hxxps://mahr[.]canto[.]global/s/SMEPL?viewIndex=0

Analysis

max time kernel
293s
max time network
289s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mahr.canto.global/s/SMEPL?viewIndex=0

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	S e t u p-MarCom.exe

Executes dropped EXE 12 IoCs

pid	Process
3896	S e t u p-MarCom.exe
4828	SetUp-MarCom.exe
2960	SetUp-MarCom.tmp
5116	FtdiPreinstall32.exe
3312	FtdiPreinstall64.exe
3896	AntPreinstall32.exe
4692	AntPreinstall64.exe
4656	dotNetFx40_Client_x86_x64.exe
3100	Setup.exe
644	vc_redist.x86.exe
1708	vc_redist.x86.exe
412	dpinst_amd64.exe

Loads dropped DLL 3 IoCs

pid	Process
3100	Setup.exe
3100	Setup.exe
1708	vc_redist.x86.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\x86\libusb0_x86.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\i386	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\ftdibus.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\amd64\SET6EC0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\ANT_LibUsb.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\amd64\AntUsbCoInstall_x64.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\SET6D77.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\SET6DA6.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\SET6DA6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\FTLang.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\amd64\FTLang.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\ftdibus.PNF	FtdiPreinstall64.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	FtdiPreinstall64.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\ftdibus.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\amd64\SET6EC0.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\x86\SET6EC1.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\amd64\libusb0.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\x86	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\SET6DA9.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\ftdibus.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\amd64\libusb0.dll	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\x86\SET6EC1.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\ANT_LibUsb.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\ftd2xx64.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\i386\ftd2xx.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\amd64\ftdibus.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\amd64\SET6EBF.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\amd64\SET6EBF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\SET6D77.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\SET6DA8.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\ftdibus.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\SET6EC3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\ANT_LibUsb.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\SET6D76.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\SET6DA9.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\amd64\ftd2xx64.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\i386\ftd2xx.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\amd64\libusb0.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\ANT_LibUsb.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\ftbusui.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ftdibus.inf_amd64_b7c6f1ad9f999c33\amd64\ftbusui.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\x86\libusb0_x86.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\SET6DA7.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	AntPreinstall64.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\ANT_LibUsb.PNF	AntPreinstall64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\ftdibus.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\SET6DA7.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\i386\SET6DAA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\SET6EC3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\amd64\SET6EAE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\amd64\libusb0.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\amd64\AntUsbCoInstall_x64.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\SET6EC2.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\SET6EC2.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a0e5d8ff-a040-8a41-a44f-5d741a3acff2}\amd64\SET6D76.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\amd64\SET6EAE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{4f75e649-abae-1f4b-8a5e-d64238421228}\amd64	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ant_libusb.inf_amd64_54173307afc55815\ant_libusb.PNF	AntPreinstall64.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\MarCom\is-8NR45.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\is-3JLHO.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-O2NO1.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-10PL5.tmp	SetUp-MarCom.tmp
File opened for modification	C:\Program Files (x86)\MarCom\Help\Alt1\MarCom_EN.chm	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\32-Bit\is-73787.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-HG7KK.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-Q15FK.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem\is-IJNMJ.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-HPK2Q.tmp	SetUp-MarCom.tmp
File opened for modification	C:\Program Files (x86)\MarCom\ANT_WrappedLib.dll	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\is-T603R.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\is-HVHIM.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\is-B9QTK.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-PABBE.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-SVFF6.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-OGS7U.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-AQLBP.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-65S4T.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-0TENJ.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-B4E19.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-A2S7D.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\32-Bit\Static\i386\is-0TBJB.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-502NA.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-U0AMB.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-P3DVH.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\is-FS8HK.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-HBIV2.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-MUCLF.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-CG2ED.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-HF4JT.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-46BF4.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-4PFMP.tmp	SetUp-MarCom.tmp
File opened for modification	C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\ftd2xx64.dll	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-DG4I3.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-UHCMG.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-4KJ58.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-LSCRJ.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-C1EG6.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\is-6B47V.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\is-D8FTT.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\Steute\x64\is-JN40T.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-0LAUL.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-1IP0F.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\ANTUSB2\amd64\is-FRAOJ.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-UPIMT.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-7D653.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-HPO4U.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-D92PD.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-6SUUT.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\64-Bit\amd64\is-OII7I.tmp	SetUp-MarCom.tmp
File opened for modification	C:\Program Files (x86)\MarCom\Help\Alt1\Deutsch\MarCom.chm	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\ANTUSB2\ia64\is-POU35.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\32-Bit\is-RLJH9.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-9CC81.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-FG0R3.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-A2PUM.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-DNGHA.tmp	SetUp-MarCom.tmp
File opened for modification	C:\Program Files (x86)\MarCom\Driver\FTDI\D2XX\32-Bit\i386\ftd2xx.dll	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-0TNIJ.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-T63F8.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-3PHE4.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\is-BILSP.tmp	SetUp-MarCom.tmp
File created	C:\Program Files (x86)\MarCom\Devices\Mem1\is-N735J.tmp	SetUp-MarCom.tmp

Drops file in Windows directory 10 IoCs

description	ioc	Process
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	AntPreinstall64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\DPINST.LOG	dpinst_amd64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	FtdiPreinstall64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	S e t u p-MarCom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SetUp-MarCom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FtdiPreinstall32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vc_redist.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	S e t u p-MarCom.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SetUp-MarCom.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AntPreinstall32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dotNetFx40_Client_x86_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	AntPreinstall64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	FtdiPreinstall64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	FtdiPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	AntPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	FtdiPreinstall64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	AntPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	AntPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	AntPreinstall64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	FtdiPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	FtdiPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	FtdiPreinstall64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	AntPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	FtdiPreinstall64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	AntPreinstall64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	FtdiPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	AntPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	AntPreinstall64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	AntPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	FtdiPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	AntPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	FtdiPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	AntPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	FtdiPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	FtdiPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	FtdiPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	FtdiPreinstall64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	AntPreinstall64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	msedge.exe

