Overview
overview
8Static
static
3csaudioint...er.exe
windows7-x64
7csaudioint...er.exe
windows10-2004-x64
8$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3drivers/cs...42.sys
windows10-2004-x64
1drivers/cs...of.sys
windows10-2004-x64
1drivers/da...19.sys
windows10-2004-x64
1drivers/dpinst.exe
windows7-x64
4drivers/dpinst.exe
windows10-2004-x64
4drivers/ma...7a.sys
windows10-2004-x64
1drivers/ma...90.sys
windows10-2004-x64
1drivers/na...25.sys
windows10-2004-x64
1drivers/op...ec.sys
windows10-2004-x64
1drivers/rt...11.sys
windows10-2004-x64
1drivers/rt...15.sys
windows10-2004-x64
1drivers/rt...82.sys
windows10-2004-x64
1drivers/rt...2s.sys
windows10-2004-x64
1drivers/sk...us.sys
windows10-2004-x64
1uninstall.exe
windows7-x64
8uninstall.exe
windows10-2004-x64
8$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3utils/csau...er.exe
windows7-x64
1utils/csau...er.exe
windows10-2004-x64
1Analysis
-
max time kernel
92s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-11-2024 21:47
Static task
static1
Behavioral task
behavioral1
Sample
csaudiointcsof.1.0.4-installer.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
csaudiointcsof.1.0.4-installer.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
drivers/cs42l42/cs42l42.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral6
Sample
drivers/csaudiointcsof/csaudiointcsof.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
drivers/da7219/da7219.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral8
Sample
drivers/dpinst.exe
Resource
win7-20241010-en
Behavioral task
behavioral9
Sample
drivers/dpinst.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
drivers/max98357a/max98357a.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
drivers/max98390/max98390.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
drivers/nau8825/nau8825.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
drivers/opengmaxcodec/opengmaxcodec.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral14
Sample
drivers/rt1011/rt1011.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
drivers/rt1015/rt1015.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral16
Sample
drivers/rt5682/rt5682.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
drivers/rt5682s/rt5682s.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral18
Sample
drivers/sklhdaudbus/sklhdaudbus.sys
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
uninstall.exe
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
uninstall.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
utils/csaudioendpointswitcher.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
utils/csaudioendpointswitcher.exe
Resource
win10v2004-20241007-en
General
-
Target
csaudiointcsof.1.0.4-installer.exe
-
Size
1.8MB
-
MD5
7081d418a756bd4975a0b816b3a1e480
-
SHA1
ae7bfffa37531eb277bbd6301e613436ede660ed
-
SHA256
fd2cd5d65cb83a0c03a4f3bd5ace284d271369afe14672234d79f68a006ca3e8
-
SHA512
1e1a2bd8a85b8cceef05043b6b7d6422d2af53d115d03c04406423b8afdd74e106ae02972747edcd5253700aef10a27616e79841c63ff0d13aa57ce51b387432
-
SSDEEP
49152:kdY6XW38XFtwVkRwFAqrco1uE3DrBImRuijVomG:ku85XFdrqrxTDFImhoz
Malware Config
Signatures
-
Creates new service(s) 2 TTPs
-
Executes dropped EXE 13 IoCs
Processes:
dpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.execsaudioendpointswitcher.exepid Process 3148 dpinst.exe 60 dpinst.exe 5116 dpinst.exe 2248 dpinst.exe 3628 dpinst.exe 2168 dpinst.exe 2872 dpinst.exe 3744 dpinst.exe 4736 dpinst.exe 2804 dpinst.exe 2264 dpinst.exe 2220 dpinst.exe 5068 csaudioendpointswitcher.exe -
Loads dropped DLL 1 IoCs
Processes:
csaudiointcsof.1.0.4-installer.exepid Process 2552 csaudiointcsof.1.0.4-installer.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory 64 IoCs
Processes:
DrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exedpinst.exeDrvInst.exeDrvInst.exedpinst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exedpinst.exedpinst.exedpinst.exedescription ioc Process File opened for modification C:\Windows\System32\DriverStore\Temp\{5ae706fe-e1f8-0548-8bd0-a1105bd14136} DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{dcecaec5-8659-1c4f-878e-96f1c31d6980}\cs42l42.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\rt1015.inf_amd64_aabe691db7423498\rt1015.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\SET356.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\csaudiointcsof.inf_amd64_79c94fce15657a09\sof-apl.ri DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{dcecaec5-8659-1c4f-878e-96f1c31d6980}\SETFFBE.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{effeadd8-640f-0d42-ba08-7036686524b1}\SET192.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{effeadd8-640f-0d42-ba08-7036686524b1}\SET1A3.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\nau8825.inf_amd64_6d6d0d9d93f62fc9\nau8825.PNF dpinst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{e6c7f25b-5e43-8d45-91af-cde34ef9c43c}\rt1011.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8318d9a5-f5a1-6641-9a99-4cb4c1fbb318}\SETF2DE.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\csaudiointcsof.cat DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\da7219.inf_amd64_8cb8c60ce50147d9\da7219.PNF dpinst.exe File created C:\Windows\System32\DriverStore\Temp\{5ae706fe-e1f8-0548-8bd0-a1105bd14136}\SETC70.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\da7219.inf_amd64_8cb8c60ce50147d9\da7219.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\cs42l42.inf_amd64_b5f44852b313dd2c\cs42l42.cat DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET6F3.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET73B.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246} DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{4070e853-ac3f-7144-9c7f-59aeed4609d5}\SETFBF6.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\SET378.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{85f14243-fff2-814d-a977-b6535247909c}\SET8E5.