Malware Analysis Report

2025-01-02 12:08

Sample ID 230109-xx6nbsfd45
Target PacketTracer-7.3.1-win64-setup.exe
SHA256 7cfda9c85aa991f213002727657e7b2baf32f78a930bf2e52aa0fb289fee8cd5
Tags
bazarbackdoor backdoor discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7cfda9c85aa991f213002727657e7b2baf32f78a930bf2e52aa0fb289fee8cd5

Threat Level: Known bad

The file PacketTracer-7.3.1-win64-setup.exe was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor backdoor discovery

BazarBackdoor

Bazar/Team9 Backdoor payload

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Modifies registry class

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-01-09 19:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-09 19:14

Reported

2023-01-09 19:18

Platform

win7-20220812-es

Max time kernel

153s

Max time network

132s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\IoE\Sensors\is-5N4AA.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\bin\is-S8NOI.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-V8ORV.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-GNMUB.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File opened for modification C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\temperature_sensor.pkt C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\is-6PL2U.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\Devices\is-OIMSQ.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\extensions\scriptTemplates\is-22I0E.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-RGJ36.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\qtwebengine_locales\is-QK2IM.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\saves\HTML\is-98IS3.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\Simulation\is-5EDP3.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\Workspace\Logical\is-LUGKD.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\is-6NUD2.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\is-3C87O.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\IoE\SmartDevices\is-5OT7D.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-9NC8K.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\IoE\SmartDevices\is-5RAHS.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-V5UEI.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\saves\Router\CBAC\is-2LI6C.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\Background\is-RASQ2.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\ComponentBox\is-9ADFR.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\is-5FB0Q.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\is-AEC9B.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\saves\Cisco Application Management\is-58E0E.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File opened for modification C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\rfid_reader.pkt C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\big\is-SVE0D.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\sounds\is-K383U.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\DrawingTools\is-4C4QE.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\Misc\is-EMBT0.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\Cables\is-19P8I.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\Toolbar\is-7MC37.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\Toolbar\is-SR6VF.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\is-PR17K.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-RK1K5.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\saves\WLC\is-JTUQJ.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\Devices\is-P4NTP.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\Toolbar\is-I32NM.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-R4U7D.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-FVK5M.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File opened for modification C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\Programming\MQTT\src\broker\jquery.min.js C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-OLIP5.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-6P8JS.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\is-FTL0H.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\saves\HomeRouter\is-RO8C0.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\is-BQSLT.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\qtwebengine_locales\is-PHUPT.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\is-MEPGO.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\html\wlc3504\is-4Q39P.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\is-KB0HU.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\saves\Router\OSPF\is-GERNL.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\Background\is-Q9AAB.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\is-3K7K0.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-4OG6P.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\big\is-LN4ED.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\is-ORHSG.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\html\meraki_server\is-BTV92.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\Devices\is-E375S.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\bin\translations\is-OBBN2.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\help\default\images\physical\big\is-HJQ0S.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\ComponentBox\is-GSERM.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File created C:\Program Files\Cisco Packet Tracer 7.3.1\art\PhysicalView\is-E3PQK.tmp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File opened for modification C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\iot\basic_io.pkt C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
File opened for modification C:\Program Files\Cisco Packet Tracer 7.3.1\saves\IoT\IoT_Devices\lawn_sprinkler.pkt C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\shell\open C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\shell\open C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 7.3.1\\art\\pkz.ico" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 7.3.1\\bin\\PacketTracer7.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pka\ = "PacketTracer7.Activity" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7 C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\shell C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 7.3.1\\bin\\PacketTracer7.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\ = "Cisco Packet Tracer" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 7.3.1\\bin\\PacketTracer7.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\shell\open\command C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\shell C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pkt\ = "PacketTracer7" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.pkz\ = "PacketTracer7.PKZ" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\shell C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 7.3.1\\art\\pka.ico" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\URL Protocol C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pkt C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 7.3.1\\art\\pkt.ico" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\shell\open C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\pttp C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\ = "URL:pttp" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 7.3.1\\bin\\PacketTracer7.exe\" -uri=\"%1\"" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pkz C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\ = "Cisco Packet Tracer" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.PKZ\ = "Cisco Packet Tracer" C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pka C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7\DefaultIcon C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer7.Activity C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1668 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
PID 1668 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
PID 1668 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
PID 1668 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
PID 1668 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
PID 1668 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
PID 1668 wrote to memory of 1100 N/A C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp
PID 1100 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
PID 1100 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
PID 1100 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe
PID 1100 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe

