Analysis
-
max time kernel
120s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
15-04-2024 18:05
General
-
Target
VCDS-PCI-15071-Installer.exe
-
Size
27.2MB
-
MD5
07b471064f26c23a28ae21cbc5c6ec07
-
SHA1
8fd8b5a7289e26aaf48397b89e0f6653cd43082c
-
SHA256
7b82c3211ac2385422370846a2873f6dae0f6441b5a96095fb08754d23ef71f8
-
SHA512
799181487ea18e4f82ca992b8266a7cedcf24d50eeccd4b589ab4054c10610eb44bc7990cad6d38a97ff42bb2f0b857b71857297a8bbde5f33f6a2d7432f3054
-
SSDEEP
393216:HWoSq/0R7XDdADriXkOG3aTGbz0SDTjIjSk3iO/r7HH8tQUpgrbs/iVA:H7ps7u/iUr3lMiTjIv3ifbpgPs/iVA
Malware Config
Signatures
-
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
-
Executes dropped EXE 8 IoCs
-
Loads dropped DLL 11 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs
-
Drops file in System32 directory 12 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 9 IoCs
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies data under HKEY_USERS 51 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 59 IoCs
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2116.3.710687281\874903408" -childID 2 -isForBrowser -prefsHandle 2276 -prefMapHandle 2216 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80ba3bb4-c88a-4034-a7d6-ee279962f28c} 2116 "\\.\pipe\gecko-crash-server-pipe.2116" 2292 19844f58 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2116.4.48525041\576343008" -childID 3 -isForBrowser -prefsHandle 2652 -prefMapHandle 2648 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ff9942b-903d-4caa-983f-aca4a4e50bac} 2116 "\\.\pipe\gecko-crash-server-pipe.2116" 2664 18bd5158 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2116.5.846601153\1512263008" -childID 4 -isForBrowser -prefsHandle 3412 -prefMapHandle 3408 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {487cc07e-bc34-42e8-a714-e480b9b95630} 2116 "\\.\pipe\gecko-crash-server-pipe.2116" 3424 1bd77758 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2116.6.1611573183\508544645" -childID 5 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7806b2ff-3f2c-4ef4-9f9c-47dc04c34e8a} 2116 "\\.\pipe\gecko-crash-server-pipe.2116" 3536 1bd79558 tab1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2116.7.1505203699\1297609647" -childID 6 -isForBrowser -prefsHandle 3756 -prefMapHandle 3760 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5baa5db-5bb7-4187-bd9e-1ca0f1135716} 2116 "\\.\pipe\gecko-crash-server-pipe.2116" 3744 1bd77158 tab1⤵
-
C:\Users\Admin\AppData\Local\Temp\VCDS-PCI-15071-Installer.exe"C:\Users\Admin\AppData\Local\Temp\VCDS-PCI-15071-Installer.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\VCDSAnleitung.pdf"2⤵
- Suspicious use of SetWindowsHookEx
-
C:\Ross-Tech\VCDS-DRV\DPInst.exe"C:\Ross-Tech\VCDS-DRV\DPInst.exe" /d /q /u .\Drivers\20204\RT-USB64.inf2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Ross-Tech\VCDS-DRV\DPInst.exe"C:\Ross-Tech\VCDS-DRV\DPInst.exe" /d /q /u .\Drivers\20418A\RT-USB64.inf2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Ross-Tech\VCDS-DRV\DPInst.exe"C:\Ross-Tech\VCDS-DRV\DPInst.exe" /d /q /u .\Drivers\20418B\RT-USB64.inf2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Ross-Tech\VCDS-DRV\DPInst.exe"C:\Ross-Tech\VCDS-DRV\DPInst.exe" /d /q /u .\Drivers\20602\RT-USB64.inf2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Ross-Tech\VCDS-DRV\DPInst.exe"C:\Ross-Tech\VCDS-DRV\DPInst.exe" /d /q /u .