879a1f5ebda081f1ca1db7750a0c159136288d1185d54fe0b01ee5f62ea169f9

Analysis

max time kernel
76s
max time network
92s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DriversCloud_Win_zx87g9z2kr_.exe
Size

1.9MB
MD5

8da6433d405b55961e302babc9ffb1ff
SHA1

803be7d4b874681e869de3837658bd61e7f8efde
SHA256

879a1f5ebda081f1ca1db7750a0c159136288d1185d54fe0b01ee5f62ea169f9
SHA512

00daa1952d755b4dbd437bdae434ac6312e795da737b5a5091856e0f2ddbf7eb51cc60e02ffb3f61a003da16c38752d118ca423bf56cd076a7baebcb15c2f742
SSDEEP

49152:hdqn9ce9ET2Ja+4gM4tUBjbUqPEuH8jX6m7+D:hdeieiTi474tyjwIAX6m7w

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0006000000015ceb-27.dat	acprotect
behavioral1/memory/2104-37-0x0000000074A60000-0x0000000074A6B000-memory.dmp	acprotect
behavioral1/memory/2104-347-0x0000000074A60000-0x0000000074A6B000-memory.dmp	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000015ceb-27.dat	upx
behavioral1/memory/2104-37-0x0000000074A60000-0x0000000074A6B000-memory.dmp	upx
behavioral1/memory/2104-347-0x0000000074A60000-0x0000000074A6B000-memory.dmp	upx

Blocklisted process makes network request 6 IoCs

flow	pid	Process
14	1288	MsiExec.exe
16	1288	MsiExec.exe
17	3004	msiexec.exe
19	1588	MsiExec.exe
21	1588	MsiExec.exe
22	784	msiexec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	mcsetup.exe
File opened (read-only)	\??\S:	mcsetup.exe
File opened (read-only)	\??\U:	mcsetup.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	mcsetup.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	mcsetup.exe
File opened (read-only)	\??\Z:	mcsetup.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\G:	mcsetup.exe
File opened (read-only)	\??\H:	mcsetup.exe
File opened (read-only)	\??\T:	mcsetup.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\W:	mcsetup.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	mcsetup.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\B:	mcsetup.exe
File opened (read-only)	\??\K:	mcsetup.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	mcsetup.exe
File opened (read-only)	\??\L:	mcsetup.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	mcsetup.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\N:	mcsetup.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	mcsetup.exe
File opened (read-only)	\??\M:	mcsetup.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	mcsetup.exe
File opened (read-only)	\??\V:	mcsetup.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DriversCloudAgent.exe

Drops file in Program Files directory 13 IoCs

description	ioc	Process
File created	C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\Drivers\DriversCloud_x86.sys	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\Drivers\driverscloud_amd64.cat	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\binaries\DriversCloudConfig.dll	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\DCEngine.dll	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\DCWebAPI.dll	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.html	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\CPUID\cpuidsdk64.dll	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\Drivers\DriversCloud_amd64.sys	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\Drivers\DriversCloud.inf	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\Drivers\driverscloud_x86.cat	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe	msiexec.exe
File created	C:\Program Files\Cybelsoft\DriversCloud.com\DCCrypt.dll	msiexec.exe

Drops file in Windows directory 25 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI4138.tmp	msiexec.exe
File created	C:\Windows\Installer\f7728b6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2EB7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2FB2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI310B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3A42.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\f7728b6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3245.tmp	msiexec.exe
File created	C:\Windows\Installer\f7728b7.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3ACF.tmp	msiexec.exe
File created	C:\Windows\Fonts\RobotoCondensed.ttc	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3B7C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{3D365D3E-CCC4-4EF8-B14F-EC3FB8F89145}\SystemFoldermsiexec.exe	msiexec.exe
File opened for modification	C:\Windows\Installer\f7728b7.ipi	msiexec.exe
File created	C:\Windows\Installer\{3D365D3E-CCC4-4EF8-B14F-EC3FB8F89145}\DriversCloud.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI31C7.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4149.tmp	msiexec.exe
File created	C:\Windows\Installer\{3D365D3E-CCC4-4EF8-B14F-EC3FB8F89145}\SystemFoldermsiexec.exe	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI305E.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\{3D365D3E-CCC4-4EF8-B14F-EC3FB8F89145}\DriversCloud.exe	msiexec.exe
File created	C:\Windows\Installer\f7728b9.msi	msiexec.exe

