Malware Analysis Report

2024-12-07 15:16

Sample ID 241113-1na2vatjeq
Target csaudiointcsof.1.0.4-installer.exe
SHA256 fd2cd5d65cb83a0c03a4f3bd5ace284d271369afe14672234d79f68a006ca3e8
Tags
discovery evasion execution persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral24

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral23

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

fd2cd5d65cb83a0c03a4f3bd5ace284d271369afe14672234d79f68a006ca3e8

Threat Level: Likely malicious

The file csaudiointcsof.1.0.4-installer.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution persistence

Creates new service(s)

Stops running service(s)

Executes dropped EXE

Deletes itself

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

Launches sc.exe

Drops file in Program Files directory

Drops file in Windows directory

Program crash

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Runs net.exe

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Uses Volume Shadow Copy service COM API

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 21:47

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3680 wrote to memory of 3260 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3680 wrote to memory of 3260 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 3680 wrote to memory of 3260 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3260 -ip 3260

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 612

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

143s

Command Line

"C:\Users\Admin\AppData\Local\Temp\drivers\dpinst.exe"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\DPINST.LOG C:\Users\Admin\AppData\Local\Temp\drivers\dpinst.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\drivers\dpinst.exe

"C:\Users\Admin\AppData\Local\Temp\drivers\dpinst.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

141s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\rt1015\rt1015.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\rt1015\rt1015.sys

C:\Users\Admin\AppData\Local\Temp\drivers\rt1015\rt1015.sys

C:\Users\Admin\AppData\Local\Temp\drivers\rt1015\rt1015.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

139s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\rt5682s\rt5682s.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\rt5682s\rt5682s.sys

C:\Users\Admin\AppData\Local\Temp\drivers\rt5682s\rt5682s.sys

C:\Users\Admin\AppData\Local\Temp\drivers\rt5682s\rt5682s.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 71.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win7-20241010-en

Max time kernel

13s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"

Signatures

Stops running service(s)

evasion execution

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\uninstall.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\uninstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2256 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\uninstall.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
PID 2256 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\uninstall.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
PID 2256 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\uninstall.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
PID 2256 wrote to memory of 2296 N/A C:\Users\Admin\AppData\Local\Temp\uninstall.exe C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
PID 2296 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\net.exe
PID 2296 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\net.exe
PID 2296 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\net.exe
PID 2296 wrote to memory of 2656 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\net.exe
PID 2656 wrote to memory of 2928 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2656 wrote to memory of 2928 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2656 wrote to memory of 2928 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2656 wrote to memory of 2928 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2296 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\sc.exe
PID 2296 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\sc.exe
PID 2296 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\sc.exe
PID 2296 wrote to memory of 3056 N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe C:\Windows\SysWOW64\sc.exe

Processes

C:\Users\Admin\AppData\Local\Temp\uninstall.exe

"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\

C:\Windows\SysWOW64\net.exe

net.exe STOP "csaudioswitcher"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 STOP "csaudioswitcher"

C:\Windows\SysWOW64\sc.exe

sc delete csaudioswitcher

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

MD5 fce8be84b8763aa8265a3f9b061121f1
SHA1 1b718de67d01bf764ee0691a8aaa00870cfab49f
SHA256 877627e281ee21e110f816b114e153a83ff501228b0b0f5c4538206071cbe5b1
SHA512 2db8c550caf244a7d822872d4526136dafa3b2de01c1093f2538e5b8a5f294ed8dd32391c8aa69187f3606365915bfa8c5cd2dc54e5564db03ed63cb99252bee

\Users\Admin\AppData\Local\Temp\nseD441.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Analysis: behavioral24

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

138s

Command Line

"C:\Users\Admin\AppData\Local\Temp\utils\csaudioendpointswitcher.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\utils\csaudioendpointswitcher.exe

"C:\Users\Admin\AppData\Local\Temp\utils\csaudioendpointswitcher.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win7-20241010-en

Max time kernel

14s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\drivers\dpinst.exe"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\DPINST.LOG C:\Users\Admin\AppData\Local\Temp\drivers\dpinst.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\drivers\dpinst.exe

"C:\Users\Admin\AppData\Local\Temp\drivers\dpinst.exe"

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win7-20240903-en

Max time kernel

124s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
N/A N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\csaudiointcsof.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBD6.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBF9.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\sof-jsl.ri C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\SETC747.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETB85.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBA5.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBD6.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\sklhdaudbus.inf_amd64_neutral_ef7fd6994108efdc\sklhdaudbus.PNF C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBF8.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\sklhdaudbus.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\sof-cnl.ri C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\sof-glk.ri C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBA6.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\SETC746.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\SETC746.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\SETC747.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBA5.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\SETC745.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\csaudiointcsof.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBE8.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\sklhdaudbus.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBF8.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBF9.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBE7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\sklhdaudbus.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infpub.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstrng.dat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\infstor.dat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\sklhdaudbus.inf_amd64_neutral_ef7fd6994108efdc\sklhdaudbus.PNF C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\INFCACHE.0 C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETB85.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\SETC745.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBA6.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\sof-apl.ri C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBE7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\SETBE8.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\sof-tgl.ri C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\csaudiointcsof.cat C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_R_Google_Gimble4ES.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-apl.ri C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\max98390.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\opengmaxcodec\opengmaxcodec.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1015\rt1015.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98357a\max98357a.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_L_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682\rt5682.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\dpinst.exe C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-glk.ri C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-tgl.ri C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-jsl.ri C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98357a\max98357a.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\nau8825\nau8825.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682s\rt5682s.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\cs42l42\cs42l42.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\da7219\da7219.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\nau8825\nau8825.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1015\rt1015.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682s\rt5682s.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\da7219\da7219.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_L_Google_Gimble4ES.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_tt_R_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\nau8825\nau8825.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98357a\max98357a.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_R_Google_Gimble.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1011\rt1011.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\da7219\da7219.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_L_Google_Gimble.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_R_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\cs42l42\cs42l42.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_tt_L_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-cnl.ri C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682\rt5682.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_Google_Nightfury.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682s\rt5682s.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\PROGRA~1\DIFX\D29FE547208FE130\dpinst.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_tt_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\max98390.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\opengmaxcodec\opengmaxcodec.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\max98390.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1015\rt1015.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1011\rt1011.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\cs42l42\cs42l42.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_Google_Gimble.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\opengmaxcodec\opengmaxcodec.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1011\rt1011.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682\rt5682.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\INF\oem2.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev3 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.ev1 C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\oem2.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\rundll32.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\rundll32.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\rundll32.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\rundll32.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\rundll32.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\rundll32.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\rundll32.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2516 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2668 wrote to memory of 1952 N/A C:\Windows\system32\DrvInst.exe C:\Windows\system32\rundll32.exe
PID 2668 wrote to memory of 1952 N/A C:\Windows\system32\DrvInst.exe C:\Windows\system32\rundll32.exe
PID 2668 wrote to memory of 1952 N/A C:\Windows\system32\DrvInst.exe C:\Windows\system32\rundll32.exe
PID 2516 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2516 wrote to memory of 1656 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 616 wrote to memory of 1676 N/A C:\Windows\system32\DrvInst.exe C:\Windows\system32\rundll32.exe
PID 616 wrote to memory of 1676 N/A C:\Windows\system32\DrvInst.exe C:\Windows\system32\rundll32.exe
PID 616 wrote to memory of 1676 N/A C:\Windows\system32\DrvInst.exe C:\Windows\system32\rundll32.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe

"C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\sklhdaudbus"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{2aabbc59-c36f-78b5-52e1-cf5b61cd8124}\sklhdaudbus.inf" "9" "66424e113" "0000000000000540" "WinSta0\Default" "00000000000005A0" "208" "c:\program files\csaudiointcsof\drivers\sklhdaudbus"

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{3f64f511-497d-5df4-1b36-3717af083b65} Global\{2390e7f4-05ba-1cfd-6af0-4722227eff12} C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\sklhdaudbus.inf C:\Windows\System32\DriverStore\Temp\{4c10c17b-431d-2684-3ff6-1c6e26956503}\sklhdaudbus.cat

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\DrvInst.exe

DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005D8" "00000000000005DC"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\csaudiointcsof"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{1df8e362-6edf-1535-ab13-bf7fce545e22}\csaudiointcsof.inf" "9" "612162d9b" "00000000000005A0" "WinSta0\Default" "000000000000005C" "208" "c:\program files\csaudiointcsof\drivers\csaudiointcsof"

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 10 Global\{75c8a1d2-2c22-2b04-d20e-0d4066b08e72} Global\{11aa417d-57ae-0eb9-6274-a55276966034} C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\csaudiointcsof.inf C:\Windows\System32\DriverStore\Temp\{6231063d-a1a3-1255-c650-bc3660e3eb0f}\csaudiointcsof.cat