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{6fbcc42d-a735-214b-8af5-458fee19abda}\rt5682.sys DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{dcecaec5-8659-1c4f-878e-96f1c31d6980}\SETFFBF.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{e6c7f25b-5e43-8d45-91af-cde34ef9c43c}\SETB07.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\rt1011.inf_amd64_7755e80b0fc72b48\rt1011.cat DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\rt1011.inf_amd64_7755e80b0fc72b48\rt1011.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{4070e853-ac3f-7144-9c7f-59aeed4609d5}\da7219.cat DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{8764e0db-8bcb-a84d-8556-41728e187a77}\SET4BE.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8764e0db-8bcb-a84d-8556-41728e187a77}\max98357a.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\nau8825.inf_amd64_6d6d0d9d93f62fc9\nau8825.inf DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\sof-glk.ri DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{4070e853-ac3f-7144-9c7f-59aeed4609d5}\SETFBF4.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{4070e853-ac3f-7144-9c7f-59aeed4609d5}\SETFBF5.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{5ae706fe-e1f8-0548-8bd0-a1105bd14136}\SETC71.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\rt1015.inf_amd64_aabe691db7423498\rt1015.PNF dpinst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{4070e853-ac3f-7144-9c7f-59aeed4609d5}\SETFBF6.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{8764e0db-8bcb-a84d-8556-41728e187a77}\SET4DF.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET6F2.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\SET377.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\nau8825.sys DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET6E2.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\dsm_param_L_Google_Gimble.bin DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET73C.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8318d9a5-f5a1-6641-9a99-4cb4c1fbb318}\SETF2DD.tmp DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\sof-apl.ri DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\opengmaxcodec.inf_amd64_6d4c3fe32380c5dc\opengmaxcodec.cat DrvInst.exe File created C:\Windows\System32\DriverStore\FileRepository\rt1011.inf_amd64_7755e80b0fc72b48\rt1011.PNF dpinst.exe File opened for modification C:\Windows\System32\DriverStore\FileRepository\csaudiointcsof.inf_amd64_79c94fce15657a09\sof-cnl.ri DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\dsm_param_L_Google_Gimble4ES.bin DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET718.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{effeadd8-640f-0d42-ba08-7036686524b1}\rt5682s.cat DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET6F4.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{85f14243-fff2-814d-a977-b6535247909c} DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{8318d9a5-f5a1-6641-9a99-4cb4c1fbb318} DrvInst.exe File created C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\SETF79F.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\SETF89F.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\max98390.sys DrvInst.exe File created C:\Windows\System32\DriverStore\drvstore.tmp DrvInst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\SETF77F.tmp DrvInst.exe File opened for modification C:\Windows\System32\CatRoot2\dberr.txt dpinst.exe File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET705.tmp DrvInst.exe -
Drops file in Program Files directory 58 IoCs
Processes:
csaudiointcsof.1.0.4-installer.exedpinst.exedescription ioc Process File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_tt_Google_Redrix.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt5682s\rt5682s.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-glk.ri csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_R_Google_Redrix.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt1011\rt1011.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt1015\rt1015.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\nau8825\nau8825.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_R_Google_Gimble.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\max98390.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_L_Google_Redrix.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_tt_R_Google_Redrix.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\dpinst.exe csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\cs42l42\cs42l42.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt1011\rt1011.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-apl.ri csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\opengmaxcodec\opengmaxcodec.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98357a\max98357a.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\opengmaxcodec\opengmaxcodec.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-jsl.ri csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\da7219\da7219.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt5682\rt5682.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\utils\icon.ico csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\da7219\da7219.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\max98390.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_tt_L_Google_Redrix.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt5682s\rt5682s.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_R_Google_Gimble4ES.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt5682s\rt5682s.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\uninstall.exe csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98357a\max98357a.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98357a\max98357a.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_Google_Gimble.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_L_Google_Gimble4ES.