Executes dropped EXE 4 IoCs

pid	Process
2736	mcsetup.exe
280	DriversCloudAgent.exe
2528	DriversCloudAgent.exe
2184	DriversCloud.exe

Loads dropped DLL 60 IoCs

pid	Process
2104	DriversCloud_Win_zx87g9z2kr_.exe
2104	DriversCloud_Win_zx87g9z2kr_.exe
2104	DriversCloud_Win_zx87g9z2kr_.exe
2104	DriversCloud_Win_zx87g9z2kr_.exe
2104	DriversCloud_Win_zx87g9z2kr_.exe
2104	DriversCloud_Win_zx87g9z2kr_.exe
2104	DriversCloud_Win_zx87g9z2kr_.exe
2104	DriversCloud_Win_zx87g9z2kr_.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1288	MsiExec.exe
1588	MsiExec.exe
1588	MsiExec.exe
1588	MsiExec.exe
1588	MsiExec.exe
1588	MsiExec.exe
1588	MsiExec.exe
1588	MsiExec.exe
1588	MsiExec.exe
1588	MsiExec.exe
1588	MsiExec.exe
1588	MsiExec.exe
2128	MsiExec.exe
2540	MsiExec.exe
2540	MsiExec.exe
2540	MsiExec.exe
2540	MsiExec.exe
2540	MsiExec.exe
2540	MsiExec.exe
2540	MsiExec.exe
784	msiexec.exe
784	msiexec.exe
784	msiexec.exe
280	DriversCloudAgent.exe
280	DriversCloudAgent.exe
280	DriversCloudAgent.exe
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
2128	MsiExec.exe
2128	MsiExec.exe
2128	MsiExec.exe
2128	MsiExec.exe
2128	MsiExec.exe
2128	MsiExec.exe
2528	DriversCloudAgent.exe
2528	DriversCloudAgent.exe
2528	DriversCloudAgent.exe
1588	MsiExec.exe
1588	MsiExec.exe
1196	Process not Found
1196	Process not Found
1588	MsiExec.exe
1588	MsiExec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe

