zebrocy | d5df2d8ea45e881670a9b723a495363fb198700a60b47cba5507bf1164e14698

Analysis

max time kernel
103s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/12/2024, 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DJI+Assistant+2+For+Mavic+2.0.14.exe
Size

220.9MB
MD5

5ed21360de855550b5d76fd3b58a0d9c
SHA1

8ec79d60dc65fa62d28fc34a0d729cfc5b58968b
SHA256

d5df2d8ea45e881670a9b723a495363fb198700a60b47cba5507bf1164e14698
SHA512

659b3d430259e13ae26422b3c79ba5cc1a41e319f690a9947b310e073260f21204432a5ad752e615146a338ef9d6f26eac78fa9418e73451cbb7fbbffdbfd6d7
SSDEEP

6291456:9Zd82MdKKBxeHHR6z9PXGGYt4+mfRci0DkkCc78LE:9VMdvBxeHoJXGftPj8g

Score

10^/10

zebrocy backdoor discovery trojan

Malware Config

Signatures

Zebrocy
Zebrocy is a backdoor created by Sofacy threat group and has multiple variants developed in different languages.
trojan backdoor zebrocy

Zebrocy Go Variant 1 IoCs

resource	yara_rule
behavioral1/memory/2720-1290-0x0000000000400000-0x0000000001004000-memory.dmp	Zebrocy

Zebrocy family
zebrocy

Enumerates connected drives 3 TTPs 25 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	DJIService.exe
File opened (read-only)	\??\B:	DJIService.exe
File opened (read-only)	\??\S:	DJIService.exe
File opened (read-only)	\??\V:	DJIService.exe
File opened (read-only)	\??\R:	DJIService.exe
File opened (read-only)	\??\D:	DJIService.exe
File opened (read-only)	\??\F:	DJIService.exe
File opened (read-only)	\??\H:	DJIService.exe
File opened (read-only)	\??\I:	DJIService.exe
File opened (read-only)	\??\L:	DJIService.exe
File opened (read-only)	\??\N:	DJIService.exe
File opened (read-only)	\??\Q:	DJIService.exe
File opened (read-only)	\??\T:	DJIService.exe
File opened (read-only)	\??\U:	DJIService.exe
File opened (read-only)	\??\W:	DJIService.exe
File opened (read-only)	\??\Z:	DJIService.exe
File opened (read-only)	\??\M:	DJIService.exe
File opened (read-only)	\??\Y:	DJIService.exe
File opened (read-only)	\??\E:	DJIService.exe
File opened (read-only)	\??\G:	DJIService.exe
File opened (read-only)	\??\J:	DJIService.exe
File opened (read-only)	\??\K:	DJIService.exe
File opened (read-only)	\??\O:	DJIService.exe
File opened (read-only)	\??\P:	DJIService.exe
File opened (read-only)	\??\X:	DJIService.exe

Drops file in System32 directory 26 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\{7c7cd1d5-7926-4e4b-b47f-444d3b86cc32}\SET3D23.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c7cd1d5-7926-4e4b-b47f-444d3b86cc32}\djidriver.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c7cd1d5-7926-4e4b-b47f-444d3b86cc32}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\SET3DEE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\SET3DFF.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\SET3DFF.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\Vision_(Interface_3).cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c7cd1d5-7926-4e4b-b47f-444d3b86cc32}\SET3D23.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\Vision_(Interface_3).inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\SET3E01.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\SET3E00.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c7cd1d5-7926-4e4b-b47f-444d3b86cc32}\SET3D34.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vision_(interface_3).inf_amd64_089ff2f979733fa2\Vision_(Interface_3).inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7c7cd1d5-7926-4e4b-b47f-444d3b86cc32}\dji_vcom_driver11.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\SET3E01.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vision_(interface_3).inf_amd64_089ff2f979733fa2\libusb0.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vision_(interface_3).inf_amd64_089ff2f979733fa2\libusb0_x86.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\SET3DEE.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\libusb0.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\SET3E00.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{143fd69c-35c2-8e47-811f-df53efccfc3d}\libusb0_x86.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vision_(interface_3).inf_amd64_089ff2f979733fa2\Vision_(Interface_3).cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7c7cd1d5-7926-4e4b-b47f-444d3b86cc32}\SET3D34.tmp	DrvInst.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
4216	DJI Assistant 2.exe
1884	DJIService.exe
2720	DJIServiceCore.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\platforms\is-C0I3O.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\Drivers\Drivers_Win10\Vision\vision_amd64\is-DP0GM.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\msvcp120.dll	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\is-KKSFM.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-69CSE.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-K4S6V.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-V5S28.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-RJ7HI.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIApp\ui_ass2.log	DJIBrowser.exe
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\imageformats\qmng.dll	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-AT5CS.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-JFN59.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-FAOMQ.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-G75HD.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJI Assistant 2.exe	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\is-K2QGJ.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\locales\is-N7KRA.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-NN3GS.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJILog.dll	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\is-9SGKG.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\is-0R9UI.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\locales\is-5E2GE.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\locales\is-1I28R.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-4L7V9.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-2LNE0.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\platforms\is-LL4MJ.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\Drivers\Drivers_Win10\Vision\vision_amd64\is-MLL8Q.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-UKBTQ.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-7VNE6.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-SDLMC.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-CFQEV.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIData\auth.ini.gg1884	DJIService.exe
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\is-7ETV7.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\is-3U7K5.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-G52T4.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-1PFLF.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-E0EA3.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIService.exe	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\is-02TCT.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-9CM3K.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-H0NFI.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\imageformats\is-CNCJ5.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\x86\devcon.exe	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIApp\is-DPUBN.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Browser\is-TFUQG.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\is-GIAJP.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-PAHEK.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-72TFJ.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\is-BH8QI.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\is-NR60S.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-RDQ36.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-H0ED7.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\node.dll	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Browser\is-D548M.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\is-7GLGA.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\is-FB6RE.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-MMKHC.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-7SBH1.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-CP987.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIData\auth.ini.iu1884	DJIService.exe
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIData\auth.ini	DJIService.exe
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Qt5Svg.dll	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File opened for modification	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\imageformats\qjpeg.dll	DJI+Assistant+2+For+Mavic+2.0.14.tmp
File created	C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\is-3S94Q.tmp	DJI+Assistant+2+For+Mavic+2.0.14.tmp

