a793ed0f76ab045ce33129e2ed1b6a9f850939a2dadd0ab25d53971da017e271

General

Target

InstallDriver.exe
Size

5.1MB
MD5

b9064bedad4256b74fb3bee66227de0e
SHA1

e7f9d23e4902869f0fa4470d94bf777dd6af0cf0
SHA256

a793ed0f76ab045ce33129e2ed1b6a9f850939a2dadd0ab25d53971da017e271
SHA512

1cf53cba82ecaedade0ef89ef5b9215309a9fc046a24e0a862912c016d14eb5aad3e90ca20592228ad577f2471dcad72b20316436d0f156c7716237ca94df0ba
SSDEEP

98304:WZUzSL6E9TcuGwU3f2e66M6acZ9PI0qMqxuHkCcB1V50uZf5RikgxaeiN:WyOWUcHwU3f2BcM0RqxuHvIxZTikpn

Score

8^/10

Malware Config

Signatures

Manipulates Digital Signatures 1 TTPs 4 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B\Blob = 030000000100000014000000c63ec2fc30fdf83cdb8d188b556a95bafb29306b02000000010000004c0000001c0000000000000001000000200000000000000000000000020000006c006900620077006400690020006b0065007900200063006f006e007400610069006e006500720000000000000000000b000000010000000e0000006c0069006200770064006900000020000000010000009802000030820294308201fda003020102021053dc1c67069a43ba48f02e8501078663300d06092a864886f70d010105050030493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d301e170d3234303430363032353731345a170d3239303130313030303030305a30493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100bd2075cdb2707ee64f25a0dd4eac9bf8ac9d522dacb2caa876ae1f42fc70ac4a987edd653aeb95a1884bf3f0a137e5b02011a0147304c5ddf3c78c681951cfc54d5bc60cf90e8984487faee7b0c96094beeff4e58ab4b6a2d2b5296c4ea86ecba46fce5b0874f36492ba6c90b487373a8fbc55b58d89a48543e342d6bd51b8210203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004fab1b131cab6c6e228dfbd3bf59df2993778c35b95459bc01aaf7719685a67e34f09c8ffef1d156082e4d5066a4fd99bd5d21c9d85dd55f280556ed1b34b5107f1f464d3ba921f780ab51d50e4b774184b7ee6c335766c10438d9c36118f841b4e51eb501f62ca3cffacfc1bf9569ebd9a9f8635a3c8951f645c5cddb4ecf74	dpscat.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B	dpscat.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B\Blob = 030000000100000014000000c63ec2fc30fdf83cdb8d188b556a95bafb29306b20000000010000009802000030820294308201fda003020102021053dc1c67069a43ba48f02e8501078663300d06092a864886f70d010105050030493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d301e170d3234303430363032353731345a170d3239303130313030303030305a30493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100bd2075cdb2707ee64f25a0dd4eac9bf8ac9d522dacb2caa876ae1f42fc70ac4a987edd653aeb95a1884bf3f0a137e5b02011a0147304c5ddf3c78c681951cfc54d5bc60cf90e8984487faee7b0c96094beeff4e58ab4b6a2d2b5296c4ea86ecba46fce5b0874f36492ba6c90b487373a8fbc55b58d89a48543e342d6bd51b8210203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004fab1b131cab6c6e228dfbd3bf59df2993778c35b95459bc01aaf7719685a67e34f09c8ffef1d156082e4d5066a4fd99bd5d21c9d85dd55f280556ed1b34b5107f1f464d3ba921f780ab51d50e4b774184b7ee6c335766c10438d9c36118f841b4e51eb501f62ca3cffacfc1bf9569ebd9a9f8635a3c8951f645c5cddb4ecf74	dpscat.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B\Blob = 0b000000010000000e0000006c00690062007700640069000000030000000100000014000000c63ec2fc30fdf83cdb8d188b556a95bafb29306b20000000010000009802000030820294308201fda003020102021053dc1c67069a43ba48f02e8501078663300d06092a864886f70d010105050030493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d301e170d3234303430363032353731345a170d3239303130313030303030305a30493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100bd2075cdb2707ee64f25a0dd4eac9bf8ac9d522dacb2caa876ae1f42fc70ac4a987edd653aeb95a1884bf3f0a137e5b02011a0147304c5ddf3c78c681951cfc54d5bc60cf90e8984487faee7b0c96094beeff4e58ab4b6a2d2b5296c4ea86ecba46fce5b0874f36492ba6c90b487373a8fbc55b58d89a48543e342d6bd51b8210203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004fab1b131cab6c6e228dfbd3bf59df2993778c35b95459bc01aaf7719685a67e34f09c8ffef1d156082e4d5066a4fd99bd5d21c9d85dd55f280556ed1b34b5107f1f464d3ba921f780ab51d50e4b774184b7ee6c335766c10438d9c36118f841b4e51eb501f62ca3cffacfc1bf9569ebd9a9f8635a3c8951f645c5cddb4ecf74	dpscat.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation	InstallDriver.exe