Modifies registry class 38 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\driverscloud\shell\open	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E3D563D34CCC8FE41BF4CEF38B8F1954	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E3D563D34CCC8FE41BF4CEF38B8F1954\Feature_4	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E3D563D34CCC8FE41BF4CEF38B8F1954\Feature_2	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\PackageCode = "B620EC088702198469F79E96D4E06520"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\shell\open\command	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Roaming\\Cybelsoft\\DriversCloud.com 12.0.24\\install\\8F89145\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\shell\open	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\ProductIcon = "C:\\Windows\\Installer\\{3D365D3E-CCC4-4EF8-B14F-EC3FB8F89145}\\DriversCloud.exe"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\Url protocol	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E3D563D34CCC8FE41BF4CEF38B8F1954\Feature	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\ProductName = "DriversCloud.com"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\AdvertiseFlags = "388"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3254AD142D6BA504CB44F6B58899F2E3\E3D563D34CCC8FE41BF4CEF38B8F1954	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Roaming\\Cybelsoft\\DriversCloud.com 12.0.24\\install\\8F89145\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\driverscloud\shell	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\shell	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\ = "URL:driverscloud protocol"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\Version = "201326616"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\3254AD142D6BA504CB44F6B58899F2E3	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\driverscloud	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\driverscloud\shell\open\command\ = "C:\\Program Files\\Cybelsoft\\DriversCloud.com\\DriversCloud.exe %1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\E3D563D34CCC8FE41BF4CEF38B8F1954\MainFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\E3D563D34CCC8FE41BF4CEF38B8F1954\SourceList\PackageName = "maconfsetup.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\driverscloud\shell\open\command	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
784	msiexec.exe
784	msiexec.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
480	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	784	msiexec.exe
Token: SeTakeOwnershipPrivilege	784	msiexec.exe
Token: SeSecurityPrivilege	784	msiexec.exe
Token: SeCreateTokenPrivilege	2736	mcsetup.exe
Token: SeAssignPrimaryTokenPrivilege	2736	mcsetup.exe
Token: SeLockMemoryPrivilege	2736	mcsetup.exe
Token: SeIncreaseQuotaPrivilege	2736	mcsetup.exe
Token: SeMachineAccountPrivilege	2736	mcsetup.exe
Token: SeTcbPrivilege	2736	mcsetup.exe
Token: SeSecurityPrivilege	2736	mcsetup.exe
Token: SeTakeOwnershipPrivilege	2736	mcsetup.exe
Token: SeLoadDriverPrivilege	2736	mcsetup.exe
Token: SeSystemProfilePrivilege	2736	mcsetup.exe
Token: SeSystemtimePrivilege	2736	mcsetup.exe
Token: SeProfSingleProcessPrivilege	2736	mcsetup.exe
Token: SeIncBasePriorityPrivilege	2736	mcsetup.exe
Token: SeCreatePagefilePrivilege	2736	mcsetup.exe
Token: SeCreatePermanentPrivilege	2736	mcsetup.exe
Token: SeBackupPrivilege	2736	mcsetup.exe
Token: SeRestorePrivilege	2736	mcsetup.exe
Token: SeShutdownPrivilege	2736	mcsetup.exe
Token: SeDebugPrivilege	2736	mcsetup.exe
Token: SeAuditPrivilege	2736	mcsetup.exe
Token: SeSystemEnvironmentPrivilege	2736	mcsetup.exe
Token: SeChangeNotifyPrivilege	2736	mcsetup.exe
Token: SeRemoteShutdownPrivilege	2736	mcsetup.exe
Token: SeUndockPrivilege	2736	mcsetup.exe
Token: SeSyncAgentPrivilege	2736	mcsetup.exe
Token: SeEnableDelegationPrivilege	2736	mcsetup.exe
Token: SeManageVolumePrivilege	2736	mcsetup.exe
Token: SeImpersonatePrivilege	2736	mcsetup.exe
Token: SeCreateGlobalPrivilege	2736	mcsetup.exe
Token: SeCreateTokenPrivilege	2736	mcsetup.exe
Token: SeAssignPrimaryTokenPrivilege	2736	mcsetup.exe
