Analysis Overview
SHA256
7cfda9c85aa991f213002727657e7b2baf32f78a930bf2e52aa0fb289fee8cd5
Threat Level: Known bad
The file PacketTracer-7.3.1-win64-setup.exe was found to be: Known bad.
Malicious Activity Summary
BazarBackdoor
Bazar/Team9 Backdoor payload
Executes dropped EXE
Loads dropped DLL
Checks installed software on the system
Drops file in Program Files directory
Enumerates physical storage devices
Modifies registry class
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-01-09 19:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-01-09 19:14
Reported
2023-01-09 19:18
Platform
win7-20220812-es
Max time kernel
153s
Max time network
132s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| N/A | N/A | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe | N/A |
Loads dropped DLL
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\IoE\Sensors\is-5N4AA.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\is-S8NOI.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-V8ORV.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-GNMUB.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\temperature_sensor.pkt | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\is-6PL2U.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\Devices\is-OIMSQ.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\extensions\scriptTemplates\is-22I0E.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-RGJ36.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\qtwebengine_locales\is-QK2IM.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\HTML\is-98IS3.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\Simulation\is-5EDP3.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\Workspace\Logical\is-LUGKD.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\is-6NUD2.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\is-3C87O.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\IoE\SmartDevices\is-5OT7D.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-9NC8K.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\IoE\SmartDevices\is-5RAHS.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-V5UEI.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\Router\CBAC\is-2LI6C.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\Background\is-RASQ2.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\ComponentBox\is-9ADFR.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\is-5FB0Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\is-AEC9B.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\Cisco Application Management\is-58E0E.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\rfid_reader.pkt | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\big\is-SVE0D.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\sounds\is-K383U.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\DrawingTools\is-4C4QE.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\Misc\is-EMBT0.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\Cables\is-19P8I.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\Toolbar\is-7MC37.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\Toolbar\is-SR6VF.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\is-PR17K.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-RK1K5.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\WLC\is-JTUQJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\Devices\is-P4NTP.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\Toolbar\is-I32NM.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-R4U7D.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-FVK5M.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\Programming\MQTT\src\broker\jquery.min.js | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-OLIP5.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-6P8JS.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-FTL0H.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\HomeRouter\is-RO8C0.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\is-BQSLT.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\qtwebengine_locales\is-PHUPT.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\is-MEPGO.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\html\wlc3504\is-4Q39P.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\is-KB0HU.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\Router\OSPF\is-GERNL.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\Background\is-Q9AAB.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\is-3K7K0.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-4OG6P.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\big\is-LN4ED.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\is-ORHSG.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\html\meraki_server\is-BTV92.