Network

N/A

Files

\Users\Admin\AppData\Local\Temp\nsoAF63.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

\Program Files\csaudiointcsof\drivers\dpinst.exe

MD5 4192a5b905374e423ec1e545599aa86e
SHA1 908c09de28bb3cc09601da5d4e1f44becc9df18f
SHA256 567f40a09f1d9e72396296ad194fa7cf48b72361d6e259d6b99da774c2cd8981
SHA512 33a3c8e6565fb88f5cc72cfaa553bb0ddb654a8721f356e542c0346468357d38913db03d5035bcf2c45254df1baf83cf3cded55c5d22d677379a4d648a65500a

\??\c:\program files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.inf

MD5 79b5883efae94413ec7faecff62861e9
SHA1 a03a536da44147e0f3a0c347dc17919b8ea88b89
SHA256 818797e96ad303828f47decc00eae975373061c56042ccb8904b9379e5ec6f98
SHA512 9b3c2f9afbbf13a9b7776f02df2ca485bb209c2f1bb97423474120cf656b5a465af79335d6418be29be5273b92b63ce5b2fa09104500aba76e53b2508d554e0a

\??\c:\program files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.cat

MD5 9b6f279454c21341e6bd3033921307f7
SHA1 5a686938d33893838c15feedf0ce61f85458e7a5
SHA256 5d78b7f328239669a8ef3632525efd91287af68a445db27fc13cb111f561b440
SHA512 933d451f63c1c3a9668d9e96602924e408dac2accb7b7c3ea31a2cb4a244038881135bd4309cbd0604761ae77bea6ba9d921167f624c75f4105c3d4c959c5ca3

\??\c:\PROGRA~1\CSAUDI~1\drivers\SKLHDA~1\sklhdaudbus.sys

MD5 e1efa3f6114d47e0ec3964af7cfa8a12
SHA1 78baf560696faf22bda064b1a9357e6fce1f4c70
SHA256 a1d91ef290e3ba1e6301a3392a5c04ed2e75c6e1a9cf74ac42fe012fc303f762
SHA512 a4ac7d8a5f4ab3cb0750d8108015d1b9e363e7811824fccf890b5afb5000ae498abaa49ed172436cf773e97e198e0cee5bf05039aac82b71e6b203d94ed81d8f

C:\Windows\System32\DriverStore\FileRepository\sklhdaudbus.inf_amd64_neutral_ef7fd6994108efdc\sklhdaudbus.PNF

MD5 89d3c9c559af9347b1cdfe938339128b
SHA1 e5c9d2e20ee5f3ac35ef314c0703dee6fafaf42d
SHA256 e3489a5059d5b18e5d3c2ef40dd5485702b373deff7d47d74dae1255b6882580
SHA512 79da35685957a6a81ab67d9d42ad00319765d2081f6536191b0b5547caf33628d24b0b6f1783bc6985e8506ad9683643746e0d16057e92e73270e484284720d1

C:\Windows\DPINST.LOG

MD5 22cae599b4328a14b8278e2463d623a0
SHA1 8bdcd473eedb708e5d91e943e5085c067d57730e
SHA256 0bb7e0638d31a0b646d026f164ffa89a12926a4b9b3d92b149b08adc3ff3ec4e
SHA512 39306e87da191d88335ac214a1adbb90456bb0d311413bc192ba523b71ba74cb38acb29b68ce1d5f956961a1fd27648dd86dd9fc518cddc52647b1b338baf18b

\??\c:\program files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.cat

MD5 c2799a0735f1511f63a17e3fc8561464
SHA1 f0ddbb0db3902b2942c0faca33afe5230a812a08
SHA256 592c82b8b6ca0dbd39572c45cde667b48cde3709f9585851815016b95999d628
SHA512 bb0f33eabe3e08ccc6ef75c06345721c6ff1b46fd709ae1d65fa7e41c14d91b1ad4910337b61e881d6c1a671d6b2072ed4bd6526cf3988fe9f379561d917271d

\??\c:\program files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.inf

MD5 66a6e4d4d6621923a3fb4544ab7f07b9
SHA1 0da4e1f95713d51e4cf4523fdde4a573308f4938
SHA256 76f111f65cce4c23a5345c15487242ab171004ba745cc28d5d500ee3d6e63762
SHA512 90dfd4d63fb486e103a6591525432a0c7c98828ebc52c2787188cc171aba5525eea24346b17e99231f9a4061b00c7ad37a1d49c4091694afb9c9c28898283c8a

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\csaudiointcsof.sys

MD5 b29472b5ff4ddb9dbd675cb6e3130358
SHA1 4bcfb0070523f9c874770011fd6c22bbbf6d12f5
SHA256 9bdf7476354993fd90871d386020a00e68ecec8264fe75183e4311286e19c52a
SHA512 72f24040f834cb466bd37ca7f314176ae732f051767581f4eeb988f522dbfbe361e7910fe2ccdcbfdd830c7341190c597cfb969a33b96dfcc7231fbf898c64b0

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\sof-cnl.ri

MD5 e66cd88bdce8aee6d55d493333a2db22
SHA1 06f27838d84d03542e56439a4193464f84a6213e
SHA256 d7fd6388946fffe83ac10a5449e58dd80cb21598149e4ef903cf26b3ad40f3e9
SHA512 974b5fae537b2a177bfe5769141cb5c1b4e67a67392e2f19ef00a9d033b8589532da4b8f8f2692e179a1b7fbf51c513cb557f2f6dae4d4045f6fb4897d37a9e8

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\sof-apl.ri

MD5 22b8ca5a4f0d8b9e9185b0d4e4fc8e7b
SHA1 7d0b06204ceeb24fdc0f7256d1eb8c402039dcad
SHA256 d63499833bb20352e63907e2409f8246df278a15cf7c73a24aeefaff19fb1a43
SHA512 c26dd00ed3cb8f01e226c35e49720c66e71734978913f81a818c6bc1582f2ea5a3c9d4cb2dbb06e3a36affac567c14b64dcb6f5d544d1d3367878eba34a4a6c5

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\sof-glk.ri

MD5 1c991a6c34aa28f9af5cb9a7160e3992
SHA1 69bea4b579bcc5b92db79ff86056596c6debe801
SHA256 054c7abedf89b20adf195faa14ca31d8c964e360fb5d5f8d9ee8e4596227c330
SHA512 2115cc0beddae2eb2d77313135256ea0f460400c8471a7da5100aa9adb1d965629af10e2d69a34911e5086aa21109f953ec8e2fec3d51119f81b279e8a012e63

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\sof-jsl.ri

MD5 a6752528fcabeed55b6c66d6a6632c6c
SHA1 758a2779e954c6844b63bf04280c57cb5eb7448a
SHA256 dffa244bd450225fc953422cb63e1a331f030fcd54022baabde6399457408926
SHA512 c7881e01b9adf79f7edd058915734c0ababe294287cd8694756b97da201d19e86de85bda6fc3db5da623220fd52eb208b7dc1427ac3be7ff28b20cbef1d7100d

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\sof-tgl.ri

MD5 25a6b8c2201ac4da9fedb0bc2d06f487
SHA1 c133ae0329a67ca725d3b60630db897074699058
SHA256 e3489dcb277e87eee8bc091ab7d51163a63c85541c22522775122b54263769f3
SHA512 f388b6f620820715dd2890f83e5872322fb4594cf557dde8a55db4af9701cb575fefdd5034b16888168a737dc9c177e4f0bd5a8aaa09cd8876bf960e987ef2f5

C:\Windows\System32\DriverStore\INFCACHE.1

MD5 153032a740c07609491288393d11ab2e
SHA1 f8426a6ce82e3cc7082a68ced28619a778ea5113
SHA256 529a36160295a26b8b692d59fe9ead327211bbeebca54e2b6c88059607534aa6
SHA512 346299fd54896dce8876a985672a32c2f8985f69e0800bb7b6c531954155e12b23f02bd45b7ff95e31a63b917fe431630a0cf92df4a447a923ea822b47d458d7

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe"