\Drivers\20814\RT-USB64.inf2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Ross-Tech\VCDS-DRV\DPInst.exe"C:\Ross-Tech\VCDS-DRV\DPInst.exe" /d /q /u .\Drivers\20817\RT-USB64.inf2⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Ross-Tech\VCDS-DRV\DPInst.exe"C:\Ross-Tech\VCDS-DRV\DPInst.exe" /f2⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\SysWOW64\Wbem\wmic.exewmic /NAMESPACE:\\root\CIMV2 path Win32_ComputerSystem get Manufacturer2⤵
-
C:\Windows\SysWOW64\Wbem\wmic.exewmic /NAMESPACE:\\root\CIMV2 path Win32_ComputerSystem get Model2⤵
-
C:\Windows\SysWOW64\Wbem\wmic.exewmic /NAMESPACE:\\root\CIMV2 path Win32_Processor get Name2⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2116.8.1820531588\934354997" -childID 7 -isForBrowser -prefsHandle 4040 -prefMapHandle 4104 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 816 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ff3c3df-838d-484e-b126-b7ad13a974c3} 2116 "\\.\pipe\gecko-crash-server-pipe.2116" 1724 1bf67358 tab1⤵
-
C:\Users\Admin\Desktop\[email protected]"C:\Users\Admin\Desktop\[email protected]"1⤵
- Drops file in Program Files directory
- Checks processor information in registry
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{2cbdb4d9-9d20-24c0-d1e4-441aaaa31f3c}\rt-usb64.inf" "9" "63bc47aff" "00000000000003C4" "WinSta0\Default" "00000000000003C0" "208" "c:\ross-tech\vcds-drv"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{02db78f0-f10f-26f4-6140-100e741da33a} Global\{7117e5d3-2b28-2e28-7d51-c82b71e2e525} C:\Windows\System32\DriverStore\Temp\{64f1da6c-c46a-5798-a816-1c3996665c3c}\rt-usb64.inf C:\Windows\System32\DriverStore\Temp\{64f1da6c-c46a-5798-a816-1c3996665c3c}\RT-USB64.cat2⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Users\Admin\Desktop\[email protected]"C:\Users\Admin\Desktop\[email protected]"1⤵
- Drops file in Program Files directory
- Checks processor information in registry
-
C:\Users\Admin\Desktop\[email protected]"C:\Users\Admin\Desktop\[email protected]"1⤵
- Drops file in Program Files directory
- Checks processor information in registry
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005E4" "00000000000005E0"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
5KB
MD521c353d6d9e7429015405efc78a3703a
SHA1da81b16710d2becc27904b031c2d405eb0ca0c7a
SHA256aa4e6c8b960ab2635daf53ed9f8d730877d3e31becde391b2e0abd0034563d48
SHA51239e262ff12fd410e5afed084f8563a502ec3d0d779ee14166e998f1502895855f3c6bd91abe01c8bdd6f1650d187bd4a4c7ee3ffe18b6a61b46a115a67c1fce3
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\helpmap.txt.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
17KB
MD56693478f76d848087f8deef88b39fbbc
SHA14e04e19a47f1f74c1ac53a6683d72f023c807e2e
SHA2561a07f6b0a2f61046875ad91249f2b940a4fb5e89f215d4c6d9f35b425e563ebf
SHA512da106e7fb6c1ea5815a5742ed151bd86a2fb79d21a2131582a03df9bf157a61eb86c683872d69338ccdd870dae27ef205500852db583fec721bab69846ec711b
-
C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\helpmap.txt.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
17KB
MD57c5c336636801ffdc5d9fb60f3e7f1ff
SHA163412302a4e474a131356b6a1f45125afe453bfc
SHA2569df766ec948f611f86edf0da8f4258e0fac4e107cdc80d20ee58d8eaa7510c5f