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\Devices\is-E375S.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-OBBN2.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\big\is-HJQ0S.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\ComponentBox\is-GSERM.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File created | C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\is-E3PQK.tmp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\iot\basic_io.pkt | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| File opened for modification | C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\lawn_sprinkler.pkt | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\shell\open | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\shell\open | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 7.3.1\\art\\pkz.ico" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 7.3.1\\bin\\PacketTracer7.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pka\ = "PacketTracer7.Activity" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7 | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\shell | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 7.3.1\\bin\\PacketTracer7.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\ = "Cisco Packet Tracer" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 7.3.1\\bin\\PacketTracer7.exe\" \"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\shell\open\command | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\shell | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pkt\ = "PacketTracer7" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pkz\ = "PacketTracer7.PKZ" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\shell | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 7.3.1\\art\\pka.ico" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\URL Protocol | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pkt | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 7.3.1\\art\\pkt.ico" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\shell\open | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pttp | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\ = "URL:pttp" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 7.3.1\\bin\\PacketTracer7.exe\" -uri=\"%1\"" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pkz | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\ = "Cisco Packet Tracer" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\ = "Cisco Packet Tracer" | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\.pka | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe
"C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp" /SL5="$70022,152037146,121344,C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe"
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
"C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe"
Network
Files
memory/1668-54-0x0000000076CE1000-0x0000000076CE3000-memory.dmp
memory/1668-55-0x0000000000400000-0x0000000000428000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
| MD5 | 90fc739c83cd19766acb562c66a7d0e2 |
| SHA1 | 451f385a53d5fed15e7649e7891e05f231ef549a |
| SHA256 | 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431 |
| SHA512 | 4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c |
memory/1100-59-0x0000000000000000-mapping.dmp
memory/1668-58-0x0000000000400000-0x0000000000428000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
| MD5 | 90fc739c83cd19766acb562c66a7d0e2 |
| SHA1 | 451f385a53d5fed15e7649e7891e05f231ef549a |
| SHA256 | 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431 |
| SHA512 | 4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c |
memory/1668-62-0x0000000000400000-0x0000000000428000-memory.dmp
memory/1100-63-0x0000000074FE1000-0x0000000074FE3000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
| MD5 | 90fc739c83cd19766acb562c66a7d0e2 |
| SHA1 | 451f385a53d5fed15e7649e7891e05f231ef549a |
| SHA256 | 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431 |
| SHA512 | 4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c |
\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
| MD5 | 17e77e5d864711f77622a41ac25e7be4 |
| SHA1 | 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a |
| SHA256 | 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5 |
| SHA512 | 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd |
\Program Files\Cisco Packet Tracer 7.3.1\bin\linguist.exe
| MD5 | c22c8653822646baa97cdd24a6351654 |
| SHA1 | 9e79bd3b87f616e5e00969b4cf44ecaf8ba6d8c9 |
| SHA256 | e2cb3a3f6fd9d70e72fe5106eda3350b9dc7dcd8ce5fff0214ccbe53dccddc3f |
| SHA512 | 1ac0b943d0937a047c54e579bd8b1a3cb1a533f2e1f3d35dd8c037f34d9baa2834f1815b8b7c9f3486350032278dadc9316495b5a4c7958d86c8d862f14eec81 |