Processes

C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe

"C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp" /SL5="$70022,152037146,121344,C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe"

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe

"C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe"

Network

N/A

Files

memory/1668-54-0x0000000076CE1000-0x0000000076CE3000-memory.dmp

memory/1668-55-0x0000000000400000-0x0000000000428000-memory.dmp

\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp

MD5 90fc739c83cd19766acb562c66a7d0e2
SHA1 451f385a53d5fed15e7649e7891e05f231ef549a
SHA256 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431
SHA512 4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c

memory/1100-59-0x0000000000000000-mapping.dmp

memory/1668-58-0x0000000000400000-0x0000000000428000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp

MD5 90fc739c83cd19766acb562c66a7d0e2
SHA1 451f385a53d5fed15e7649e7891e05f231ef549a
SHA256 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431
SHA512 4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c

memory/1668-62-0x0000000000400000-0x0000000000428000-memory.dmp

memory/1100-63-0x0000000074FE1000-0x0000000074FE3000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-NEH6K.tmp\PacketTracer-7.3.1-win64-setup.tmp

MD5 90fc739c83cd19766acb562c66a7d0e2
SHA1 451f385a53d5fed15e7649e7891e05f231ef549a
SHA256 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431
SHA512 4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c

\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe

MD5 17e77e5d864711f77622a41ac25e7be4
SHA1 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a
SHA256 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5
SHA512 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd

\Program Files\Cisco Packet Tracer 7.3.1\bin\linguist.exe

MD5 c22c8653822646baa97cdd24a6351654
SHA1 9e79bd3b87f616e5e00969b4cf44ecaf8ba6d8c9
SHA256 e2cb3a3f6fd9d70e72fe5106eda3350b9dc7dcd8ce5fff0214ccbe53dccddc3f
SHA512 1ac0b943d0937a047c54e579bd8b1a3cb1a533f2e1f3d35dd8c037f34d9baa2834f1815b8b7c9f3486350032278dadc9316495b5a4c7958d86c8d862f14eec81

\Program Files\Cisco Packet Tracer 7.3.1\unins000.exe

MD5 3ae4fff1b7eeb731f21d4d36eb79dbbd
SHA1 7c53d780b82aef996a82def7c480fea7b30de171
SHA256 a37974e915e6d9c268948c6e88acc1f5aefda14c8cb7bcde8d5ab1ee94aef6bd
SHA512 ac462ec118607c2606693fda3d7d64a9bdabaed5811ea4554fe439eaf0a77dd529a4a9b1ede47cb921b3519e3937f8b87b8c37ef57546ecea778f5d661c1362b

\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe

MD5 17e77e5d864711f77622a41ac25e7be4
SHA1 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a
SHA256 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5
SHA512 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd

\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe

MD5 17e77e5d864711f77622a41ac25e7be4
SHA1 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a
SHA256 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5
SHA512 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd

\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe

MD5 17e77e5d864711f77622a41ac25e7be4
SHA1 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a
SHA256 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5
SHA512 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd

\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe

MD5 17e77e5d864711f77622a41ac25e7be4
SHA1 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a
SHA256 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5
SHA512 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd

\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe

MD5 17e77e5d864711f77622a41ac25e7be4
SHA1 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a
SHA256 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5
SHA512 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd

memory/1908-73-0x0000000000000000-mapping.dmp

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\PacketTracer7.exe

MD5 17e77e5d864711f77622a41ac25e7be4
SHA1 5fc8e696bbc1c7ad6dd61d32149c441134c3cc2a
SHA256 09b0d8806e304e0db152aac2818008737ceb766ef7bfc87c46cbba2a612b17f5
SHA512 6740df9fbedc2045d3d9536a3b8a8592da7d615039505d57383917c6603d323cb73acbf72b1bf0af084a4bf5f0f0b9aa2355c9940af71f058f8b3895826fe7fd