Token: SeLockMemoryPrivilege	2736	mcsetup.exe
Token: SeIncreaseQuotaPrivilege	2736	mcsetup.exe
Token: SeMachineAccountPrivilege	2736	mcsetup.exe
Token: SeTcbPrivilege	2736	mcsetup.exe
Token: SeSecurityPrivilege	2736	mcsetup.exe
Token: SeTakeOwnershipPrivilege	2736	mcsetup.exe
Token: SeLoadDriverPrivilege	2736	mcsetup.exe
Token: SeSystemProfilePrivilege	2736	mcsetup.exe
Token: SeSystemtimePrivilege	2736	mcsetup.exe
Token: SeProfSingleProcessPrivilege	2736	mcsetup.exe
Token: SeIncBasePriorityPrivilege	2736	mcsetup.exe
Token: SeCreatePagefilePrivilege	2736	mcsetup.exe
Token: SeCreatePermanentPrivilege	2736	mcsetup.exe
Token: SeBackupPrivilege	2736	mcsetup.exe
Token: SeRestorePrivilege	2736	mcsetup.exe
Token: SeShutdownPrivilege	2736	mcsetup.exe
Token: SeDebugPrivilege	2736	mcsetup.exe
Token: SeAuditPrivilege	2736	mcsetup.exe
Token: SeSystemEnvironmentPrivilege	2736	mcsetup.exe
Token: SeChangeNotifyPrivilege	2736	mcsetup.exe
Token: SeRemoteShutdownPrivilege	2736	mcsetup.exe
Token: SeUndockPrivilege	2736	mcsetup.exe
Token: SeSyncAgentPrivilege	2736	mcsetup.exe
Token: SeEnableDelegationPrivilege	2736	mcsetup.exe
Token: SeManageVolumePrivilege	2736	mcsetup.exe
Token: SeImpersonatePrivilege	2736	mcsetup.exe
Token: SeCreateGlobalPrivilege	2736	mcsetup.exe
Token: SeCreateTokenPrivilege	2736	mcsetup.exe
Token: SeAssignPrimaryTokenPrivilege	2736	mcsetup.exe
Token: SeLockMemoryPrivilege	2736	mcsetup.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2736	mcsetup.exe
2736	mcsetup.exe
3004	msiexec.exe
3004	msiexec.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2736	2104	DriversCloud_Win_zx87g9z2kr_.exe	28
PID 2104 wrote to memory of 2736	2104	DriversCloud_Win_zx87g9z2kr_.exe	28
PID 2104 wrote to memory of 2736	2104	DriversCloud_Win_zx87g9z2kr_.exe	28
PID 2104 wrote to memory of 2736	2104	DriversCloud_Win_zx87g9z2kr_.exe	28
PID 2104 wrote to memory of 2736	2104	DriversCloud_Win_zx87g9z2kr_.exe	28
PID 2104 wrote to memory of 2736	2104	DriversCloud_Win_zx87g9z2kr_.exe	28
PID 2104 wrote to memory of 2736	2104	DriversCloud_Win_zx87g9z2kr_.exe	28
PID 784 wrote to memory of 1288	784	msiexec.exe	30
PID 784 wrote to memory of 1288	784	msiexec.exe	30
PID 784 wrote to memory of 1288	784	msiexec.exe	30
PID 784 wrote to memory of 1288	784	msiexec.exe	30
PID 784 wrote to memory of 1288	784	msiexec.exe	30
PID 784 wrote to memory of 1288	784	msiexec.exe	30
PID 784 wrote to memory of 1288	784	msiexec.exe	30
PID 2736 wrote to memory of 3004	2736	mcsetup.exe	35
PID 2736 wrote to memory of 3004	2736	mcsetup.exe	35
PID 2736 wrote to memory of 3004	2736	mcsetup.exe	35
PID 2736 wrote to memory of 3004	2736	mcsetup.exe	35
PID 2736 wrote to memory of 3004	2736	mcsetup.exe	35
PID 2736 wrote to memory of 3004	2736	mcsetup.exe	35
PID 2736 wrote to memory of 3004	2736	mcsetup.exe	35
PID 784 wrote to memory of 1588	784	msiexec.exe	36
PID 784 wrote to memory of 1588	784	msiexec.exe	36
PID 784 wrote to memory of 1588	784	msiexec.exe	36
PID 784 wrote to memory of 1588	784	msiexec.exe	36
PID 784 wrote to memory of 1588	784	msiexec.exe	36
PID 784 wrote to memory of 1588	784	msiexec.exe	36
PID 784 wrote to memory of 1588	784	msiexec.exe	36
PID 784 wrote to memory of 2128	784	msiexec.exe	41
PID 784 wrote to memory of 2128	784	msiexec.exe	41
PID 784 wrote to memory of 2128	784	msiexec.exe	41
PID 784 wrote to memory of 2128	784	msiexec.exe	41
PID 784 wrote to memory of 2128	784	msiexec.exe	41
PID 784 wrote to memory of 2540	784	msiexec.exe	42
PID 784 wrote to memory of 2540	784	msiexec.exe	42
PID 784 wrote to memory of 2540	784	msiexec.exe	42
PID 784 wrote to memory of 2540	784	msiexec.exe	42
PID 784 wrote to memory of 2540	784	msiexec.exe	42
PID 784 wrote to memory of 2540	784	msiexec.exe	42
PID 784 wrote to memory of 2540	784	msiexec.exe	42
PID 784 wrote to memory of 280	784	msiexec.exe	43
PID 784 wrote to memory of 280	784	msiexec.exe	43
PID 784 wrote to memory of 280	784	msiexec.exe	43
PID 784 wrote to memory of 2184	784	msiexec.exe	46
PID 784 wrote to memory of 2184	784	msiexec.exe	46
PID 784 wrote to memory of 2184	784	msiexec.exe	46