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-tgl.ri csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\da7219\da7219.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt1015\rt1015.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\max98390.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt1015\rt1015.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt5682\rt5682.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\utils\csaudioendpointswitcher.exe csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_Google_Nightfury.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_L_Google_Gimble.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\nau8825\nau8825.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\nau8825\nau8825.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\opengmaxcodec\opengmaxcodec.cat csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\cs42l42\cs42l42.sys csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_Google_Redrix.bin csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\cs42l42\cs42l42.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-cnl.ri csaudiointcsof.1.0.4-installer.exe File created C:\PROGRA~1\DIFX\D29FE547208FE130\dpinst.exe dpinst.exe File created C:\Program Files\csaudiointcsof\drivers\rt1011\rt1011.inf csaudiointcsof.1.0.4-installer.exe File created C:\Program Files\csaudiointcsof\drivers\rt5682\rt5682.inf csaudiointcsof.1.0.4-installer.exe -
Drops file in Windows directory 61 IoCs
Processes:
DrvInst.exeDrvInst.exeDrvInst.exedpinst.exeDrvInst.exesvchost.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exedpinst.exedpinst.exeDrvInst.exeDrvInst.exeDrvInst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedescription ioc Process File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\inf\oem14.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log svchost.exe File created C:\Windows\inf\oem8.inf DrvInst.exe File opened for modification C:\Windows\inf\oem7.inf DrvInst.exe File created C:\Windows\inf\oem10.inf DrvInst.exe File opened for modification C:\Windows\inf\oem3.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File created C:\Windows\inf\oem13.inf DrvInst.exe File created C:\Windows\inf\oem5.inf DrvInst.exe File opened for modification C:\Windows\inf\oem9.inf DrvInst.exe File created C:\Windows\inf\oem14.inf DrvInst.exe File opened for modification C:\Windows\inf\oem11.inf DrvInst.exe File opened for modification C:\Windows\inf\oem13.inf DrvInst.exe File opened for modification C:\Windows\inf\oem6.inf DrvInst.exe File created C:\Windows\inf\oem3.inf DrvInst.exe File opened for modification C:\Windows\inf\oem4.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File created C:\Windows\inf\oem12.inf DrvInst.exe File opened for modification C:\Windows\inf\oem8.inf DrvInst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File opened for modification C:\Windows\inf\oem5.inf DrvInst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File created C:\Windows\inf\oem7.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File created C:\Windows\inf\oem11.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File opened for modification C:\Windows\inf\oem12.inf DrvInst.exe File created C:\Windows\inf\oem4.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File created C:\Windows\inf\oem6.inf DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File opened for modification C:\Windows\INF\setupapi.dev.log DrvInst.exe File created C:\Windows\inf\oem9.inf DrvInst.exe File opened for modification C:\Windows\inf\oem10.inf DrvInst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe File opened for modification C:\Windows\INF\setupapi.dev.log dpinst.exe File opened for modification C:\Windows\DPINST.LOG dpinst.exe -
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
Processes:
sc.exesc.exepid Process 2216 sc.exe 4292 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
net1.exesc.exesc.exenet.exenet1.execsaudiointcsof.1.0.4-installer.exenet.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language sc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net1.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language csaudiointcsof.1.0.4-installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language net.exe -
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
DrvInst.exeDrvInst.exedpinst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exesvchost.exeDrvInst.exeDrvInst.exedpinst.exedpinst.exedpinst.exedpinst.exedpinst.exedescription ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags dpinst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom dpinst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 dpinst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs DrvInst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom dpinst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 svchost.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs dpinst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 dpinst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 DrvInst.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 dpinst.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID DrvInst.exe -
Modifies data under HKEY_USERS 64 IoCs
Processes:
DrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exeDrvInst.exedescription ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates DrvInst.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs DrvInst.exe -
Runs net.exe
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
svchost.exedescription pid Process Token: SeAuditPrivilege 1588 svchost.exe Token: SeSecurityPrivilege 1588 svchost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