\Program Files\Cisco Packet Tracer 7.3.1\unins000.exe
| MD5 | 3ae4fff1b7eeb731f21d4d36eb79dbbd |
| SHA1 | 7c53d780b82aef996a82def7c480fea7b30de171 |
| SHA256 | a37974e915e6d9c268948c6e88acc1f5aefda14c8cb7bcde8d5ab1ee94aef6bd |
| SHA512 | ac462ec118607c2606693fda3d7d64a9bdabaed5811ea4554fe439eaf0a77dd529a4a9b1ede47cb921b3519e3937f8b87b8c37ef57546ecea778f5d661c1362b |
\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
| MD5 | 17e77e5d864711f77622a41ac25e7be4 |
| SHA1 | 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a |
| SHA256 | 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5 |
| SHA512 | 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd |
\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
| MD5 | 17e77e5d864711f77622a41ac25e7be4 |
| SHA1 | 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a |
| SHA256 | 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5 |
| SHA512 | 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd |
\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
| MD5 | 17e77e5d864711f77622a41ac25e7be4 |
| SHA1 | 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a |
| SHA256 | 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5 |
| SHA512 | 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd |
\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
| MD5 | 17e77e5d864711f77622a41ac25e7be4 |
| SHA1 | 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a |
| SHA256 | 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5 |
| SHA512 | 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd |
\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
| MD5 | 17e77e5d864711f77622a41ac25e7be4 |
| SHA1 | 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a |
| SHA256 | 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5 |
| SHA512 | 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd |
memory/1908-73-0x0000000000000000-mapping.dmp
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
| MD5 | 17e77e5d864711f77622a41ac25e7be4 |
| SHA1 | 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a |
| SHA256 | 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5 |
| SHA512 | 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Sql.dll
| MD5 | 0300557ec7dd526e2c95b67e85bd9a60 |
| SHA1 | ffc93fbb1a5f4286a1b9727b3a72ba41f75bceb9 |
| SHA256 | f8de6347fdf84f38c5c9144e14e8237330650ec641b955603220c8b512905dcf |
| SHA512 | 4f80d36d0fe44d4184d198a67e09436a6e3c030a917981e8c6b5da4cbfa346bd949b97676822fc244153753a1d580bd76e956b887bee1e2d1fb46933ad891579 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Sql.dll
| MD5 | 0300557ec7dd526e2c95b67e85bd9a60 |
| SHA1 | ffc93fbb1a5f4286a1b9727b3a72ba41f75bceb9 |
| SHA256 | f8de6347fdf84f38c5c9144e14e8237330650ec641b955603220c8b512905dcf |
| SHA512 | 4f80d36d0fe44d4184d198a67e09436a6e3c030a917981e8c6b5da4cbfa346bd949b97676822fc244153753a1d580bd76e956b887bee1e2d1fb46933ad891579 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\msvcp140.dll
| MD5 | 9ff712c25312821b8aec84c4f8782a34 |
| SHA1 | 1a7a250d92a59c3af72a9573cffec2fcfa525f33 |
| SHA256 | 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094 |
| SHA512 | 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\MSVCP140.dll
| MD5 | 9ff712c25312821b8aec84c4f8782a34 |
| SHA1 | 1a7a250d92a59c3af72a9573cffec2fcfa525f33 |
| SHA256 | 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094 |
| SHA512 | 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Core.dll
| MD5 | 1cfcd2d4dfe9bf4f8a6694d3d37c04b0 |
| SHA1 | 46f1b9d1176a9381de22b87b628aa916d45fdaa7 |
| SHA256 | 50c88e0bf2a565aad1e9cc32d23ca88d49f066d925326c89af3d922f99cbff66 |
| SHA512 | 45c634eebd4b569d0b24840f1d932db01d7304d262f41b37ce3db6cb267ceb18744d0a775cb40e58c3d14ddca54599a18a6f2a98bb9e1158a0b09aefb6b5c205 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Core.dll
| MD5 | 1cfcd2d4dfe9bf4f8a6694d3d37c04b0 |
| SHA1 | 46f1b9d1176a9381de22b87b628aa916d45fdaa7 |
| SHA256 | 50c88e0bf2a565aad1e9cc32d23ca88d49f066d925326c89af3d922f99cbff66 |
| SHA512 | 45c634eebd4b569d0b24840f1d932db01d7304d262f41b37ce3db6cb267ceb18744d0a775cb40e58c3d14ddca54599a18a6f2a98bb9e1158a0b09aefb6b5c205 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\VCRUNTIME140.dll
| MD5 | edf9d5c18111d82cf10ec99f6afa6b47 |
| SHA1 | d247f5b9d4d3061e3d421e0e623595aa40d9493c |
| SHA256 | d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb |
| SHA512 | bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\ucrtbase.DLL
| MD5 | d4b22fb86c88c071335fe2fb623e40ce |
| SHA1 | cc722eb1098b3a630a990dbceb62e3338b064110 |
| SHA256 | 2195fef9bd0a01d6b10a2ab77ff4f5bbca01d65d5f6590befc98d80102372605 |
| SHA512 | 369fb5d80535cb1f8d46512234d7777754648aeab6a3ff1536edc64ca0097a8e8eaa7c68feeabf756de474706f0c7c896b14c4c39cbd5916ad9258f2ed3fcdf1 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | a3f630a32d715214d6c46f7c87761213 |