Runs .reg file with regedit 2 IoCs

pid	Process
1696	regedit.exe
4648	regedit.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1904	msedge.exe
1904	msedge.exe
4544	identity_helper.exe
4544	identity_helper.exe
3616	msedge.exe
3616	msedge.exe
2960	SetUp-MarCom.tmp
2960	SetUp-MarCom.tmp
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
3100	Setup.exe
3100	Setup.exe
3100	Setup.exe
3100	Setup.exe
3100	Setup.exe
3100	Setup.exe
3100	Setup.exe
3100	Setup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	4220	7zG.exe
Token: 35	4220	7zG.exe
Token: SeSecurityPrivilege	4220	7zG.exe
Token: SeSecurityPrivilege	4220	7zG.exe
Token: SeAuditPrivilege	1484	svchost.exe
Token: SeSecurityPrivilege	1484	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 4396	1904	msedge.exe	83
PID 1904 wrote to memory of 4396	1904	msedge.exe	83
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 3704	1904	msedge.exe	84
PID 1904 wrote to memory of 1740	1904	msedge.exe	85
PID 1904 wrote to memory of 1740	1904	msedge.exe	85
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86
PID 1904 wrote to memory of 1712	1904	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mahr.canto.global/s/SMEPL?viewIndex=0
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e86746f8,0x7ff9e8674708,0x7ff9e8674718
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,6665450100461946751,5715249050971178673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5592 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Temp1_MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20241009180714518.20241009180714518.zip\S e t u p-MarCom.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20241009180714518.20241009180714518.zip\S e t u p-MarCom.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3384

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20241009180714518.20241009180714518\" -ad -an -ai#7zMap15654:254:7zEvent6248
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4220

C:\Users\Admin\Downloads\MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20241009180714518.20241009180714518\S e t u p-MarCom.exe
"C:\Users\Admin\Downloads\MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20241009180714518.20241009180714518\S e t u p-MarCom.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3896
- C:\Users\Admin\AppData\Local\Temp\SetUp-MarCom.exe
  "C:\Users\Admin\AppData\Local\Temp\SetUp-MarCom.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4828
- - C:\Users\Admin\AppData\Local\Temp\is-7KJF0.tmp\SetUp-MarCom.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-7KJF0.tmp\SetUp-MarCom.tmp" /SL5="$6022C,85763104,117248,C:\Users\Admin\AppData\Local\Temp\SetUp-MarCom.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2960
  - - C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall32.exe
      "C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall32.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5116
    - - C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe
        
        "C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        
        PID:3312
  - - C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall32.exe
      "C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall32.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3896
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c regedit /s AntDriverCtrlFlags_QuietInstall.reg
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4944
      - C:\Windows\SysWOW64\regedit.exe
        
        regedit /s AntDriverCtrlFlags_QuietInstall.reg
        6⤵
        System Location Discovery: System Language Discovery
        Runs .reg file with regedit
        
        PID:1696
    - - C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall64.exe
        
        "C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntPreinstall64.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        
        PID:4692
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c regedit /s AntDriverCtrlFlags_QuietInstall.reg
        6⤵
        
        PID:2756
        
        C:\Windows\regedit.exe
        
        regedit /s AntDriverCtrlFlags_QuietInstall.reg
        7⤵
        Runs .reg file with regedit
        
        PID:4648
  - - C:\Program Files (x86)\MarCom\Driver\dotNetFx40_Client_x86_x64.exe
      "C:\Program Files (x86)\MarCom\Driver\dotNetFx40_Client_x86_x64.exe" /q
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4656
    - - F:\941f4609130f54184daaf00cff\Setup.exe
        
        F:\941f4609130f54184daaf00cff\\Setup.exe /q /x86 /x64
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        
        PID:3100
  - - C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe
      "C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe" /passive /norestart
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:644
    - - C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe
        
        "C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_win32\vc_redist.x86.exe" /passive /norestart -burn.unelevated BurnPipe.{FEF08510-8957-4213-BACD-96424B7C569B} {31AC45F4-83D5-4F6B-9732-0C5FFBAF8AA4} 644
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1708
  - - C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe
      "C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\windrv\dpinst_amd64.exe"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:412

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:1484
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "28" "C:\Users\Admin\AppData\Local\Temp\{8ed9b03e-2ca5-1849-b8d2-3ea250e88733}\ftdibus.inf" "9" "44522b27f" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4124
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "8" "C:\Users\Admin\AppData\Local\Temp\{ff99abcd-a747-0d40-8ad6-43b3a6d62b5a}\ANT_LibUsb.inf" "9" "48f6e236f" "0000000000000174" "WinSta0\Default" "0000000000000178" "208" "C:\Program Files (x86)\MarCom\Driver\AntUSB2"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\MarCom\Devices\Mem1\is-4DKFS.tmp

Filesize
56KB

MD5
fd8621730814ba0c8552a057dbabc2e6

SHA1
90057ffab3c8367988ffcafc051ecfac13816aa4

SHA256
4d50cd88c5f26ab1d71c419a30d07667a8abc28b8bbe0f8bdc43e4f2aab9a929

SHA512
4143f26716f527c2395909c7c30c9813f561b2a7f27fcf2823b4ff1de7c9aca52eef7bd26b84d5c100ee248441ae031c901c283682986235115656de50a91ed8

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-7UNNH.tmp

Filesize
56KB

MD5
0b81696970b891b6cd0e511aaa6ee653

SHA1
b146350db889f363f1311f022e51350178b3ef35

SHA256
46532b337a8872a3a960f60329199f5aeb7705a77d3e25f0b6d244f547ac80b7

SHA512
ee9035c1efa73015afe34a84c6eaae6d96a537fc143e0ed3792ef9d4e141897e43bcbc5696bfefe8fd62f4b5820b89bc592346f9dac5ec1ae2a9382e01b0edc8

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-8JHLU.tmp

Filesize
56KB

MD5
a0d8116feba7f633a88c9ed53c0dccb5

SHA1
fa9e67dbf039e449c31d5ce9c528e2846e4bf808

SHA256
ee4781de467fe8769517fdf548bc6199068d29a7b84b59d465cb75bc134f1f7d

SHA512
734c84b30bd7341f4d54d6f26d7baef2daf02b138a8145cea2c5bff1a31df1733c78b9d96f9a0b3d34cc6a23af062ef26639cfd9f3cdb208f4361e66a0e656b7

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-DVBFG.tmp

Filesize
14KB

MD5
529ba830b89231afc431210db67274e3

SHA1
1332b2d0c68a36dfc852b35433afe5a9ac805ad4

SHA256
a164472ebd3b181619064584f58e9277d53ae88afe15ae237c8a77f9176991ad

SHA512
d56a6f447a5a7fecb1976b849162a16a04a3b2f020b5cf07bd85abb36a46a6c57a1ac096da8577b47bc6b6818b8e1f994696b8884248821cf26f04cd15529de9

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-G1HTF.tmp

Filesize
56KB

MD5
e5328e3beda06d130da52aa8ff34ec6d

SHA1
f7e843e47d7209e978c3f33db66e7281fce309cf

SHA256
9090c81de6b5336153381a140bf6f815f8171bdbe7258e395a3d7db80f9eccc7

SHA512
2e6e5b266baf136c7bc32b45bee0b3b28dc6831f16fb8b34675290c7e1c8a7594f520e895e76482bd7a882faebef3727accac4cde9211baabe0dda8c641acf62