SHA512dd6c3fa3001c4c70976af831e3670cbcc0a01084171d5323833abc244ee1a50ebabdefd963ecb513846a1442a2a8ce7a70021c57d0d1595d698a77e213822d4b
-
C:\Program Files (x86)\Common Files\System\DirectDB.dll.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
23KB
MD53e7ca79c292fa8096583d5d0b86e9d34
SHA18186f2f080a5d266b44704a3f30341ef37c9200e
SHA2565376a4a0cd18d22095bd112e967e64855ca2bd0c9125c1f879d5269a65649d35
SHA512ef05f3fdb4dcfee1d1b3488cee25dae47f2d19bcf627a7c8f4fc8a6357ecd6bb4c5284b49e431173cc25cc8f73d6acf7995f8a2394ce9653929765f8d43af51d
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
596KB
MD5dc916e57b25cc3b5a01f925b69a5088f
SHA1bff8b9e29784ca412f75de119aa0639d13548543
SHA256fc1ab5365a0411074cfef75c4a0c54d3c390bcb89b5bf4273f6539676e37bf47
SHA512d7d2e16f99d0c34ce421095f705c960239edd615658e540f77d0848818d7057ef819069defd941e4a5efc4e914e0a9602579d51fc4dfad4378fb4580a7f0d491
-
C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
596KB
MD5250ffd338e1ae4762f49bd1604300c01
SHA1b43a60a840635517d40156d97017dfda144f183e
SHA256284cce944281a3294e4d5f7a90258f347e37d8a42bfbc0a19b19c8909552c40f
SHA512907793b3066f61ef2085eca07aebe526a33ff82a66974f6de0a6c749a56617a1f016d194f5c45a51eb63f0ee4047cc065d40aef927d8abffdd2abe9b156b3a89
-
C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\msinfo32.exe.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
296KB
MD560a7493a3a255cff4ce5bafe2790570b
SHA18ce426102d23296d0b4dce3c48d6c9f6e279d696
SHA2568e8da6aa00dae52bfb6ae3d57bf7f68058aa7670893d5b37b31fa5aa50481b1e
SHA512499c665b82c1bb80a82318d2f875bd99c3484cbc7f7b1cd8938707807923f476c383962d3325e78e7d3fe450c09185f6db902133c5fbd96f49c23233fcedd951
-
C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.htm.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
256B
MD5a5722c5e7cdca7c992f9ddac90ecb523
SHA1af083005e36ec95c4cdaf93aaad55a211f7c0af2
SHA2568b7b84d22c048e632182b36fc5906fe95a632f421f67b40f36569e01a19426f3
SHA51252f929cd7213a15e5724d21618170d6248aff4108d96146c8c40aeb23629734271dc84a87cde2ee7f9c938b29cbe8209d83f85f6fb8db3f0d1cbd283195d8dc6
-
C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Bears.htm.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
256B
MD5cc3f2280b897bae888baa683e4c6db8c
SHA1be48e8c455573c4f5d9ff65f93839fc732c91492
SHA256730304552b7e2977b09de4495650810412236f45f5fd4bc2dccfab29e2165860
SHA512aff780e4fc4e3386d0d07599d9a2c2960c2736b8a06e3957c345bc2452a4b79eb9a48d842fa0ea622c1bb5dd45007a9c9611e51d854073c812caefa4c6c9525c
-
C:\Program Files (x86)\Common Files\microsoft shared\VGX\VGX.dll.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
735KB
MD51471f18817dbf6fc7c36a8863697913f
SHA11d928a1a4961d5f3ab7a9bab60f987c00d63a5f4
SHA2564f62a32d55cff1c2c67fe5f013fe1efc825a46e8fb3810be668496cc320eab3d
SHA5128c8c9695a48242ffec3ab5a7593457bd6296661842bf1e09b36646fcf60ed5b97afb5e0a53996af6b3787b54e765fd23851d2bbe18c5d144dce296d41ac7052f
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\dicjp.dll.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
9KB
MD5e52affef600f2d591c1f68c7cd33af4d
SHA1c5cb10bb08e5caf7d94884e678f215840bfec4ad
SHA25622b01b0a68a424a5bf949edba0182ba21176d419a0c7e785a2f5190d3a225816
SHA512be99319cf5b27b8e8b3009c23c8d405bd3d2fcc9c7559e9585e0c27ac2fddf4879fa31e8fc3bff7dd0317d2b19f2abeff6f24b7f9680324141b63d469332bd56