Signatures

Creates new service(s)

persistence execution

Stops running service(s)

evasion execution

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{5ae706fe-e1f8-0548-8bd0-a1105bd14136} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{dcecaec5-8659-1c4f-878e-96f1c31d6980}\cs42l42.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\rt1015.inf_amd64_aabe691db7423498\rt1015.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\SET356.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\csaudiointcsof.inf_amd64_79c94fce15657a09\sof-apl.ri C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{dcecaec5-8659-1c4f-878e-96f1c31d6980}\SETFFBE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{effeadd8-640f-0d42-ba08-7036686524b1}\SET192.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{effeadd8-640f-0d42-ba08-7036686524b1}\SET1A3.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nau8825.inf_amd64_6d6d0d9d93f62fc9\nau8825.PNF C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e6c7f25b-5e43-8d45-91af-cde34ef9c43c}\rt1011.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8318d9a5-f5a1-6641-9a99-4cb4c1fbb318}\SETF2DE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\csaudiointcsof.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\da7219.inf_amd64_8cb8c60ce50147d9\da7219.PNF C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{5ae706fe-e1f8-0548-8bd0-a1105bd14136}\SETC70.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\da7219.inf_amd64_8cb8c60ce50147d9\da7219.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\cs42l42.inf_amd64_b5f44852b313dd2c\cs42l42.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET6F3.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET73B.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4070e853-ac3f-7144-9c7f-59aeed4609d5}\SETFBF6.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\SET378.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{85f14243-fff2-814d-a977-b6535247909c}\SET8E5.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{6fbcc42d-a735-214b-8af5-458fee19abda}\rt5682.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{dcecaec5-8659-1c4f-878e-96f1c31d6980}\SETFFBF.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{e6c7f25b-5e43-8d45-91af-cde34ef9c43c}\SETB07.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\rt1011.inf_amd64_7755e80b0fc72b48\rt1011.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\rt1011.inf_amd64_7755e80b0fc72b48\rt1011.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4070e853-ac3f-7144-9c7f-59aeed4609d5}\da7219.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8764e0db-8bcb-a84d-8556-41728e187a77}\SET4BE.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8764e0db-8bcb-a84d-8556-41728e187a77}\max98357a.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\nau8825.inf_amd64_6d6d0d9d93f62fc9\nau8825.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\sof-glk.ri C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4070e853-ac3f-7144-9c7f-59aeed4609d5}\SETFBF4.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4070e853-ac3f-7144-9c7f-59aeed4609d5}\SETFBF5.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{5ae706fe-e1f8-0548-8bd0-a1105bd14136}\SETC71.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rt1015.inf_amd64_aabe691db7423498\rt1015.PNF C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4070e853-ac3f-7144-9c7f-59aeed4609d5}\SETFBF6.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8764e0db-8bcb-a84d-8556-41728e187a77}\SET4DF.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET6F2.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\SET377.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\nau8825.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET6E2.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\dsm_param_L_Google_Gimble.bin C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET73C.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8318d9a5-f5a1-6641-9a99-4cb4c1fbb318}\SETF2DD.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\sof-apl.ri C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\opengmaxcodec.inf_amd64_6d4c3fe32380c5dc\opengmaxcodec.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rt1011.inf_amd64_7755e80b0fc72b48\rt1011.PNF C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\csaudiointcsof.inf_amd64_79c94fce15657a09\sof-cnl.ri C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\dsm_param_L_Google_Gimble4ES.bin C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET718.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{effeadd8-640f-0d42-ba08-7036686524b1}\rt5682s.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET6F4.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{85f14243-fff2-814d-a977-b6535247909c} C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8318d9a5-f5a1-6641-9a99-4cb4c1fbb318} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\SETF79F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\SETF89F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\max98390.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{a13daa1c-687b-e94b-99b4-f62842010246}\SETF77F.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET705.tmp C:\Windows\system32\DrvInst.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_tt_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682s\rt5682s.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-glk.ri C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_R_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1011\rt1011.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1015\rt1015.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\nau8825\nau8825.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_R_Google_Gimble.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\max98390.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_L_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_tt_R_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\dpinst.exe C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\cs42l42\cs42l42.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1011\rt1011.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-apl.ri C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\opengmaxcodec\opengmaxcodec.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98357a\max98357a.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\opengmaxcodec\opengmaxcodec.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-jsl.ri C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\da7219\da7219.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682\rt5682.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\utils\icon.ico C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\da7219\da7219.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\max98390.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_tt_L_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682s\rt5682s.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_R_Google_Gimble4ES.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682s\rt5682s.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\uninstall.exe C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98357a\max98357a.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98357a\max98357a.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_Google_Gimble.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_L_Google_Gimble4ES.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-tgl.ri C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\da7219\da7219.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1015\rt1015.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\max98390.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1015\rt1015.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682\rt5682.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\utils\csaudioendpointswitcher.exe C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_Google_Nightfury.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_L_Google_Gimble.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\nau8825\nau8825.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\nau8825\nau8825.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\opengmaxcodec\opengmaxcodec.cat C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\cs42l42\cs42l42.sys C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\max98390\dsm_param_Google_Redrix.bin C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\cs42l42\cs42l42.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\csaudiointcsof\sof-cnl.ri C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\PROGRA~1\DIFX\D29FE547208FE130\dpinst.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt1011\rt1011.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
File created C:\Program Files\csaudiointcsof\drivers\rt5682\rt5682.inf C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\inf\oem14.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File created C:\Windows\inf\oem8.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem7.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem10.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File created C:\Windows\inf\oem13.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem9.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem14.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem11.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem13.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem6.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem12.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem8.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\inf\oem5.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File created C:\Windows\inf\oem7.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem11.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\inf\oem12.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem4.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem6.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem9.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem10.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
File opened for modification C:\Windows\DPINST.LOG C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files\csaudiointcsof\drivers\dpinst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A

Runs net.exe

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2552 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 3148 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 512 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 512 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 60 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 4412 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 4412 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 5116 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 5056 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 5056 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 2248 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 512 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 512 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 3628 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 2476 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 2476 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 4728 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 4728 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 2872 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 848 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 848 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 4668 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 4668 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 4572 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 4572 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 2804 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 2068 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 2068 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 2264 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 4812 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 4812 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 2552 wrote to memory of 2220 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Program Files\csaudiointcsof\drivers\dpinst.exe
PID 1588 wrote to memory of 3504 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 1588 wrote to memory of 3504 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2552 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\net.exe
PID 2552 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\net.exe
PID 2552 wrote to memory of 3300 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\net.exe
PID 3300 wrote to memory of 1668 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 3300 wrote to memory of 1668 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 3300 wrote to memory of 1668 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe
PID 2552 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\sc.exe
PID 2552 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\sc.exe
PID 2552 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\sc.exe
PID 2552 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\sc.exe
PID 2552 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\sc.exe
PID 2552 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\sc.exe
PID 2552 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\net.exe
PID 2552 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\net.exe
PID 2552 wrote to memory of 4392 N/A C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe C:\Windows\SysWOW64\net.exe
PID 4392 wrote to memory of 2720 N/A C:\Windows\SysWOW64\net.exe C:\Windows\SysWOW64\net1.exe

Processes

C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe

"C:\Users\Admin\AppData\Local\Temp\csaudiointcsof.1.0.4-installer.exe"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\sklhdaudbus"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{d4822ae8-917b-3540-9507-5da24d230da0}\sklhdaudbus.inf" "9" "4d3a93e9f" "000000000000013C" "WinSta0\Default" "0000000000000160" "208" "c:\program files\csaudiointcsof\drivers\sklhdaudbus"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\csaudiointcsof"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{6939c11b-30fc-834d-9746-d6fd4649d89c}\csaudiointcsof.inf" "9" "48398d9a7" "0000000000000160" "WinSta0\Default" "0000000000000164" "208" "c:\program files\csaudiointcsof\drivers\csaudiointcsof"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\da7219"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{eebd51c8-2b4a-f04e-9513-f1633334b2c2}\da7219.inf" "9" "4f4128e67" "0000000000000154" "WinSta0\Default" "000000000000013C" "208" "c:\program files\csaudiointcsof\drivers\da7219"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\rt5682"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{e01d274d-4980-1445-b2be-20210161a7f5}\rt5682.inf" "9" "4d2f875ef" "000000000000016C" "WinSta0\Default" "0000000000000158" "208" "c:\program files\csaudiointcsof\drivers\rt5682"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\cs42l42"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{653f8e32-535f-0049-8ffa-f72e97ff6260}\cs42l42.inf" "9" "477887aa7" "000000000000016C" "WinSta0\Default" "0000000000000158" "208" "c:\program files\csaudiointcsof\drivers\cs42l42"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\rt5682s"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{01b1b236-4891-3d4a-a59f-62b4b645a2eb}\rt5682s.inf" "9" "4f2615b03" "0000000000000158" "WinSta0\Default" "000000000000017C" "208" "c:\program files\csaudiointcsof\drivers\rt5682s"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\nau8825"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{094127a2-c375-f541-b35b-26405ca1fae8}\nau8825.inf" "9" "4e4011947" "0000000000000180" "WinSta0\Default" "0000000000000184" "208" "c:\program files\csaudiointcsof\drivers\nau8825"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\max98357a"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{34f1a0fb-4cda-6d47-8a62-0590b4ded752}\max98357a.inf" "9" "434654bf3" "000000000000017C" "WinSta0\Default" "000000000000014C" "208" "c:\program files\csaudiointcsof\drivers\max98357a"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\max98390"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{851e4961-2c27-0e4e-b19a-29a26cbb5b22}\max98390.inf" "9" "481d0f32f" "0000000000000184" "WinSta0\Default" "000000000000014C" "208" "c:\program files\csaudiointcsof\drivers\max98390"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\opengmaxcodec"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{6935061f-0fe1-c247-988c-60da5d19a7a7}\opengmaxcodec.inf" "9" "424215f03" "000000000000014C" "WinSta0\Default" "000000000000016C" "208" "c:\program files\csaudiointcsof\drivers\opengmaxcodec"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\rt1011"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{a729ccb4-a9c0-514e-b8cd-48ffd021d759}\rt1011.inf" "9" "4ec3c11cf" "000000000000016C" "WinSta0\Default" "000000000000017C" "208" "c:\program files\csaudiointcsof\drivers\rt1011"