csaudiointcsof.1.0.4-installer.exesvchost.exenet.exenet.exedescription pid Process procid_target PID 2552 wrote to memory of 3148 2552 csaudiointcsof.1.0.4-installer.exe 98 PID 2552 wrote to memory of 3148 2552 csaudiointcsof.1.0.4-installer.exe 98 PID 1588 wrote to memory of 512 1588 svchost.exe 100 PID 1588 wrote to memory of 512 1588 svchost.exe 100 PID 2552 wrote to memory of 60 2552 csaudiointcsof.1.0.4-installer.exe 102 PID 2552 wrote to memory of 60 2552 csaudiointcsof.1.0.4-installer.exe 102 PID 1588 wrote to memory of 4412 1588 svchost.exe 103 PID 1588 wrote to memory of 4412 1588 svchost.exe 103 PID 2552 wrote to memory of 5116 2552 csaudiointcsof.1.0.4-installer.exe 105 PID 2552 wrote to memory of 5116 2552 csaudiointcsof.1.0.4-installer.exe 105 PID 1588 wrote to memory of 5056 1588 svchost.exe 108 PID 1588 wrote to memory of 5056 1588 svchost.exe 108 PID 2552 wrote to memory of 2248 2552 csaudiointcsof.1.0.4-installer.exe 109 PID 2552 wrote to memory of 2248 2552 csaudiointcsof.1.0.4-installer.exe 109 PID 1588 wrote to memory of 512 1588 svchost.exe 110 PID 1588 wrote to memory of 512 1588 svchost.exe 110 PID 2552 wrote to memory of 3628 2552 csaudiointcsof.1.0.4-installer.exe 111 PID 2552 wrote to memory of 3628 2552 csaudiointcsof.1.0.4-installer.exe 111 PID 1588 wrote to memory of 2476 1588 svchost.exe 112 PID 1588 wrote to memory of 2476 1588 svchost.exe 112 PID 2552 wrote to memory of 2168 2552 csaudiointcsof.1.0.4-installer.exe 113 PID 2552 wrote to memory of 2168 2552 csaudiointcsof.1.0.4-installer.exe 113 PID 1588 wrote to memory of 4728 1588 svchost.exe 114 PID 1588 wrote to memory of 4728 1588 svchost.exe 114 PID 2552 wrote to memory of 2872 2552 csaudiointcsof.1.0.4-installer.exe 115 PID 2552 wrote to memory of 2872 2552 csaudiointcsof.1.0.4-installer.exe 115 PID 1588 wrote to memory of 848 1588 svchost.exe 116 PID 1588 wrote to memory of 848 1588 svchost.exe 116 PID 2552 wrote to memory of 3744 2552 csaudiointcsof.1.0.4-installer.exe 117 PID 2552 wrote to memory of 3744 2552 csaudiointcsof.1.0.4-installer.exe 117 PID 1588 wrote to memory of 4668 1588 svchost.exe 118 PID 1588 wrote to memory of 4668 1588 svchost.exe 118 PID 2552 wrote to memory of 4736 2552 csaudiointcsof.1.0.4-installer.exe 119 PID 2552 wrote to memory of 4736 2552 csaudiointcsof.1.0.4-installer.exe 119 PID 1588 wrote to memory of 4572 1588 svchost.exe 120 PID 1588 wrote to memory of 4572 1588 svchost.exe 120 PID 2552 wrote to memory of 2804 2552 csaudiointcsof.1.0.4-installer.exe 121 PID 2552 wrote to memory of 2804 2552 csaudiointcsof.1.0.4-installer.exe 121 PID 1588 wrote to memory of 2068 1588 svchost.exe 122 PID 1588 wrote to memory of 2068 1588 svchost.exe 122 PID 2552 wrote to memory of 2264 2552 csaudiointcsof.1.0.4-installer.exe 123 PID 2552 wrote to memory of 2264 2552 csaudiointcsof.1.0.4-installer.exe 123 PID 1588 wrote to memory of 4812 1588 svchost.exe 124 PID 1588 wrote to memory of 4812 1588 svchost.exe 124 PID 2552 wrote to memory of 2220 2552 csaudiointcsof.1.0.4-installer.exe 125 PID 2552 wrote to memory of 2220 2552 csaudiointcsof.1.0.4-installer.exe 125 PID 1588 wrote to memory of 3504 1588 svchost.exe 126 PID 1588 wrote to memory of 3504 1588 svchost.exe 126 PID 2552 wrote to memory of 3300 2552 csaudiointcsof.1.0.4-installer.exe 127 PID 2552 wrote to memory of 3300 2552 csaudiointcsof.1.0.4-installer.exe 127 PID 2552 wrote to memory of 3300 2552 csaudiointcsof.1.0.4-installer.exe 127 PID 3300 wrote to memory of 1668 3300 net.exe 129 PID 3300 wrote to memory of 1668 3300 net.exe 129 PID 3300 wrote to memory of 1668 3300 net.exe 129 PID 2552 wrote to memory of 2216 2552 csaudiointcsof.1.0.4-installer.exe 130 PID 2552 wrote to memory of 2216 2552 csaudiointcsof.1.0.4-installer.exe 130 PID 2552 wrote to memory of 2216 2552 csaudiointcsof.1.0.4-installer.exe 130 PID 2552 wrote to memory of 4292 2552 csaudiointcsof.1.0.4-installer.exe 132 PID 2552 wrote to memory of 4292 2552 csaudiointcsof.1.0.4-installer.exe 132 PID 2552 wrote to memory of 4292 2552 csaudiointcsof.1.0.4-installer.exe 132 PID 2552 wrote to memory of 4392 2552 csaudiointcsof.1.0.4-installer.exe 134 PID 2552 wrote to memory of 4392 2552 csaudiointcsof.1.0.4-installer.exe 134 PID 2552 wrote to memory of 4392 2552 csaudiointcsof.1.0.4-installer.exe 134 PID 4392 wrote to memory of 2720 4392 net.exe 136
Processes
-
C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe"C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe"1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2552 -
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\sklhdaudbus"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:3148
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\csaudiointcsof"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:60
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\da7219"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:5116
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\rt5682"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2248
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\cs42l42"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:3628
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\rt5682s"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2168
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\nau8825"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2872
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\max98357a"2⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:3744
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\max98390"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:4736
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\opengmaxcodec"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2804
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\rt1011"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2264
-
-
C:\Program Files\csaudiointcsof\drivers\dpinst.exe"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\rt1015"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2220
-
-
C:\Windows\SysWOW64\net.exenet.exe STOP "csaudioswitcher"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3300 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 STOP "csaudioswitcher"3⤵