Executes dropped EXE 2 IoCs

pid	Process
4828	dpscat.exe
2464	dpinst64.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\DPINST.LOG	dpinst64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 10 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B\Blob = 030000000100000014000000c63ec2fc30fdf83cdb8d188b556a95bafb29306b02000000010000004c0000001c0000000000000001000000200000000000000000000000020000006c006900620077006400690020006b0065007900200063006f006e007400610069006e006500720000000000000000000b000000010000000e0000006c0069006200770064006900000020000000010000009802000030820294308201fda003020102021053dc1c67069a43ba48f02e8501078663300d06092a864886f70d010105050030493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d301e170d3234303430363032353731345a170d3239303130313030303030305a30493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100bd2075cdb2707ee64f25a0dd4eac9bf8ac9d522dacb2caa876ae1f42fc70ac4a987edd653aeb95a1884bf3f0a137e5b02011a0147304c5ddf3c78c681951cfc54d5bc60cf90e8984487faee7b0c96094beeff4e58ab4b6a2d2b5296c4ea86ecba46fce5b0874f36492ba6c90b487373a8fbc55b58d89a48543e342d6bd51b8210203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004fab1b131cab6c6e228dfbd3bf59df2993778c35b95459bc01aaf7719685a67e34f09c8ffef1d156082e4d5066a4fd99bd5d21c9d85dd55f280556ed1b34b5107f1f464d3ba921f780ab51d50e4b774184b7ee6c335766c10438d9c36118f841b4e51eb501f62ca3cffacfc1bf9569ebd9a9f8635a3c8951f645c5cddb4ecf74	dpscat.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B	dpscat.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B\Blob = 030000000100000014000000c63ec2fc30fdf83cdb8d188b556a95bafb29306b20000000010000009802000030820294308201fda003020102021053dc1c67069a43ba48f02e8501078663300d06092a864886f70d010105050030493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d301e170d3234303430363032353731345a170d3239303130313030303030305a30493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100bd2075cdb2707ee64f25a0dd4eac9bf8ac9d522dacb2caa876ae1f42fc70ac4a987edd653aeb95a1884bf3f0a137e5b02011a0147304c5ddf3c78c681951cfc54d5bc60cf90e8984487faee7b0c96094beeff4e58ab4b6a2d2b5296c4ea86ecba46fce5b0874f36492ba6c90b487373a8fbc55b58d89a48543e342d6bd51b8210203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004fab1b131cab6c6e228dfbd3bf59df2993778c35b95459bc01aaf7719685a67e34f09c8ffef1d156082e4d5066a4fd99bd5d21c9d85dd55f280556ed1b34b5107f1f464d3ba921f780ab51d50e4b774184b7ee6c335766c10438d9c36118f841b4e51eb501f62ca3cffacfc1bf9569ebd9a9f8635a3c8951f645c5cddb4ecf74	dpscat.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B\Blob = 0b000000010000000e0000006c00690062007700640069000000030000000100000014000000c63ec2fc30fdf83cdb8d188b556a95bafb29306b20000000010000009802000030820294308201fda003020102021053dc1c67069a43ba48f02e8501078663300d06092a864886f70d010105050030493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d301e170d3234303430363032353731345a170d3239303130313030303030305a30493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100bd2075cdb2707ee64f25a0dd4eac9bf8ac9d522dacb2caa876ae1f42fc70ac4a987edd653aeb95a1884bf3f0a137e5b02011a0147304c5ddf3c78c681951cfc54d5bc60cf90e8984487faee7b0c96094beeff4e58ab4b6a2d2b5296c4ea86ecba46fce5b0874f36492ba6c90b487373a8fbc55b58d89a48543e342d6bd51b8210203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004fab1b131cab6c6e228dfbd3bf59df2993778c35b95459bc01aaf7719685a67e34f09c8ffef1d156082e4d5066a4fd99bd5d21c9d85dd55f280556ed1b34b5107f1f464d3ba921f780ab51d50e4b774184b7ee6c335766c10438d9c36118f841b4e51eb501f62ca3cffacfc1bf9569ebd9a9f8635a3c8951f645c5cddb4ecf74	dpscat.