| SHA1 | 1078c77010065c933a7394d10da93bfb81be2a95 |
| SHA256 | d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562 |
| SHA512 | 920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc |
\Program Files\Cisco Packet Tracer 7.3.1\bin\ucrtbase.dll
| MD5 | d4b22fb86c88c071335fe2fb623e40ce |
| SHA1 | cc722eb1098b3a630a990dbceb62e3338b064110 |
| SHA256 | 2195fef9bd0a01d6b10a2ab77ff4f5bbca01d65d5f6590befc98d80102372605 |
| SHA512 | 369fb5d80535cb1f8d46512234d7777754648aeab6a3ff1536edc64ca0097a8e8eaa7c68feeabf756de474706f0c7c896b14c4c39cbd5916ad9258f2ed3fcdf1 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-synch-l1-2-0.dll
| MD5 | a639c64c03544491cd196f1ba08ae6e0 |
| SHA1 | 3ee08712c85aab71cfbdb43dbef06833daa36ab2 |
| SHA256 | a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60 |
| SHA512 | c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 769bf2930e7b0ce2e3fb2cbc6630ba2e |
| SHA1 | b9df24d2d37ca8b52ca7eb5c6de414cb3159488a |
| SHA256 | d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a |
| SHA512 | 9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 769bf2930e7b0ce2e3fb2cbc6630ba2e |
| SHA1 | b9df24d2d37ca8b52ca7eb5c6de414cb3159488a |
| SHA256 | d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a |
| SHA512 | 9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-file-l2-1-0.dll
| MD5 | 8fd05f79565c563a50f23b960f4d77a6 |
| SHA1 | 98e5e665ef4a3dd6f149733b180c970c60932538 |
| SHA256 | 3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73 |
| SHA512 | 587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-file-l2-1-0.dll
| MD5 | 8fd05f79565c563a50f23b960f4d77a6 |
| SHA1 | 98e5e665ef4a3dd6f149733b180c970c60932538 |
| SHA256 | 3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73 |
| SHA512 | 587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 6f9f9d52087ae4d8d180954b9d42778b |
| SHA1 | 67419967a40cc82a0ca4151589677de8226f9693 |
| SHA256 | ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0 |
| SHA512 | 22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 77c5cc86b89eed37610b80f24e88dcc2 |
| SHA1 | d2142ecce3432b545fedc8005cc1bf08065c3119 |
| SHA256 | 3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6 |
| SHA512 | 81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67 |
memory/1668-121-0x0000000000400000-0x0000000000428000-memory.dmp
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | cb4a19b88bec5a8806b419cf7c828018 |
| SHA1 | 2bc264e0eccb1a9d821bca82b5a5c58dc2464c5d |
| SHA256 | 97e4c91103c186517fa248772b9204acf08fde05557a19efe28d11fb0932b1f7 |
| SHA512 | 381edd45ecd5d2bdefd1e3ad0c8465a32620dfa9b97717cadb6a584c9528fed0d599d5a4889962f04908ca4e2b7b4497f0e69d8481ee5f34ea5d9106d99760c3 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | cb4a19b88bec5a8806b419cf7c828018 |
| SHA1 | 2bc264e0eccb1a9d821bca82b5a5c58dc2464c5d |
| SHA256 | 97e4c91103c186517fa248772b9204acf08fde05557a19efe28d11fb0932b1f7 |
| SHA512 | 381edd45ecd5d2bdefd1e3ad0c8465a32620dfa9b97717cadb6a584c9528fed0d599d5a4889962f04908ca4e2b7b4497f0e69d8481ee5f34ea5d9106d99760c3 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | c7c4a49c6ee6b1272ade4f06db2fa880 |
| SHA1 | b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e |
| SHA256 | 37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f |
| SHA512 | 62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff |
memory/1908-128-0x000007FEF6160000-0x000007FEF66B5000-memory.dmp
\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Network.dll
| MD5 | 68f2c3bfcac0bbc21773d1cd749159a3 |
| SHA1 | 3f8ba6b0c5d3e8e1a7a37618217b9a6afa080f6e |
| SHA256 | 02865da508a8562dfcbd843ce351420e71936a78deee6e6991bb6cd5784647e1 |
| SHA512 | fb741c47abd9345083ec3fc41024f72423cf1adfee84860615414df31b85b43876b53ab27a0e0532b8ddf13f0cc02dbb3aa0f4cc4cbce4c5ff8d0f510359754a |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Network.dll
| MD5 | 68f2c3bfcac0bbc21773d1cd749159a3 |
| SHA1 | 3f8ba6b0c5d3e8e1a7a37618217b9a6afa080f6e |
| SHA256 | 02865da508a8562dfcbd843ce351420e71936a78deee6e6991bb6cd5784647e1 |
| SHA512 | fb741c47abd9345083ec3fc41024f72423cf1adfee84860615414df31b85b43876b53ab27a0e0532b8ddf13f0cc02dbb3aa0f4cc4cbce4c5ff8d0f510359754a |
\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Multimedia.dll
| MD5 | c69827b07a794c82538cd5b1bcfd4ee9 |
| SHA1 | e76131fc4735ebc2cb09c1e04c5539fe099248db |
| SHA256 | 1923479c2dba006e12e83eec24d8a7dfc75a0a853c3dfe670d38e4eaeb26fc66 |
| SHA512 | 7d80768cfebdf87247656d26734cc1ebe28786f3dfbde6019dd059693b5f052573c8c334e13f8d349508fadcbb5951330e814a80a9557502a018419521fbde9c |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Multimedia.dll
| MD5 | c69827b07a794c82538cd5b1bcfd4ee9 |