- System Location Discovery: System Language Discovery
PID:1668
-
-
-
C:\Windows\SysWOW64\sc.exesc delete csaudioswitcher2⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:2216
-
-
C:\Windows\SysWOW64\sc.exesc create csaudioswitcher error="severe" displayname="csaudioswitcher" type="own" start="delayed-auto" binpath="C:\Program Files\csaudiointcsof\utils\csaudioendpointswitcher.exe"2⤵
- Launches sc.exe
- System Location Discovery: System Language Discovery
PID:4292
-
-
C:\Windows\SysWOW64\net.exenet.exe START "csaudioswitcher"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4392 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 START "csaudioswitcher"3⤵
- System Location Discovery: System Language Discovery
PID:2720
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1588 -
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{d4822ae8-917b-3540-9507-5da24d230da0}\sklhdaudbus.inf" "9" "4d3a93e9f" "000000000000013C" "WinSta0\Default" "0000000000000160" "208" "c:\program files\csaudiointcsof\drivers\sklhdaudbus"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:512
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{6939c11b-30fc-834d-9746-d6fd4649d89c}\csaudiointcsof.inf" "9" "48398d9a7" "0000000000000160" "WinSta0\Default" "0000000000000164" "208" "c:\program files\csaudiointcsof\drivers\csaudiointcsof"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4412
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{eebd51c8-2b4a-f04e-9513-f1633334b2c2}\da7219.inf" "9" "4f4128e67" "0000000000000154" "WinSta0\Default" "000000000000013C" "208" "c:\program files\csaudiointcsof\drivers\da7219"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:5056
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{e01d274d-4980-1445-b2be-20210161a7f5}\rt5682.inf" "9" "4d2f875ef" "000000000000016C" "WinSta0\Default" "0000000000000158" "208" "c:\program files\csaudiointcsof\drivers\rt5682"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:512
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{653f8e32-535f-0049-8ffa-f72e97ff6260}\cs42l42.inf" "9" "477887aa7" "000000000000016C" "WinSta0\Default" "0000000000000158" "208" "c:\program files\csaudiointcsof\drivers\cs42l42"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:2476
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{01b1b236-4891-3d4a-a59f-62b4b645a2eb}\rt5682s.inf" "9" "4f2615b03" "0000000000000158" "WinSta0\Default" "000000000000017C" "208" "c:\program files\csaudiointcsof\drivers\rt5682s"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4728
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{094127a2-c375-f541-b35b-26405ca1fae8}\nau8825.inf" "9" "4e4011947" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "c:\program files\csaudiointcsof\drivers\nau8825"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:848
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{34f1a0fb-4cda-6d47-8a62-0590b4ded752}\max98357a.inf" "9" "434654bf3" "000000000000017C" "WinSta0\Default" "000000000000014C" "208" "c:\program files\csaudiointcsof\drivers\max98357a"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4668
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{851e4961-2c27-0e4e-b19a-29a26cbb5b22}\max98390.inf" "9" "481d0f32f" "0000000000000184" "WinSta0\Default" "000000000000014C" "208" "c:\program files\csaudiointcsof\drivers\max98390"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4572
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{6935061f-0fe1-c247-988c-60da5d19a7a7}\opengmaxcodec.inf" "9" "424215f03" "000000000000014C" "WinSta0\Default" "000000000000016C" "208" "c:\program files\csaudiointcsof\drivers\opengmaxcodec"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:2068
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a729ccb4-a9c0-514e-b8cd-48ffd021d759}\rt1011.inf" "9" "4ec3c11cf" "000000000000016C" "WinSta0\Default" "000000000000017C" "208" "c:\program files\csaudiointcsof\drivers\rt1011"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:4812
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{0a04619a-d7f6-7243-9cca-11950eb8fb15}\rt1015.inf" "9" "4457e436f" "000000000000016C" "WinSta0\Default" "000000000000017C" "208" "c:\program files\csaudiointcsof\drivers\rt1015"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:3504
-
-
C:\Program Files\csaudiointcsof\utils\csaudioendpointswitcher.exe"C:\Program Files\csaudiointcsof\utils\csaudioendpointswitcher.exe"1⤵
- Executes dropped EXE
PID:5068
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1016KB
MD54192a5b905374e423ec1e545599aa86e
SHA1908c09de28bb3cc09601da5d4e1f44becc9df18f
SHA256567f40a09f1d9e72396296ad194fa7cf48b72361d6e259d6b99da774c2cd8981
SHA51233a3c8e6565fb88f5cc72cfaa553bb0ddb654a8721f356e542c0346468357d38913db03d5035bcf2c45254df1baf83cf3cded55c5d22d677379a4d648a65500a
-
Filesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
Filesize
929B
MD5c9cc46209b1a541c1279942cb0c680db
SHA1cb7da58523b77be977d624df0e51ee72478b3f37
SHA256bc0f7abde2606f860e2113d5079d865e71291471ccc6f8a4d485da8191c552bf
SHA512415c6efefa82047a1fd11ec1ca809d7467c59b6aaab9d28e5d02f09a8209647f5d159a5dcb082867ae3e4910d941bbae85dda562606a1f8101b6b3e11cdc1df0
-
C:\Users\Admin\AppData\Local\Temp\{851e4961-2c27-0e4e-b19a-29a26cbb5b22}\dsm_param_R_Google_Gimble4ES.bin
Filesize929B
MD5c8888a1569cf9e4a7e65b51e779bb16c
SHA13332a07d56da373f6c05316ee90de94e62c7de87
SHA256abe666e73a9bc958078d603c99333040cce9f57b5d5c461a4a145b0d15d6c334
SHA512b90f9e9d2c7a3467dfed25391352f6fe4114f9cbe8a1a64844d392572db9c0fa8b95dababb48b67e3c8771f23ee42e07d94458c7b85c61c266143775e61befb8
-
Filesize
4KB
MD504b92781c4629a74d6c84300565262bb
SHA14c45791aa6a142bd909a0c1bdc1603849b0902f5
SHA256a317cb7b0c806e6d95eb78867b74bd94786da9ce4102061103135e956c8f1097
SHA5125b9ad719b26e947701b361e79fe9b857eec1035511f17a0a01bff6b0b08ae1498565acd803dc5cbb517e3328e3bc79d0865189f20764e4d4899e456794b94216
-
Filesize
11KB