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

"C:\Program Files\csaudiointcsof\drivers\dpinst.exe" /sw /f /path "C:\Program Files\csaudiointcsof\drivers\rt1015"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{0a04619a-d7f6-7243-9cca-11950eb8fb15}\rt1015.inf" "9" "4457e436f" "000000000000016C" "WinSta0\Default" "000000000000017C" "208" "c:\program files\csaudiointcsof\drivers\rt1015"

C:\Windows\SysWOW64\net.exe

net.exe STOP "csaudioswitcher"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 STOP "csaudioswitcher"

C:\Windows\SysWOW64\sc.exe

sc delete csaudioswitcher

C:\Windows\SysWOW64\sc.exe

sc create csaudioswitcher error="severe" displayname="csaudioswitcher" type="own" start="delayed-auto" binpath="C:\Program Files\csaudiointcsof\utils\csaudioendpointswitcher.exe"

C:\Windows\SysWOW64\net.exe

net.exe START "csaudioswitcher"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 START "csaudioswitcher"

C:\Program Files\csaudiointcsof\utils\csaudioendpointswitcher.exe

"C:\Program Files\csaudiointcsof\utils\csaudioendpointswitcher.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\nsgD5CF.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Program Files\csaudiointcsof\drivers\dpinst.exe

MD5 4192a5b905374e423ec1e545599aa86e
SHA1 908c09de28bb3cc09601da5d4e1f44becc9df18f
SHA256 567f40a09f1d9e72396296ad194fa7cf48b72361d6e259d6b99da774c2cd8981
SHA512 33a3c8e6565fb88f5cc72cfaa553bb0ddb654a8721f356e542c0346468357d38913db03d5035bcf2c45254df1baf83cf3cded55c5d22d677379a4d648a65500a

\??\c:\program files\csaudiointcsof\drivers\sklhdaudbus\sklhdaudbus.inf

MD5 79b5883efae94413ec7faecff62861e9
SHA1 a03a536da44147e0f3a0c347dc17919b8ea88b89
SHA256 818797e96ad303828f47decc00eae975373061c56042ccb8904b9379e5ec6f98
SHA512 9b3c2f9afbbf13a9b7776f02df2ca485bb209c2f1bb97423474120cf656b5a465af79335d6418be29be5273b92b63ce5b2fa09104500aba76e53b2508d554e0a

\??\c:\PROGRA~1\CSAUDI~1\drivers\SKLHDA~1\sklhdaudbus.cat

MD5 9b6f279454c21341e6bd3033921307f7
SHA1 5a686938d33893838c15feedf0ce61f85458e7a5
SHA256 5d78b7f328239669a8ef3632525efd91287af68a445db27fc13cb111f561b440
SHA512 933d451f63c1c3a9668d9e96602924e408dac2accb7b7c3ea31a2cb4a244038881135bd4309cbd0604761ae77bea6ba9d921167f624c75f4105c3d4c959c5ca3

\??\c:\PROGRA~1\CSAUDI~1\drivers\SKLHDA~1\sklhdaudbus.sys

MD5 e1efa3f6114d47e0ec3964af7cfa8a12
SHA1 78baf560696faf22bda064b1a9357e6fce1f4c70
SHA256 a1d91ef290e3ba1e6301a3392a5c04ed2e75c6e1a9cf74ac42fe012fc303f762
SHA512 a4ac7d8a5f4ab3cb0750d8108015d1b9e363e7811824fccf890b5afb5000ae498abaa49ed172436cf773e97e198e0cee5bf05039aac82b71e6b203d94ed81d8f

C:\Windows\System32\CatRoot2\dberr.txt

MD5 f6fe05149489acfb2e1dc02fefc72868
SHA1 7283d7daa8c025d59dbcd1acf2e26c1493429860
SHA256 18e74315148b0dff1b752f46c0c7f10a51e4643488f3feda089708f333e452fd
SHA512 f5688ca8f2d2237d97fb67c93e665ac883b21a1bf784a0894f38ea5d7d00942af9059945c49400f9e58c7cbacc49a8e3edca0f52fbc117c8b6f2c665228aa3e5

C:\Windows\DPINST.LOG

MD5 04b92781c4629a74d6c84300565262bb
SHA1 4c45791aa6a142bd909a0c1bdc1603849b0902f5
SHA256 a317cb7b0c806e6d95eb78867b74bd94786da9ce4102061103135e956c8f1097
SHA512 5b9ad719b26e947701b361e79fe9b857eec1035511f17a0a01bff6b0b08ae1498565acd803dc5cbb517e3328e3bc79d0865189f20764e4d4899e456794b94216

\??\c:\program files\csaudiointcsof\drivers\csaudiointcsof\csaudiointcsof.inf

MD5 66a6e4d4d6621923a3fb4544ab7f07b9
SHA1 0da4e1f95713d51e4cf4523fdde4a573308f4938
SHA256 76f111f65cce4c23a5345c15487242ab171004ba745cc28d5d500ee3d6e63762
SHA512 90dfd4d63fb486e103a6591525432a0c7c98828ebc52c2787188cc171aba5525eea24346b17e99231f9a4061b00c7ad37a1d49c4091694afb9c9c28898283c8a

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\csaudiointcsof.cat

MD5 c2799a0735f1511f63a17e3fc8561464
SHA1 f0ddbb0db3902b2942c0faca33afe5230a812a08
SHA256 592c82b8b6ca0dbd39572c45cde667b48cde3709f9585851815016b95999d628
SHA512 bb0f33eabe3e08ccc6ef75c06345721c6ff1b46fd709ae1d65fa7e41c14d91b1ad4910337b61e881d6c1a671d6b2072ed4bd6526cf3988fe9f379561d917271d

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\csaudiointcsof.sys

MD5 b29472b5ff4ddb9dbd675cb6e3130358
SHA1 4bcfb0070523f9c874770011fd6c22bbbf6d12f5
SHA256 9bdf7476354993fd90871d386020a00e68ecec8264fe75183e4311286e19c52a
SHA512 72f24040f834cb466bd37ca7f314176ae732f051767581f4eeb988f522dbfbe361e7910fe2ccdcbfdd830c7341190c597cfb969a33b96dfcc7231fbf898c64b0

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\sof-cnl.ri

MD5 e66cd88bdce8aee6d55d493333a2db22
SHA1 06f27838d84d03542e56439a4193464f84a6213e
SHA256 d7fd6388946fffe83ac10a5449e58dd80cb21598149e4ef903cf26b3ad40f3e9
SHA512 974b5fae537b2a177bfe5769141cb5c1b4e67a67392e2f19ef00a9d033b8589532da4b8f8f2692e179a1b7fbf51c513cb557f2f6dae4d4045f6fb4897d37a9e8

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\sof-jsl.ri

MD5 a6752528fcabeed55b6c66d6a6632c6c
SHA1 758a2779e954c6844b63bf04280c57cb5eb7448a
SHA256 dffa244bd450225fc953422cb63e1a331f030fcd54022baabde6399457408926
SHA512 c7881e01b9adf79f7edd058915734c0ababe294287cd8694756b97da201d19e86de85bda6fc3db5da623220fd52eb208b7dc1427ac3be7ff28b20cbef1d7100d

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\sof-tgl.ri

MD5 25a6b8c2201ac4da9fedb0bc2d06f487
SHA1 c133ae0329a67ca725d3b60630db897074699058
SHA256 e3489dcb277e87eee8bc091ab7d51163a63c85541c22522775122b54263769f3
SHA512 f388b6f620820715dd2890f83e5872322fb4594cf557dde8a55db4af9701cb575fefdd5034b16888168a737dc9c177e4f0bd5a8aaa09cd8876bf960e987ef2f5