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-JB5IJ.tmp

Filesize
56KB

MD5
d30a13815fe39704fdf07bcb470f20e0

SHA1
871db068af3ca581ca9fc51475b6cce09c9e33ca

SHA256
444ddc305821e9ead066c3c35b9c2fa4884a0a3cbc075ebb2c6f7440f68fb269

SHA512
44aea28ee874644465610b5002d2cd9d758fda281c540a82ab72eb12597f40502d5555b1d2575d70bfbbb5f97e311fc3d46ab35fa83a10eb3222fac3cb0d2758

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-JPAJC.tmp

Filesize
14KB

MD5
7da80c35880d9f836870f146fb7d6e4f

SHA1
d6a0c3e7ebaae52d8be688973afe67c1da14036d

SHA256
14383f9e6f62fc217a0b30bacb0f535541dbe5a6770dd7b84a51006c088a8f54

SHA512
144af73dc0646d31e7819647314c7162884453e7879f7ac3140a014e5a578feed65d201d2d195fed686ea4dace1cdd765210ae0b91a265b129e18c6209c50919

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-KS1UQ.tmp

Filesize
14KB

MD5
09877e74bf4061ed0224b64537471bbc

SHA1
73624b6b47e5ec93e086b98c4d5427d1e81eb8d2

SHA256
a96fbdc0ce64d2cda0c2cbab9d65a031ef9fb4e68220a8492fb5d687574199ea

SHA512
bb5cc81713455e20d1cd7a1419e6ee4dcc6f25e3d2363ef952d04daddafa5729fa1de514fccd9d748c8bf1a05bb9aab7e017ae08ca7f53f023f3635fc72c4b56

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-MOVQS.tmp

Filesize
14KB

MD5
8ab0a4c79560158629f2adf2919c1e05

SHA1
3a92654be8b9f5a8b35c5b145d026ff15b58c926

SHA256
ceacf74a3cc14207f8b26d5055c22dad519a23715221b5ebd4c7aa10786dd0a1

SHA512
045adee476690a8012423868dafa61c287ed78d0b6e601f5e357c5663c7018f1b9398316424eb5d00bf9d3e5a5c9973ec658b33ee9b4afedb55bd9ae33d98531

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-P3DVH.tmp

Filesize
14KB

MD5
12e29096bd05a79c9f13e21ae1627b8a

SHA1
b3b2a31206503c11cbeac587ad77dfbe7fe501aa

SHA256
8d0d3c0420c2f970ab7ba96d7223b63ad71205c97cc87a53ac247a0e829756d4

SHA512
c72a4b8ce79689249319c21a98cd71d183a719f7f93acd3b2510579acb9add101f47c63252cf7ad26d7e32ab4f53cbfbfed70d21bc0fe15570b388b5407210fb

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-QDS5F.tmp

Filesize
56KB

MD5
fdba803c0e7750334e3548639b3c7bd6

SHA1
7089c4bd225fabdd71ba25d43b0933ef5fe15935

SHA256
7fcc84ddf61b8dc629c97e187e8543e26bf21b5ee164a3f65bf71bc215f7750e

SHA512
da85a25f03ec41485d13bab8c09789f07f4def8fa7fae6bfe2af4dae1dded56dc4a99d5a8e42600a5e7afd8ce1e7dee9326f866eb23aa2c0caf4eee480ba2115

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-RQ42U.tmp

Filesize
56KB

MD5
25a962cac4b3ed393f261469d393c33a

SHA1
448f6fa6cfc1fccdccea5441983b9e2f684f003b

SHA256
ed1162497290dea52b4998edd05b94a62744c4d0be7ed2d777bee913c6041f82

SHA512
8fee5cccbcf2ce7e1ca08664b91e8e3c9b23ec915092e7454fdf46a4f946e829b0db8fa68b45d0358a696507f9e6d581ad5e6924f3346df07570230597c7d481

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-UAL0R.tmp

Filesize
14KB

MD5
ae7057a92a800337762709de388eb9a6

SHA1
f53a2d52366a4274eb485f7fa799e8b263d786cc

SHA256
83e1a47d2b893f26674a57c157e47da5eca6b41781c32b9947d8c713e2b4745e

SHA512
03e28cfa0a72a9ff4278fc14ec95187f1af524d93b33a95eb9833ba021c9008a0f01634dccea07cc0d60261dd17ebbd6ba2ff2146e3684e7d5e92706fbf22d32

Download Submit
C:\Program Files (x86)\MarCom\Devices\Mem1\is-V893U.tmp

Filesize
56KB

MD5
f3eb3154881d718e773288c91f809b22

SHA1
b44164f31f511fb11fe8213180540e2e37f5f140

SHA256
458ec643d73c25188d73db3bf6767f9453908c92ad336ac6083d6a51c9c636c7

SHA512
e1348bd6f577a68c78b047e2564cc3a2007d38bd8e63037ac7a836a07e43704f3e3341a4681b402daa83eb2ef247629920650cf56748febb31a41b20383a2196

Download Submit
C:\Program Files (x86)\MarCom\Devices\is-10PL5.tmp

Filesize
14KB

MD5
d6d1916e8583328d3b529f3fd0f9cb94

SHA1
49a04fbc52984280514a2bfa7ec6d29ca7637388

SHA256
7000223f6e96129f258ffd4c3b5572c7ef9dcf03f4a290daeaa2d7613e62c9ae

SHA512
27673e7237a0f129029e00d6b6e9c8c8dc7f1a4df5197e371b9da4e4c059421d9b8ca3a34442a77e59fc3ea7ae682b195d5f2731b7ad713c7330af8863e1cf33

Download Submit
C:\Program Files (x86)\MarCom\Devices\is-6M2DE.tmp

Filesize
14KB

MD5
dbdd2b0c1429a93fe22e1469417077c3

SHA1
5df7ef03baa0a6875ea3779749f43577f5c16d65

SHA256
50f7719e43c13c0467cbc09c35858d0b5197dc9c76a7ce5ef6acf4d353f67cad

SHA512
2009b78a08d35977d7f82d99c0cad1d762066d0b35e18512dcce574a4d237cd0fa16f6313d7ac8a2e2233c679e3bf94a7941addad5f4e7cfc7503fda241ba103

Download Submit
C:\Program Files (x86)\MarCom\Devices\is-707D9.tmp

Filesize
56KB

MD5
d10220eea6f1fb1e38e8f91116b4945a

SHA1
a75ff42afc657962f3412223d960be41a089bbe1

SHA256
a7c0098fe1a621374da6ddbfa2d5d947d5a759abcc3242606c21472dc31b40b9

SHA512
3eacb4d82d58ce05aa1383d1bd46c32ee812e07f2b45d474e1af66df659198f9e9b1f8b7b106a645e75a7a868792974c6b452eb3e6c29b176c4bb48d9841d35f