-
C:\Program Files (x86)\Common Files\microsoft shared\ink\dicjp.dll.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
9KB
MD543d26f02afb6ac46793b2592a4a62943
SHA17cb0119920d468fe84cc4b681f173743e0e22684
SHA256649eae85ef200311d2e6b082d97babc61c16236945cf074f47e996c0944a6f51
SHA51276fe59c5f845310078b6998e1f1b8227d4756e3c4f4f4bc11cb05bf064a5e3c282d46c69b15340979582cf5e5572381ac9253d3b17c4d2acdab994659e9565c2
-
C:\Program Files (x86)\Internet Explorer\D3DCompiler_47.dll.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
3.3MB
MD53576e41da14a2d44c4ab95ab55220fff
SHA1f7ed98325fdc3962ce1f2ade155904b06d8e56a4
SHA25635a8c9d3faee46060aa053ef4b00180696729ee8ff025a6baf4fbc26ded22b7c
SHA512e9212cfbb96b027fd8185768604ca109b500a347cd1d6a00fd00ba30f157d642dfc7314b62061fca43e4745d822e5b911209d251cb72d6f1cebe8e511ca77dce
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_F_COL.HXK.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
128B
MD5dbdabd16f710b07dc9d70c4f411a75ad
SHA169463e538a20a542f421536d65c09940592a1454
SHA2565e8715858bbd4099f4640e5b00211150f65f887fc2b1c3dca80f03d881dc2484
SHA512280ba285c4c80661f9543aab18d90073d1319ed67482a805cc73ec5787e1bec69b4024368884e3bcf33c1f29d5e26f158535cc1551b32fec79ceb1a3b9fae0a3
-
C:\Program Files (x86)\Microsoft Office\Office14\1033\INFOPATH_K_COL.HXK.57E017D4B11778F3CCFEADA786CDCC1A5C0CE367E3462CCF5284141A548D57EBFilesize
128B
MD5ab1c399292cf7e9b177d505ef2c8ce91
SHA1a705644ae398b10e57df1b7586acf545c8fdfea9
SHA256f30f895c4a04e3620450c6ebb5b0ad6d6ae87f2dc79b2825c586f15354a29af4
SHA512fea6f2a8c220e4fc5363290ae083476d2873a5820c34599bb3b5e30b3f791981079fb7f7a9c53c25e50cd52137794c635461428baa43023413f9693177b2da48
-
C:\Ross-Tech\VCDS-DRV\Debug\SystemInfo.txtFilesize
812B
MD576b51d69ccf88d6a6bb310cf42fa8df7
SHA17f828bb59b1c8036ae9eba4e4deb5dc854c7f824
SHA2563b23be0fd070035c7b11253832df88dc367432794ea6004a4f8debba9484e177
SHA51295f75a67628b85978bb947af39467daed9353050a6e0bcddfd1c73387eece92e4cc09a851003a7273ef67eea527e814dfc81f84aa8b10f0455cf4da3a954ef27
-
C:\Ross-Tech\VCDS-DRV\Drivers\20204\RT-USB64.CATFilesize
8KB
MD5e8dde6e09bfbeb0ca0e05815ad33bf95
SHA144a799a220e60b6a67e61361d178d819f5bcb205
SHA2562bcbb6a745dc4f911b9783191cdbfce0c3b45ca0c2dc8cbbe61746b486ce4e13
SHA5128b68f43c3153e94bcbec81d403e15fb84fcdcef768dbbe5c6918b745cac8be8b996b13ac15bfe164aad03c5350b7b6a5fc282649dad2399a7e8c108c48586e6c
-
C:\Ross-Tech\VCDS-DRV\Drivers\20204\RT-USB64.infFilesize
1KB
MD557c6e9019c5c8af0730ba0585183428f
SHA1b8fd40b599f92436b4e15f69728fa7f3f6a8b1cf
SHA256038414cbd9606ddc1173c70113d09eb290b6fe79389d1d0e306443e4170b1043
SHA512f2aaa207b88b4057cfd47b45d4490ea1de5ebbab62aed05e90d00b1f59e7581d226ce96e30b44c5cfabb1b4e1dee70009ee5a11e26e2bb00de03425064341409
-
C:\Ross-Tech\VCDS-DRV\Drivers\20418A\RT-USB64.catFilesize
8KB
MD53529b290ccf28f00d6f58e635e7bc2fe
SHA199aaf04db1e3e1f35af1930ffc7294f75667ed63
SHA256e45a777d741a9e62a2fc9c40d89045c4e1ea24033847d5584361cda92c6ec459
SHA51206e50d34f589b8552bf43011160e8a7ef8028c1737be939dfbf3385877decc06a0722ac807036ecaaa44751fb08e6ea01869fc861f319a02553c99f537b4334b
-
C:\Ross-Tech\VCDS-DRV\Drivers\20418A\RT-USB64.infFilesize
2KB
MD591134b48fa3d8017b0c18f9df891a92a
SHA111048bf85f94917099c328b5a6204f2805030c64
SHA25628dc44e3e281ef6b4680661f1bf9915005e6bc9b65d47bfc20712beb044a7fc6
