5cb2d7cc341090d2cc419cac44302708b8bef17e4beca

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
148KB

MD5
20ee0daffe0a59273ba2184c06336abf

SHA1
bbaaca4a0a696d57591b1a53ef546c9791797d97

SHA256
9ff8ca091054f1bea010a46e9427c0016431fb926f1c9087aea4e5a9169c881f

SHA512
c92a5b46fb5403c72c9c664dc8aa40ac7014ab5dbef0af1a9ba3580290e44ecba2dc35359284c8e8dd6bb49247270cfd12475398b7eef4fff242c4fb091c4a23

Download Submit
\??\c:\PROGRA~2\droidcam\lib\DROIDC~1.SYS

Filesize
32KB

MD5
914ddc54a23529414e080eee9e71a66e

SHA1
64534aef53e4a57a57e5c886f28793da0b5dd578

SHA256
381fbd51b799ba14e479b26c868fbe1a210e4d11285caf300873055f050c9b4f

SHA512
80f8489cee294f57ff3662e5f0a4b71afda57a151291c2fb323b4a2df1dbd737497f9558aeab8d4734631d54fe2c309f161778949ff8f1471dc53ffc305e9f73

Download Submit
\??\c:\PROGRA~2\droidcam\lib\droidcam.sys

Filesize
31KB

MD5
698755c4e814626f067b338a4cbc3cef

SHA1
2a2525417de84804c1487710d014d420322c4b8d

SHA256
4faf45a52c2fe736b7656d306ad2a6bc1876c12fdbb20663e2f866f0d914bde3

SHA512
1e106a77ae01fc3a64eeaf4194f07c673dcd083627679709084f7ad1259f50977c155e32630c502fa8b7fa9ac4ddf544433614df5597105c8ea07ee4644b5db6

Download Submit
\??\c:\program files (x86)\droidcam\lib\droidcam.cat

Filesize
10KB

MD5
ebbba34b954e31cbecf731232acfd5a0

SHA1
a3fa17a0640f59705068e23b7f028f4f621f70d6

SHA256
221487d538e1fda1cb54ce70ddea09f8a519e7112ef17b8bd504f483d9aa3952

SHA512
ea24a593b3b16c1305a4ab73c5db8bc03d078c16e3072bbb2fb37eab8154aea70a266cfc4ea478bc1bf5b7566dd3cc2f7d7e85b46b7864981bcbf2e7d87f984e

Download Submit
\??\c:\program files (x86)\droidcam\lib\droidcam.inf

Filesize
2KB

MD5
403d6b8ac68c827580c347449afd1e94

SHA1
9f8303cb71b7b032bf7ff4377c067780d6cf30c1

SHA256
025334d19394c41c24211ed36635fdd9f027fc23b654a4c00fabb8ffca568171

SHA512
7c67eb1e680ab0924de20bef851ff05490e2a040ff0f0ff420d3181072d527ddcef030e1692aff686afe6868d407516b48257ed1a04c8dc94ffcd5bed7d2c618

Download Submit
\??\c:\program files (x86)\droidcam\lib\droidcamvideo.cat

Filesize
10KB

MD5
0b88937e24a1df7009e0a994e3d6bc28

SHA1
adce740fad5a96274ae8ff89c449fbca9def58fa

SHA256
84a8687365e531d0e434464bde88ef458f1b04330b2086ab1256dc2094b33d34

SHA512
bca2b7a02b075a326889062ad282fd943c7b10c615410dcd334733bac39e3874c58ec82d3ea806784a986108e9e61ac0a0c0925107f7939ba90d1841fb5a3951

Download Submit
\??\c:\program files (x86)\droidcam\lib\droidcamvideo.inf

Filesize
3KB

MD5
95ce068c79c0f74c78b7e5b09c4072f0

SHA1
380212c9adb530c4559685bf22266663b4f63f81

SHA256
ba8ae153b8980e50320b4cbe790297aba97c1392068911cf2ec051a42dc4afa5

SHA512
16cef98cb513d3f978efdaa3c90ab3147bb998c1b12af55b428e2e54411203b3175ead3fbce15ef2933d1ee48e6a8d79d7473356bef353453b75992f10b3d5b6

Download Submit
memory/2748-317-0x00000271CCBA0000-0x00000271CCBB0000-memory.dmp

Filesize
64KB

Download
memory/2748-313-0x00000271CCB60000-0x00000271CCB70000-memory.dmp

Filesize
64KB

Download
memory/2748-324-0x00000271D56D0000-0x00000271D56D1000-memory.dmp

Filesize
4KB

Download
memory/2748-326-0x00000271D5750000-0x00000271D5751000-memory.dmp

Filesize
4KB

Download
memory/2748-328-0x00000271D5750000-0x00000271D5751000-memory.dmp

Filesize
4KB

Download
memory/2748-329-0x00000271D57E0000-0x00000271D57E1000-memory.dmp

Filesize
4KB

Download
memory/2748-330-0x00000271D57E0000-0x00000271D57E1000-memory.dmp

Filesize
4KB

Download
memory/2748-331-0x00000271D57E0000-0x00000271D57E1000-memory.dmp

Filesize
4KB

Download
memory/2748-332-0x00000271D57E0000-0x00000271D57E1000-memory.dmp

Filesize
4KB

Download
memory/2836-311-0x0000000073C80000-0x0000000073E4C000-memory.dmp

Filesize
1.8MB

Download
memory/2836-310-0x0000000073BB0000-0x0000000073C78000-memory.dmp

Filesize
800KB

Download