Download Submit
C:\Program Files (x86)\MarCom\Devices\is-A3LAP.tmp

Filesize
56KB

MD5
10c8be10875b94d86bad7781fb27f492

SHA1
21a427a23f8c3203def3eb9e9b8247fd5ae869d7

SHA256
f395355f6a98fd99a77750d0226f519a697f5b5b85ba0c2eb825a02f2b02968a

SHA512
aeec1efaaf9a136fbafe4f43b26324aabff7ea564eb65060866bfa2f594f1814415c53b2e2236857c8248d96444b429e2de48d73bc313dc5211c553696879dd7

Download Submit
C:\Program Files (x86)\MarCom\Devices\is-NLH7H.tmp

Filesize
14KB

MD5
2253f6547340cc53a9c2102cf6aa4de4

SHA1
3075909999353c842b15005c7f0e27f3dd3ee780

SHA256
6d227b3134453e5e537bfe056ef7035159d736223cf92e0864c17bc876d6de01

SHA512
b7bbe9e895b7e42ef58a65d8ec5e272d1923d3ad29e0582c840f78fc50d1ddd2f6d75aed59189a41fd8cf6e99d626363d99413faf70d45a8bb26323246ca0578

Download Submit
C:\Program Files (x86)\MarCom\Devices\is-S499F.tmp

Filesize
56KB

MD5
b28369325db1a9a2768e64070b68efd8

SHA1
6d2147b9af4ff586a633c27d2c4191b2e70160ad

SHA256
8856f0fec8474f86e8a5e7a97aae188e8a268c950295f72fbbad64f3c77f87e1

SHA512
162e0a088ed2e6697458e6cf3918f6f2f4ad0e3aa0eeed5a42f0140d5fb569428b8fa6b10e8d38ee697f362d017b19c4d1cdf1bd539c4053f1115c89f19fb79c

Download Submit
C:\Program Files (x86)\MarCom\Driver\ANTUSB2\AntPreinstall32.exe

Filesize
1.1MB

MD5
1b6473ee30779891aa7c678f3267e239

SHA1
b5f3137bb9ece21bc620d9769aba6d35ac93bd9c

SHA256
c8b65bfb6ddf43cc11ada2a0d8e2a0fe0efe380a0bdbb18fedebd0d0fda40b6f

SHA512
8951b0aa6df03908432bdcf21bd5224cc78580105ae8b1153713d4c0aa5d751695e96b96fa5fe106acb1744e9b408dad9483dc7bf75a2b1cf9f07b4d85588aa4

Download Submit
C:\Program Files (x86)\MarCom\Driver\ANTUSB2\AntPreinstall64.exe

Filesize
1.3MB

MD5
b9635aeb6c67ca61d3f1854f2db2bc30

SHA1
558cc639effbc5cee1332b013032224e093ee7f0

SHA256
18ef5ce817d5d0e1970af7464a73fdc69306765dbc39d01775aad97453b19f52

SHA512
9bdfb553ef24e7ece4eb9f109d1119cd2ea6f976ab80efee0ed210dbc39648ea1fb85dfaaccf5527dccb170d86c1d10a5434a6dc0703fa01afa12f72f174f7bb

Download Submit
C:\Program Files (x86)\MarCom\Driver\ANTUSB2\README.txt

Filesize
1KB

MD5
66e200bd27a76764394183c869bd0122

SHA1
d38c6687bc5329ca47d2f4c847df2d15b0af468b

SHA256
8b45a1870d87afc36fb263ec3304d6f1ded5397e44c7e79a8548f7d964817f5b

SHA512
57c36bfba3e24c137df11fc2a40a50727df415b19ae48b3d718e09fb67d8b81867ef12d9848edd6f930a5d4f3ef0f4e03624e848cb3d8695515e6978adab1b05

Download Submit
C:\Program Files (x86)\MarCom\Driver\AntUSB2\ANT_LibUsb.inf

Filesize
12KB

MD5
73ff3e765738fdbd7947d26f63a86440

SHA1
f9d2a789f9cff8cec36b544f53877c80f1f73c46

SHA256
b37e1136892b1336bec201f6026bbf7336fd9824f172270d8c4606767c822e7a

SHA512
7a86044df1d2e81b8d6643a1ea6e3fb27462fdf59ef063aeda6103668747945ef4472127a7e95218c65d70eca73e12a2f8cc53d95b9b794cb3005240dd058cda

Download Submit
C:\Program Files (x86)\MarCom\Driver\AntUSB2\AntDriverCtrlFlags_QuietInstall.reg

Filesize
462B

MD5
0e6da61112d7d146a08daadd919a5a77

SHA1
9d907aea20b35c3d67ce7e63d354f1c8d0d1e102

SHA256
b020ab6df3cd469ac6988c769d58e22a6a9aa287ac517c99c90e3dc6fe8d290c

SHA512
bc87114c379b4a312b6a3421585aeb8efff81a292414752a000faf2ed932552abe98aca029f2813064ec2430bdb9c8a4c366635e5c6fce7b1409126871e4b0e8

Download Submit
C:\Program Files (x86)\MarCom\Driver\BlueDat\blueDAT_dongle_driver\version.txt

Filesize
12B

MD5
673554a0aa7100beda88477b0edd6b40

SHA1
44975c34a024a0d54213c2f288fdcfcbaf880138

SHA256
099fc1c72b6d3297dd85d684ea6034689230943fd8b9eac70a2f72e0694527f6

SHA512
104eb669a3d27a683fe6e06749d7736a8a920d4cb03e921d506ef6093d8a5fb7448fe03df6acbb51bd1f51cfc91281d1fdd5400817135533dbab1d11ce8f8100

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall32.exe

Filesize
1.0MB

MD5
9943923b51214161cf16643a5b6c0c1e

SHA1
fb9f5577b42e4b28381af899bd95282e9054ecef

SHA256
54e2c53e5898748d11a1f0cbd9f3c94123af04b000155ce00512d58dece467ed

SHA512
3da1ef138f912e1892f01e6d022e089fa68f51c54354cbd99461435b7f1f145344d1d24dbf5ef46c3533052dbe238ab2d4b77d491bb443a4feeeb1f93ea61287

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\FtdiPreinstall64.exe

Filesize
1.3MB

MD5
e5a0d810d8f2fb6760dd252f15999c47

SHA1
0e7eecf2fefb367aa09bc6510291ed9e4b8973c4

SHA256
657b271ea1cbd7ccbe33a28afd5f6c850666e80b336a063479901375b47fbcab

SHA512
5c2309686af4bee4dd609b5025342c7eee96e0258b4ae7e2498a4e3bb9f54342ab55d7f26aa9288d672b39f10866eb15cba965fb158e317f9938579677698ebe