SHA512797746a7f5b9b4f17a9b8d6402f83f179ed20a38eadcc04a9c9d02fd429842f16c1fe4f2d092ee319a1d1ff09fa72a50fcee06939e61079b631205d3c4455c51
-
C:\Ross-Tech\VCDS-DRV\Drivers\20418B\RT-USB64.catFilesize
8KB
MD5f536099ce3b366e1c47e93fdb5086931
SHA1397e4946506240c604d0a04cc9e2d20895c47a4a
SHA2563700f2579ea1fce7499df97913262893d78345432b49968a1f6f794313d7a7ec
SHA5128b20d2c16f2c05e6e67beba2ffe6174dc3a6a774bd38311cbe02deeadaae8526dc5c7efa1af1208d69d2071510834ca4cec563cd6de779d03c1de12f789c63ab
-
C:\Ross-Tech\VCDS-DRV\Drivers\20418B\RT-USB64.infFilesize
2KB
MD54a0def266ec0d0f4854d5a4fcb86bd46
SHA11c31507b249e28ddfd7ae9c3b00701424611152a
SHA25617cbfb4a1c52231fda640449c38edcef293763ace7aecbe4b6e9cb6882696658
SHA5120e880ec3472f683f8540f81fa1e6e020780bbd46336808a7781c7857bdfb80053f7d42a9e557b9afffcfd631cb94cbe49fedea7d273655fdf984fb68f773433f
-
C:\Ross-Tech\VCDS-DRV\Drivers\20602\RT-USB64.catFilesize
8KB
MD5cc08d0a72737bd93fa696a8dc5586768
SHA112f2bffa7e70c247d7541c21823e0522e41440a8
SHA256be68f77d37999352e4d2abf3db23fe590e8c71eb4384fe29a15f9bdca9bd53f6
SHA51241df487fe54f82d6ac60b36707e26ad2591caf3cdfe700dd980ff48265ae0a63f5bdcfa309017410c698517be27c8dee2d83d515e96197bae299f357e802932d
-
C:\Ross-Tech\VCDS-DRV\Drivers\20602\RT-USB64.infFilesize
2KB
MD5dee1c44a0ef5cf3ed3faaa7acc2c24d2
SHA1f2d626f9a8e5c6126bed6ebd3e3504d0b2ab8443
SHA25661885d981c9e7ae4f80b258ce6a91d6d207a1bb004d5e358a8154fb5e0974e15
SHA512d3ececf6ab9925261a2d17e78f841438cb5770b8c36f9226c26b837ee5f01027f50065f6205ca73dd62bb867a053cd154cd54a9bec1cea7634aef3dc90a41e85
-
C:\Ross-Tech\VCDS-DRV\Drivers\20814\RT-USB64.catFilesize
8KB
MD51a4af092e38acf8cfe33b543f2be7e2e
SHA1f8c088a4d0c5ece97a3bee5c738b9457431f525b
SHA256d168290cee6c7966003f5c93d753cd6aeb9eee0af650b8754787ebb2e0f52392
SHA512866f0ec51aafa28dab09084a002b5ad6517279cf5940e42d441a12cc4af3597a660399b2b8469b2fb9f687ef5361e234b8ecbbd029d602a3f8cc69bab7b17645
-
C:\Ross-Tech\VCDS-DRV\Drivers\20814\RT-USB64.infFilesize
2KB
MD5e26f9b5a04ee745b68fd66d1907ce57e
SHA11d8362a73835baf17864b726377a794c69668d00
SHA256edaec2f3966e8446535be0c04770ffed2c4c0cf4e3e3655e9be33de921ea3ae2
SHA512871b92cfbfe695f647e61ae7fee4590479d6714ea775ade09dc7fc9ac2e11fbdc47fbdc9a3052b1976da0206f83a45c0ab95e79003236daed2ae3bf571b4912f
-
C:\Ross-Tech\VCDS-DRV\Drivers\20817\RT-USB64.catFilesize
8KB
MD5e1bee2d58b63547915c4e8f5cc4bf6bb
SHA144c70af2487d06e17a421fa0ef7fc186c537637c
SHA256cce324b1b5ff506c32c9a269513fb10cb16c2cdcdcb83512ff7f0cdc1cc6e65a
SHA5126a8355fc8b5a3aabf38e488c7f7bc784f4791b0bbc1f2ba8638b24193c66cdca98314a4a25410d54270682326c24bd83216c8177fa375d74bbc9af9d681a0ecb
-
C:\Ross-Tech\VCDS-DRV\Drivers\20817\RT-USB64.infFilesize
2KB
MD5c1c5724c7b7fd02d9ed6c8cbec7e5bc7
SHA11971775d7c639e4623ca02f743182fb91197b81c
SHA25633964a1ca17e0b63b19611161ba4cb21fa32250efec9992d50e789fcbd3e0428
SHA512ef45aeb5d08244c1a8d65e9e77194f826b6d633218a78421edeabc31126bf2d242e37e3434dec48deb2754de327a0719e45ed509e4edd0fc989bcaaab112cfe8
-
C:\Ross-Tech\VCDS-DRV\LCode.exeFilesize
695KB
MD5dbc72d45b55dea34ac6761075898446e
SHA1d193fd49278484a6d6ae113ad16e5e25a2ff367b
SHA25602884f2779158bb37d67ab6a304c15fa8124d2bd3dcfd6e025b2343563288da6
SHA512604c6159704538c423d1fa4d74762ee18179f331b46f9008f3314011cd28e68c6f0ffe57a800770bc31709c9ef00219d7d114059202ee6b7049d9689f1291033
-