| SHA1 | e76131fc4735ebc2cb09c1e04c5539fe099248db |
| SHA256 | 1923479c2dba006e12e83eec24d8a7dfc75a0a853c3dfe670d38e4eaeb26fc66 |
| SHA512 | 7d80768cfebdf87247656d26734cc1ebe28786f3dfbde6019dd059693b5f052573c8c334e13f8d349508fadcbb5951330e814a80a9557502a018419521fbde9c |
\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Gui.dll
| MD5 | 77c6605ec059ae252af4bd5764725d3d |
| SHA1 | 7ad20774fc8b90861ef582a93f4004933252bc3f |
| SHA256 | 658dadda65b40d5bb295f3496b2aeca35c6a80b9a06dde1755ba981399877cea |
| SHA512 | fa9f38fc1e9c7b27539aaa470da952f1370ea82c7683a79ca40d1ebb5a79982869318a14414c0510b4e3685a1e3eead83b10c7dcd9efe064ad6b9b465ebe37a7 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Gui.dll
| MD5 | 77c6605ec059ae252af4bd5764725d3d |
| SHA1 | 7ad20774fc8b90861ef582a93f4004933252bc3f |
| SHA256 | 658dadda65b40d5bb295f3496b2aeca35c6a80b9a06dde1755ba981399877cea |
| SHA512 | fa9f38fc1e9c7b27539aaa470da952f1370ea82c7683a79ca40d1ebb5a79982869318a14414c0510b4e3685a1e3eead83b10c7dcd9efe064ad6b9b465ebe37a7 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | c7c4a49c6ee6b1272ade4f06db2fa880 |
| SHA1 | b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e |
| SHA256 | 37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f |
| SHA512 | 62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | bef17bf1ba00150163a2e1699ff5840a |
| SHA1 | 89145a894b17427f4cb2b4e7e814c92457fd2a75 |
| SHA256 | 48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328 |
| SHA512 | 489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | bef17bf1ba00150163a2e1699ff5840a |
| SHA1 | 89145a894b17427f4cb2b4e7e814c92457fd2a75 |
| SHA256 | 48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328 |
| SHA512 | 489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-time-l1-1-0.dll
| MD5 | a992f1e06c3c32ffe9799d4750af070a |
| SHA1 | 97ffd536d048720010133c3d79b6deed7fc82e58 |
| SHA256 | b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f |
| SHA512 | 50bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-time-l1-1-0.dll
| MD5 | a992f1e06c3c32ffe9799d4750af070a |
| SHA1 | 97ffd536d048720010133c3d79b6deed7fc82e58 |
| SHA256 | b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f |
| SHA512 | 50bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 4394dafed734dfe937cf6edbbb4b2f75 |
| SHA1 | 06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a |
| SHA256 | 35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345 |
| SHA512 | 33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 4394dafed734dfe937cf6edbbb4b2f75 |
| SHA1 | 06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a |
| SHA256 | 35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345 |
| SHA512 | 33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 77c5cc86b89eed37610b80f24e88dcc2 |
| SHA1 | d2142ecce3432b545fedc8005cc1bf08065c3119 |
| SHA256 | 3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6 |
| SHA512 | 81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 2c8e5e31e996e2c0664f4a945cece991 |
| SHA1 | 8522c378bdd189ce03a89199dd73ed0834b2fa95 |
| SHA256 | 1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979 |
| SHA512 | 14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 2c8e5e31e996e2c0664f4a945cece991 |
| SHA1 | 8522c378bdd189ce03a89199dd73ed0834b2fa95 |
| SHA256 | 1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979 |
| SHA512 | 14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | ebac9545734cc1bec37c1c32ffaff7d8 |
| SHA1 | 2b716ce57f0af28d1223f4794cc8696d49ae2f29 |
| SHA256 | d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26 |
| SHA512 | 0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | ebac9545734cc1bec37c1c32ffaff7d8 |
| SHA1 | 2b716ce57f0af28d1223f4794cc8696d49ae2f29 |
| SHA256 | d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26 |
| SHA512 | 0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | c99c9eea4f83a985daf48eed9f79531b |
| SHA1 | 56486407c84beecadb88858d69300035e693d9a6 |
| SHA256 | 7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5 |
| SHA512 | 78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | c99c9eea4f83a985daf48eed9f79531b |
| SHA1 | 56486407c84beecadb88858d69300035e693d9a6 |
| SHA256 | 7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5 |
| SHA512 | 78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | fbfcf220f1bf1051e82a40f349d4beae |
| SHA1 | 43154ea6705ab1c34207b66a0a544ac211c1f37d |
| SHA256 | 9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d |
| SHA512 | e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | fbfcf220f1bf1051e82a40f349d4beae |
| SHA1 | 43154ea6705ab1c34207b66a0a544ac211c1f37d |
| SHA256 | 9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d |
| SHA512 | e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-string-l1-1-0.dll