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	pnputil.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	pnputil.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe

Executes dropped EXE 6 IoCs

pid	Process
2640	DJI+Assistant+2+For+Mavic+2.0.14.tmp
4216	DJI Assistant 2.exe
1884	DJIService.exe
2720	DJIServiceCore.exe
4300	DJIBrowser.exe
2532	DJIBrowser.exe

Loads dropped DLL 29 IoCs

pid	Process
4216	DJI Assistant 2.exe
4216	DJI Assistant 2.exe
4216	DJI Assistant 2.exe
4216	DJI Assistant 2.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
4300	DJIBrowser.exe
4300	DJIBrowser.exe
4300	DJIBrowser.exe
2532	DJIBrowser.exe
2532	DJIBrowser.exe
2532	DJIBrowser.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DJI+Assistant+2+For+Mavic+2.0.14.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DJI+Assistant+2+For+Mavic+2.0.14.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DJI Assistant 2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DJIService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DJIServiceCore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DJIBrowser.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DJIBrowser.exe

Checks SCSI registry key(s) 3 TTPs 42 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	pnputil.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	pnputil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1884	DJIService.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2640	DJI+Assistant+2+For+Mavic+2.0.14.tmp
2640	DJI+Assistant+2+For+Mavic+2.0.14.tmp
4216	DJI Assistant 2.exe
4216	DJI Assistant 2.exe
4216	DJI Assistant 2.exe
4216	DJI Assistant 2.exe
4216	DJI Assistant 2.exe
4216	DJI Assistant 2.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
2720	DJIServiceCore.exe
2720	DJIServiceCore.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeAuditPrivilege	2856	svchost.exe
Token: SeSecurityPrivilege	2856	svchost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2640	DJI+Assistant+2+For+Mavic+2.0.14.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe
1884	DJIService.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 2640	1860	DJI+Assistant+2+For+Mavic+2.0.14.exe	85
PID 1860 wrote to memory of 2640	1860	DJI+Assistant+2+For+Mavic+2.0.14.exe	85
PID 1860 wrote to memory of 2640	1860	DJI+Assistant+2+For+Mavic+2.0.14.exe	85
PID 2640 wrote to memory of 1104	2640	DJI+Assistant+2+For+Mavic+2.0.14.tmp	95
PID 2640 wrote to memory of 1104	2640	DJI+Assistant+2+For+Mavic+2.0.14.tmp	95
PID 2640 wrote to memory of 1104	2640	DJI+Assistant+2+For+Mavic+2.0.14.tmp	95
PID 1104 wrote to memory of 5044	1104	cmd.exe	97
PID 1104 wrote to memory of 5044	1104	cmd.exe	97
PID 2856 wrote to memory of 2464	2856	svchost.exe	99
PID 2856 wrote to memory of 2464	2856	svchost.exe	99
PID 1104 wrote to memory of 4604	1104	cmd.exe	100
PID 1104 wrote to memory of 4604	1104	cmd.exe	100
PID 2856 wrote to memory of 3728	2856	svchost.exe	101
PID 2856 wrote to memory of 3728	2856	svchost.exe	101
PID 2640 wrote to memory of 4216	2640	DJI+Assistant+2+For+Mavic+2.0.14.tmp	103
PID 2640 wrote to memory of 4216	2640	DJI+Assistant+2+For+Mavic+2.0.14.tmp	103
PID 2640 wrote to memory of 4216	2640	DJI+Assistant+2+For+Mavic+2.0.14.tmp	103
PID 4216 wrote to memory of 1884	4216	DJI Assistant 2.exe	104
PID 4216 wrote to memory of 1884	4216	DJI Assistant 2.exe	104
PID 4216 wrote to memory of 1884	4216	DJI Assistant 2.exe	104
PID 1884 wrote to memory of 2720	1884	DJIService.exe	105
PID 1884 wrote to memory of 2720	1884	DJIService.exe	105
PID 1884 wrote to memory of 2720	1884	DJIService.exe	105
PID 1884 wrote to memory of 4300	1884	DJIService.exe	106
PID 1884 wrote to memory of 4300	1884	DJIService.exe	106
PID 1884 wrote to memory of 4300	1884	DJIService.exe	106
PID 4300 wrote to memory of 2532	4300	DJIBrowser.exe	107
PID 4300 wrote to memory of 2532	4300	DJIBrowser.exe	107
PID 4300 wrote to memory of 2532	4300	DJIBrowser.exe	107