MD575015786f5307147c037bcc2221db268
SHA10f74e7ad6533e15ac46333786408bfbce7528bed
SHA25693ccb592c2e0272d4af18ad9cb3b11fe261a54425e699e3b243a76e93903f360
SHA512eae9dcd3eac13dcc7d2d3f89e4c442aefc637499d8ffbd2be8c72d04a6776f6f175bfaf76956ac74d31b40c5adfa1b35eb46f1f1a82707a1e0db9fc72106ce30
-
Filesize
14KB
MD575230fd85aa13b9ab996ccc99de05ca6
SHA16ff6b60e4e9790f285f95306e1f1108ca49ff020
SHA25649fce30c6218430fd099cc4ab9a4bdbf0caf2a4a1df238e1216d0f1489f654db
SHA512900518c931edc2f9684ce46d71ca5af74d7c2f3cf17ce3150ad729b751d750c87a38b8c16f1bc317775b80cd0db05232c0a99abcd07a794a30aeda539a906d9d
-
Filesize
19KB
MD50abfda760e36d37b24df3ba7a6ba0a52
SHA15a84f2903d9199e30ac30777140687b9e29dc3df
SHA25644aab492eb1d288db55c564f64970c7f37dee27a9538013da645b307dc27c09e
SHA51246c85917fe7300323dd9312dd24afe648354e03f1585816389be846a58dd66062f9ce667e40a6553489ea64203830f118b47a68ffe3714c463c7a381f829c489
-
Filesize
22KB
MD50ffda4282eef1f63ff106b9ecfb5f7c7
SHA155c3087d713e0779c34531a53f56aaf2caca5068
SHA2565a7082eac77b0c02fa7554b9afe1ef2647cdd2eefa0e22c0883c1daea4b8bf62
SHA512c5c0e56d81778ef7a1b0d7d1a85bb69089148feec85d6ebe7a82d1a3a74b943bbf2ba18ed8f12ffd08c0126b03eb7aa5d06535807e3948b1fa9880cb4fd0b9bb
-
Filesize
37KB
MD5f6fe05149489acfb2e1dc02fefc72868
SHA17283d7daa8c025d59dbcd1acf2e26c1493429860
SHA25618e74315148b0dff1b752f46c0c7f10a51e4643488f3feda089708f333e452fd
SHA512f5688ca8f2d2237d97fb67c93e665ac883b21a1bf784a0894f38ea5d7d00942af9059945c49400f9e58c7cbacc49a8e3edca0f52fbc117c8b6f2c665228aa3e5
-
Filesize
37KB
MD5e5614fa6e2b76d3ffe658a46bb1f10ef
SHA117f6bb0d003fe57365e2f54ac474915ea2186cc4
SHA25681e72bbbdb8f560c439bd1b28251c1b0ed13043c968a21b3a5ad8031a4a72b2c
SHA512d9ec910d93a043e8c41753e582f163f94e64456d79e716c5a132150dee0d8baefc797a4b7ed1feea9453ab8f6bf6b8a96ff7612232f6eb97bff183f77fc410b0
-
Filesize
37KB
MD5b5343af89ce486120e491965f3b4e6da
SHA19b9a6e4adcf79a9a0b77379eae6299ee03c5954f
SHA256eba6931a912fe8462866a4bee68ec0f1ef24c30a72b0a7acc4dfc10f1ab99fbd
SHA512af1f2cb18c4c9722d044bef50b9f994192ec5ea0119169237dda57d16d47504c84f07ae93f814e5094ffec1f8e1b39677c113796c72d577fbcf47d2afe5cc7f2
-
Filesize
37KB
MD50b3c2f267dfa94158bb48b881ce55fb5
SHA1e300628c01c8a371183fde62ea68e2ea011c1d5b
SHA2566276f8ca57be84dc4349661158fe1c0b019104956cfc7196d7151c2db2eb8ef3
SHA5120b61612e8d3cc283af412e21afbe691ebf9de10a41f66d2c3f87172f5d4e185b2f4f881aa4d6cedb6930cc28b4c100fd487d4cee6a3950333d7115f777bd337d
-
Filesize
37KB
MD5eb79afa76a015e476f7407ca0804ec13
SHA1b62bffadcd14a72e2a6b0ea15b1005c8f9f9f72a
SHA256ed4152be7eb069e7092d53209d7ae5352a5a2c5695d2654031132de7fe4a9d3e
SHA5122ab614d010f0d4e842ae9c2f4f8c8b46b459973e848296c531554f049f2608e2229b088762ac473a427572b390b67cb500539e22e864d325fae22c8f7abaa0e0
-
Filesize
37KB
MD5fc16c025d5e1e27bcea810c28d2e5c76
SHA103aa81240ece6e04a9edbab0f728e79bd762a63b
SHA256329b9318a54674b80b2a2875bd845ffb2883718cd58fa2d21f9093139d54de4a
SHA512af8539dc9fa111428ddfe13e58f9d382741fde5b149b8d9ce4a13de86b15e3ef046ab58dad2c78c3c779cd73441e780207d922f91dd8c1810a85b8c8a92ad7e0
-
Filesize
929B
MD5ace4522b701f8fa26882e3f42b55201d
SHA100874693025ca11b49e2236a7567dc359f7b61c2
SHA256d243cdf5a9265f78cb8966c201782bd0849d80b5a33df29e95060070a1ca850e
SHA51238078dbf86c74a7a8460508f6273d7576d260349f729c947b91974367ddcfc2b49cfd221f16fb4417d6ae36d4128dc0d0a9897169af725e7a071fec2d0ef07eb
-
Filesize
929B
MD5e1ddf47892c054aed41ef9167a806dfd
SHA16a842fbe34246e454a54d87136f9190fdecdd416
SHA2562f024b58c2dd5ad38b67ab667a353648cd0569ae4bf3ccf432e75f1ed2e323e7
SHA512338534157a9539726d0987438e0b947929b3f59ede82da713feda16f8160138044e84d2c36f32284791846bca3fdc3bc4cba2408778dc8e6e5da64a4cb89df26
-
Filesize
929B
MD5c888e909f31b2822b5e7ac15dca72fce
SHA1f9d13d5ce0c6c959890a624691153e9eb675a246
SHA256b7dc810edb631562d9abfc78c28cec34548feb64c71c7a21ff2eb28fbd690aac
SHA512b1cb93c6df63c96f22ed72f1a1b16d7e1fd8335044d5869450f4c4cfecc0204deb64c344818ae6f8ad0f9dd12779b6217a06070c07d6afec3af1ad9b0bf3df85
-
Filesize
712B
MD5ca7fdb1e959016c96548c4f7bfec5e3e
SHA1921ac0319dd9445694c28aa0616a7d74d78993bd
SHA2561a00e88720eab59a1e06bd89f50011fba0f2f4712ccaf10e11300f65900501e2
SHA512a4caa9a65e9c1330f9551803ee323dc7d5df2bcb85bc68f18c9c697482ecf2039094a30bb33f69069f41f5f2e1ff5ab1066daa76e61260b0be26958af41f8ee7
-
Filesize
712B
MD57e7e64da06b6f62163c7d5e87aa1fcad
SHA19f71fb21a7efc770ad1a84e4e0fe9c199b6870fd
SHA256581b8b391ea7a58cab390f0e7cbc0cbdba896565286cf76f767954cafac411e0
SHA512425b157eec74585930bea6f372cd7ffa31da54396adb8487397a5e1137852686853fed10f6d229f7f5a90b66ad9dc7b2d2ce98af7aabf802ee2fa36a8e7df4f9
-
Filesize
19KB
MD52a34f9b2a7f9648529ea762a222a6f1a
SHA12a68f7f41325faa80cf54d3fccbabad3225e32dc
SHA256926340a0b97919440bb975b0b4fd083b898903cc9ea8934310e8803fed5c0fd2
SHA5128128350516103adf78488d5bae99661b544bb4fb34724debf2d6e4d2df3c2df36b695f9bbfca700edc74c9aec1284ec0cd78f30ce75b5dd8d8e4b339ebe41cc9
-
Filesize
712B
MD5eca9b88da5496891808934fa56d3bfce
SHA14c270e46b73ce3c18e7bb3c7b4ec42bfd006667a
SHA2561876bf17d55920af3ea617ad5b4a0092b9d80de1aa0d0c651adca1a3537e9d95
SHA512a0be79a2f3e76e7203a9bfe813ba54d0587a3672afcac045835cbc087313f3d2146631821f753a240068b74412fc49e5f087a64305aa9552cd0ce87b44905603
-
Filesize
2KB
MD5f9ca4e01d9a5620df113ae8416332169
SHA1d3abd028479428e6ebb6523fec760938bdc2f619
SHA2568af9af6f16ef19bbb39cfdf301516d8258df02f54d802095108c635bda803616
SHA5125e71c8cbb8ddb27344c4a60d03d63d52ff105a85cee2b94b5e9d393f4bade4f783c2e4296be59a6e0aa88a094e2f6bfca2035e5cf3f4daf271a5abac2682efc5
-
Filesize
712B
MD5a761314ebc416b82a56621300c96c6a0
SHA1ab7c3235d7ef4fea3e6231abfbf6325440a6447c
SHA256f6e9bd1a6d5e7345188b1bf405af27100e8ca2bd33947223f56c009e2180e6cb
SHA512780f999b90830f829dd12c04b7388d752e442a135ef3b0b3bd010dee478f4e19ea32f8888f2fcb48e271cfae1af8f670e20b0e61d27c6fab93b1b29089153a65
-
Filesize
37KB
MD5c1864606eaf378dd93c09e27d4ee5805
SHA102b778efb1e177b6a7791f4b9fa0ebf0110e2836
SHA2563883c035bae7672f6fa49c470a80d1758f09d50e4aec532db09921d00e76e433