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\Static\amd64\is-ER7C9.tmp

Filesize
983KB

MD5
ad8b4a2a1808c0d366164c4ef69aee3b

SHA1
6ccf27160591d0ac0005c36aca31c74c2ffc986a

SHA256
2142fe5fe33a1b15c92310aa358d8751ec99c48ccab309af3b37fdead4becc75

SHA512
5a05a251e6b2f9deda580f5c29da9b18c9600b04a3a0be5d61b103c13e348aa1a1425d6b265955ccbf2a1f2fabf8c15cf5b0cf8c76e329ecbe109985f5b86136

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\Static\i386\is-6T26H.tmp

Filesize
874KB

MD5
eb69bd10286a66fe2bd9946967848c03

SHA1
03786b15d0d35735b6804b5686d9fb222d3b0380

SHA256
7dece164634351a6f47588aa27109ca48454c782254122ecce7360dff559eea7

SHA512
06bdf33f82e27f7ce656f5de9549ceeda5d5649e94dfdebfe209e66b17816ab0b915c00da605812651b88521630c119cb74cc5c42f5b798ac8c4568dfb48a297

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\ftser2k.sys

Filesize
83KB

MD5
196c9bddbef9b6d0973f398bef5b2eee

SHA1
c68ad88223ad70e6a7ee69da6142d9a6aa4eccee

SHA256
d4f9c5ced1e33446b45bd2affa6e716b4332af8716477a80437220ac20c6dfe0

SHA512
0e7b871a66fa43621e27568188cecc8895bba4a417f624b5a65816b48565f71f3dea6a9c90a393d87a9fc945965b9b92578e01fbc3b8e938159dd1907d78b634

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-2THMS.tmp

Filesize
209KB

MD5
5085bdd7167c74464f21e463fb0b7c0a

SHA1
00f0255300336e8a57d27c0d6260656fd3d57829

SHA256
1d0f04c67da0c6e62c236d90123cbb2e89709f1e960f24ed0ba07fa691f47f99

SHA512
c6898282371533fdf80cf95b431541169b551715dc2122c5318557efbbe593d21195f6d26c7617a3ee4da8e144fa755d95f128e886285874379eecdff1c0ef08

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-5Q2RE.tmp

Filesize
63KB

MD5
c2885ac796b11af0b3eb4f6d305c205e

SHA1
74076ea76a2543d523bfc1e97695f7f9f70de1bf

SHA256
94c3b96bdc73610cd926353c97b0918ec9515f7da64f57f15240d3966a5c2d38

SHA512
11b8438457d3c3cea226a02b1ceb83eefb90459e538921b0f3b855783bbdafbed20efeb1f62164f2b866c181d58825c6cecf71707258e2031c4b7475cff4ae86

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-A2PUM.tmp

Filesize
250KB

MD5
bb854269ed4fcdd96ddac2fd7938c5b3

SHA1
c9f89e6d15aab0a348611eed941e2a145830eb7d

SHA256
0a776a6191c81d3682bb8d6784b45faea858a3dbfbe4e1345386068e02fb7d60

SHA512
0cec61b713315977363dffa95a29caa2a96e40892e14f1bce24500a13ae62ec0ad8fcf1ac621ac578ae7cc5db1222bb2a33de5dc464610925a5afc274afb79c8

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-IHF2J.tmp

Filesize
53KB

MD5
036a6ed7a51e73ae2c0acc6bd814e326

SHA1
32ce8f5df256cc01f79fbccf88f43b7c5fe5a058

SHA256
278c9a9a7b0167507f750d67d278ac77d98fe06873e250bede9ae4177c69e8b8

SHA512
e2be4eaf2ed591d18a938ef37115afd13c430337603cb332d67cf72f81717708372dc53db579f678970172bf95fbe04190b1fbf3a5b833ebfd7e3ea1c1bbedba

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-K0CIR.tmp

Filesize
106KB

MD5
f7a0aaed16041897f88e4c438a57e78c

SHA1
36cd8e64c9535d743a451d223d3addf638334005

SHA256
72777139f330a2e7653c0b5d427b57172275edd4535c5f743bb0ade50037a0f5

SHA512
4246cfe369253b99152c4c6c4d9e296119817a30779afd2bbfb35fb677f70cb4c98ce1a4ac65c13ddee713f2f4b841aacad724178c1f02cb9222181f83480f9f

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-LLV1B.tmp

Filesize
73KB

MD5
35fd2bb5131714e657b7ab3a78642854

SHA1
69b32abcda0973721b6a1ad8d06bcb4bf63f8cc4

SHA256
c24ac6d4e0e76b39625fc9051e092439642c3a10122f712c11a562860703f27a

SHA512
351c7a6d41573175dccfc4923db7c3dee1d752bf003f454ca3268320903e307664409ea08f72b2d1e8be067ca4b2deca96966a6692eef570e9c17f98166bdbf1

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\amd64\is-S0E3J.tmp

Filesize
18KB

MD5
6dc95e9a3b69764abb0279977987cd94

SHA1
ed5dc14b19638d3eb1496fd8316875fcc77c3211

SHA256
63a8e3782eba06f4a86691a101b64ed7a8d4e9415ca5eb3c0e669fe3db877928

SHA512
b0f9275a8634d0ea248fdbc1e1682642c9ff3b8832c1f63f37f8f59673f43ab604f8bd890477e9e5172380a42a40417b9139c9affdb7ef2bf492337deb46fb06

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-61BUM.tmp

Filesize
67KB

MD5
fef14208203edfac97135a75218d3722

SHA1
a4a7c36b25c6ddf58e2b25f21402671371e9b978

SHA256
9fabdabc53b8174bf19d53f08cd838db9ab6cb124360ec22c66473d1bb1c4577

SHA512
4a4bbcb5ba5b60d3d879b3ae50408c0d7b3fead8e1f84bcd20d2bb8118f16346b3363f1918d92121f16880d264d0dc044e2c70206be3a1d248cf2c402042e251

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-8H3J9.tmp

Filesize
60KB

MD5
d6e3667f5e2bc6afc50308b480de2999

SHA1
c66fd9da6755def80e1ee421b0ecbb8106723b90

SHA256
82eaaa4105fa1df8fe516bec815a7634db6aabcd176726e63761ad315f2c43ef

SHA512
e1db819ed14196a48ca22bb879c649d1ff14f06919bdb0c04795355adefe9be295f61e335388e29fb5a8d3f8206b3711651397d08947bc605110912ca18121b9