C:\Users\Admin\AppData\Local\Temp\DJI+Assistant+2+For+Mavic+2.0.14.exe
"C:\Users\Admin\AppData\Local\Temp\DJI+Assistant+2+For+Mavic+2.0.14.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Users\Admin\AppData\Local\Temp\is-6E1H1.tmp\DJI+Assistant+2+For+Mavic+2.0.14.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-6E1H1.tmp\DJI+Assistant+2+For+Mavic+2.0.14.tmp" /SL5="$7021E,231323589,174080,C:\Users\Admin\AppData\Local\Temp\DJI+Assistant+2+For+Mavic+2.0.14.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C ""C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\Drivers\Drivers_Win10\DriverSetup64.bat" /s"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1104
  - - C:\Windows\system32\pnputil.exe
      C:\Windows\Sysnative\pnputil -i -a ".\VCOM\dji_vcom_driver11.inf"
      4⤵
      Drops file in Windows directory
      PID:5044
  - - C:\Windows\system32\pnputil.exe
      C:\Windows\Sysnative\pnputil -i -a ".\Vision\vision_amd64\Vision_(Interface_3).inf"
      4⤵
      Drops file in Windows directory
      Checks SCSI registry key(s)
      PID:4604
- - C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJI Assistant 2.exe
    "C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJI Assistant 2.exe"
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4216
  - - C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIService.exe
      "C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIService.exe" "C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJI Assistant 2.exe"
      4⤵
      Enumerates connected drives
      Suspicious use of NtSetInformationThreadHideFromDebugger
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1884
    - - C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIServiceCore.exe
        
        "C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIServiceCore.exe"
        5⤵
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:2720
    - - C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\DJIBrowser.exe
        
        "C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\DJIBrowser.exe" "C:/Program Files (x86)/DJI Product/DJI Assistant 2 For Mavic//DJIApp/" release
        5⤵
        Drops file in Program Files directory
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:4300
      - C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\DJIBrowser.exe
        
        "C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\DJIBrowser.exe" --type=renderer --no-sandbox --register-pepper-plugins="../Browser/DJIViewerPlugin.dll;plugin/dji_viewer, ../Browser/DJILiveVideoPlugin.dll;plugin/dji_live_video, ./Browser/libDJILiveVideoPlugin.dylib;plugin/dji_live_video" --lang=en-US --enable-plugins --node-integration=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="4300.0.1991355759\1084056626" /prefetch:673131151
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{f20f20d6-351d-3940-9ce7-5b4189230d9a}\dji_vcom_driver11.inf" "9" "4a3e5b3ef" "0000000000000144" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\Drivers\Drivers_Win10\VCOM"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Modifies data under HKEY_USERS
  PID:2464
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{fd412692-5397-f243-8375-a8579042f8c2}\Vision_(Interface_3).inf" "9" "4d78c4ecf" "0000000000000158" "WinSta0\Default" "000000000000015C" "208" "C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\Drivers\Drivers_Win10\Vision\vision_amd64"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\DJIPRO~1\DJIASS~1\Drivers\DRIVER~2\VCOM\djidriver.cat