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B\Blob = 030000000100000014000000c63ec2fc30fdf83cdb8d188b556a95bafb29306b02000000010000004c0000001c0000000000000001000000200000000000000000000000020000006c006900620077006400690020006b0065007900200063006f006e007400610069006e006500720000000000000000000b000000010000000e0000006c0069006200770064006900000020000000010000009802000030820294308201fda003020102021053dc1c67069a43ba48f02e8501078663300d06092a864886f70d010105050030493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d301e170d3234303430363032353731345a170d3239303130313030303030305a30493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100bd2075cdb2707ee64f25a0dd4eac9bf8ac9d522dacb2caa876ae1f42fc70ac4a987edd653aeb95a1884bf3f0a137e5b02011a0147304c5ddf3c78c681951cfc54d5bc60cf90e8984487faee7b0c96094beeff4e58ab4b6a2d2b5296c4ea86ecba46fce5b0874f36492ba6c90b487373a8fbc55b58d89a48543e342d6bd51b8210203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004fab1b131cab6c6e228dfbd3bf59df2993778c35b95459bc01aaf7719685a67e34f09c8ffef1d156082e4d5066a4fd99bd5d21c9d85dd55f280556ed1b34b5107f1f464d3ba921f780ab51d50e4b774184b7ee6c335766c10438d9c36118f841b4e51eb501f62ca3cffacfc1bf9569ebd9a9f8635a3c8951f645c5cddb4ecf74	dpscat.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B	dpscat.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B	dpscat.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B\Blob = 030000000100000014000000c63ec2fc30fdf83cdb8d188b556a95bafb29306b20000000010000009802000030820294308201fda003020102021053dc1c67069a43ba48f02e8501078663300d06092a864886f70d010105050030493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d301e170d3234303430363032353731345a170d3239303130313030303030305a30493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100bd2075cdb2707ee64f25a0dd4eac9bf8ac9d522dacb2caa876ae1f42fc70ac4a987edd653aeb95a1884bf3f0a137e5b02011a0147304c5ddf3c78c681951cfc54d5bc60cf90e8984487faee7b0c96094beeff4e58ab4b6a2d2b5296c4ea86ecba46fce5b0874f36492ba6c90b487373a8fbc55b58d89a48543e342d6bd51b8210203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004fab1b131cab6c6e228dfbd3bf59df2993778c35b95459bc01aaf7719685a67e34f09c8ffef1d156082e4d5066a4fd99bd5d21c9d85dd55f280556ed1b34b5107f1f464d3ba921f780ab51d50e4b774184b7ee6c335766c10438d9c36118f841b4e51eb501f62ca3cffacfc1bf9569ebd9a9f8635a3c8951f645c5cddb4ecf74	dpscat.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B\Blob = 0b000000010000000e0000006c00690062007700640069000000030000000100000014000000c63ec2fc30fdf83cdb8d188b556a95bafb29306b20000000010000009802000030820294308201fda003020102021053dc1c67069a43ba48f02e8501078663300d06092a864886f70d010105050030493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d301e170d3234303430363032353731345a170d3239303130313030303030305a30493147304506035504031e3e004d006900630072006f0073006f0066007400200028005500530042005f0042006f006f0074002e0069006e006600290020005b00530065006c0066005d30819f300d06092a864886f70d010101050003818d0030818902818100bd2075cdb2707ee64f25a0dd4eac9bf8ac9d522dacb2caa876ae1f42fc70ac4a987edd653aeb95a1884bf3f0a137e5b02011a0147304c5ddf3c78c681951cfc54d5bc60cf90e8984487faee7b0c96094beeff4e58ab4b6a2d2b5296c4ea86ecba46fce5b0874f36492ba6c90b487373a8fbc55b58d89a48543e342d6bd51b8210203010001a37d307b30160603551d250101ff040c300a06082b0601050507030330200603551d07041930178615687474703a2f2f6c69627764692e616b656f2e6965303f0603551d2004383036303406082b060105050702013028302606082b06010505070201161a687474703a2f2f6c69627764692d6370732e616b656f2e696500300d06092a864886f70d0101050500038181004fab1b131cab6c6e228dfbd3bf59df2993778c35b95459bc01aaf7719685a67e34f09c8ffef1d156082e4d5066a4fd99bd5d21c9d85dd55f280556ed1b34b5107f1f464d3ba921f780ab51d50e4b774184b7ee6c335766c10438d9c36118f841b4e51eb501f62ca3cffacfc1bf9569ebd9a9f8635a3c8951f645c5cddb4ecf74	dpscat.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\C63EC2FC30FDF83CDB8D188B556A95BAFB29306B	dpscat.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 4828	5024	InstallDriver.exe	89
PID 5024 wrote to memory of 4828	5024	InstallDriver.exe	89
PID 5024 wrote to memory of 4828	5024	InstallDriver.exe	89
PID 5024 wrote to memory of 2464	5024	InstallDriver.exe	90
PID 5024 wrote to memory of 2464	5024	InstallDriver.exe	90