C:\Ross-Tech\VCDS-DRV\Labels\4G0-907-637.clbFilesize
40B
MD5807642c966d7a43b5dcac6f5848c2787
SHA14e3349ff3b32c3de030106e44f4a89f36cf3192e
SHA2564a6ccff9d4c3d6e8bd8f1b366ebb0cb0365b7b4c48de79bfafdba0221c92bb87
SHA512660a00659ee972b7df96f8edfa02d1426030acb28d9af51583df1af718350bb94bb5acac099dcbb9433b8e3e2750e07b25976f382e8516a609a61d09c4cee8d6
-
C:\Ross-Tech\VCDS-DRV\Labels\8K0-907-163.clbFilesize
288B
MD5694ce3507a249fbf0e73be16e69ec2aa
SHA1583edc6dac97b0b93bbdee4cfc851116ea25a6a2
SHA256ebd90621d530ce3fb360610e3d27a4b4efe495a3c953a7ab1f339c1d75646ed4
SHA51219f595e3443d056646702a52eab0883fd5f24583e30272d4bfbe5da642682ccb13214a6d081765a520633d9a217a024f3f725c255f4ff4d6c63e2a7bc08edef4
-
C:\Ross-Tech\VCDS-DRV\Labels\8P0-959-655-10.clbFilesize
408B
MD5ab77c685cc1b49eb3d45737aae68e374
SHA1e87dea8d1c9ae9618744cf122bb45996852dc91b
SHA2567bd701f4736e98afd3843c4956dd832f8504a5627b68e86f2c4c56dd051fa3db
SHA5123ae4962dd4c5f4e82a9502f9f14694599b7e3bc395dd9c9a7531fbeb1d9f9b4fb3784dbb35da11963fe3a732a7171a23c6fd5e12aafd58dcab86b1cdf353b21c
-
C:\Ross-Tech\VCDS-DRV\VCDS.exeFilesize
2.3MB
MD59644e0c548de043263196f7c8b05443e
SHA12373d58368d2e35986a1ee9d2e69c532c2e5dbda
SHA256b26ec38e4d15bb45a1b523840dd463f69c84e37489af1d949a79374c4d96089f
SHA512fd1f5494324a7682690fb687516a107ba42e6a74ba516c1b6e2984db642486933eff73ad49c89e09cacc57266f7ad8a249806097d485ec159f64483ed730f786
-
C:\Ross-Tech\VCDS-DRV\VCScope.exeFilesize
317KB
MD5d2862bb1e1b2b59359b4686d1b6b0e37
SHA13d901e2f8922f66b602f2852bb28a7df66f2819e
SHA2561c231893c417d3cede750d4abe3a5ded8486ac9b8e0c6ea1438e5e8c5e043a8b
SHA512d2aed194bd4e164225b1de323a7f07400f0877ddda1bfb75b415e4879f6b392cbb4288bcbd52fce198c21d37affcdfccd0612e5b09fdd5f6e42496c140d420bb
-
C:\Ross-Tech\VCDS-DRV\epgclient.exeFilesize
626KB
MD5b03def509626a10636fef2891036ae5d
SHA1455b9de6c4aff3251db89f72db0755be92093c84
SHA256b2f11bd8e5246086a4b6aed7441f759194b40ebfdb55a523a51c377ff2119fd3
SHA5123d751725583e7c8c75aff28b0e4613d511a330f928e5362094180760c5f4118d3bcc35e7e9a69c9699a57a1c2478690846d3524b3482b35049a8f567aa104cf7
-
C:\Users\Admin\AppData\Local\Temp\Cab9C8F.tmpFilesize
67KB
MD5753df6889fd7410a2e9fe333da83a429
SHA13c425f16e8267186061dd48ac1c77c122962456e
SHA256b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA5129d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444
-
C:\Users\Admin\AppData\Local\Temp\VCDSAnleitung.pdfFilesize
582KB
MD5510b8e1b7d15f6f4ed84f57d12d1663a
SHA1e88fc31a03a176aa89eab906fde162eb6536441f
SHA2566207b8532f4074bca8cb08e7aca5503028b41c1deffe57540a7f6cda3a8e16fa
SHA512a1c63e3a644d6264fcfe25e9eac546a67256a7e1fab0eac44629764c5a68d96c8916a259637b61e1d349ad0ab1ff49cb706d42540cde920246e2b363b5f0756c
-
C:\Users\Admin\AppData\Local\Temp\nsi3D9E.tmp\nsExec.dllFilesize
6KB
MD5ec62e1a8d16d8f1b0eb792aa26e5de5c
SHA1faa219618aec99cffb81c312728dc56c1fdc5798
SHA256193d396fc7be5fed9d585de3c43e23d640c1dce725499f0274b3898c248545aa
SHA512cb3f3458cf734ab7b964ed25cac87ff2938292eed9caae1305b2e5975bde885f4d8b06d05d4099ef614982cd55d97e9ddc0f13bbe2cdd9fb642d008788ed3017
-
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEventsFilesize
3KB
MD5c3cae048fc289332436d2fac1e94339f
SHA150d0b239ece41ecaf74c6c20a5d309ee623d60d2
SHA256a902c1243cf937ae95b4266f2cfebc289de19f9e9543424cc5d8314287fb2958