Filesize
12KB

MD5
df7e084ae40011efd408ece4748b139c

SHA1
5768bed8da81803afa5c8df7b4292a8d544d60d4

SHA256
b74cf1b843769c15e16393b46dc249f6a57bf8d9199deb824678c1384c3f7534

SHA512
a7ffcfea32257dfd6d7870c155f62fadaf2db06e79a5d2df28746ee008e158b9eb8b351884ec14a32d3f0ac27cb7bade588d36325160d85fb7de31bc0c88244b

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJI Assistant 2.exe

Filesize
3.4MB

MD5
c061e2205e6027445f03d1faa8231d62

SHA1
d92a048d16c2bb684d9896ce26cb79f09110a802

SHA256
3f9ba6df14be28b4d56ef220d1851244a6008efd2bb0ef1c9506eec24380f34f

SHA512
abf6a342c526fa58c4cf0b24c53a9061fc1bf2081576ffacca9f72438b4cfe2f5525c30bb11ab4dcfd542bfc1a69621423cf9928f55f59b9b9529a8da326bf7a

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\is-AEQ2I.tmp

Filesize
444KB

MD5
fd5cabbe52272bd76007b68186ebaf00

SHA1
efd1e306c1092c17f6944cc6bf9a1bfad4d14613

SHA256
87c42ca155473e4e71857d03497c8cbc28fa8ff7f2c8d72e8a1f39b71078f608

SHA512
1563c8257d85274267089cd4aeac0884a2a300ff17f84bdb64d567300543aa9cd57101d8408d0077b01a600ddf2e804f7890902c2590af103d2c53ff03d9e4a5

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIBrowser\is-P8JPM.tmp

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIData\auth.ini

Filesize
60B

MD5
5bc9dde5f22b9650674656e703a1c172

SHA1
1125e37c1194174319bcb6246a2a0bea2f5d254a

SHA256
2de17d3362ef92d6e20506b688190a59eb0f2c938823f58b33daeaf12656e717

SHA512
f794d63533e3045f31a76b57792388edf31e038919222855a692fa08c461110af927512be2d760ddbc9ec35b9e06d54040a5ce49c64526cd41197bb2efa5475c

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIData\auth.ini.lock

Filesize
36B

MD5
bdd943cf5f0d445540fb3742348759ce

SHA1
d051936ad1989c18512f604a0299e3b5b76e8d8d

SHA256
105579fc3aa64c87fd4a329d5b9eaa6d4ca2887ae55e5423a1497caa09459b75

SHA512
57fda477f7c3cc2ca90eb045e7a8661ff0617cef48056ffa7341522a6cf00b033d452277eeca3c5feef98238a191832e3d0b26b90fdf3ac06745e029e6fed891

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIDevice.dll

Filesize
363KB

MD5
b6e9bcbc2c2935a3c4962be1ebc43e8d

SHA1
e8a372528fcafe3c07aa80761085a4495424445b

SHA256
83f05de38f6c4489bc05cc25409e101d0de9afa12e9a2212178cd439c74b94db

SHA512
00bf596d9ba63144c69865ca07bdf03991b67d599c059e60313498c6cd6c69c536704ed43f463af6051d8ea28e66e8ce40cb01f252f9609b8bcd16f15a628a5c

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJILog.dll

Filesize
177KB

MD5
45a1a5488d8190274024f42ea388cf7c

SHA1
ec1d152fefb60560e9b13dd529437d2e0bc759d3

SHA256
45cc3812bf6ec300d0b3de8fee27d7a59c40d46c252dc28ba49d4288591abccf

SHA512
3d3c8c0aba4446da8014fcbf33db5198fce044db2310d4d471c59ecea0d005a1bf3f6404e377c5e331ac0ecd8f10c619ab3dcd75dc6b75daa048ae7348637091

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIService.exe

Filesize
8.0MB

MD5
58edf8e58db5dd51a940f4a0ff8f554d

SHA1
43ace946f621ac430de50731800ecc83f8cefca4

SHA256
ae9c6a6cbc93e122b3048c756aecad7d72995796c6974d92ff6e43fd53eb9385

SHA512
7855c844360e60006bd3170afa7455526b36dcf57999f9ab74ec6a3223339e419e5a2bbe07de975dbfd6d89c0a5530d4b3c28961629cd64b522b60f6e0898381

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\DJIServices\DJIGlsService.dll

Filesize
7.0MB

MD5
6e8e71788407c308e42e105380d050b5

SHA1
138977eb4cf6b1d929ce82ec5f38aa3dfa983c75

SHA256
57510d3f05ef26cab4dd1c443e273ba22f08bf3ddbba971cdfed7485ab757a15

SHA512
bd9b93f44fcff4280c0d052c0855e061db04a5680e3876a1e7ddca3d1376705472192d248d30de63036f9b9b403a19b90dbca5565999fd4737de9f820b55ecab