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\sof-glk.ri

MD5 1c991a6c34aa28f9af5cb9a7160e3992
SHA1 69bea4b579bcc5b92db79ff86056596c6debe801
SHA256 054c7abedf89b20adf195faa14ca31d8c964e360fb5d5f8d9ee8e4596227c330
SHA512 2115cc0beddae2eb2d77313135256ea0f460400c8471a7da5100aa9adb1d965629af10e2d69a34911e5086aa21109f953ec8e2fec3d51119f81b279e8a012e63

\??\c:\PROGRA~1\CSAUDI~1\drivers\CSAUDI~1\sof-apl.ri

MD5 22b8ca5a4f0d8b9e9185b0d4e4fc8e7b
SHA1 7d0b06204ceeb24fdc0f7256d1eb8c402039dcad
SHA256 d63499833bb20352e63907e2409f8246df278a15cf7c73a24aeefaff19fb1a43
SHA512 c26dd00ed3cb8f01e226c35e49720c66e71734978913f81a818c6bc1582f2ea5a3c9d4cb2dbb06e3a36affac567c14b64dcb6f5d544d1d3367878eba34a4a6c5

C:\Windows\System32\CatRoot2\dberr.txt

MD5 e5614fa6e2b76d3ffe658a46bb1f10ef
SHA1 17f6bb0d003fe57365e2f54ac474915ea2186cc4
SHA256 81e72bbbdb8f560c439bd1b28251c1b0ed13043c968a21b3a5ad8031a4a72b2c
SHA512 d9ec910d93a043e8c41753e582f163f94e64456d79e716c5a132150dee0d8baefc797a4b7ed1feea9453ab8f6bf6b8a96ff7612232f6eb97bff183f77fc410b0

C:\Windows\System32\CatRoot2\dberr.txt

MD5 b5343af89ce486120e491965f3b4e6da
SHA1 9b9a6e4adcf79a9a0b77379eae6299ee03c5954f
SHA256 eba6931a912fe8462866a4bee68ec0f1ef24c30a72b0a7acc4dfc10f1ab99fbd
SHA512 af1f2cb18c4c9722d044bef50b9f994192ec5ea0119169237dda57d16d47504c84f07ae93f814e5094ffec1f8e1b39677c113796c72d577fbcf47d2afe5cc7f2

C:\Windows\DPINST.LOG

MD5 75015786f5307147c037bcc2221db268
SHA1 0f74e7ad6533e15ac46333786408bfbce7528bed
SHA256 93ccb592c2e0272d4af18ad9cb3b11fe261a54425e699e3b243a76e93903f360
SHA512 eae9dcd3eac13dcc7d2d3f89e4c442aefc637499d8ffbd2be8c72d04a6776f6f175bfaf76956ac74d31b40c5adfa1b35eb46f1f1a82707a1e0db9fc72106ce30

\??\c:\program files\csaudiointcsof\drivers\da7219\da7219.inf

MD5 327df7ca827af0999df617e661b4f7f4
SHA1 2e54604481faa9f3c3c020c7fe24eedc4aa73f12
SHA256 6bd342cd4a48fa11aa8f6f5f5576a8dfe32092b5e32270934478ecdd3277b1dc
SHA512 47be2d3582048bfd8a3dc2b7007709cf29661728361c008d2b6fe4d356710e189b25babfdc306d664f96443d589e47890598818d4cca4de0a5e4d7363fc17023

\??\c:\PROGRA~1\CSAUDI~1\drivers\da7219\da7219.cat

MD5 4646d149ceb88aa2fd89688f9c4db5ae
SHA1 4ace04981d10aad31f75288f9a9e785aa0573bab
SHA256 5d52850eb0380b2402ef78649025c4e42228995e031b70136bbe7093fa47da95
SHA512 e2deba706d36952ae96a893e69d67d60855c8651d46de1f2c16df2bbbc51838cccca7a007c1a402c3f200a67c1abbad38e3382f31b146a03a999f6de399b4108

\??\c:\PROGRA~1\CSAUDI~1\drivers\da7219\da7219.sys

MD5 b0cbd0885d632f90f969158ba26c832b
SHA1 37a9478c224097174c4e1e8e1c92dfc6c25afe14
SHA256 5da3fc53309ec722875dd917abded1bf2d05315129ecf4d3deda7b7913c9a6ff
SHA512 9c94aa11dd164debc4096fd0aa1a9ebf5fe6283eb437513de56f1269e55afb23aa9f5dcc579ed1a8f23ded2db566ccb9aad9af9653c7fbe7c20146384ad07fa7

C:\Windows\System32\catroot2\dberr.txt

MD5 b04130bc6245eb08e94f222f7a596e6b
SHA1 1d7f0a2d84f41387a1d68f2acb02b538023c50c5
SHA256 320efda13945c55adcf252b62bc6b58d2c04240efe780270af419d6496fbd0eb
SHA512 292e9a96572f6429b07a68bd5ff9f864267f3ee75a6536f10fa877e8be5306e92a46283580c742e5e8043bae7cc64483cf98fa069e20cb57a0a233787b4621fa

C:\Windows\System32\CatRoot2\dberr.txt

MD5 0b3c2f267dfa94158bb48b881ce55fb5
SHA1 e300628c01c8a371183fde62ea68e2ea011c1d5b
SHA256 6276f8ca57be84dc4349661158fe1c0b019104956cfc7196d7151c2db2eb8ef3
SHA512 0b61612e8d3cc283af412e21afbe691ebf9de10a41f66d2c3f87172f5d4e185b2f4f881aa4d6cedb6930cc28b4c100fd487d4cee6a3950333d7115f777bd337d

C:\Windows\DPINST.LOG

MD5 75230fd85aa13b9ab996ccc99de05ca6
SHA1 6ff6b60e4e9790f285f95306e1f1108ca49ff020
SHA256 49fce30c6218430fd099cc4ab9a4bdbf0caf2a4a1df238e1216d0f1489f654db
SHA512 900518c931edc2f9684ce46d71ca5af74d7c2f3cf17ce3150ad729b751d750c87a38b8c16f1bc317775b80cd0db05232c0a99abcd07a794a30aeda539a906d9d

\??\c:\program files\csaudiointcsof\drivers\rt5682\rt5682.inf

MD5 056877dbe2530e5c501059d352fac953
SHA1 01ccfeb6d32b3960b80c5e12dbede025069d5d5f
SHA256 e887e444b00d8c4f9fef08ee131de6ae014687678a14df7232874c60a6498be6
SHA512 e8a2e127347f38f4925064bbca03e287844358cfb6ecf472f33ad77fc61126249029a03add63fe9a7ee8a84826123d31d32fd610c50a1a5b230fe55c3a097079

\??\c:\PROGRA~1\CSAUDI~1\drivers\rt5682\rt5682.cat

MD5 8717e36e5a7063d7fd7d92330272ad1e
SHA1 509e8cdb88f54e3f04667cf0f925ed7677cdc739
SHA256 f5d70aadf092f709499ce77bfd22a1a7fd467b611dad99fe7f83c000121bc7d7
SHA512 41fd403e3eb71563f490fdf204da183772773286332a87f6b2462c046370a15978685bca795e52ec5fd4eaa2cd94914b89f76d27a83376f05c8ae33f5efc2a31

\??\c:\PROGRA~1\CSAUDI~1\drivers\rt5682\rt5682.sys

MD5 1f8975c5eb105d337e23b0c5e81e67ec
SHA1 f22ee538b44d9818b55ebbe57288621859e59d3d
SHA256 9e28a083ae4094df5c156a4eff8caf83bbbc9afe7a931927ce6a95b3ef0c0084
SHA512 39d825ba1a0861fd86624fe8b54051e581704dd0c2f2548b29ccee417e8fcef315f0e65499360ac3105d20efcf5b0759209420e0f93df53abf3ff12f5f8ac9d9

C:\Windows\System32\CatRoot2\dberr.txt

MD5 eb79afa76a015e476f7407ca0804ec13
SHA1 b62bffadcd14a72e2a6b0ea15b1005c8f9f9f72a
SHA256 ed4152be7eb069e7092d53209d7ae5352a5a2c5695d2654031132de7fe4a9d3e
SHA512 2ab614d010f0d4e842ae9c2f4f8c8b46b459973e848296c531554f049f2608e2229b088762ac473a427572b390b67cb500539e22e864d325fae22c8f7abaa0e0

