f1160a33fb79c764cdc4c023fa700054ae2945ed91880e37348a17c010ca716f

Analysis

max time kernel
205s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2023 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nmap-7.93-setup.exe
Size

27.8MB
MD5

f9e753cccea0ffae6871dc65f67d3f89
SHA1

ab2de49f90330cc3b305457a9a0f897f296e95f4
SHA256

f1160a33fb79c764cdc4c023fa700054ae2945ed91880e37348a17c010ca716f
SHA512

0c6f6c14ecf8ef028e6a556f58e720321a7808b0a1f602e019f6b21d9cef970424185c27e7647368d2fca256d47844310d76d626209d406a961d048063410d1d
SSDEEP

786432:eCw4jIIk4AN6o6JWCRCLz4NFMqt9+26UgRY5YYnDEWW:e/T4hJZRCgMkg+5HEv

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRIVERS\SET1901.tmp	NPFInstall.exe
File created	C:\Windows\system32\DRIVERS\SET1901.tmp	NPFInstall.exe
File opened for modification	C:\Windows\system32\DRIVERS\npcap.sys	NPFInstall.exe

Executes dropped EXE 7 IoCs

pid	Process
2088	npcap-1.71.exe
3180	NPFInstall.exe
2184	NPFInstall.exe
1900	NPFInstall.exe
2260	NPFInstall.exe
4468	zenmap.exe
2296	nmap.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Control Panel\International\Geo\Nation	nmap.exe