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Sql.dll

MD5 0300557ec7dd526e2c95b67e85bd9a60
SHA1 ffc93fbb1a5f4286a1b9727b3a72ba41f75bceb9
SHA256 f8de6347fdf84f38c5c9144e14e8237330650ec641b955603220c8b512905dcf
SHA512 4f80d36d0fe44d4184d198a67e09436a6e3c030a917981e8c6b5da4cbfa346bd949b97676822fc244153753a1d580bd76e956b887bee1e2d1fb46933ad891579

\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Sql.dll

MD5 0300557ec7dd526e2c95b67e85bd9a60
SHA1 ffc93fbb1a5f4286a1b9727b3a72ba41f75bceb9
SHA256 f8de6347fdf84f38c5c9144e14e8237330650ec641b955603220c8b512905dcf
SHA512 4f80d36d0fe44d4184d198a67e09436a6e3c030a917981e8c6b5da4cbfa346bd949b97676822fc244153753a1d580bd76e956b887bee1e2d1fb46933ad891579

\Program Files\Cisco Packet Tracer 7.3.1\bin\msvcp140.dll

MD5 9ff712c25312821b8aec84c4f8782a34
SHA1 1a7a250d92a59c3af72a9573cffec2fcfa525f33
SHA256 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094
SHA512 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\MSVCP140.dll

MD5 9ff712c25312821b8aec84c4f8782a34
SHA1 1a7a250d92a59c3af72a9573cffec2fcfa525f33
SHA256 517cd3aac2177a357cca6032f07ad7360ee8ca212a02dd6e1301bf6cfade2094
SHA512 5a65da337e64ea42bcc461b411ae622ce4dec1036638b1e5de4757b366875d7f13c1290f2ee345f358994f648c5941db35aa5d2313f547605508fd2bcc047e33

\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Core.dll

MD5 1cfcd2d4dfe9bf4f8a6694d3d37c04b0
SHA1 46f1b9d1176a9381de22b87b628aa916d45fdaa7
SHA256 50c88e0bf2a565aad1e9cc32d23ca88d49f066d925326c89af3d922f99cbff66
SHA512 45c634eebd4b569d0b24840f1d932db01d7304d262f41b37ce3db6cb267ceb18744d0a775cb40e58c3d14ddca54599a18a6f2a98bb9e1158a0b09aefb6b5c205

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Core.dll

MD5 1cfcd2d4dfe9bf4f8a6694d3d37c04b0
SHA1 46f1b9d1176a9381de22b87b628aa916d45fdaa7
SHA256 50c88e0bf2a565aad1e9cc32d23ca88d49f066d925326c89af3d922f99cbff66
SHA512 45c634eebd4b569d0b24840f1d932db01d7304d262f41b37ce3db6cb267ceb18744d0a775cb40e58c3d14ddca54599a18a6f2a98bb9e1158a0b09aefb6b5c205

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\VCRUNTIME140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\ucrtbase.DLL

MD5 d4b22fb86c88c071335fe2fb623e40ce
SHA1 cc722eb1098b3a630a990dbceb62e3338b064110
SHA256 2195fef9bd0a01d6b10a2ab77ff4f5bbca01d65d5f6590befc98d80102372605
SHA512 369fb5d80535cb1f8d46512234d7777754648aeab6a3ff1536edc64ca0097a8e8eaa7c68feeabf756de474706f0c7c896b14c4c39cbd5916ad9258f2ed3fcdf1

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 a3f630a32d715214d6c46f7c87761213
SHA1 1078c77010065c933a7394d10da93bfb81be2a95
SHA256 d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562
SHA512 920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc

\Program Files\Cisco Packet Tracer 7.3.1\bin\ucrtbase.dll

MD5 d4b22fb86c88c071335fe2fb623e40ce
SHA1 cc722eb1098b3a630a990dbceb62e3338b064110
SHA256 2195fef9bd0a01d6b10a2ab77ff4f5bbca01d65d5f6590befc98d80102372605
SHA512 369fb5d80535cb1f8d46512234d7777754648aeab6a3ff1536edc64ca0097a8e8eaa7c68feeabf756de474706f0c7c896b14c4c39cbd5916ad9258f2ed3fcdf1

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-synch-l1-2-0.dll

MD5 a639c64c03544491cd196f1ba08ae6e0
SHA1 3ee08712c85aab71cfbdb43dbef06833daa36ab2
SHA256 a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60
SHA512 c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-localization-l1-2-0.dll

MD5 769bf2930e7b0ce2e3fb2cbc6630ba2e
SHA1 b9df24d2d37ca8b52ca7eb5c6de414cb3159488a
SHA256 d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a
SHA512 9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-localization-l1-2-0.dll

MD5 769bf2930e7b0ce2e3fb2cbc6630ba2e
SHA1 b9df24d2d37ca8b52ca7eb5c6de414cb3159488a
SHA256 d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a
SHA512 9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-file-l2-1-0.dll

MD5 8fd05f79565c563a50f23b960f4d77a6
SHA1 98e5e665ef4a3dd6f149733b180c970c60932538
SHA256 3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73
SHA512 587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-file-l2-1-0.dll

MD5 8fd05f79565c563a50f23b960f4d77a6
SHA1 98e5e665ef4a3dd6f149733b180c970c60932538
SHA256 3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73
SHA512 587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-timezone-l1-1-0.dll

MD5 6f9f9d52087ae4d8d180954b9d42778b
SHA1 67419967a40cc82a0ca4151589677de8226f9693
SHA256 ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0
SHA512 22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-math-l1-1-0.dll

MD5 77c5cc86b89eed37610b80f24e88dcc2
SHA1 d2142ecce3432b545fedc8005cc1bf08065c3119
SHA256 3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6
SHA512 81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67

memory/1668-121-0x0000000000400000-0x0000000000428000-memory.dmp

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-utility-l1-1-0.dll

MD5 cb4a19b88bec5a8806b419cf7c828018
SHA1 2bc264e0eccb1a9d821bca82b5a5c58dc2464c5d
SHA256 97e4c91103c186517fa248772b9204acf08fde05557a19efe28d11fb0932b1f7
SHA512 381edd45ecd5d2bdefd1e3ad0c8465a32620dfa9b97717cadb6a584c9528fed0d599d5a4889962f04908ca4e2b7b4497f0e69d8481ee5f34ea5d9106d99760c3

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-utility-l1-1-0.dll

MD5 cb4a19b88bec5a8806b419cf7c828018
SHA1 2bc264e0eccb1a9d821bca82b5a5c58dc2464c5d
SHA256 97e4c91103c186517fa248772b9204acf08fde05557a19efe28d11fb0932b1f7
SHA512 381edd45ecd5d2bdefd1e3ad0c8465a32620dfa9b97717cadb6a584c9528fed0d599d5a4889962f04908ca4e2b7b4497f0e69d8481ee5f34ea5d9106d99760c3

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-environment-l1-1-0.dll

MD5 c7c4a49c6ee6b1272ade4f06db2fa880
SHA1 b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e
SHA256 37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f
SHA512 62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff

memory/1908-128-0x000007FEF6160000-0x000007FEF66B5000-memory.dmp

\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Network.dll

MD5 68f2c3bfcac0bbc21773d1cd749159a3
SHA1 3f8ba6b0c5d3e8e1a7a37618217b9a6afa080f6e
SHA256 02865da508a8562dfcbd843ce351420e71936a78deee6e6991bb6cd5784647e1
SHA512 fb741c47abd9345083ec3fc41024f72423cf1adfee84860615414df31b85b43876b53ab27a0e0532b8ddf13f0cc02dbb3aa0f4cc4cbce4c5ff8d0f510359754a