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-3BRMD.tmp

Filesize
140B

MD5
e7d48831dd956b81b9a45f1219347dbb

SHA1
9e835caab9bc33cb6ec3faea4035218c5b6c7f9f

SHA256
330ef3a218d881dc7d8faae7d202ef1e17245ebabdf1632b0c3c8f7b253b7a17

SHA512
7f6c2ee1c72977735deafb12a992c5d4078a4ede3e8d79d7f7fd720b9dc5d3b7f1f5d8deaabe82cecb937b3bf3d0ac29cab5d165a48f83b379e1b75058686feb

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-BLOFN.tmp

Filesize
9KB

MD5
4deab61b585da5e4dd6eebcbf8a80f8d

SHA1
ff89a6121ef1853a57d6263e5963590c9f25c16d

SHA256
14137bf58c535e374c338d713eab86e8efe825a9b87dd28260c442c705046c0f

SHA512
5734cdb68cfcd49de9296e4879c172284bc6cec5c906ce83ff09a2526aa28cb078a1c2a988f743ad7c45bdce430901f9608522a2de15cfad0392f1857e241eea

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-FTRRK.tmp

Filesize
102KB

MD5
54dd1de8361582bbd482c29bfbddb9ab

SHA1
b5a21f1a0c4e654ca693a3dd4a2e4d65b71ea8f0

SHA256
2d26f753b6f0a4a10bea7cc3df278a3adf1fea264aaeeb739510c504ff3ea8c2

SHA512
e1f455c3f7de89cf9bbfc50e781374a16f3a9bd52619b4c852b75ba35f726ef0ca16c13a37455e1575258790abb2eb2e486a5ee5e7ec910015a519a4e2208fc3

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-JHSJR.tmp

Filesize
35KB

MD5
8851877c82d69b6cb6350a8d15716989

SHA1
fc657c2f4bea807150875e51c872250f122119b7

SHA256
5a351c2df265242cab50f9bee3896295063878d258a5492f5e842b9685826390

SHA512
b3415cee1b5f0e3743d6137a000ba794defef5d15b997bb965982747da4deb58f03a9960de5c942f611df85b3000912a10d133cbdddede4c30fddbd1944fb706

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-MCPB5.tmp

Filesize
35KB

MD5
aa2c8b7766a83f6f392b93ff135ca053

SHA1
0c69fefd1a2e45e128fe4068457c9ceb814097be

SHA256
d4dbb9e7fb09d23e6ab985e9839de24c55d312b20b50eb25339d6b5373164fb2

SHA512
85554cd297b22e55a297a63db117720bdf7e054a34fb665660898275aa1bbfdb500867e3423e3bd52ec4ed132e0d550f68bb27656abbbdae8493dc14fd9266a6

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Media\Models\is-T3QNG.tmp

Filesize
459KB

MD5
f45a11f966e1603455ce60f8fe7a6b5c

SHA1
95a5c885cb16e8b28885ac66e092a8350ef69886

SHA256
3628f8fb0108e90248de0e2d14bbeb777d330d4aac56453653129acaf9ab05cf

SHA512
57ee858233cd733a3ce5a66e4606ced8413660fe0d4dd0d2c7e1b417ffe6bad21732fbd084072a3e6c228c51a147a9eddd607f17af5136eca4afca8fbe7378ca

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Qt5Gui.dll

Filesize
4.6MB

MD5
9b23430a8300495a4f14a3f33e509f74

SHA1
3b67aaac7e02cec104a66b003a47ceff3fce4f48

SHA256
3c228afbc70db92af4f40672c5d913fb5104c335bbd19f7686bcad4e0a914327

SHA512
0893fb282305fd1b3098c814e54c7e5d6b5f1ef96b552b31fb7404dd009546532b6d11717c86af818175c68d62223d661dda0d802ac617fb8d0e0af1d8f589cc

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Qt5Network.dll

Filesize
823KB

MD5
b3a9b96a0470cb424e3e1718a3838201

SHA1
e8fbd58789fd2fc7fc30e5b8dd209f8eb26d2c6a

SHA256
bc08eb5984c9d45fcf0ca198ab530319f0535b0311ff7424d5f1938d72f25ef9

SHA512
d1b457d92470de15896bd375ecaed82f4524bc746f945d278d56cd277db3f3c255fef13f23a0cdb37bfe003fe7746f5eb3270c58076b89c78c50652a93dbf754