SHA51221873cb446719a11ed3f38116adb66c956020495abd0346af3a004bbdc5743ccd17d543bb21f344fc5020c43dfe7001c8090bdc55da952d1a361030b2fd0f066
-
C:\Windows\DPINST.LOGFilesize
4KB
MD51fbfa6c13c44f2eda71ce361df8130b3
SHA10c2327bf10810f994501d4df203fb7cb163a4c15
SHA256f311a714399d1b40c979b39af8d33b438160307908d08392e1ac2f686db8941c
SHA512eb288c593fbab672dfd8daf884c4dd84d71167c4fb21b99b2ce9c190a520bb35c37e4295101d2e456f93af337b61ed59ff8e65706bad6ba835cb12509c2f1234
-
C:\Windows\DPINST.LOGFilesize
9KB
MD5d748618323b4c045270ce91883b5665e
SHA152ecd96952ce8388854bce3d999ba99044ca547a
SHA2560b8ea0e28d32677cff277ab9a423dce4f6fa11de1f36575dd513c0cc4302770d
SHA5121594fd7c5773165a44289936da0febee3679bff682db285899710ff30ca3371481095dd8cfac1e5ab508718cfd063babacd497d8d257fd628c504ef2023d5f61
-
C:\Windows\DPINST.LOGFilesize
14KB
MD564cbf32830408d0e61b6bea94a023441
SHA19c0c3cd2c2262d04cf7fc190b474a434d5a8532d
SHA2568d2cdf24388fd4de66ffda7406a202ee30758024f618574c97479b1c109c2402
SHA512ddfffa2b5aaf4aa646844ee6c878983a02b90a716a61f6ba6292576fc144b8559fd7ebdda431a47f39726483a54b7ea186f0878d2b9ba47b7bfb29523515c699
-
C:\Windows\DPINST.LOGFilesize
15KB
MD597a7e74567353713a60350130859e9ad
SHA1ac82c6a8c1575806d743799433a9d4f9364a471a
SHA25632193f8e49242432c9ffc70705df1b0c3c77acc0d57a9ca9829ee3287b573865
SHA51237e7ccd1b8a90ec2536f3f91d4e500b21c8a9c71f540bab5b09298209860376b9a23aefc6a0a3bacb77d517f2425ddb4bccfc9c81abe3d9dada4d10a60203edc
-
C:\Windows\Temp\Cab9B38.tmpFilesize
29KB
MD5d59a6b36c5a94916241a3ead50222b6f
SHA1e274e9486d318c383bc4b9812844ba56f0cff3c6
SHA256a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53
SHA51217012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489
-
C:\Windows\Temp\Tar9B5A.tmpFilesize
81KB
MD5b13f51572f55a2d31ed9f266d581e9ea
SHA17eef3111b878e159e520f34410ad87adecf0ca92
SHA256725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15
SHA512f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c
-
\??\PIPE\lsarpcMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\c:\ROSS-T~1\vcds-drv\RT-USB.DLLFilesize
217KB
MD59df64e7edb3b70410d80008c916a9322
SHA148d19590e571f078f3a28564937d3f68ed09be21
SHA2565a42313f5b7e4380e1a7b0fb8d1abc97f9321ce383c2cade85199892c550a9eb
SHA512614e034648753860fe5a6b68e3d29533c965967fb94bb9b266dba3df77b24bfe133844baa75c6b135888159250eac36f741053905ce03ab15d682df4fb775a5f
-
\??\c:\ROSS-T~1\vcds-drv\RT-USB64.SYSFilesize
94KB
MD52d16360308c99fcbc0b97d7930d1b4e0
SHA1b1730716630a0c68517e3481e7fbf0d28f88d0ee
SHA256e252f42a7d93c774813e2de8a17c29a74f1901a223ddb925423cb64d31e197dd
SHA512f20d0ca0f339af264f68301a2f77e5d959343afe8c31793edd190e25016cd616ffeff7f10e824b5f287b32a9b4c48d301b16bd34e8c3217ece3ac4286ea5e4f3
-
\??\c:\ross-tech\vcds-drv\RT-USB64.catFilesize
10KB
MD5a43f337f78211c8da106a37f45fb099d
SHA1297ec5c3063999140699b144ccf03ded2050b576
SHA2561c88f69cd770b02f037a74fcb531c8e4547b7725ba98aae4e563ca4e0a17582c
SHA5122f20a35eccfc746ad82a9135f87c87845788bf4032d1347a946cfc98424192a3431d844837c6a54c9a283cb6db11ecb20d37e33d2828a9f4c53d1e9438380138
-
\??\c:\ross-tech\vcds-drv\rt-usb64.infFilesize
2KB
MD57c6231227d356aed4ecaa06b4da9322d
SHA188b02c4bd09aa7910c55c4e74be8f036244b5cf9
SHA256b31276e1af141846c2bc9be0f9ea64b7dcc67f8dc169cee775de4707d80ede63
SHA5128440898bd3eb2c916c06cb5ab8e205d3b4a5896e8bf0429085459ebe353e1a9f7969afb09ee434d1ccc8c321e9d1b16e887d45a98b012159d8dfd7c1a7c29ca3