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Network.dll

MD5 68f2c3bfcac0bbc21773d1cd749159a3
SHA1 3f8ba6b0c5d3e8e1a7a37618217b9a6afa080f6e
SHA256 02865da508a8562dfcbd843ce351420e71936a78deee6e6991bb6cd5784647e1
SHA512 fb741c47abd9345083ec3fc41024f72423cf1adfee84860615414df31b85b43876b53ab27a0e0532b8ddf13f0cc02dbb3aa0f4cc4cbce4c5ff8d0f510359754a

\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Multimedia.dll

MD5 c69827b07a794c82538cd5b1bcfd4ee9
SHA1 e76131fc4735ebc2cb09c1e04c5539fe099248db
SHA256 1923479c2dba006e12e83eec24d8a7dfc75a0a853c3dfe670d38e4eaeb26fc66
SHA512 7d80768cfebdf87247656d26734cc1ebe28786f3dfbde6019dd059693b5f052573c8c334e13f8d349508fadcbb5951330e814a80a9557502a018419521fbde9c

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Multimedia.dll

MD5 c69827b07a794c82538cd5b1bcfd4ee9
SHA1 e76131fc4735ebc2cb09c1e04c5539fe099248db
SHA256 1923479c2dba006e12e83eec24d8a7dfc75a0a853c3dfe670d38e4eaeb26fc66
SHA512 7d80768cfebdf87247656d26734cc1ebe28786f3dfbde6019dd059693b5f052573c8c334e13f8d349508fadcbb5951330e814a80a9557502a018419521fbde9c

\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Gui.dll

MD5 77c6605ec059ae252af4bd5764725d3d
SHA1 7ad20774fc8b90861ef582a93f4004933252bc3f
SHA256 658dadda65b40d5bb295f3496b2aeca35c6a80b9a06dde1755ba981399877cea
SHA512 fa9f38fc1e9c7b27539aaa470da952f1370ea82c7683a79ca40d1ebb5a79982869318a14414c0510b4e3685a1e3eead83b10c7dcd9efe064ad6b9b465ebe37a7

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\Qt5Gui.dll

MD5 77c6605ec059ae252af4bd5764725d3d
SHA1 7ad20774fc8b90861ef582a93f4004933252bc3f
SHA256 658dadda65b40d5bb295f3496b2aeca35c6a80b9a06dde1755ba981399877cea
SHA512 fa9f38fc1e9c7b27539aaa470da952f1370ea82c7683a79ca40d1ebb5a79982869318a14414c0510b4e3685a1e3eead83b10c7dcd9efe064ad6b9b465ebe37a7

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-environment-l1-1-0.dll

MD5 c7c4a49c6ee6b1272ade4f06db2fa880
SHA1 b4b5490a51829653cb2e9e3f6fbe9caf3ba5561e
SHA256 37f731e7b1538467288bf1d0e586405b20808d4bad05e47225673661bc8b4a9f
SHA512 62ccdfac19ef4e3d378122146e8b2cba0e1db2cc050b49522bedbf763127cc2103a56c5a266e161a51d5be6bd9a47222ee8bb344b383f13d0aac0baa41eab0ff

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 bef17bf1ba00150163a2e1699ff5840a
SHA1 89145a894b17427f4cb2b4e7e814c92457fd2a75
SHA256 48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328
SHA512 489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 bef17bf1ba00150163a2e1699ff5840a
SHA1 89145a894b17427f4cb2b4e7e814c92457fd2a75
SHA256 48c71b2d0af6807f387d97ab22a3ba77b85bdf457f8a4f03ce79d13fbb891328
SHA512 489d1b4d405edbb5f46b087a3ebf57a344bf65478b3cd5fcf273736ea6fdd33e54b1806fbb751849e160370df8354f39fc7ca7896a05b4660ad577a9e0e683e4

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-time-l1-1-0.dll

MD5 a992f1e06c3c32ffe9799d4750af070a
SHA1 97ffd536d048720010133c3d79b6deed7fc82e58
SHA256 b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f
SHA512 50bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-time-l1-1-0.dll