SHA51250f262a9e1bcd534631e9a0863f7c5b04592635b78c11cf784ba00bb205763cb7ee147afc41e814f1d5bfe291e0128059e7a58b0a381d7dbf8e5330908efc1a5
-
Filesize
14KB
MD5d118a588f1082b85fc856413f5fc4971
SHA1dac7d9f8833c335a45ae1710933cbb6f486c75c4
SHA256af6f95e068658440487c55e0d49de0abdbe6d1cacc5eea820f77f2cc6acec890
SHA512ec72a13bbcbe54d0a65c58c4e4742692be0f676b44c08328d99b5ed23b002b3eae4c96215fd3a3e0b341b6c5e8f5fef04dec5f29c8ef9779895a63754d9f9670
-
Filesize
1KB
MD56ef6e79671118dabb08fc0bb5fbc66da
SHA1b5071231f1c51f368657183fa2db8be572220f0a
SHA256cde8f700e48257eecbab13aad459c6cf794dd7e0438cf4e6c4f9ba0032c6d71e
SHA5127625a6c934856984af8fa229813e473e3451b700a405314cee3017de0822dd0c598d6311688582e0351deaed144b939eeef886393dfef2f0b323e10c9a95a51b
-
Filesize
26KB
MD5ec6d47c9c04096f7a19c149f0720247e
SHA17f30ca3291774f005502e3bccb0d3c48f97c4d1f
SHA256e645771b274eb54b585dfe16fbfb8693391acbd8df53e5f6e1d705d5f664d9ed
SHA5120338f54ac58d7addf4af3467f4509e6f30cf0a0217bfbe24028295c1d74e96f4f4627acfa785a5e107a52e257de6b2871b0907ea9272f656d37e8b2d6741c25f
-
Filesize
11KB
MD564204d462a7654a4f8882fbef18156ea
SHA165d1037e5d7fb9971fe31a6eb3a10e8079669634
SHA2564e4ea7c6ef669837103e4e20b0b33ed68dbf641165b92dface3f8757c4b770f8
SHA5125aa12d8bb16b99ee0ff62ad67436da0a369e4204f3f537a0b53c4563dfa27d7351a5f501d63a56d5756acbe6aa80c88fb9d1bd5c0a73bb6bfa9f55fb51a6c126
-
Filesize
1KB
MD5cc9d6a821fd83e6dbf73403d174fb870
SHA13f357be607cf0da5e4bd8924f8346dd70ef0844d
SHA256dab5c17f04de545665dff055c3a2ba8d4e0e0bbe3938a363b7e28143cbf680f5
SHA5127aeef01dc1b831a505f7871a3beac2534546a847f3b0c368f39a1ffec36f56dca753c7e9217f2bec6a9bbbaf525e8da46773ce638b39cac90917ec278ac6f760
-
Filesize
37KB
MD5be0f74ffda06a19a59819fad7e598ab0
SHA1c3ae4978326d9471eb6b2bc45686cb4c2aa197a5
SHA2561c71c7538818a0aa4c72cbbc329bc2ea34576a00c14221b185eb606dd6014589
SHA512f2cc3e34a67330a11a0b27e9bac40f4cb45a5dea41c158e43416a81215941cc0295a2cea4013cdf87cbdc05546279c905de8ddb180baefdaeb197e6cb32fab3f
-
Filesize
13KB
MD5302dda7d9aed955c40187917053c5473
SHA1e57c002f88b3ea8a2427fb04fe53299501b6eb01
SHA25683c74d17b20a9f2d5e391805bcd7f42e72123771a255aeb7d89b2e76ddd87d54
SHA51289b6ae079e57aff674df15a56c5e09b46a9b135a811ea2a46a87fc4d4d0d4953918434ae7514a706685088aec192fee4f02c660991285a906d8346e297c92e62
-
Filesize
2KB
MD5a86c8a5266dbf5a991ebede2aef73080
SHA182eefb79fab677bc8a8e5b6dab3afb1b2b87bf64
SHA2568bc1e5997ae0a66f3eef098ecadb6d70a1077ca88bf3e4658010cf39b0c2ffc5
SHA5128228ea182348363a1f5b0379b850dfeafe90d39ac5ec51186ede9b15f646cbfcdbecdac79d16d37118f2e07e9da9db0b246548ff117274f0508b149c20cef2e9
-
Filesize
31KB
MD51fb4a89296599d7af1d3c209d180fefa
SHA1f0a34663798ba5230f48499d68b951c4f3cadf86
SHA256040d8aa4c36ebf078320f6a1488853f86e7557905c3deab38b7766c510b32172
SHA5129e8be5f4ccb7686de023324e7db208fb61cc03e108d13969fde503d59cd6f9d3cbb44f3ec42f504d5ae46633d7af09d95468213e5bc1111ee6cee843ce869e63
-
Filesize
14KB
MD52e03e5448e7abac636c7618aac729455
SHA166d8a6726140fa3a3e30181daf3c5e565cac1814
SHA256ede9121034aecad1fa784f3e56b69b57c671cd6a1752ead4a937129d7f86b2e3
SHA512359cbc3836fd926fb744febc02ef50e4a7dc92f2974a7ada03cbc4428680146f9f11909c3d4a2ca1c57dd24c67474f9dc205e5dd9ed0884ce3e47dfbbaa788dd
-
Filesize
2KB
MD54eccbe681498e419840d30b616e6418f
SHA15b9c636dba9dea7e90fb1c6d1dcb5d9fd95fa073
SHA256abeb379513869a29a780cfcf61bb0ce5d210de7814f8da106a99b660a4be6d8b
SHA5126dd47658263091faea119a6d9fb8142788a8748ee1f76058611416e4cdbfb66e003603f4e2e2aec5dec2292427d38eb0ad21a887832e84e37bf2b13846c7c6a3
-
Filesize
36KB
MD503496f020143746a9e8723430aa64e72
SHA1681d04da46bc8e3f19d7e1e9ed19a37f90450b82
SHA256f8991ebeee97ab68302c3d003b0e43cd93151260fbe62c73ce3ac37e5d989962
SHA5127626dd8f5b1517acd33494670d1f36479960d8ade37f716fc416ecef384e9c238a0bdec671e599a05bc870c0762c9e55e0036f97a1f06694f6d835ca54f18440
-
Filesize
13KB
MD594ecc4ec91270a454686b664d778cda6
SHA1a493ffe20cf3954f41928f6a43119fd538ba85e4
SHA2561ce5d4df35d539cef4c6ffe53fcb25b279a61e0d70c96003ef7e268d679ad996
SHA5127c32a89ca8b7422cb32f370e555b61711c16a2271a6ef29e2c8ae377ada7b762e3860ea6b1b4635a69da1da4b4ab50db1cf1bf6ce106d8544de534f42ff67b5e
-
Filesize
1KB
MD5ff6774b0be01142d24c0721d58573b2e
SHA1eab6f8f1ecd3051cc525cf3e55ead71a6a0059ec
SHA256d91e0957a019eb4122f13006b4a29f54de7c2bddcdcf388680180f5ea9b21339
SHA512118a5bf8975e65d287d796c11d8834e3b2a98366054e5b1965fe91d527a4cc1cf1b2484325b62fa3b5140d1e8aa95b7f9c6e046ae71ab530686fbf23bad64644
-
Filesize
37KB
MD5bf2f057cbc783ea7963097d01406e0fd
SHA1157c424ccc8635f132e1e6e377a80473f1f93e05
SHA2563eb7936892d2150078d70ab5985def40b0bc82a706af4ec425416fc6a0eac1ea
SHA512f251bcbd106aeb633039b5b3a0a196dfbe7d6c663297df46c5b5578bb7a14494d7e9199a7640b2926618088baebed9c3a3b516a607815842678db7ef38002c1f
-
Filesize
14KB
MD590f582db66c5a7ed814e38a580d9e955
SHA1babeb58d4ba25ff00f92ca6d9b6f6db7b8e3b91f
SHA25639ede8b69e5f4d131fa1a4adf51172de6f7d4fa2029522ac4428d90f93ede269
SHA5122e4f3ea6d4c8a868b6f7b0e0cf97a6eaa7259fc30782fd4a12e32d18ba1e8e083033a886ec2c0436d8d328d80da2ee8f9df4467b30722082a7f14904945446cc
-
Filesize
2KB
MD51fefcfc59b7d848b4b641462caffd216
SHA16ca2f8b8fa8d8ff98909cc164e7dac202042a87a
SHA25669bf65c96d20142944039eb235d1358e948f1ccfd9b5aab665289ebb2b5dfc92
SHA512a4254b7dd6190e32bb2c45b3efe20dff0d8f9606c0abb5a4b470b1d642e15f800c6aee2a5083f7d32ad6baf9c5f8a9353e0c5e9bdfa715c15920800bddf650f1
-
Filesize
36KB
MD566b5368b3e7912b2bcc21ecc9ed505ab
SHA1c8d16c83b88ee180554062d4705fdf803a675703
SHA256c632d79e4a9773dba4b5299d4e6f0f3ce3b2aa067c3666e254fa64653409121c
SHA5120a96af0d918732af2f97d5c6c6783ba3511a162098abadb2d388c51e58eb6a0c88776a257eb7da3eee7f38062323859e34cf5d1bb6ea85faccd7c02f6e9ee454
-
Filesize
37KB
MD5b04130bc6245eb08e94f222f7a596e6b
SHA11d7f0a2d84f41387a1d68f2acb02b538023c50c5
SHA256320efda13945c55adcf252b62bc6b58d2c04240efe780270af419d6496fbd0eb
SHA512292e9a96572f6429b07a68bd5ff9f864267f3ee75a6536f10fa877e8be5306e92a46283580c742e5e8043bae7cc64483cf98fa069e20cb57a0a233787b4621fa
-
Filesize
16KB
MD5c2799a0735f1511f63a17e3fc8561464
SHA1f0ddbb0db3902b2942c0faca33afe5230a812a08