C:\Windows\System32\CatRoot2\dberr.txt

MD5 fc16c025d5e1e27bcea810c28d2e5c76
SHA1 03aa81240ece6e04a9edbab0f728e79bd762a63b
SHA256 329b9318a54674b80b2a2875bd845ffb2883718cd58fa2d21f9093139d54de4a
SHA512 af8539dc9fa111428ddfe13e58f9d382741fde5b149b8d9ce4a13de86b15e3ef046ab58dad2c78c3c779cd73441e780207d922f91dd8c1810a85b8c8a92ad7e0

C:\Windows\DPINST.LOG

MD5 0abfda760e36d37b24df3ba7a6ba0a52
SHA1 5a84f2903d9199e30ac30777140687b9e29dc3df
SHA256 44aab492eb1d288db55c564f64970c7f37dee27a9538013da645b307dc27c09e
SHA512 46c85917fe7300323dd9312dd24afe648354e03f1585816389be846a58dd66062f9ce667e40a6553489ea64203830f118b47a68ffe3714c463c7a381f829c489

\??\c:\program files\csaudiointcsof\drivers\cs42l42\cs42l42.inf

MD5 b51f0ac464e7ec6296a6f7cb19a88642
SHA1 b3d1f212386172e3c4dc47096be9260a87f24bf4
SHA256 f4320f6f8eee510b9ee5d11b3942822dbe856696c35ef3bc8c9071ec0bd7ea92
SHA512 0e07592b8e2185b1890e05d298796d4ec358ebfedf1e1d6ccc13605cf4965a6ba7f2713c863ef85be258922204ec95c35db111936933a2c87448ad0542c4b06f

\??\c:\PROGRA~1\CSAUDI~1\drivers\cs42l42\cs42l42.cat

MD5 0bfaf62b95beec809df72227bb91ac27
SHA1 830dc3e335432a98cf6b6270cf3a9843fd2659cc
SHA256 53a6495a7c45138fa040b2b4ee8734af3a1e283d1562e3f6f693d7bb55481063
SHA512 e42532d676dc8741b18c69380c767d9951cbc03931d3cb6acc858689c01c1183002833d50c5c08003eaffb59fac0b13a3f5c93300adc0333d60fac553f13fabf

\??\c:\PROGRA~1\CSAUDI~1\drivers\cs42l42\cs42l42.sys

MD5 9ecc18db5f0c288c28a1cdd493cf2159
SHA1 2b718f7ba3ba45bb61e8b09e5991603fe206a8e6
SHA256 062c62d1f11e2387845c7061da0259675acff2ed82dd1e42d47b565560e001ce
SHA512 34ef6bbdaa3cc2a101e383d0be55620591a5f38b6df2193263a52a503a2db77f2d7fdc170809a8601c2b160027f93d8ba7d800e99222a58c069509d1dafac56d

C:\Windows\DPINST.LOG

MD5 0ffda4282eef1f63ff106b9ecfb5f7c7
SHA1 55c3087d713e0779c34531a53f56aaf2caca5068
SHA256 5a7082eac77b0c02fa7554b9afe1ef2647cdd2eefa0e22c0883c1daea4b8bf62
SHA512 c5c0e56d81778ef7a1b0d7d1a85bb69089148feec85d6ebe7a82d1a3a74b943bbf2ba18ed8f12ffd08c0126b03eb7aa5d06535807e3948b1fa9880cb4fd0b9bb

C:\Windows\System32\DriverStore\Temp\{effeadd8-640f-0d42-ba08-7036686524b1}\SET192.tmp

MD5 1fefcfc59b7d848b4b641462caffd216
SHA1 6ca2f8b8fa8d8ff98909cc164e7dac202042a87a
SHA256 69bf65c96d20142944039eb235d1358e948f1ccfd9b5aab665289ebb2b5dfc92
SHA512 a4254b7dd6190e32bb2c45b3efe20dff0d8f9606c0abb5a4b470b1d642e15f800c6aee2a5083f7d32ad6baf9c5f8a9353e0c5e9bdfa715c15920800bddf650f1

C:\Windows\System32\DriverStore\Temp\{effeadd8-640f-0d42-ba08-7036686524b1}\SET182.tmp

MD5 90f582db66c5a7ed814e38a580d9e955
SHA1 babeb58d4ba25ff00f92ca6d9b6f6db7b8e3b91f
SHA256 39ede8b69e5f4d131fa1a4adf51172de6f7d4fa2029522ac4428d90f93ede269
SHA512 2e4f3ea6d4c8a868b6f7b0e0cf97a6eaa7259fc30782fd4a12e32d18ba1e8e083033a886ec2c0436d8d328d80da2ee8f9df4467b30722082a7f14904945446cc

C:\Windows\System32\DriverStore\Temp\{effeadd8-640f-0d42-ba08-7036686524b1}\SET1A3.tmp

MD5 66b5368b3e7912b2bcc21ecc9ed505ab
SHA1 c8d16c83b88ee180554062d4705fdf803a675703
SHA256 c632d79e4a9773dba4b5299d4e6f0f3ce3b2aa067c3666e254fa64653409121c
SHA512 0a96af0d918732af2f97d5c6c6783ba3511a162098abadb2d388c51e58eb6a0c88776a257eb7da3eee7f38062323859e34cf5d1bb6ea85faccd7c02f6e9ee454

C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\SET356.tmp

MD5 2e03e5448e7abac636c7618aac729455
SHA1 66d8a6726140fa3a3e30181daf3c5e565cac1814
SHA256 ede9121034aecad1fa784f3e56b69b57c671cd6a1752ead4a937129d7f86b2e3
SHA512 359cbc3836fd926fb744febc02ef50e4a7dc92f2974a7ada03cbc4428680146f9f11909c3d4a2ca1c57dd24c67474f9dc205e5dd9ed0884ce3e47dfbbaa788dd

C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\SET378.tmp

MD5 03496f020143746a9e8723430aa64e72
SHA1 681d04da46bc8e3f19d7e1e9ed19a37f90450b82
SHA256 f8991ebeee97ab68302c3d003b0e43cd93151260fbe62c73ce3ac37e5d989962
SHA512 7626dd8f5b1517acd33494670d1f36479960d8ade37f716fc416ecef384e9c238a0bdec671e599a05bc870c0762c9e55e0036f97a1f06694f6d835ca54f18440

C:\Windows\System32\DriverStore\Temp\{b904d1b6-45e6-fe49-97e7-31cf27559f4c}\SET377.tmp

MD5 4eccbe681498e419840d30b616e6418f
SHA1 5b9c636dba9dea7e90fb1c6d1dcb5d9fd95fa073
SHA256 abeb379513869a29a780cfcf61bb0ce5d210de7814f8da106a99b660a4be6d8b
SHA512 6dd47658263091faea119a6d9fb8142788a8748ee1f76058611416e4cdbfb66e003603f4e2e2aec5dec2292427d38eb0ad21a887832e84e37bf2b13846c7c6a3

C:\Windows\System32\DriverStore\Temp\{8764e0db-8bcb-a84d-8556-41728e187a77}\SET4BE.tmp

MD5 302dda7d9aed955c40187917053c5473
SHA1 e57c002f88b3ea8a2427fb04fe53299501b6eb01
SHA256 83c74d17b20a9f2d5e391805bcd7f42e72123771a255aeb7d89b2e76ddd87d54
SHA512 89b6ae079e57aff674df15a56c5e09b46a9b135a811ea2a46a87fc4d4d0d4953918434ae7514a706685088aec192fee4f02c660991285a906d8346e297c92e62

C:\Windows\System32\DriverStore\Temp\{8764e0db-8bcb-a84d-8556-41728e187a77}\SET4DE.tmp

MD5 a86c8a5266dbf5a991ebede2aef73080
SHA1 82eefb79fab677bc8a8e5b6dab3afb1b2b87bf64
SHA256 8bc1e5997ae0a66f3eef098ecadb6d70a1077ca88bf3e4658010cf39b0c2ffc5
SHA512 8228ea182348363a1f5b0379b850dfeafe90d39ac5ec51186ede9b15f646cbfcdbecdac79d16d37118f2e07e9da9db0b246548ff117274f0508b149c20cef2e9

C:\Windows\System32\DriverStore\Temp\{8764e0db-8bcb-a84d-8556-41728e187a77}\SET4DF.tmp

MD5 1fb4a89296599d7af1d3c209d180fefa
SHA1 f0a34663798ba5230f48499d68b951c4f3cadf86
SHA256 040d8aa4c36ebf078320f6a1488853f86e7557905c3deab38b7766c510b32172
SHA512 9e8be5f4ccb7686de023324e7db208fb61cc03e108d13969fde503d59cd6f9d3cbb44f3ec42f504d5ae46633d7af09d95468213e5bc1111ee6cee843ce869e63