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Qt5WebSockets.dll

Filesize
102KB

MD5
789266a9c36ed8b11eb2f930d53e5f52

SHA1
e417d590a46b74b14717cc2ec80c78232733ce5f

SHA256
a34f144a42e326e129d814585a10903769ce4c4d17583af608c0d648a1abd899

SHA512
40ead5c47429f8539686d5fb78dfba4ad81020f7c4d61c301adb2a8340f62aa76071e5b67882996e3350c6c07329c0b93e106dbf440b603d5edb746efb202ec8

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Qt5Widgets.dll

Filesize
4.2MB

MD5
06ba339bf93676f488c78823d88a605b

SHA1
369e14c2a772c2e795beb1c75e1f9f06828e1554

SHA256
52efef5a2c7109bb03c50286861e7f6449af1e812f53f6d37475620c887439a5

SHA512
2ca1030b0a02c759e6f75517943cc5f803af0ab9099861a6ec40d2813ba66de407400d98c78cfc74e8ecac9ded22697fb2eb28286b2b4fdb689d459632267ef4

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\Qt5Xml.dll

Filesize
146KB

MD5
c392e11731e7a6377ba6bab4efdf7de2

SHA1
03d657be9637784cd3b4e577ff71c0df55342e64

SHA256
ff7e8f527991e16fb1434500da7361456194355d7e8e45fdae121e8ef9794218

SHA512
7c2c7a2859453c3e38fb26f98af8416729685b15080e06e2ac02069dd0ed9fe907502b842634dd43f95741ff0a5141620b51f7c121f24e99b4529f71670d33f1

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\libeay32.dll

Filesize
1.2MB

MD5
722c7225447f499ea7394736a4029357

SHA1
0098a723a358b92b62b1e51845dec2d2b58dbcbb

SHA256
6720af07807030f31f28df7790c5d24584323e94329b92ba3d53d8d7bee05386

SHA512
d68c633b5460c6b84fbd18632feb2e53bd56497b0b383c0a48b41fbf84ece73257c5e62a16a0aa8ccb7bb721c75b29466106a757c0c145bf0c9586a2033f9cff

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\bearer\qgenericbearer.dll

Filesize
37KB

MD5
20dd95601bd1892040db5212905775ae

SHA1
acd6aa9fbef2eee12bd829b59c0deee7d31094c2

SHA256
914bc9627ec01cd9da7235f06f82b6f2be738871556ac23f80b5f71f2892d81e

SHA512
9e109fa462ba4e8a2fd49d470c341971e9c18497018ab5b96d9bc47898a048c9f10e45fc97b481f795fc36e0ad72e78545eb277bd664db2d931234ff804939f2

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\bearer\qnativewifibearer.dll

Filesize
39KB

MD5
6dfbdb56a04e3f450325f5f99e1d0ec3

SHA1
0fb106a8c1d70a0a27e4ed345d46a2924b133da5

SHA256
1f94bea3085688a67f8dde8a8f6b27f3c70d86a2e29669dd8090afa31fe3ef27

SHA512
f30fe49a4fde601b914c5fad8827651ed509b07d892497d5b3aa5b72c1623943aef733ebe56664e552ae09543841a1ace516d57c5d7cde5e824f9e485422da70

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\platforms\qminimal.dll

Filesize
27KB

MD5
0a8427a2d62c993bfcd6f378bfd40d7b

SHA1
fa01b599bba4391418945c8f5da6f414cafebdb6

SHA256
97b4d4298cf9a43a11ac5c7b36b187adb08550374b34424143338dd82f01518b

SHA512
edc4885b2dbe541601e10412b3deb3e51c7ceec7158fe706bbd256cb6f150256e1b8cfc36fbf7d0b2aac5ab1a2966f43e69fb8e5c78617b4e0a95517454fd7d3

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\platforms\qminimald.dll

Filesize
77KB

MD5
7e983097165a9352a08ea412fbf1df3d

SHA1
ba5d0ef0c3df99522a10e536600f8b1da6c757e1

SHA256
abecc7d6442b4e50aa8cc1e0b0ac9670e2e1cf854917b26a20d123ee66cb4177

SHA512
dad3880a0511f24662bfd5c42650bed3177de4478425fdce2b3a89c075cd3ae1c53ad41aeb313c1d94d2858eb6d18ae6faa35a6fe204d634e23b4627f1786e96

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\platforms\qoffscreen.dll

Filesize
525KB

MD5
9c4ba128c453c6e80e1d04bf0310ef58

SHA1
084cc1061ae2c63f3ba3f13e3ba1463f2e31920e

SHA256
ddcffccbde41c45384e7f5b3da8f2c489241dd28c760e50cde5ebdc39c5982ef

SHA512
0739359e53cd623e42491d2bf3734cc50fbaf52a4b6e4757be10b6cd07ff81105f92657efc7acd2751bf915b1c10ac37d0ebe26d748f36d01654b27172de1bde