MD5 a992f1e06c3c32ffe9799d4750af070a
SHA1 97ffd536d048720010133c3d79b6deed7fc82e58
SHA256 b401edaac4b41da73356de9b3358dc21f8b998a63413c868510dc734b1e4022f
SHA512 50bd08680fccff190454e6555e65e2787bdc0e8a9bf711e364eb0b065951c2430559e049202b8f330ac65e9d4cd588349c524a71f700e179859d7829d8e840b8

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 4394dafed734dfe937cf6edbbb4b2f75
SHA1 06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a
SHA256 35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345
SHA512 33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 4394dafed734dfe937cf6edbbb4b2f75
SHA1 06ec8f1f8dd1eab75175a359a7a5a7ee08d7a57a
SHA256 35b247534f9a19755a281e6dc3490f8197dd515f518c6550208b862c43297345
SHA512 33d9c5041e0f5b0913dd8826ceb080e2284f78164effde1dbf2c14c1234d6b9f33af6ae9f6e28527092ad8c2dbc13bddfc73a5b8c738a725ad0c6bb0aa7fcfaf

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-math-l1-1-0.dll

MD5 77c5cc86b89eed37610b80f24e88dcc2
SHA1 d2142ecce3432b545fedc8005cc1bf08065c3119
SHA256 3e8828ab7327f26da0687f683944ffc551440a3de1004cc512f04a2f498520f6
SHA512 81de6533bba83f01fed3f7beed1d329b05772b7a13ffe395414299c62e3e6d43173762cb0b326ea7ecf0e61125901fcee7047e7a7895b750de3d714c3fe0cc67

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-locale-l1-1-0.dll

MD5 2c8e5e31e996e2c0664f4a945cece991
SHA1 8522c378bdd189ce03a89199dd73ed0834b2fa95
SHA256 1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979
SHA512 14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-locale-l1-1-0.dll

MD5 2c8e5e31e996e2c0664f4a945cece991
SHA1 8522c378bdd189ce03a89199dd73ed0834b2fa95
SHA256 1c556505a926fd5f713004e88d7f8d68177d7d40a406f6ed04af7bacd2264979
SHA512 14b92e32fb0fd9c50aa311f02763cba50692149283d625a78b0549b811d221331cf1b1f46d42869500622d128c627188691d7de04c500f501acd720cea7c8050

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-convert-l1-1-0.dll

MD5 ebac9545734cc1bec37c1c32ffaff7d8
SHA1 2b716ce57f0af28d1223f4794cc8696d49ae2f29
SHA256 d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26
SHA512 0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-convert-l1-1-0.dll

MD5 ebac9545734cc1bec37c1c32ffaff7d8
SHA1 2b716ce57f0af28d1223f4794cc8696d49ae2f29
SHA256 d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26
SHA512 0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-stdio-l1-1-0.dll

MD5 c99c9eea4f83a985daf48eed9f79531b
SHA1 56486407c84beecadb88858d69300035e693d9a6
SHA256 7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5
SHA512 78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-stdio-l1-1-0.dll

MD5 c99c9eea4f83a985daf48eed9f79531b
SHA1 56486407c84beecadb88858d69300035e693d9a6
SHA256 7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5
SHA512 78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-heap-l1-1-0.dll

MD5 fbfcf220f1bf1051e82a40f349d4beae
SHA1 43154ea6705ab1c34207b66a0a544ac211c1f37d
SHA256 9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d
SHA512 e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-heap-l1-1-0.dll

MD5 fbfcf220f1bf1051e82a40f349d4beae
SHA1 43154ea6705ab1c34207b66a0a544ac211c1f37d
SHA256 9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d
SHA512 e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-string-l1-1-0.dll

MD5 d3d72d7f4c048d46d81a34e4186600b4
SHA1 cdcad0a3df99f9aee0f49c549758ee386a3d915f
SHA256 fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116
SHA512 6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-string-l1-1-0.dll