C:\Users\Admin\AppData\Local\Temp\{851e4961-2c27-0e4e-b19a-29a26cbb5b22}\SET666.tmp

MD5 c9cc46209b1a541c1279942cb0c680db
SHA1 cb7da58523b77be977d624df0e51ee72478b3f37
SHA256 bc0f7abde2606f860e2113d5079d865e71291471ccc6f8a4d485da8191c552bf
SHA512 415c6efefa82047a1fd11ec1ca809d7467c59b6aaab9d28e5d02f09a8209647f5d159a5dcb082867ae3e4910d941bbae85dda562606a1f8101b6b3e11cdc1df0

C:\Users\Admin\AppData\Local\Temp\{851e4961-2c27-0e4e-b19a-29a26cbb5b22}\dsm_param_R_Google_Gimble4ES.bin

MD5 c8888a1569cf9e4a7e65b51e779bb16c
SHA1 3332a07d56da373f6c05316ee90de94e62c7de87
SHA256 abe666e73a9bc958078d603c99333040cce9f57b5d5c461a4a145b0d15d6c334
SHA512 b90f9e9d2c7a3467dfed25391352f6fe4114f9cbe8a1a64844d392572db9c0fa8b95dababb48b67e3c8771f23ee42e07d94458c7b85c61c266143775e61befb8

C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET6E1.tmp

MD5 ace4522b701f8fa26882e3f42b55201d
SHA1 00874693025ca11b49e2236a7567dc359f7b61c2
SHA256 d243cdf5a9265f78cb8966c201782bd0849d80b5a33df29e95060070a1ca850e
SHA512 38078dbf86c74a7a8460508f6273d7576d260349f729c947b91974367ddcfc2b49cfd221f16fb4417d6ae36d4128dc0d0a9897169af725e7a071fec2d0ef07eb

C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET6E2.tmp

MD5 e1ddf47892c054aed41ef9167a806dfd
SHA1 6a842fbe34246e454a54d87136f9190fdecdd416
SHA256 2f024b58c2dd5ad38b67ab667a353648cd0569ae4bf3ccf432e75f1ed2e323e7
SHA512 338534157a9539726d0987438e0b947929b3f59ede82da713feda16f8160138044e84d2c36f32284791846bca3fdc3bc4cba2408778dc8e6e5da64a4cb89df26

C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET705.tmp

MD5 c888e909f31b2822b5e7ac15dca72fce
SHA1 f9d13d5ce0c6c959890a624691153e9eb675a246
SHA256 b7dc810edb631562d9abfc78c28cec34548feb64c71c7a21ff2eb28fbd690aac
SHA512 b1cb93c6df63c96f22ed72f1a1b16d7e1fd8335044d5869450f4c4cfecc0204deb64c344818ae6f8ad0f9dd12779b6217a06070c07d6afec3af1ad9b0bf3df85

C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET716.tmp

MD5 ca7fdb1e959016c96548c4f7bfec5e3e
SHA1 921ac0319dd9445694c28aa0616a7d74d78993bd
SHA256 1a00e88720eab59a1e06bd89f50011fba0f2f4712ccaf10e11300f65900501e2
SHA512 a4caa9a65e9c1330f9551803ee323dc7d5df2bcb85bc68f18c9c697482ecf2039094a30bb33f69069f41f5f2e1ff5ab1066daa76e61260b0be26958af41f8ee7

C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET717.tmp

MD5 7e7e64da06b6f62163c7d5e87aa1fcad
SHA1 9f71fb21a7efc770ad1a84e4e0fe9c199b6870fd
SHA256 581b8b391ea7a58cab390f0e7cbc0cbdba896565286cf76f767954cafac411e0
SHA512 425b157eec74585930bea6f372cd7ffa31da54396adb8487397a5e1137852686853fed10f6d229f7f5a90b66ad9dc7b2d2ce98af7aabf802ee2fa36a8e7df4f9

C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET739.tmp

MD5 2a34f9b2a7f9648529ea762a222a6f1a
SHA1 2a68f7f41325faa80cf54d3fccbabad3225e32dc
SHA256 926340a0b97919440bb975b0b4fd083b898903cc9ea8934310e8803fed5c0fd2
SHA512 8128350516103adf78488d5bae99661b544bb4fb34724debf2d6e4d2df3c2df36b695f9bbfca700edc74c9aec1284ec0cd78f30ce75b5dd8d8e4b339ebe41cc9

C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET73B.tmp

MD5 f9ca4e01d9a5620df113ae8416332169
SHA1 d3abd028479428e6ebb6523fec760938bdc2f619
SHA256 8af9af6f16ef19bbb39cfdf301516d8258df02f54d802095108c635bda803616
SHA512 5e71c8cbb8ddb27344c4a60d03d63d52ff105a85cee2b94b5e9d393f4bade4f783c2e4296be59a6e0aa88a094e2f6bfca2035e5cf3f4daf271a5abac2682efc5

C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET73A.tmp

MD5 eca9b88da5496891808934fa56d3bfce
SHA1 4c270e46b73ce3c18e7bb3c7b4ec42bfd006667a
SHA256 1876bf17d55920af3ea617ad5b4a0092b9d80de1aa0d0c651adca1a3537e9d95
SHA512 a0be79a2f3e76e7203a9bfe813ba54d0587a3672afcac045835cbc087313f3d2146631821f753a240068b74412fc49e5f087a64305aa9552cd0ce87b44905603

C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET74C.tmp

MD5 c1864606eaf378dd93c09e27d4ee5805
SHA1 02b778efb1e177b6a7791f4b9fa0ebf0110e2836
SHA256 3883c035bae7672f6fa49c470a80d1758f09d50e4aec532db09921d00e76e433
SHA512 50f262a9e1bcd534631e9a0863f7c5b04592635b78c11cf784ba00bb205763cb7ee147afc41e814f1d5bfe291e0128059e7a58b0a381d7dbf8e5330908efc1a5

C:\Windows\System32\DriverStore\Temp\{4f1a34a9-db26-924d-8098-5faec793ffe4}\SET73C.tmp

MD5 a761314ebc416b82a56621300c96c6a0
SHA1 ab7c3235d7ef4fea3e6231abfbf6325440a6447c
SHA256 f6e9bd1a6d5e7345188b1bf405af27100e8ca2bd33947223f56c009e2180e6cb
SHA512 780f999b90830f829dd12c04b7388d752e442a135ef3b0b3bd010dee478f4e19ea32f8888f2fcb48e271cfae1af8f670e20b0e61d27c6fab93b1b29089153a65

C:\Windows\System32\DriverStore\Temp\{85f14243-fff2-814d-a977-b6535247909c}\SET8E4.tmp

MD5 64204d462a7654a4f8882fbef18156ea
SHA1 65d1037e5d7fb9971fe31a6eb3a10e8079669634
SHA256 4e4ea7c6ef669837103e4e20b0b33ed68dbf641165b92dface3f8757c4b770f8
SHA512 5aa12d8bb16b99ee0ff62ad67436da0a369e4204f3f537a0b53c4563dfa27d7351a5f501d63a56d5756acbe6aa80c88fb9d1bd5c0a73bb6bfa9f55fb51a6c126

C:\Windows\System32\DriverStore\Temp\{85f14243-fff2-814d-a977-b6535247909c}\SET8E5.tmp

MD5 cc9d6a821fd83e6dbf73403d174fb870
SHA1 3f357be607cf0da5e4bd8924f8346dd70ef0844d
SHA256 dab5c17f04de545665dff055c3a2ba8d4e0e0bbe3938a363b7e28143cbf680f5
SHA512 7aeef01dc1b831a505f7871a3beac2534546a847f3b0c368f39a1ffec36f56dca753c7e9217f2bec6a9bbbaf525e8da46773ce638b39cac90917ec278ac6f760

C:\Windows\System32\DriverStore\Temp\{85f14243-fff2-814d-a977-b6535247909c}\SET8E6.tmp

MD5 be0f74ffda06a19a59819fad7e598ab0
SHA1 c3ae4978326d9471eb6b2bc45686cb4c2aa197a5
SHA256 1c71c7538818a0aa4c72cbbc329bc2ea34576a00c14221b185eb606dd6014589
SHA512 f2cc3e34a67330a11a0b27e9bac40f4cb45a5dea41c158e43416a81215941cc0295a2cea4013cdf87cbdc05546279c905de8ddb180baefdaeb197e6cb32fab3f

C:\Windows\System32\DriverStore\Temp\{e6c7f25b-5e43-8d45-91af-cde34ef9c43c}\SETB07.tmp