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\platforms\qoffscreend.dll

Filesize
962KB

MD5
3f88942e999c1b00a2ded127fb638deb

SHA1
d683cd8c467d05a66a03ed34476029b43779f59d

SHA256
8ace5e92fb7bd67254df92a93398b93fdeac43bd0dbc07f19091fd630d1f2761

SHA512
4bbe953afcf7c6c07f9ad5dbd742cb65189996df06d7c88c4d3f4f3e6ee5ebf3a78bbd139023a88a7fa9738d66dee896ddb73f7c7a9c2a73e95fd8e9712e8c3f

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\platforms\qwindows.dll

Filesize
968KB

MD5
1e9af98af69d55a9e5728aeb2489c52a

SHA1
ed89abc863db9d0b9e3625a218bdbb02b53b398a

SHA256
859c8ac22032972b2cbf62fac2a1e74d67356881b9ebf8697a738def0a19c357

SHA512
e1f5cbce1e2a95113f7544ed31e3683b04ee58c7ba79170c1187fbff1108df5ff57efdad348f446e845f731b1e2c2df4577ef6e89d7e3a6048c12cc8fbe6d732

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\plugins\platforms\qwindowsd.dll

Filesize
1.9MB

MD5
20587d0b6ddcf6a910144111806d3d42

SHA1
b56afb9b3b3e28c5f216c0ecb68c528d2939c67c

SHA256
81260246ebab4572a679baf8592dff4da4a94e001da9d26caf50219f4342d9d2

SHA512
424a64a64a479be41f4207a35014cac7819920cd9ede38704cf0b0a8ec31c43ec1894cd6ccc0ab2d18b678e9fc91c3a4c3b93eb23befaed85cbc4d7205f90a87

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\qt.conf

Filesize
44B

MD5
c690a9ed59dd3a295aeb769b3b458709

SHA1
8e8e688b84f03c3146a5d48a39cc27a1d27ebc43

SHA256
8264aa987145c8bd6a2e4d2ece6d4746b77096de284bba19114fade74dc5f00f

SHA512
ecf152afd04922b812905bc19069eacdfc8cf5b125d91928f3219911b163390a7fa75e90b28ffd1dd1a7f37ce4230aefd3be8ab00e43a34711206b8fa97fb7cb

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\DJIEngine\ssleay32.dll

Filesize
285KB

MD5
f50e5955e71034b57d33850877e970c0

SHA1
7911856de1a9e3025b8828aa29f6bee5a8bf8d9d

SHA256
bf49dc783ffc58c81461df85b1672998219a05fff8c4ae9bd3051ad7b753e3e2

SHA512
ea1d1209c48bb4c655192aef74029e102f2b7c88d5651560dfad7fb08864e6695f5dd0a1181cb4fb6ad24ac55b186f61fcbaeb1470c84c91c51435697b2c87b5

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\Drivers\Drivers_Win10\DriverSetup64.bat

Filesize
212B

MD5
b60e641c5efac30ad64b5d238b93b6b1

SHA1
ddd8854d7dc54ef1886a4a0efe54c39495f7d386

SHA256
ba71b3e08b7a2dfa37a399b3164f6b343e3b51c673c25483740325dac51649c3

SHA512
b822512e6c6c3dce59cfb50db3a0b85277a3196e82d68b7465321a2aba436a024da6ce301017da787bd38343ffc089a90a4fab9e6856e9950b022e60c73a3601

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\Drivers\Drivers_Win10\VCOM\dji_vcom_driver11.inf

Filesize
4KB

MD5
ea8d50a684b4508d82270ce528a71151

SHA1
7fbfb5c15c1edd9ae5cb11140b9a28963f470e83

SHA256
7e06c87821373db660bd044f0e08a5c9582c70b8de26f3acb3e5fa7f47dbac7c

SHA512
6b3206effc9d08bc4d7d9c9d93381b441917a7d2f120e332a6f117a409814d2b76b4952738902a583552b9eb8d33cd4adb05735a0c8cd1c20b7d802e8c0301e2

Download Submit
C:\Program Files (x86)\DJI Product\DJI Assistant 2 For Mavic\Qt5Core.dll

Filesize
4.4MB

MD5
4dcb107dd7006a97ea65cda87e37b2b9

SHA1
6963097c5378f3fa984f1d3cee3e0061e927ee2e

SHA256
836ca128d874e6d82077ae806062526f15cb20fde97ffd70a476913c956afb96

SHA512
99955e307b35d0a7f6b33f6ab55efc9ebf65ea3c404a1f26e69a9ee1f665e47790b45f4d54e92fc791dcf561e8c0478cf846d4c2c039256d0aff92ed49eae39c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6E1H1.tmp\DJI+Assistant+2+For+Mavic+2.0.14.tmp