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\DriversCloud_Win_zx87g9z2kr_.exe
"C:\Users\Admin\AppData\Local\Temp\DriversCloud_Win_zx87g9z2kr_.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\mcsetup.exe
  C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\mcsetup.exe /exelang 1033 DCTOKEN=zx87g9z2kr
  2⤵
  - Enumerates connected drives
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Windows\SysWOW64\msiexec.exe
    "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 12.0.24\install\8F89145\maconfsetup.msi" DCTOKEN=zx87g9z2kr AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\mcsetup.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\ EXE_CMD_LINE="/exelang 1033 /exenoupdates /forcecleanup /wintime 1719361641 DCTOKEN=zx87g9z2kr "
    3⤵
    - Blocklisted process makes network request
    - Enumerates connected drives
    - Suspicious use of FindShellTrayWindow
    PID:3004

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:784
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 91FCB6A717818924F8B1521276A433F1 C
  2⤵
  - Blocklisted process makes network request
  - Loads dropped DLL
  PID:1288
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 56B2D032DCF586AAA3DDC4E9278D1847 C
  2⤵
  - Blocklisted process makes network request
  - Loads dropped DLL
  PID:1588
- C:\Windows\system32\MsiExec.exe
  C:\Windows\system32\MsiExec.exe -Embedding ADA5CB3643C1DB285C22CEA4FCECC04E
  2⤵
  - Loads dropped DLL
  PID:2128
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 85CFACC0715759997D5E24E6B615E18C
  2⤵
  - Loads dropped DLL
  PID:2540
- C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe
  "C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe" -i /parefeu=1 /lan=en /dctoken=zx87g9z2kr
  2⤵
  - Drops file in System32 directory
  - Executes dropped EXE
  - Loads dropped DLL
  PID:280
- C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe
  "C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe"
  2⤵
  - Executes dropped EXE
  PID:2184

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:2788

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005A8" "000000000000038C"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:1692

C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe
"C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloudAgent.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f7728b8.rbs

Filesize
15KB

MD5
e428b4544843f42efcb5785af1e43303

SHA1
52083dfdb2cf2aa20db7bab9fefcecf090fab18b

SHA256
289953c80240165cfb22294a87c59b650f0d4d5b0c53721909fefcc88d5ad438

SHA512
7e481366817d56d4894e0c103778d31305060256ce66576ffeaea9f686f6c8cbb3ceea0ab34d2b4d26148c97d2955e22773a2830a62119b3fdd4fb53ace068dc

Download Submit
C:\Program Files\Cybelsoft\DriversCloud.com\DriversCloud.exe

Filesize
8.9MB

MD5
c9a6e0904b47048965fe1d38085c1445

SHA1
83e2f300768800dbeed86c8f56e0fc4baed19680

SHA256
e9fc50b161514e38846fd768af65da29b69163c7046c5b924c1ed933f16c2fb5

SHA512
428f87913d11508cc29e1d09663c63c19c189d502ff3464243ea1b06d212cfc29133577888f446b8a73b988bce05d0b4a74d24b7e8413264d3246412675ee0fa

Download Submit
C:\ProgramData\driverscloud.com\config.xml

Filesize
1KB

MD5
04389d9fcfd1b2e30f218b2a729c0122

SHA1
23ccf8eb7b76bcd238e8f5cebf3f9be6d7f66239

SHA256
5ee5e04b25b74602d733e9ba57b5b138f3ea83e805b23a37fbf43b0366a5bcc6

SHA512
1c7e20352caa7a53a2ab6474d3e3eccccb11584c0ab5f207285a2398e3aa150da29d63e90447664ef158e18d0e20d0caea2ee62f4c2248b57bd7cb1372c4922a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

Filesize
192B

MD5
6f72dcff6bf808c48965599a05e64ca7

SHA1
00f3cfa681f69ea8d41a8e412974ce4ccb3a7462

SHA256
4225a56b8334cb1f7471330070f7bc9950307b94454872270ad2bef32e98c173

SHA512
8f7c461ff7821d35d69f90a6079720104048b3aa4df780888bae5f0aa1b9b4769df208723e0cf9a7e153cd1c26bf770fba357b53483f442bc3e988dd131c839d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c345f43f558b3f406d629bb09fe05cac