Loads dropped DLL 63 IoCs

pid	Process
1604	nmap-7.93-setup.exe
1604	nmap-7.93-setup.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
2088	npcap-1.71.exe
1604	nmap-7.93-setup.exe
1604	nmap-7.93-setup.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
4468	zenmap.exe
2296	nmap.exe
2296	nmap.exe
2296	nmap.exe
2296	nmap.exe
2296	nmap.exe
2296	nmap.exe
2296	nmap.exe
4468	zenmap.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 42 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Npcap\Packet.dll	npcap-1.71.exe
File created	C:\Windows\SysWOW64\Npcap\WlanHelper.exe	npcap-1.71.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a6f311ba-b97e-cb4c-90bf-42a604ff08bf}\NPCAP.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_b5b1a6e95c9e3ae5\npcap.PNF	NPFInstall.exe
File created	C:\Windows\SysWOW64\Packet.dll	npcap-1.71.exe
File created	C:\Windows\system32\NpcapHelper.exe	npcap-1.71.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a6f311ba-b97e-cb4c-90bf-42a604ff08bf}\SET10F5.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_b5b1a6e95c9e3ae5\npcap.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_b5b1a6e95c9e3ae5\npcap.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF	NPFInstall.exe
File created	C:\Windows\system32\Packet.dll	npcap-1.71.exe
File created	C:\Windows\system32\Npcap\WlanHelper.exe	npcap-1.71.exe
File created	C:\Windows\System32\DriverStore\Temp\{a6f311ba-b97e-cb4c-90bf-42a604ff08bf}\SET10F4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_b5b1a6e95c9e3ae5\NPCAP.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\netnb.PNF	NPFInstall.exe
File created	C:\Windows\SysWOW64\Npcap\NpcapHelper.exe	npcap-1.71.exe
File created	C:\Windows\system32\Npcap\NpcapHelper.exe	npcap-1.71.exe
File created	C:\Windows\System32\DriverStore\Temp\{a6f311ba-b97e-cb4c-90bf-42a604ff08bf}\SET10E3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a6f311ba-b97e-cb4c-90bf-42a604ff08bf}\SET10F4.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF	NPFInstall.exe
File created	C:\Windows\SysWOW64\WlanHelper.exe	npcap-1.71.exe
File created	C:\Windows\SysWOW64\Npcap\wpcap.dll	npcap-1.71.exe
File created	C:\Windows\system32\wpcap.dll	npcap-1.71.exe
File created	C:\Windows\system32\Npcap\wpcap.dll	npcap-1.71.exe
File created	C:\Windows\System32\DriverStore\Temp\{a6f311ba-b97e-cb4c-90bf-42a604ff08bf}\SET10F5.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ndiscap.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF	NPFInstall.exe
File created	C:\Windows\SysWOW64\wpcap.dll	npcap-1.71.exe
File created	C:\Windows\system32\WlanHelper.exe	npcap-1.71.exe
File created	C:\Windows\system32\Npcap\Packet.dll	npcap-1.71.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a6f311ba-b97e-cb4c-90bf-42a604ff08bf}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF	NPFInstall.exe
File created	C:\Windows\SysWOW64\NpcapHelper.exe	npcap-1.71.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\c_netservice.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\netrass.PNF	NPFInstall.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a6f311ba-b97e-cb4c-90bf-42a604ff08bf}\SET10E3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a6f311ba-b97e-cb4c-90bf-42a604ff08bf}\npcap.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{a6f311ba-b97e-cb4c-90bf-42a604ff08bf}\npcap.sys	DrvInst.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Nmap\scripts\smb-vuln-ms10-061.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\targets-ipv6-multicast-mld.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\data\wp-themes.lst	nmap-7.93-setup.exe
File created	C:\Program Files\Npcap\Uninstall.exe	npcap-1.71.exe
File created	C:\Program Files (x86)\Nmap\scripts\firewalk.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-vuln-cve2017-5638.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\mqtt-subscribe.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\targets-traceroute.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-dlink-backdoor.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\dns-client-subnet-scan.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-userdir-enum.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-vuln-cve2017-8917.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\tor-consensus-checker.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\isns.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\rdp.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\ftp-vuln-cve2010-4221.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-avaya-ipoffice-users.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\ls.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\data\oracle-default-accounts.lst	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\py2exe\libgio-2.0-0.dll	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\broadcast-ospf2-discover.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\ftp-syst.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\mysql-empty-password.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\rtsp.lua	nmap-7.93-setup.exe
File opened for modification	C:\Program Files (x86)\Nmap\py2exe\libcairo-script-interpreter-2.dll	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\daytime.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\lltd-discovery.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\share\zenmap\pixmaps\linux_75.png	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-errors.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-form-brute.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\smb-enum-groups.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\share\zenmap\locale\es\LC_MESSAGES\zenmap.mo	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\py2exe\cairo._cairo.pyd	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\eap-info.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-generator.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-vuln-cve2012-1823.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-vuln-cve2014-2127.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\icap-info.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\openflow-info.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\smb-enum-sessions.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\snmp-win32-shares.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\bits.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\memcached-info.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\listop.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\target.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\python27.dll	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\flume-master-info.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\drda.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\rand.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\vulns.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\py2exe\libexpat-1.dll	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\broadcast-sybase-asa-discover.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\cics-enum.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\quake3-info.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\smb-server-stats.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\mqtt.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\zlib.luadoc	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\py2exe\libasprintf-0.dll	nmap-7.93-setup.exe
File opened for modification	C:\Program Files (x86)\Nmap\py2exe\libgio-2.0-0.dll	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\irc-info.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\snmp-sysdescr.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\dicom.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\py2exe\libgobject-2.0-0.dll	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\iscsi-info.nse	nmap-7.93-setup.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem2.inf	DrvInst.exe
File created	C:\Windows\inf\oem2.inf	DrvInst.exe
File created	C:\Windows\INF\oem2.PNF	NPFInstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	NPFInstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 38 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	NPFInstall.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe

Runs .reg file with regedit 1 IoCs

pid	Process
2952	regedit.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3180	NPFInstall.exe
3180	NPFInstall.exe
312	powershell.exe
312	powershell.exe
2340	powershell.exe
2340	powershell.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
664	Process not Found
664	Process not Found
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3180	NPFInstall.exe
Token: SeAuditPrivilege	4012	svchost.exe
Token: SeSecurityPrivilege	4012	svchost.exe
Token: SeDebugPrivilege	312	powershell.exe
Token: SeDebugPrivilege	2340	powershell.exe
Token: SeIncreaseQuotaPrivilege	2340	powershell.exe
Token: SeSecurityPrivilege	2340	powershell.exe
Token: SeTakeOwnershipPrivilege	2340	powershell.exe
Token: SeLoadDriverPrivilege	2340	powershell.exe
Token: SeSystemProfilePrivilege	2340	powershell.exe
Token: SeSystemtimePrivilege	2340	powershell.exe
Token: SeProfSingleProcessPrivilege	2340	powershell.exe
Token: SeIncBasePriorityPrivilege	2340	powershell.exe
Token: SeCreatePagefilePrivilege	2340	powershell.exe
Token: SeBackupPrivilege	2340	powershell.exe
Token: SeRestorePrivilege	2340	powershell.exe
Token: SeShutdownPrivilege	2340	powershell.exe
Token: SeDebugPrivilege	2340	powershell.exe
Token: SeSystemEnvironmentPrivilege	2340	powershell.exe
Token: SeRemoteShutdownPrivilege	2340	powershell.exe
Token: SeUndockPrivilege	2340	powershell.exe
Token: SeManageVolumePrivilege	2340	powershell.exe
Token: 33	2340	powershell.exe
Token: 34	2340	powershell.exe
Token: 35	2340	powershell.exe
Token: 36	2340	powershell.exe
Token: SeIncreaseQuotaPrivilege	2340	powershell.exe
Token: SeSecurityPrivilege	2340	powershell.exe
Token: SeTakeOwnershipPrivilege	2340	powershell.exe
Token: SeLoadDriverPrivilege	2340	powershell.exe
Token: SeSystemProfilePrivilege	2340	powershell.exe
Token: SeSystemtimePrivilege	2340	powershell.exe
Token: SeProfSingleProcessPrivilege	2340	powershell.exe
Token: SeIncBasePriorityPrivilege	2340	powershell.exe
Token: SeCreatePagefilePrivilege	2340	powershell.exe
Token: SeBackupPrivilege	2340	powershell.exe
Token: SeRestorePrivilege	2340	powershell.exe
Token: SeShutdownPrivilege	2340	powershell.exe
Token: SeDebugPrivilege	2340	powershell.exe
Token: SeSystemEnvironmentPrivilege	2340	powershell.exe
Token: SeRemoteShutdownPrivilege	2340	powershell.exe
Token: SeUndockPrivilege	2340	powershell.exe
Token: SeManageVolumePrivilege	2340	powershell.exe
Token: 33	2340	powershell.exe
Token: 34	2340	powershell.exe
Token: 35	2340	powershell.exe
Token: 36	2340	powershell.exe
Token: SeIncreaseQuotaPrivilege	2340	powershell.exe
Token: SeSecurityPrivilege	2340	powershell.exe
Token: SeTakeOwnershipPrivilege	2340	powershell.exe
Token: SeLoadDriverPrivilege	2340	powershell.exe
Token: SeSystemProfilePrivilege	2340	powershell.exe
Token: SeSystemtimePrivilege	2340	powershell.exe
Token: SeProfSingleProcessPrivilege	2340	powershell.exe
Token: SeIncBasePriorityPrivilege	2340	powershell.exe
Token: SeCreatePagefilePrivilege	2340	powershell.exe
Token: SeBackupPrivilege	2340	powershell.exe
Token: SeRestorePrivilege	2340	powershell.exe
Token: SeShutdownPrivilege	2340	powershell.exe
Token: SeDebugPrivilege	2340	powershell.exe
Token: SeSystemEnvironmentPrivilege	2340	powershell.exe
Token: SeRemoteShutdownPrivilege	2340	powershell.exe
Token: SeUndockPrivilege	2340	powershell.exe
Token: SeManageVolumePrivilege	2340	powershell.exe