MD5 d3d72d7f4c048d46d81a34e4186600b4
SHA1 cdcad0a3df99f9aee0f49c549758ee386a3d915f
SHA256 fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116
SHA512 6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-file-l1-2-0.dll

MD5 7041205ea1a1d9ba68c70333086e6b48
SHA1 5034155f7ec4f91e882eae61fd3481b5a1c62eb0
SHA256 eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d
SHA512 aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-file-l1-2-0.dll

MD5 7041205ea1a1d9ba68c70333086e6b48
SHA1 5034155f7ec4f91e882eae61fd3481b5a1c62eb0
SHA256 eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d
SHA512 aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-processthreads-l1-1-1.dll

MD5 6486e2f519a80511ac3de235487bee79
SHA1 b43fd61e62d98eea74cf8eb54ca16c8f8e10c906
SHA256 24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667
SHA512 02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-processthreads-l1-1-1.dll

MD5 6486e2f519a80511ac3de235487bee79
SHA1 b43fd61e62d98eea74cf8eb54ca16c8f8e10c906
SHA256 24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667
SHA512 02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-synch-l1-2-0.dll

MD5 a639c64c03544491cd196f1ba08ae6e0
SHA1 3ee08712c85aab71cfbdb43dbef06833daa36ab2
SHA256 a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60
SHA512 c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-core-timezone-l1-1-0.dll

MD5 6f9f9d52087ae4d8d180954b9d42778b
SHA1 67419967a40cc82a0ca4151589677de8226f9693
SHA256 ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0
SHA512 22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7

C:\Program Files\Cisco Packet Tracer 7.3.1\bin\api-ms-win-crt-runtime-l1-1-0.dll

MD5 a3f630a32d715214d6c46f7c87761213
SHA1 1078c77010065c933a7394d10da93bfb81be2a95
SHA256 d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562
SHA512 920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc

\Program Files\Cisco Packet Tracer 7.3.1\bin\vcruntime140.dll

MD5 edf9d5c18111d82cf10ec99f6afa6b47
SHA1 d247f5b9d4d3061e3d421e0e623595aa40d9493c
SHA256 d89c7b863fc1ac3a179d45d5fe1b9fd35fb6fbd45171ca68d0d68ab1c1ad04fb
SHA512 bf017aa8275c5b6d064984a606c5d40852aa70047759468395fe520f7f68b5452befc3145efaa7c51f8ec3bf71d9e32dbd5633637f040d58ff9a4b6953bf1cbf

memory/1908-129-0x000007FEF53E0000-0x000007FEF5787000-memory.dmp

memory/1908-130-0x000000013FF80000-0x00000001452C1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-01-09 19:14

Reported

2023-01-09 19:18

Platform

win10v2004-20221111-es

Max time kernel

91s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe

"C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe"

C:\Users\Admin\AppData\Local\Temp\is-8KNA1.tmp\PacketTracer-7.3.1-win64-setup.tmp

"C:\Users\Admin\AppData\Local\Temp\is-8KNA1.tmp\PacketTracer-7.3.1-win64-setup.tmp" /SL5="$90064,152037146,121344,C:\Users\Admin\AppData\Local\Temp\PacketTracer-7.3.1-win64-setup.exe"

Network

Country Destination Domain Proto
N/A 93.184.220.29:80 tcp
N/A 20.44.10.123:443 tcp
N/A 104.80.225.205:443 tcp
N/A 8.8.8.8:53 226.101.242.52.in-addr.arpa udp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp

Files

memory/2076-132-0x0000000000400000-0x0000000000428000-memory.dmp

memory/2076-134-0x0000000000400000-0x0000000000428000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-8KNA1.tmp\PacketTracer-7.3.1-win64-setup.tmp

MD5 90fc739c83cd19766acb562c66a7d0e2
SHA1 451f385a53d5fed15e7649e7891e05f231ef549a
SHA256 821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431
SHA512 4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c

memory/540-135-0x0000000000000000-mapping.dmp

memory/2076-137-0x0000000000400000-0x0000000000428000-memory.dmp