Filesize
810KB

MD5
d7201445863ea1a413ac8308f5d676bc

SHA1
016e8f0a4bf81a13b98f771344bc1f08fae3e065

SHA256
9a73becd878bf1da2825c6513b8dd672ddd18cd1cbb6a1de6069673ff3d115d8

SHA512
4ba891c4af69b6337a96929d2da636114c6f155dd83bcfd76938f8d90fa34c370df085e71f578b8e0994b034b0d0355fb316cfffa913bb05173165ba98ed22a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{fd412692-5397-f243-8375-a8579042f8c2}\Vision_(Interface_3).cat

Filesize
11KB

MD5
01ae2dad4ea15083326616209a30120f

SHA1
53ebde145dc994fce33970716e18cc62a1eb6987

SHA256
8e39d6fa8a4e35c015a52758013150524176ede58c8f8b0cc7053f76904c3615

SHA512
05f5eed8a11fdb14b06e1098c84b5c672a86aa0c73942a5abcd4253cca4cd71963a87cb0caba2d9f34c05499fc1054a8713c855dad3aa968381c2196aebb3e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\{fd412692-5397-f243-8375-a8579042f8c2}\Vision_(Interface_3).inf

Filesize
7KB

MD5
0fefc13324e0cb92ab3cb3ee81328d3b

SHA1
2c27ec072c777a13c6d61beaabedf71bf9b9092c

SHA256
83a3ca76ec585b7fde404eef60222b521cd06413f9ff76ba534120d0f5e0f994

SHA512
8a953de3519084b3c9089bf135961aebced5b1817304db42e90961154d646766f63a55756b0cb187b52efe8b38fda4abfb469a2e0bebdeaea092f8e1531fce60

Download Submit
C:\Users\Admin\AppData\Local\Temp\{fd412692-5397-f243-8375-a8579042f8c2}\libusb0.sys

Filesize
70KB

MD5
e4a24e2d2209277a8316210fb0e085a6

SHA1
fa1ff015e73457f4ec8dbceae2d0e814c8505d85

SHA256
e461278d697a58ceb921c32ba5653842a9c2380ff3c229fe20b7bdd7dc1f94da

SHA512
18e8cdab6b57b9eac84c0e99cd59a499aed3e0b81fc6af66a264d919249b70abb5cc52a71c256248f0d829c6281e97798a9ba2fb219fcf36cac0583f6995c7e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\{fd412692-5397-f243-8375-a8579042f8c2}\libusb0_x86.dll

Filesize
85KB

MD5
12b6239940d4cc695f427f61cd465ea5

SHA1
95034117a895563a29c772b3d449a6c1154de29e

SHA256
62f9428323754e691d1d56a34fd3cb4be19a43565055e12bf922770028595211

SHA512
40162490b2fd674278a34a550d00cf4fb0d75bf40aca51c5396ce4d70547aa7806a66817ed71a24ab6818f56d687f3e30b9c27b1dfec67648d2b88c8d3de36a6

Download Submit
memory/1860-1263-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1860-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1860-2-0x0000000000401000-0x000000000040C000-memory.dmp

Filesize
44KB

Download
memory/1860-8-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1884-1264-0x0000000001860000-0x0000000001861000-memory.dmp

Filesize
4KB

Download
memory/1884-1265-0x0000000001870000-0x0000000001871000-memory.dmp

Filesize
4KB

Download
memory/1884-1266-0x0000000000390000-0x000000000184D000-memory.dmp

Filesize
20.7MB

Download
memory/2532-1297-0x000000000A700000-0x000000000A701000-memory.dmp

Filesize
4KB

Download
memory/2640-1262-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/2640-11-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/2640-13-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/2640-9-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/2640-138-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/2640-1117-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/2640-6-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/2720-1290-0x0000000000400000-0x0000000001004000-memory.dmp

Filesize
12.0MB

Download
memory/2720-1288-0x0000000001130000-0x0000000001131000-memory.dmp

Filesize
4KB

Download
memory/2720-1289-0x0000000001140000-0x0000000001141000-memory.dmp

Filesize
4KB

Download
memory/4216-1234-0x0000000000F30000-0x00000000014D1000-memory.dmp

Filesize
5.6MB

Download
memory/4216-1233-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

Filesize
4KB

Download
memory/4216-1232-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/4300-1293-0x0000000021600000-0x0000000021601000-memory.dmp

Filesize
4KB

Download
memory/4300-1292-0x0000000030A00000-0x0000000030A01000-memory.dmp

Filesize
4KB

Download