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-A1TS9.tmp

Filesize
19KB

MD5
a794957c0b8f0f45bd8354ea2ec24cfc

SHA1
a32b31b30dfc9e10f59f5594ff48d20759130169

SHA256
61d081d7afc5f699460a4d34b0cd9ee1e81afaa0b03d9d47e0f38737724a29a2

SHA512
29f156351ecec2fa04e985fb8976dfd5ad7b926190e7032f6b14b2101d127c5a1de4e3a79d6591576551b045d49b1cadb333e1a6eb282bcbe67b733d63e03e78

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-F0T6L.tmp

Filesize
196KB

MD5
cdeac2611e103a0f935189829cfc99a8

SHA1
7c72ec6cd0c724d5b1526fb19bcd6c2020877a35

SHA256
c8d561a0f6e11970d1d70c790cfe78fa098788b12e57f54b715b110c615f806b

SHA512
c58d3af33f51da982f78358411174e97a2292cbd2f86325a3c82ab65d85ef4fe1dc76e92c2e68f4b988d328c5afb48e332ac57b6aab71ec778b5e812e48bd36a

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-JJSRT.tmp

Filesize
102KB

MD5
b1aec925ccddd3f6825c8b3874fdb896

SHA1
38624538523780953193bdf6a507ffdf4e2c3b1a

SHA256
61032f868403855527e2fc91d176da07213ed190f93a9f99ee9f0cfb783e59fc

SHA512
164e9946c89ff11c2deadd7378a32a34ddc521b0b82304b69a1ef06cba17d5462789b91f60f795a51bfce9c55a4cebbd96675950c519266193a445a5a7c40690

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-LNI1T.tmp

Filesize
213KB

MD5
ec44c778a64dcd18bc98a7316e4664f0

SHA1
0baf26d07ac076901f474ab50142f4812e986d66

SHA256
751258bb040197c7c10683a74b38a1b1aef9c68ca9a58ce2168c8a62cb913371

SHA512
0e9fc117d9915d3a213fb06fe901c484849c63c683b29cbf7002b36fbac24ccc6e56ed0f7f7188347146e2f030d24e8a8be20fdd28c3c8bf6c2b0fd0276639ff

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-MLOPF.tmp

Filesize
51KB

MD5
346e8968e2563f2fc9bb9b0a01e5f9df

SHA1
4b86f7b460094c68ce72a57518b4ffc9f33e65e6

SHA256
2fa6bab36be094e225d3cf814a84cfb643819f4af82b11a55f65b60abb429bec

SHA512
7a66da623fcf8c53b33e18d4010c807481ffa56be0eb18672783ad09fc21c74f098f6127a1fa732bd8dfd0903ea1852e2795d10ea3a4c64d49c46597a50a3c83

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\i386\is-NBM8O.tmp

Filesize
71KB

MD5
e4cf4c1f9e3d57a66850f484c08e9ecf

SHA1
baba8b919ed196029c4facd4d3b6452a35275e91

SHA256
48f1e8d28c060eeb8e8c61d07b15df62d2f172fa34f2bae834c5c76f2a30f1c4

SHA512
d863dd046cc5486972b3e355e092ceeaa0362a5e445b8c673255ffab3d989e1d8350e40dce4a77ef2adf3938b70246b76a05837b2ee4bff53bead6273c9f45ba

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-9CC81.tmp

Filesize
5KB

MD5
577772f78ebfd15e2eef029284520725

SHA1
4c8545eeb6143b6ad3858b5d1e0aee76040b1435

SHA256
fe9a14ca08865506207d1458d9948801d88720dd1a4e8d02e65ec92d12e890fb

SHA512
30ba7c15e42abeeaaafe20ec6443c2d07af4f9beda511b0357341918e00939d6d826eab72a48bdd4c4b11bc4f39ccde85936e800acf9205f27d55f0827a19fa2

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-C3QF9.tmp

Filesize
11KB

MD5
5ca8640e6171a81f3203db577c674493

SHA1
393d217a384fca9fa355a3389273055b6988059e

SHA256
c60f69484dfb97d81b5814f5b25844b892d5f0f20d7fe71c11fb9b3dd6bd8bfb

SHA512
496039b9271a29831a56481b8aff1034b217d64af15c7943a2fd6a84252d22188c6823a7aa6ca205582ce0897dfe181d19cd58bb3e372b7152be8845ad31dedc

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-FG0R3.tmp

Filesize
11KB

MD5
29a416e493dd79825c742a3e668b847f

SHA1
0efdbcb5e96f0c2519e4bab3acff9710d0110630

SHA256
036e53ac494a2d8e6c69b510f96e9446e910c96f64bbbe8eb60b6a226ef03838

SHA512
63b033e9c1b28af2f09ed2c2ca4785efa5d8fd3a4ad98bfa18fb765c7ae8bfbfe15fea5ddcd16a85f3266f0092b9cfb229cbd33ba154d12f547305fa2c2027be

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-IAH9V.tmp

Filesize
37KB

MD5
ddf5dda0d9c77aa541f9a971d8e2d8bc

SHA1
ced8fe607d6f958724acac4f0d6cd1da815c1194

SHA256
9176282ce22e20b6d0e384987bc2e060f66a8fb76545de49341026134cce2e7e

SHA512
456d464838f66c43e652c5fa630039a7d610fb2fe4073a3fee11e23ad66938af65617aefc5ec5f8783cbd4b53cf9d9ceadbf1cb0b0584a07c5bd2289232726c4

Download Submit
C:\Program Files (x86)\MarCom\Driver\FTDI\FtdiPreinstall\is-NTQEN.tmp

Filesize
5KB

MD5
c9e7b18f155d639f8ec1dee75b776adf

SHA1
6849f67bacd4da5a5b9d46803e6850d0be8b3826

SHA256
dd6d037222813e2fc878ce9b3d7197a864201072c01622d9cbf5b8463cd6a05e

SHA512
4bd44df659888f4fd96c5a06ef90e2018f60201b7a37eeb2d605872280c1a862a41de7312491740ebdb45fe94885ca5ed4a5eb376e0cef2491f60bd8500aea19

Download Submit
C:\Program Files (x86)\MarCom\Driver\Steute\SLAB_License_Agreement_VCP_Windows.txt

Filesize
8KB

MD5
3e6dac7821d07f919a38df90b86e3c78

SHA1
b9aa87b6f55f0f27b09d40436a52c4d5b081d2aa

SHA256
22fecb982248292fb7d4347252106274f036dc100e388343910bf671e93ac009

SHA512
c2bf9b1215e3210295fd8db0e34f5f765e68bc9dcaf4b3b9597fe3433b4c90c507a3ede819c80ea51e6ec54a36efdb9c09fb71b29ac4e4c97ae3069f45e4c870