SHA1
115f94316a0625492231aea0903f8c6580dc24c0

SHA256
0397143ddb391028a40fc151b049717b6764f03aa6a7a90d2242c5da846e7476

SHA512
ba81857fac59e0b847cbe57ee0d1ce1eafaa9ed3ba19b345568fd407354a6a133665b56b710fe38912056fe661db1926a4c28f2b36eea327dbeff5a0c07c1e12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70aeff5f8721f41b56af09f56a8828f7

SHA1
a1e863b5282bd38e98f4370bab1dc3e3f2879ad3

SHA256
5ed5230eb7fed5cc186818aa1cb871ef12176f9ac088372d6153c12826c4821e

SHA512
3e59e3836c5d2bac2d2a200c80fc984fe97d4b7507bdb0e9617aa3de3c3f6bbdf930c71b778973352640cdc01bf1b8b5cc555b4fb273e2b62915e27da1b85027

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed8954aab76f986c466ca30c67e69dee

SHA1
8100ec622b6803e7b18a65c21bb36e1c550c85cc

SHA256
8a43be39e588c9eff11800b2cc131111a8a3a72d7aa86b66c79b6d4903b69eff

SHA512
45ee3a27f89c6a206550ae98827cb938d8f18d033989eaff16dfe74ed4e4b75d9e85363bf0e7865c5b03e79f10fecc3a121a599ab64f2f635fd4ebc274e5eacb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0be1ee7680aa33d8770e55fbbab0148f

SHA1
d211ef29d75d634a1629907fa67ee103636e441a

SHA256
9a93838abcc52515a5a71967c101696de5573292d74e2432718ebe87e294d055

SHA512
544f3052de4e163e4f8e0c3b4d6cb5cfca25f7ffe890d29a8ae2f5357a7d5936e5b3404fe9ff667ab1f8ee4d36da35d722c32688944fab7e52bc9609f6a7d407

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2736\ban494x313.jpg

Filesize
14KB

MD5
738b84e6b97c14ba4085087296fff193

SHA1
c799eeafabb4faccfc40f72afa0ff46d7f0b06d4

SHA256
f5a8a536033309b86f3f263d12d4b21a6c26efec9ff30540d155ece0360b5fdd

SHA512
28ee1dc235825ff176184ea80f9dafa7573a1551f9627bfeb99ef6a8eabc666fa25fd25a14cab764d7f7a0a398668d47fcf891bbc7a45aa82a53776b088501b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_2736\ban494x59.png

Filesize
1KB

MD5
1e23d45108beeb66154da470a5a9b54b

SHA1
45abfa8af20f2a590b69afd0b517b16a5641dd53

SHA256
dd80fddacc288ff4b8ae10f98790beb9e067df3d21f76e196309e6650c904a76

SHA512
eee15448b3c288faa60b5653506dd362560abeb299d8170b01b2434e1e27c4bf1e94274c07dbef47a812eda483edc5412b057ae493ec0cced8f999e81f4c2381

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAAD2.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MCConfigNsis\mcsetup.exe

Filesize
15.4MB

MD5
755c43586529149816e212d398498213

SHA1
307061449e53c5f59b3ea53e02054d6b7bce516a

SHA256
df097e6fa1e6016729189dc6a090c92917d754d86a6b31880b19bd715c1c3c82

SHA512
18c0e02e796bdeb1952f24c92ff275cc9b9bcce112ea44775eca6bfb2e1300d8e9043f6696a1a284ac765fa6d71f6e74043b4dd3b5a5c5231955f50611582cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI6f346.LOG

Filesize
392B

MD5
fdf4331e34f73b3e4f4dfaf046ca378f

SHA1
51dd9ce0c8e4ee09aee18675b5aff3a351f63c1f

SHA256
94fb5e293bcc7bb4b98c16bead382f8e0fc2e9c26a5b8d6ea301de0bf262f642

SHA512
cf0d73dee8744f523a7d21a14bb87fdc65b938247b791a61d9ef5ce2d4f35a8810fddde02f9fa677f2fc2d44a1519be407479ab9a635e641bf408768c8440328