SHA256592c82b8b6ca0dbd39572c45cde667b48cde3709f9585851815016b95999d628
SHA512bb0f33eabe3e08ccc6ef75c06345721c6ff1b46fd709ae1d65fa7e41c14d91b1ad4910337b61e881d6c1a671d6b2072ed4bd6526cf3988fe9f379561d917271d
-
Filesize
156KB
MD5b29472b5ff4ddb9dbd675cb6e3130358
SHA14bcfb0070523f9c874770011fd6c22bbbf6d12f5
SHA2569bdf7476354993fd90871d386020a00e68ecec8264fe75183e4311286e19c52a
SHA51272f24040f834cb466bd37ca7f314176ae732f051767581f4eeb988f522dbfbe361e7910fe2ccdcbfdd830c7341190c597cfb969a33b96dfcc7231fbf898c64b0
-
Filesize
312KB
MD522b8ca5a4f0d8b9e9185b0d4e4fc8e7b
SHA17d0b06204ceeb24fdc0f7256d1eb8c402039dcad
SHA256d63499833bb20352e63907e2409f8246df278a15cf7c73a24aeefaff19fb1a43
SHA512c26dd00ed3cb8f01e226c35e49720c66e71734978913f81a818c6bc1582f2ea5a3c9d4cb2dbb06e3a36affac567c14b64dcb6f5d544d1d3367878eba34a4a6c5
-
Filesize
544KB
MD5e66cd88bdce8aee6d55d493333a2db22
SHA106f27838d84d03542e56439a4193464f84a6213e
SHA256d7fd6388946fffe83ac10a5449e58dd80cb21598149e4ef903cf26b3ad40f3e9
SHA512974b5fae537b2a177bfe5769141cb5c1b4e67a67392e2f19ef00a9d033b8589532da4b8f8f2692e179a1b7fbf51c513cb557f2f6dae4d4045f6fb4897d37a9e8
-
Filesize
312KB
MD51c991a6c34aa28f9af5cb9a7160e3992
SHA169bea4b579bcc5b92db79ff86056596c6debe801
SHA256054c7abedf89b20adf195faa14ca31d8c964e360fb5d5f8d9ee8e4596227c330
SHA5122115cc0beddae2eb2d77313135256ea0f460400c8471a7da5100aa9adb1d965629af10e2d69a34911e5086aa21109f953ec8e2fec3d51119f81b279e8a012e63
-
Filesize
416KB
MD5a6752528fcabeed55b6c66d6a6632c6c
SHA1758a2779e954c6844b63bf04280c57cb5eb7448a
SHA256dffa244bd450225fc953422cb63e1a331f030fcd54022baabde6399457408926
SHA512c7881e01b9adf79f7edd058915734c0ababe294287cd8694756b97da201d19e86de85bda6fc3db5da623220fd52eb208b7dc1427ac3be7ff28b20cbef1d7100d
-
Filesize
512KB
MD525a6b8c2201ac4da9fedb0bc2d06f487
SHA1c133ae0329a67ca725d3b60630db897074699058
SHA256e3489dcb277e87eee8bc091ab7d51163a63c85541c22522775122b54263769f3
SHA512f388b6f620820715dd2890f83e5872322fb4594cf557dde8a55db4af9701cb575fefdd5034b16888168a737dc9c177e4f0bd5a8aaa09cd8876bf960e987ef2f5
-
Filesize
13KB
MD59b6f279454c21341e6bd3033921307f7
SHA15a686938d33893838c15feedf0ce61f85458e7a5
SHA2565d78b7f328239669a8ef3632525efd91287af68a445db27fc13cb111f561b440
SHA512933d451f63c1c3a9668d9e96602924e408dac2accb7b7c3ea31a2cb4a244038881135bd4309cbd0604761ae77bea6ba9d921167f624c75f4105c3d4c959c5ca3
-
Filesize
55KB
MD5e1efa3f6114d47e0ec3964af7cfa8a12
SHA178baf560696faf22bda064b1a9357e6fce1f4c70
SHA256a1d91ef290e3ba1e6301a3392a5c04ed2e75c6e1a9cf74ac42fe012fc303f762
SHA512a4ac7d8a5f4ab3cb0750d8108015d1b9e363e7811824fccf890b5afb5000ae498abaa49ed172436cf773e97e198e0cee5bf05039aac82b71e6b203d94ed81d8f
-
Filesize
12KB
MD50bfaf62b95beec809df72227bb91ac27
SHA1830dc3e335432a98cf6b6270cf3a9843fd2659cc
SHA25653a6495a7c45138fa040b2b4ee8734af3a1e283d1562e3f6f693d7bb55481063
SHA512e42532d676dc8741b18c69380c767d9951cbc03931d3cb6acc858689c01c1183002833d50c5c08003eaffb59fac0b13a3f5c93300adc0333d60fac553f13fabf
-
Filesize
39KB
MD59ecc18db5f0c288c28a1cdd493cf2159
SHA12b718f7ba3ba45bb61e8b09e5991603fe206a8e6
SHA256062c62d1f11e2387845c7061da0259675acff2ed82dd1e42d47b565560e001ce
SHA51234ef6bbdaa3cc2a101e383d0be55620591a5f38b6df2193263a52a503a2db77f2d7fdc170809a8601c2b160027f93d8ba7d800e99222a58c069509d1dafac56d
-
Filesize
14KB
MD54646d149ceb88aa2fd89688f9c4db5ae
SHA14ace04981d10aad31f75288f9a9e785aa0573bab
SHA2565d52850eb0380b2402ef78649025c4e42228995e031b70136bbe7093fa47da95
SHA512e2deba706d36952ae96a893e69d67d60855c8651d46de1f2c16df2bbbc51838cccca7a007c1a402c3f200a67c1abbad38e3382f31b146a03a999f6de399b4108
-
Filesize
30KB
MD5b0cbd0885d632f90f969158ba26c832b
SHA137a9478c224097174c4e1e8e1c92dfc6c25afe14
SHA2565da3fc53309ec722875dd917abded1bf2d05315129ecf4d3deda7b7913c9a6ff
SHA5129c94aa11dd164debc4096fd0aa1a9ebf5fe6283eb437513de56f1269e55afb23aa9f5dcc579ed1a8f23ded2db566ccb9aad9af9653c7fbe7c20146384ad07fa7
-
Filesize
14KB
MD58717e36e5a7063d7fd7d92330272ad1e
SHA1509e8cdb88f54e3f04667cf0f925ed7677cdc739
SHA256f5d70aadf092f709499ce77bfd22a1a7fd467b611dad99fe7f83c000121bc7d7
SHA51241fd403e3eb71563f490fdf204da183772773286332a87f6b2462c046370a15978685bca795e52ec5fd4eaa2cd94914b89f76d27a83376f05c8ae33f5efc2a31
-
Filesize
35KB
MD51f8975c5eb105d337e23b0c5e81e67ec
SHA1f22ee538b44d9818b55ebbe57288621859e59d3d
SHA2569e28a083ae4094df5c156a4eff8caf83bbbc9afe7a931927ce6a95b3ef0c0084
SHA51239d825ba1a0861fd86624fe8b54051e581704dd0c2f2548b29ccee417e8fcef315f0e65499360ac3105d20efcf5b0759209420e0f93df53abf3ff12f5f8ac9d9
-
Filesize
2KB
MD5b51f0ac464e7ec6296a6f7cb19a88642
SHA1b3d1f212386172e3c4dc47096be9260a87f24bf4
SHA256f4320f6f8eee510b9ee5d11b3942822dbe856696c35ef3bc8c9071ec0bd7ea92
SHA5120e07592b8e2185b1890e05d298796d4ec358ebfedf1e1d6ccc13605cf4965a6ba7f2713c863ef85be258922204ec95c35db111936933a2c87448ad0542c4b06f
-
Filesize
11KB
MD566a6e4d4d6621923a3fb4544ab7f07b9
SHA10da4e1f95713d51e4cf4523fdde4a573308f4938
SHA25676f111f65cce4c23a5345c15487242ab171004ba745cc28d5d500ee3d6e63762
SHA51290dfd4d63fb486e103a6591525432a0c7c98828ebc52c2787188cc171aba5525eea24346b17e99231f9a4061b00c7ad37a1d49c4091694afb9c9c28898283c8a
-
Filesize
2KB
MD5327df7ca827af0999df617e661b4f7f4
SHA12e54604481faa9f3c3c020c7fe24eedc4aa73f12
SHA2566bd342cd4a48fa11aa8f6f5f5576a8dfe32092b5e32270934478ecdd3277b1dc
SHA51247be2d3582048bfd8a3dc2b7007709cf29661728361c008d2b6fe4d356710e189b25babfdc306d664f96443d589e47890598818d4cca4de0a5e4d7363fc17023
-
Filesize
2KB
MD5056877dbe2530e5c501059d352fac953
SHA101ccfeb6d32b3960b80c5e12dbede025069d5d5f
SHA256e887e444b00d8c4f9fef08ee131de6ae014687678a14df7232874c60a6498be6
SHA512e8a2e127347f38f4925064bbca03e287844358cfb6ecf472f33ad77fc61126249029a03add63fe9a7ee8a84826123d31d32fd610c50a1a5b230fe55c3a097079
-
Filesize
3KB
MD579b5883efae94413ec7faecff62861e9
SHA1a03a536da44147e0f3a0c347dc17919b8ea88b89
SHA256818797e96ad303828f47decc00eae975373061c56042ccb8904b9379e5ec6f98
SHA5129b3c2f9afbbf13a9b7776f02df2ca485bb209c2f1bb97423474120cf656b5a465af79335d6418be29be5273b92b63ce5b2fa09104500aba76e53b2508d554e0a