-
\Ross-Tech\VCDS-DRV\dpinst.exeFilesize
1023KB
MD5b368feace16f83eec0565afa8462eef9
SHA1f6a3c3f91df6b88441b711b8017dc7b8165d60cc
SHA2569abb993585a69136576dae7eea8745bb30c8440aa333e0b81c0ec77695307473
SHA51284c484ecd49e13007b71f2908b7aa8799785c22bda04ce4dae826a8f9f00e24c4dd0fc261ad8bf4bb6538000ed424c828bf5322efc1101e24466871378681a97
-
\Users\Admin\AppData\Local\Temp\nsi3D9E.tmp\StdUtils.dllFilesize
26KB
MD5c291f96471927e7bc49398b0de7168dd
SHA1eda478005d69ee86126a8378de5007b139e20a5d
SHA256c169393e49723cfdcdcbcf80e062be9e841539f90e4b7b85b482212715a1f7c6
SHA512b4244615e99617d437d3120f201ca88c7ab4a6b4b84e7f0c3b4495a0fe8c979e04feaa08f11ad14fa92f002a3a521422221132ff54a081ef1c6bcbdf09d5929d
-
\Users\Admin\AppData\Local\Temp\nsi3D9E.tmp\System.dllFilesize
11KB
MD5ca332bb753b0775d5e806e236ddcec55
SHA1f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f
SHA256df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d
SHA5122de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00
-
\Users\Admin\AppData\Local\Temp\nsi3D9E.tmp\newadvsplash.dllFilesize
8KB
MD555a723e125afbc9b3a41d46f41749068
SHA101618b26fec6b8c6bdb866e6e4d0f7a0529fe97c
SHA2560a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06
SHA512559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c
-
\Users\Admin\AppData\Local\Temp\nsi3D9E.tmp\nsDialogs.dllFilesize
9KB
MD5904d8313031ac05e2bac3dd329828833
SHA16c8322f76e5c38bc24b0bcc057a510c92ec40b43
SHA256a7c5516478ab02b5d6c1684b3c2b31ee03331712bcd9f9a8ef8309d2b72c8ec4
SHA5129d524ebc965f224e1a16f537f71df0963c586fd548cb9a901f8afb1951416dd656d5493cc5e304157dfa6d70d69bcd4c5a5b140fceb3736548e71fe7086b6de8
-
memory/292-12060-0x00000000003A0000-0x00000000003B0000-memory.dmpFilesize
64KB
-
memory/292-12059-0x00000000003A0000-0x00000000003B0000-memory.dmpFilesize
64KB
-
memory/292-12031-0x00000000003A0000-0x00000000003B0000-memory.dmpFilesize
64KB
-
memory/292-11995-0x0000000000390000-0x00000000003A0000-memory.dmpFilesize
64KB
-
memory/2536-8705-0x0000000074370000-0x0000000074A5E000-memory.dmpFilesize
6.9MB
-
memory/2536-11703-0x0000000004E30000-0x0000000004E70000-memory.dmpFilesize
256KB
-
memory/2536-8115-0x00000000013D0000-0x000000000140C000-memory.dmpFilesize
240KB
-
memory/2536-8116-0x0000000074370000-0x0000000074A5E000-memory.dmpFilesize
6.9MB
-
memory/2536-8117-0x0000000004E30000-0x0000000004E70000-memory.dmpFilesize
256KB
-
memory/2536-11493-0x0000000004E30000-0x0000000004E70000-memory.dmpFilesize
256KB
-
memory/3900-8935-0x0000000004BD0000-0x0000000004C10000-memory.dmpFilesize
256KB
-
memory/3900-11536-0x0000000074370000-0x0000000074A5E000-memory.dmpFilesize
6.9MB
-
memory/3900-8919-0x0000000074370000-0x0000000074A5E000-memory.dmpFilesize
6.9MB
-
memory/4444-11353-0x0000000074370000-0x0000000074A5E000-memory.dmpFilesize
6.9MB
-
memory/4444-8771-0x00000000005F0000-0x0000000000630000-memory.dmpFilesize
256KB
-
memory/4444-8770-0x0000000074370000-0x0000000074A5E000-memory.dmpFilesize
6.9MB
-
memory/4444-11498-0x00000000005F0000-0x0000000000630000-memory.dmpFilesize
256KB
-
memory/4444-11521-0x00000000005F0000-0x0000000000630000-memory.dmpFilesize
256KB
-
memory/4444-11704-0x00000000005F0000-0x0000000000630000-memory.dmpFilesize
256KB
-
memory/4724-8706-0x0000000001CC0000-0x0000000001CC1000-memory.dmpFilesize
4KB