MD5 94ecc4ec91270a454686b664d778cda6
SHA1 a493ffe20cf3954f41928f6a43119fd538ba85e4
SHA256 1ce5d4df35d539cef4c6ffe53fcb25b279a61e0d70c96003ef7e268d679ad996
SHA512 7c32a89ca8b7422cb32f370e555b61711c16a2271a6ef29e2c8ae377ada7b762e3860ea6b1b4635a69da1da4b4ab50db1cf1bf6ce106d8544de534f42ff67b5e

C:\Windows\System32\DriverStore\Temp\{e6c7f25b-5e43-8d45-91af-cde34ef9c43c}\SETB19.tmp

MD5 bf2f057cbc783ea7963097d01406e0fd
SHA1 157c424ccc8635f132e1e6e377a80473f1f93e05
SHA256 3eb7936892d2150078d70ab5985def40b0bc82a706af4ec425416fc6a0eac1ea
SHA512 f251bcbd106aeb633039b5b3a0a196dfbe7d6c663297df46c5b5578bb7a14494d7e9199a7640b2926618088baebed9c3a3b516a607815842678db7ef38002c1f

C:\Windows\System32\DriverStore\Temp\{e6c7f25b-5e43-8d45-91af-cde34ef9c43c}\SETB18.tmp

MD5 ff6774b0be01142d24c0721d58573b2e
SHA1 eab6f8f1ecd3051cc525cf3e55ead71a6a0059ec
SHA256 d91e0957a019eb4122f13006b4a29f54de7c2bddcdcf388680180f5ea9b21339
SHA512 118a5bf8975e65d287d796c11d8834e3b2a98366054e5b1965fe91d527a4cc1cf1b2484325b62fa3b5140d1e8aa95b7f9c6e046ae71ab530686fbf23bad64644

C:\Windows\System32\DriverStore\Temp\{5ae706fe-e1f8-0548-8bd0-a1105bd14136}\SETC70.tmp

MD5 6ef6e79671118dabb08fc0bb5fbc66da
SHA1 b5071231f1c51f368657183fa2db8be572220f0a
SHA256 cde8f700e48257eecbab13aad459c6cf794dd7e0438cf4e6c4f9ba0032c6d71e
SHA512 7625a6c934856984af8fa229813e473e3451b700a405314cee3017de0822dd0c598d6311688582e0351deaed144b939eeef886393dfef2f0b323e10c9a95a51b

C:\Windows\System32\DriverStore\Temp\{5ae706fe-e1f8-0548-8bd0-a1105bd14136}\SETC71.tmp

MD5 ec6d47c9c04096f7a19c149f0720247e
SHA1 7f30ca3291774f005502e3bccb0d3c48f97c4d1f
SHA256 e645771b274eb54b585dfe16fbfb8693391acbd8df53e5f6e1d705d5f664d9ed
SHA512 0338f54ac58d7addf4af3467f4509e6f30cf0a0217bfbe24028295c1d74e96f4f4627acfa785a5e107a52e257de6b2871b0907ea9272f656d37e8b2d6741c25f

C:\Windows\System32\DriverStore\Temp\{5ae706fe-e1f8-0548-8bd0-a1105bd14136}\SETC5F.tmp

MD5 d118a588f1082b85fc856413f5fc4971
SHA1 dac7d9f8833c335a45ae1710933cbb6f486c75c4
SHA256 af6f95e068658440487c55e0d49de0abdbe6d1cacc5eea820f77f2cc6acec890
SHA512 ec72a13bbcbe54d0a65c58c4e4742692be0f676b44c08328d99b5ed23b002b3eae4c96215fd3a3e0b341b6c5e8f5fef04dec5f29c8ef9779895a63754d9f9670

Analysis: behavioral3

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win7-20240729-en

Max time kernel

14s

Max time network

18s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 220

Network

N/A

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

159s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\cs42l42\cs42l42.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\cs42l42\cs42l42.sys

C:\Users\Admin\AppData\Local\Temp\drivers\cs42l42\cs42l42.sys

C:\Users\Admin\AppData\Local\Temp\drivers\cs42l42\cs42l42.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 70.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

152s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\csaudiointcsof\csaudiointcsof.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\csaudiointcsof\csaudiointcsof.sys

C:\Users\Admin\AppData\Local\Temp\drivers\csaudiointcsof\csaudiointcsof.sys

C:\Users\Admin\AppData\Local\Temp\drivers\csaudiointcsof\csaudiointcsof.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 69.208.201.84.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

95s

Max time network

141s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\da7219\da7219.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\da7219\da7219.sys

C:\Users\Admin\AppData\Local\Temp\drivers\da7219\da7219.sys

C:\Users\Admin\AppData\Local\Temp\drivers\da7219\da7219.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

139s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\max98390\max98390.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\max98390\max98390.sys

C:\Users\Admin\AppData\Local\Temp\drivers\max98390\max98390.sys

C:\Users\Admin\AppData\Local\Temp\drivers\max98390\max98390.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

142s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\nau8825\nau8825.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\nau8825\nau8825.sys

C:\Users\Admin\AppData\Local\Temp\drivers\nau8825\nau8825.sys

C:\Users\Admin\AppData\Local\Temp\drivers\nau8825\nau8825.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 74.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral23

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win7-20240903-en

Max time kernel

121s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\utils\csaudioendpointswitcher.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\utils\csaudioendpointswitcher.exe

"C:\Users\Admin\AppData\Local\Temp\utils\csaudioendpointswitcher.exe"

Network

N/A

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

137s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\max98357a\max98357a.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\max98357a\max98357a.sys

C:\Users\Admin\AppData\Local\Temp\drivers\max98357a\max98357a.sys

C:\Users\Admin\AppData\Local\Temp\drivers\max98357a\max98357a.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

140s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\rt5682\rt5682.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\rt5682\rt5682.sys

C:\Users\Admin\AppData\Local\Temp\drivers\rt5682\rt5682.sys

C:\Users\Admin\AppData\Local\Temp\drivers\rt5682\rt5682.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

94s

Max time network

150s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\sklhdaudbus\sklhdaudbus.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\sklhdaudbus\sklhdaudbus.sys

C:\Users\Admin\AppData\Local\Temp\drivers\sklhdaudbus\sklhdaudbus.sys

C:\Users\Admin\AppData\Local\Temp\drivers\sklhdaudbus\sklhdaudbus.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

153s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2468 wrote to memory of 3352 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2468 wrote to memory of 3352 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
PID 2468 wrote to memory of 3352 N/A C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3352 -ip 3352

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 600

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

93s

Max time network

151s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\opengmaxcodec\opengmaxcodec.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\opengmaxcodec\opengmaxcodec.sys

C:\Users\Admin\AppData\Local\Temp\drivers\opengmaxcodec\opengmaxcodec.sys

C:\Users\Admin\AppData\Local\Temp\drivers\opengmaxcodec\opengmaxcodec.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\rt1011\rt1011.sys

Signatures

N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\drivers\rt1011\rt1011.sys

C:\Users\Admin\AppData\Local\Temp\drivers\rt1011\rt1011.sys

C:\Users\Admin\AppData\Local\Temp\drivers\rt1011\rt1011.sys

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 17.173.189.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

139s

Command Line

"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"

Signatures

Stops running service(s)

evasion execution

Deletes itself

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\uninstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\net1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A

Runs net.exe

Processes

C:\Users\Admin\AppData\Local\Temp\uninstall.exe

"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

"C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\

C:\Windows\SysWOW64\net.exe

net.exe STOP "csaudioswitcher"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 STOP "csaudioswitcher"

C:\Windows\SysWOW64\sc.exe

sc delete csaudioswitcher

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

MD5 fce8be84b8763aa8265a3f9b061121f1
SHA1 1b718de67d01bf764ee0691a8aaa00870cfab49f
SHA256 877627e281ee21e110f816b114e153a83ff501228b0b0f5c4538206071cbe5b1
SHA512 2db8c550caf244a7d822872d4526136dafa3b2de01c1093f2538e5b8a5f294ed8dd32391c8aa69187f3606365915bfa8c5cd2dc54e5564db03ed63cb99252bee

C:\Users\Admin\AppData\Local\Temp\nsj8896.tmp\nsProcess.dll

MD5 f0438a894f3a7e01a4aae8d1b5dd0289
SHA1 b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA256 30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512 f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Analysis: behavioral21

Detonation Overview

Submitted

2024-11-13 21:47

Reported

2024-11-13 21:50

Platform

win7-20240708-en

Max time kernel

122s

Max time network

124s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

Signatures

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\rundll32.exe

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsProcess.dll,#1

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 224

Network

N/A

Files

N/A