C:\Users\Admin\AppData\Local\Temp\InstallDriver.exe
"C:\Users\Admin\AppData\Local\Temp\InstallDriver.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\dpscat.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\dpscat.exe"
  2⤵
  - Manipulates Digital Signatures
  - Executes dropped EXE
  - Modifies system certificate store
  PID:4828
- C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\dpinst64.exe
  "C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\dpinst64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

2

T1553

Install Root Certificate

1

T1553.004

SIP and Trust Provider Hijacking

1

T1553.003

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\USB_Boot.inf

Filesize
8KB

MD5
a8b0eb772b73862c76670590e6031f5b

SHA1
3f7631c4cc837d90ef4867fe2e1ff3aba45825c7

SHA256
6db5517891344c32eebb4b4332c1b0141f0b07c265843daa67fd932eb5f28c9b

SHA512
720a36d14e6981967b163652eedd97d251c116a1118d5db4a6ca5a8c91efae77c8b7fde65386157641c0fd30a6189b65e3b9e7ce4b21fcef973c54dd609c69e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\amd64\libusbk.dll

Filesize
96KB

MD5
7abe7f583d5d52de4a9727f94419cc4b

SHA1
fa8489441ac82d22567b5c3d5b494576df54f37d

SHA256
592cd24bae321f1cb6cbe2f6e1bc5c05e279328e1c86814eb64ea1e89fdea188

SHA512
ec7c734dd954b7ffd5eb320c41a7dd7f481a632c8314028b020986e6310fb5eb25b7b274b6df1b442a9204d449f70d848032a7514776254ebee978753fedf3dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\amd64\wdfcoinstaller01009.dll

Filesize
1.6MB

MD5
4da5da193e0e4f86f6f8fd43ef25329a

SHA1
68a44d37ff535a2c454f2440e1429833a1c6d810

SHA256
18487b4ff94edccc98ed59d9fca662d4a1331c5f1e14df8db3093256dd9f1c3e

SHA512
b3d73ed5e45d6f2908b2f3086390dd28c1631e298756cee9bdf26b185f0b77d1b8c03ad55e0495dba982c5bed4a03337b130c76f7112f3e19821127d2cf36853

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\amd64\winusbcoinstaller2.dll

Filesize
979KB

MD5
246900ce6474718730ecd4f873234cf5

SHA1
0c84b56c82e4624824154d27926ded1c45f4b331

SHA256
981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6

SHA512
6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\dpinst.xml

Filesize
661B

MD5
83f46ef4f06d32f8b3201a2ea2189e19

SHA1
d1aca0fd1646bf0abf5ffb42b0ca27345c7155ae

SHA256
127b6d24415b513c1f3b5ffe63af1b395dbf868dafec44c4cbb367d81db9ae0c

SHA512
7b48181bc0d183416294c6277ce4205355868cc7be705dfb24d0baf70865173fde578222f6e1c8ffd9bea4ef58d6f4375b7e3eac9236f64bd7ae0fc0c55a84a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\dpinst64.exe

Filesize
1.0MB

MD5
be3c79033fa8302002d9d3a6752f2263

SHA1
a01147731f2e500282eca5ece149bcc5423b59d6

SHA256
181bf85d3b5900ff8abed34bc415afc37fc322d9d7702e14d144f96a908f5cab

SHA512
77097f220cc6d22112b314d3e42b6eedb9ccd72beb655b34656326c2c63fb9209977ddac20e9c53c4ec7ccc8ea6910f400f050f4b0cb98c9f42f89617965aaea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\dpscat.exe

Filesize
36KB

MD5
eb7409d7cd6e8d8edec5e3209385f88a

SHA1
31555fc8fca9ee669a82dafe4b5876900877a61d

SHA256
7a40e13568d9a4e33fb7ed34dc0abd21a9c097beae9c0e4ade3b99f05a0f60d9

SHA512
4038ad98ac4550daad41011de597c54a57f923b624c9088f52ebbbbc5822466959e08d00d9276a35c78133807b22613a52811a7517629a16e93a52a041b44f4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7ZipSfx_000\x86\libusbk_x86.dll

Filesize
82KB

MD5
22e9219bc86bb8d3fb6209acdbf76739

SHA1
fc2350e45b0c7bdac7ac35f42b65f5fdfd622464

SHA256
22803c719494f193d22519bfaff9484fecdcf1fadd6f082efd024fcee0b97ba4

SHA512
411b5440ce5321e07a1e0ca3cae8699132792a5deeb348a0ed1078b9f43f4628568cb338621eeb879416e33e4c7e4f8db7387b5e244e1e1e57712d4aa1ef4bde

Download Submit

Analysis

Sharing