| MD5 | d3d72d7f4c048d46d81a34e4186600b4 |
| SHA1 | cdcad0a3df99f9aee0f49c549758ee386a3d915f |
| SHA256 | fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116 |
| SHA512 | 6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-string-l1-1-0.dll
| MD5 | d3d72d7f4c048d46d81a34e4186600b4 |
| SHA1 | cdcad0a3df99f9aee0f49c549758ee386a3d915f |
| SHA256 | fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116 |
| SHA512 | 6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-file-l1-2-0.dll
| MD5 | 7041205ea1a1d9ba68c70333086e6b48 |
| SHA1 | 5034155f7ec4f91e882eae61fd3481b5a1c62eb0 |
| SHA256 | eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d |
| SHA512 | aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-file-l1-2-0.dll
| MD5 | 7041205ea1a1d9ba68c70333086e6b48 |
| SHA1 | 5034155f7ec4f91e882eae61fd3481b5a1c62eb0 |
| SHA256 | eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d |
| SHA512 | aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1 |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 6486e2f519a80511ac3de235487bee79 |
| SHA1 | b43fd61e62d98eea74cf8eb54ca16c8f8e10c906 |
| SHA256 | 24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667 |
| SHA512 | 02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 6486e2f519a80511ac3de235487bee79 |
| SHA1 | b43fd61e62d98eea74cf8eb54ca16c8f8e10c906 |
| SHA256 | 24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667 |
| SHA512 | 02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c |
\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-synch-l1-2-0.dll
| MD5 | a639c64c03544491cd196f1ba08ae6e0 |
| SHA1 | 3ee08712c85aab71cfbdb43dbef06833daa36ab2 |
| SHA256 | a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60 |
| SHA512 | c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 6f9f9d52087ae4d8d180954b9d42778b |
| SHA1 | 67419967a40cc82a0ca4151589677de8226f9693 |
| SHA256 | ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0 |
| SHA512 | 22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7 |
C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | a3f630a32d715214d6c46f7c87761213 |
| SHA1 | 1078c77010065c933a7394d10da93bfb81be2a95 |
| SHA256 | d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562 |
| SHA512 | 920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc |
\Program Files\Cisco Packet Tracer 7.3.1\bin\vcruntime140.dll
| MD5 | edf9d5c18111d82cf10ec99f6afa6b47 |
| SHA1 | d247f5b9d4d3061e3d421e0e623595aa40d9493c |
| SHA256 | d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb |
| SHA512 | bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf |
memory/1908-129-0x000007FEF53E0000-0x000007FEF5787000-memory.dmp
memory/1908-130-0x000000013FF80000-0x00000001452C1000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-01-09 19:14
Reported
2023-01-09 19:18
Platform
win10v2004-20221111-es
Max time kernel
91s
Max time network
159s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-8KNA1.tmp\PacketTracer-7.3.1-win64-setup.tmp | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2076 wrote to memory of 540 | N/A | C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe | C:\Users\Admin\AppData\Local\Temp\is-8KNA1.tmp\PacketTracer-7.3.1-win64-setup.tmp |
| PID 2076 wrote to memory of 540 | N/A | C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe | C:\Users\Admin\AppData\Local\Temp\is-8KNA1.tmp\PacketTracer-7.3.1-win64-setup.tmp |
| PID 2076 wrote to memory of 540 | N/A | C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe | C:\Users\Admin\AppData\Local\Temp\is-8KNA1.tmp\PacketTracer-7.3.1-win64-setup.tmp |
Processes
C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe
"C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe"
C:\Users\Admin\AppData\Local\Temp\is-8KNA1.tmp\PacketTracer-7.3.1-win64-setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-8KNA1.tmp\PacketTracer-7.3.1-win64-setup.tmp" /SL5="$90064,152037146,121344,C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 93.184.220.29:80 | tcp | |
| N/A | 20.44.10.123:443 | tcp | |
| N/A | 104.80.225.205:443 | tcp | |
| N/A | 8.8.8.8:53 | 226.101.242.52.in-addr.arpa | udp |
| N/A | 93.184.221.240:80 | tcp | |
| N/A | 93.184.221.240:80 | tcp |
Files
memory/2076-132-0x0000000000400000-0x0000000000428000-memory.dmp
memory/2076-134-0x0000000000400000-0x0000000000428000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-8KNA1.tmp\PacketTracer-7.3.1-win64-setup.tmp
| MD5 | 90fc739c83cd19766acb562c66a7d0e2 |
| SHA1 | 451f385a53d5fed15e7649e7891e05f231ef549a |
| SHA256 | 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431 |
| SHA512 | 4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c |
memory/540-135-0x0000000000000000-mapping.dmp
memory/2076-137-0x0000000000400000-0x0000000000428000-memory.dmp