Download Submit
C:\Program Files (x86)\MarCom\Driver\dotNetFx40_Client_x86_x64.exe

Filesize
41.0MB

MD5
1cf262f35322d6c9c7a27fca513fc269

SHA1
4cd67f609f89d617d2b206341b8c211e1b88b287

SHA256
ddb54d46135dc4dd36216eed713f3500b72fc89863a745c3382a0ed493e4b5da

SHA512
663123cbc508c6bc483b7a2630a055c160c56a1c067f2a417a4e91c1bb55b8be5b041a2a76216b594b1adfa47345c8da6f2c80e4a2b3fe0b32f380cf28ebb093

Download Submit
C:\Program Files (x86)\MarCom\MarComProf.exe

Filesize
4.5MB

MD5
77038ee63b375abf661ca4e897c6f676

SHA1
552f8a344b39c56db1b875a3fc2ba236d0165a3a

SHA256
5453cb9bad014374650989cae8e55f11bb60eb7db6587d44e50fc93af3244f59

SHA512
8575d8aba9cd0a27481eed0f3e49781f98a298ddf74866c987f98f10a69c31daa3e872d29d60093c540f3fb97e8a8fcafc79809a739fc78fd8a90531106f5d2f

Download Submit
C:\Program Files (x86)\MarCom\MarComVersion.TXT

Filesize
39KB

MD5
11e32422a438f17911a6909abb348cbe

SHA1
af7b75007f9d17641f3f94b15fadd3da54d8df15

SHA256
40b241e149832fc4728245f0adbccc65effed34122a63afaa80f7000cb048d98

SHA512
ee480f64a7b1a735eb0dd523df233546dc5206cc3aebf0759dfc387a36fc2f0b4ab84b990901dce458489b2c69c78de5b47ef34b01a23a6db1cda90c10274186

Download Submit
C:\Program Files (x86)\MarCom\is-GMVF3.tmp

Filesize
69KB

MD5
291fe0ed7880c51cf4a8c78d04e8b701

SHA1
d5d22e60981c2b10ae37ec562b88f3c7e21ef91b

SHA256
324dfb28d4c6bf475ab4c68032dcb111f2c2d356a27504c7cfcb4c3e4833b74c

SHA512
48248b5a33e32f8e8dcd6ba73f5bd7738b89bfba0aac34371dbb5efd12d7c238ff6bccbd920bded1447b8210710a0b0d01ba85a47865b5328fa6e362bb6445ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
bce958eafdd695e219acb1b14c195979

SHA1
e910dd75ae6e8c9fb33f3df4e803ab949d613383

SHA256
fcce88a0ef513d1444e5cc4110e740b9ce781cd91c878f6a46d97a7ce7782204

SHA512
335429fa7c3733704945f61d0ed7a4d6a02b4169d8586788d4e3a68cddd6cffc79f0fe998403a7ebd8023981e5627f99f670c63f86e18865a4f4a62e8d05b23f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
522B

MD5
c5357fc774c9b3bd3de27255c07437a0

SHA1
6a434e1a5f3081da6a09a191c8862c5cf944532d

SHA256
c80f8dfafa47eaf01e564e95cf05383fee1a4547993d8bb323c43feaa584cd9b

SHA512
b5f0510859a3156cd566f645782b7a8a3b2d55bf9490735859263f01f3a2c29ac01b7cd721cb5512e08cae421a2f5fac7eb9146dd23cf1f728804a47be2eb2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cb63f168d910e59508f8476821db48fd

SHA1
f3e2eaa5f31b8d5aa5252e850a96d1cc4af7bc4d

SHA256
3c1476e0662b9495a5c645b00fe9a8f3ba57babf4848d53c59ce31f3a0e0972f

SHA512
dcc196fe2c88bfe4cade899bdd5015b83263324e1abaa9f3adab4ea437b3b4bf0cdca8f7761c0b85805ba5742b81679d7c3729a61257427af812e7f0cf8a6983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e1af51d0a70703472f432c26d485fbb

SHA1
0343d8703e45c452d527458d9b9b5b691405bee5

SHA256
86567edf5ebfa8d14a18d28f0834e00e0d94d00021c6e8eedac564d94851c0c4

SHA512
47d6e66388eb9454650e4762edcce782faa4a59ee27e503f8abaf5594e69ce66c892cafffdf864ef376aa743b74a9262548d755a1dfb0256d199ae8257ac4c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1efde56a88a1c3d558dacea958c73952

SHA1
71d3143f09909f02411b5fe942e6b962a2d4fbcb

SHA256
10072028b7a3e626dc15b65fa52ae86a7efe4c8faae46d66470370fea9fd49b3

SHA512
af23e48bac9f90f0a1fb4c2f1ac4c6542e4f44c75c8c5731309318013aef9daaf7b193952d3d301cbe673c87ce011dcf5f0859de09c25423c9f521d786f3bef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
9fd352cee10032c6244b5e30dfdd7904

SHA1
7316a33a742900971cd4f97961ed9c0b7b9d7324

SHA256
6c451978fb89bc12f10d5ceee4369c0ee46df04f36c362e9bd222a1fbf74e322

SHA512
fc1cff4c1e37ca37d59a715aefdc8e4939f8353cdab533cb77f14a4346d0228fa761cebdeae9fb06c1d6901220639135436882978a05205826ec97644d1c22da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a40b.TMP

Filesize
371B

MD5
e5bebb63c43489928a1ae2441f52badf

SHA1
92f7add587aa719a744bd52e6c7bf6ec9ad55c66

SHA256
113bcf8ada21a394224ee5664479ee2acf8b438f9729df60f2d34da3f622eaf2

SHA512
69351da2c0ce97d6062e5a32186b4547f4e648e3135639cbfc5b6eb4dae11e271c50e950d8617a30f187b1f6b03a046ecea246eada2ed0eb985f54fe41b3c250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb6776820046341d827e47cba693bed8

SHA1
326d6d7a2e9084221696800de684a7d712d1fe07

SHA256
6392c7819c8759d50c97bbb056a28e94ed31eea1e4ef9c2f65b64835ecbcbc49

SHA512
140d50ca6b7532a3848a089b3bc100a7b2619b20eedc49d2bd5dae07d30f9c9c50321271af24d14430d4cad84970e4589fb2f21e3e6570315e6ac67e86613075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b3effee360217391cdea40e98faac55f

SHA1
ab7417dbd4543251832f6efa8154c33bf0816015

SHA256
eeb8597c17611bea74c2a42a4504572ae5f09856a023b94aad17b9d9e465b58a

SHA512
e7e9195af9ad1d1077ec76747faee96c3a7017a5765903eadfaff57a4cb1ba5cc3a944f853957413d50f71565a6dd6689cfbc6d664282163b68a78b3daee5af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFI819B.tmp.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7KJF0.tmp\SetUp-MarCom.tmp