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB091.tmp

Filesize
738KB

MD5
d0c9613582605f3793fdad7279de428b

SHA1
8b3e9fb67c7beb20706544d360ee13c3aad9c1d1

SHA256
8bd84f1156ebdfa44afaac8a4579ba56a8c7513e3d51e00822167ea144923726

SHA512
3640a0f53730cad7323473f99a2049833db58eaed00f94b75b4a03b07cc8af99c104a40b2e888307055a5c9740b5fea4b394aa15bc78a3102088cc0770713eac

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB19B.tmp

Filesize
1.1MB

MD5
4d3c8ec9835f1c2c9e5832bdb4c44df1

SHA1
02fa7c7a9aa5986e1321d851d267f619a8e0316c

SHA256
81b957795799c3a2c2bde1630a7995ec35a5a4d3662528f2742e081ee1878d4d

SHA512
98101b88f41ba17b13da8338dd9fea0628ef2bf53d667459a2b7b2846d2eee7345d1832c93ea46714f8fd9036ef792a593b52033870010686db248ca79fbe8e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIB238.tmp

Filesize
870KB

MD5
bda4a367e26991c32f566d8a171a2821

SHA1
35db1470ea05988c345288ab4ee1bd002299b1a0

SHA256
bd67b69d62b8cf2a65bd97a55ea20a3f8206e264cc4956f0a12ab5bc83ef5ab9

SHA512
c45831a32e95411d65f334d723d73acdc029f4a9ba24b153f181d50da9cce43b4c8fe90100b05967f5963d23492a5f2c897f5b1c721801c00f8fa52370fd4f10

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAAE4.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAD1E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 12.0.24\install\8F89145\CommonAppDataFolder\driverscloud.com\Langues\LangueMC.pt.resx

Filesize
41KB

MD5
56e971146b98505077ae7500831947b4

SHA1
9a12ad574e1185994c538c1fe7731fe1c4421d52

SHA256
c33ebc451b4d2b1ce40cfdb0ee4f9ccd841a4e7012f7c53d788eb0e9b8644a17

SHA512
afa7512b1d8b9a0bd4223d5956c2d85985d91921492fd36a8d5f6b6e8b534cb88f728b444a3204c7ad7fc2df2aa94fbd9293d64e8a5146dce5287d07b7273133

Download Submit
C:\Users\Admin\AppData\Roaming\Cybelsoft\DriversCloud.com 12.0.24\install\8F89145\maconfsetup.msi

Filesize
6.9MB

MD5
4ae839439d2e7d95fa4b781b168fb3ba

SHA1
d4fedd02109ab5c9fe8c759fd2fd71dabb1cdec8

SHA256
940647d620e3f97f87203a0b0375da40c4015f9f74990c0fc8077f5b762f2a99

SHA512
d06e8fc99634e3b1fd7a3092578be72e9a278e399a2e0fb27e01a1284030d3b5542eedc187e92f1620f5417ecf845be77b81661c1ffcd2030566110a381d9504

Download Submit
C:\Windows\Installer\MSI2EB7.tmp

Filesize
1.3MB

MD5
ed87bb0d9214c1261578b5cabbdb7671

SHA1
d87a56d521b3ee725e2f938a094881ed45438d35

SHA256
9838de7a6cdd1618eac8f0ccdced16340b2fe992f3a47e398953ad790effbc88

SHA512
93503c19d92b3f3cc8c8347d16a35f936d322992880f5e9b3d1c9ff6aec0a5762d8635f56e255fd7e96a78017728ea77ece20cbd98acc4ed84be992cf7ce4e49

Download Submit
C:\Windows\Installer\MSI3B7C.tmp

Filesize
408KB

MD5
cd63529f4315944842180641f5f7abcd

SHA1
0e7b1e9109762466f6110deddf03886fad8356a1

SHA256
0ced36ccdb1f223610f64b91bd2f8fef33f1e2f796fdf641eb7fea366cda8f0d

SHA512
ff9bdf8c9d22dcb57c106935b1d7efc828a669203071046443c55144cfadc4c5cb32b6555e290475f993a014c9abbe535a09035988192a603c8eb74887827d92