Filesize
1.1MB

MD5
302e11ab876edb6c8ab42ad4e9310732

SHA1
17b395ee4346ab45368ea61dc0d61cededbdb60d

SHA256
59d945d06976e149dcf12101110d263c6707b2a9528c0ba4966d4a722103f872

SHA512
8dd4695cdcc9de105c54884f3599384a45ac78e6d168ef737851176cdbfb1790e69932a1102d13a331529914b5a79606def4eeb2cb89dc8557bcde8ef571faa7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{74d0e5db-b326-4dae-a6b2-445b9de1836e}\.ba1\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ff99abcd-a747-0d40-8ad6-43b3a6d62b5a}\ANT_LibUsb.cat

Filesize
10KB

MD5
2d359581c77a5d9cc21f2e696fccf76b

SHA1
d5ac2645cb1432d3c447dc07c8cc56d9691ef2fb

SHA256
0ee4ca9ca94127f953e569fa6be9596d12b123c0cefa0927e68ad8f8287dae74

SHA512
3278d5b5ec9d5a29a3dd8f0a18ff39d9a2a23e15037192a737e25b8bda184c245b24636baadb83e642b79de4fcfb6b82b0f31cc2b4da0620c2d3652377cf8025

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ff99abcd-a747-0d40-8ad6-43b3a6d62b5a}\amd64\AntUsbCoInstall_x64.dll

Filesize
48KB

MD5
ba029f618770b6ddbb5eceb161df78a8

SHA1
48913d7e093b3f3c40579e11bba5375669ebe384

SHA256
55880aba57e6f35960b7e810dcd6fd4f65ff4c1e49d96ec2172bfb1800f7197f

SHA512
9e1b89714986fe56b619adcc4d7a9c78fed3bb044067e7bf24c82bb2da6266b40cf6f60e7a6bf19a9830879e48748d2d045a6df0384113d3c8483e66aecc0eb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ff99abcd-a747-0d40-8ad6-43b3a6d62b5a}\amd64\libusb0.dll

Filesize
73KB

MD5
9cdc3af86784c278e613584ef8b4d572

SHA1
5bb79d1d2b82ab9d9d6dd66f7e9ed28b76c26aa1

SHA256
6b34b5fc18d2985c4e0909dd4a07b1058d351cd53f2a82565128c41d25c2685e

SHA512
d635ccb47687da5865cd2d252b7809bb1a4022f3eca649b7825e0240791945fa2199d42ed1673c199766aad44902117d1c288f09e8216f847776fd35edfb4c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ff99abcd-a747-0d40-8ad6-43b3a6d62b5a}\amd64\libusb0.sys

Filesize
43KB

MD5
02538e602280c07438c94489dcbe77d5

SHA1
e1c9295a8980486fec38b4af2186a577a591ce46

SHA256
2e2b60e5fb7a274f4945444d5edb058e62cac268c5336ff8f4b9e82245095211

SHA512
c3d824051fe3d0609a9b7915885e699f9571245c824b938464b4e2ff6138ec299245a45a1189dbcb68218a2ef198e6ed6fd7ff48227f82ae1f5fd59d40077f67

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ff99abcd-a747-0d40-8ad6-43b3a6d62b5a}\x86\libusb0_x86.dll

Filesize
65KB

MD5
32dbf187ba54c67b889f45202cca8111

SHA1
1d748e0329cd455e902d25c1d58bd2b724bca569

SHA256
5d675c21d0eb0a4bb98f21c13e369ec72163ae3ab1aed7bfe92caeef38eca5d6

SHA512
514e90b37ddde1116291f3e684103592edd4495395d05b290fac7cbd0803d1e64a59ed2ca0f52f386cdd0556f7cdbd6c301b24d2e9a29c668da94b844b022a48

Download Submit
C:\Users\Admin\Downloads\MarConnect--MarCom Professional--4103401--SW--DE-EN--v5.4-01.20241009180714518.20241009180714518\S e t u p-MarCom.exe

Filesize
6.8MB

MD5
43dfd7b66a6ad362e7b41209dc59b290

SHA1
b4eed3aaefc68de38bdb47f3da4936bee802194f

SHA256
5d33e381c63fdd70c32820400e8c1330130ee604e69e34491b9cc2027543fd82

SHA512
39d1f9266d8d568482fccfc8b79ab362c0978e3edc94470c7661a7bbb52790f03ed6b4304be6934324480be69ea40df1ba2fb0008c11c9566d0ff95f3c17bf35

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
6b28d7755a1ed1e9aa9396064effc899

SHA1
5c3597e912faed84a2e2a2bf19f8d2bf75d426d8

SHA256
d44f168239d54faaedf44462472b4e977d31f10039113e33ff5240ce84c1f2be

SHA512
64ebbcdb112c49972e136b0832a402fb2ecb8022db06f8bef5b44f8bfaa13e36088b692641bf3883192241c7651dd9a88f73d2885272f0d0e69ba4ea53f2d3de

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt

Filesize
37KB

MD5
ac6716916c0cb6c5145ae041a8b0090e

SHA1
2daa85b66011ec95065e7ddf4f803792043476a2

SHA256
9d952a4b72c035c078246cac7a61daf451e50c44939414e56488628c589c1e5c

SHA512
8ece8269a894d9a71a271bbeb5041163c838e5bf6c0b6b0e3848c7eb26e8c1b36d47ad4e784dc2ae3febeaa9d65be6fffc222cbf6cddc1425df047193595e588

Download Submit
memory/2960-1985-0x0000000000400000-0x000000000052C000-memory.dmp

Filesize
1.2MB

Download
memory/2960-2156-0x0000000000400000-0x000000000052C000-memory.dmp

Filesize
1.2MB

Download
memory/2960-465-0x0000000000400000-0x000000000052C000-memory.dmp

Filesize
1.2MB

Download
memory/3384-185-0x0000000000400000-0x0000000000AD9000-memory.dmp

Filesize
6.8MB

Download
memory/3896-1525-0x0000000000F50000-0x00000000010CC000-memory.dmp

Filesize
1.5MB

Download
memory/3896-1491-0x0000000000F50000-0x00000000010CC000-memory.dmp

Filesize
1.5MB

Download
memory/3896-218-0x0000000000400000-0x0000000000AD9000-memory.dmp

Filesize
6.8MB

Download
memory/4828-219-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4828-374-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/5116-1484-0x0000000000BC0000-0x0000000000D37000-memory.dmp

Filesize
1.5MB

Download
memory/5116-1488-0x0000000000BC0000-0x0000000000D37000-memory.dmp

Filesize
1.5MB

Download