Download Submit
\Users\Admin\AppData\Local\Temp\nst2667.tmp\GetVersion.dll

Filesize
12KB

MD5
5bc8360ad248b21d4fd238619aa6d4db

SHA1
4f4190ec05a4083e1ab01d999bee74efe9977ef6

SHA256
5a6214167ee1c310cd3b0ff6684ce50bd67611010f6f4fe68aa0ed3a29b08991

SHA512
e5b06a989e1bf2f22dbbd507eb025ea4c432d5a3e16d7029065251f867561f936838eb3f14d5dd784d151a6dc5a382d9d59b324f409c1374790cc6b7adcc0581

Download Submit
\Users\Admin\AppData\Local\Temp\nst2667.tmp\NScurl.dll

Filesize
3.8MB

MD5
7a644e6337e0b2908de49746da16facb

SHA1
03a331e701543e9d5499e178e475cb4374f51cf9

SHA256
1a2eecda662f9ae819ff0f716e67125867951b0d2d49c841d202f866ab3e3aad

SHA512
7adfa468d0dede904325f7e7283a12b06738d9699bedafdb04816254ef97a34c7a80f5af893dc4a8a8f04b4bc1a5bbccd8875a5fc89efddb83e2f72351ca9e08

Download Submit
\Users\Admin\AppData\Local\Temp\nst2667.tmp\System.dll

Filesize
18KB

MD5
2db076f87de4a7671eb48f9a4ec6c59a

SHA1
fe03da9ffa5ce73fdf4b742861c2dc94449b9e95

SHA256
3a3e51c653a66e42a0422a0cef861f374843d227eb79ea31788d19e1f9d0628d

SHA512
e535171ad7ef18fa275568125dd73135b610faa60a5c15987f639a6ce4af033937e820ba781cdbe1b74c2b55edc36bcce72f6894cd15e254e2b1ca765ce7e901

Download Submit
\Users\Admin\AppData\Local\Temp\nst2667.tmp\nsDialogs.dll

Filesize
15KB

MD5
8cd70f1945da79795ff2efabecbad6c6

SHA1
47ce283d49703babd6c54465937ccef75c8a74cd

SHA256
9f95e57131a751dd802389271af6dd673ed68345024f09037835e3aacd46cd62

SHA512
6b620f86d24516dcc2da142ee79b630d7fccdebaddeee1adda58a5fadd7174d72a6bcb0777d63e3cf571ae4d1d94088cc007213b3f75755b8fd97a383dde7dc6

Download Submit
\Users\Admin\AppData\Local\Temp\nst2667.tmp\xml.dll

Filesize
655KB

MD5
a0c4cc0fa4da74565189c1070852f2fc

SHA1
8226cc52db9d6c31c58a17fc5a64ff0e38741815

SHA256
1255e17c51649efa6ffd4b4fa045fbd5fcc2ef7f57e4719253e0d616306cd4b3

SHA512
3ee7183b785625dcbaeb1b54f1c58ac3a01c6ffdf18f129bc233376aaddd8d7f2e82e0bf04afe540ab0db9c11117a74815b4b4f50822e654c997514f0897138e

Download Submit
memory/2104-280-0x0000000074CA0000-0x0000000075073000-memory.dmp

Filesize
3.8MB

Download
memory/2104-986-0x0000000074CA0000-0x0000000075073000-memory.dmp

Filesize
3.8MB

Download
memory/2104-39-0x0000000074A60000-0x0000000074A6B000-memory.dmp

Filesize
44KB

Download
memory/2104-38-0x0000000074A50000-0x0000000074A5B000-memory.dmp

Filesize
44KB

Download
memory/2104-37-0x0000000074A60000-0x0000000074A6B000-memory.dmp

Filesize
44KB

Download
memory/2104-348-0x0000000074A50000-0x0000000074A5B000-memory.dmp

Filesize
44KB

Download
memory/2104-349-0x0000000074A60000-0x0000000074A6B000-memory.dmp

Filesize
44KB

Download
memory/2104-347-0x0000000074A60000-0x0000000074A6B000-memory.dmp

Filesize
44KB

Download
memory/2104-40-0x0000000074CA0000-0x0000000075073000-memory.dmp

Filesize
3.8MB

Download
memory/2736-47-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2736-630-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download