Suspicious use of WriteProcessMemory 42 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 2088	1604	nmap-7.93-setup.exe	89
PID 1604 wrote to memory of 2088	1604	nmap-7.93-setup.exe	89
PID 1604 wrote to memory of 2088	1604	nmap-7.93-setup.exe	89
PID 2088 wrote to memory of 3180	2088	npcap-1.71.exe	90
PID 2088 wrote to memory of 3180	2088	npcap-1.71.exe	90
PID 2088 wrote to memory of 1580	2088	npcap-1.71.exe	92
PID 2088 wrote to memory of 1580	2088	npcap-1.71.exe	92
PID 2088 wrote to memory of 1580	2088	npcap-1.71.exe	92
PID 2088 wrote to memory of 4864	2088	npcap-1.71.exe	94
PID 2088 wrote to memory of 4864	2088	npcap-1.71.exe	94
PID 2088 wrote to memory of 4864	2088	npcap-1.71.exe	94
PID 2088 wrote to memory of 2184	2088	npcap-1.71.exe	96
PID 2088 wrote to memory of 2184	2088	npcap-1.71.exe	96
PID 2184 wrote to memory of 4512	2184	NPFInstall.exe	98
PID 2184 wrote to memory of 4512	2184	NPFInstall.exe	98
PID 2088 wrote to memory of 1900	2088	npcap-1.71.exe	100
PID 2088 wrote to memory of 1900	2088	npcap-1.71.exe	100
PID 2088 wrote to memory of 2260	2088	npcap-1.71.exe	102
PID 2088 wrote to memory of 2260	2088	npcap-1.71.exe	102
PID 4012 wrote to memory of 4544	4012	svchost.exe	106
PID 4012 wrote to memory of 4544	4012	svchost.exe	106
PID 2088 wrote to memory of 312	2088	npcap-1.71.exe	108
PID 2088 wrote to memory of 312	2088	npcap-1.71.exe	108
PID 2088 wrote to memory of 312	2088	npcap-1.71.exe	108
PID 2088 wrote to memory of 2340	2088	npcap-1.71.exe	109
PID 2088 wrote to memory of 2340	2088	npcap-1.71.exe	109
PID 2088 wrote to memory of 2340	2088	npcap-1.71.exe	109
PID 1604 wrote to memory of 388	1604	nmap-7.93-setup.exe	112
PID 1604 wrote to memory of 388	1604	nmap-7.93-setup.exe	112
PID 1604 wrote to memory of 388	1604	nmap-7.93-setup.exe	112
PID 388 wrote to memory of 2952	388	regedt32.exe	113
PID 388 wrote to memory of 2952	388	regedt32.exe	113
PID 388 wrote to memory of 2952	388	regedt32.exe	113
PID 4468 wrote to memory of 2296	4468	zenmap.exe	117
PID 4468 wrote to memory of 2296	4468	zenmap.exe	117
PID 4468 wrote to memory of 2296	4468	zenmap.exe	117
PID 2296 wrote to memory of 3188	2296	nmap.exe	119
PID 2296 wrote to memory of 3188	2296	nmap.exe	119
PID 2296 wrote to memory of 3188	2296	nmap.exe	119
PID 3188 wrote to memory of 556	3188	net.exe	121
PID 3188 wrote to memory of 556	3188	net.exe	121
PID 3188 wrote to memory of 556	3188	net.exe	121

C:\Users\Admin\AppData\Local\Temp\nmap-7.93-setup.exe
"C:\Users\Admin\AppData\Local\Temp\nmap-7.93-setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\npcap-1.71.exe
  "C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\npcap-1.71.exe" /loopback_support=no
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\NPFInstall.exe
    "C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\NPFInstall.exe" -n -check_dll
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3180
- - C:\Windows\SysWOW64\certutil.exe
    certutil -addstore -f "Root" "C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\roots.p7b"
    3⤵
    PID:1580
- - C:\Windows\SysWOW64\certutil.exe
    certutil -addstore -f "TrustedPublisher" "C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\signing.p7b"
    3⤵
    PID:4864
- - C:\Program Files\Npcap\NPFInstall.exe
    "C:\Program Files\Npcap\NPFInstall.exe" -n -c
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2184
  - - C:\Windows\SYSTEM32\pnputil.exe
      pnputil.exe -e
      4⤵
      PID:4512
- - C:\Program Files\Npcap\NPFInstall.exe
    "C:\Program Files\Npcap\NPFInstall.exe" -n -iw
    3⤵
    - Executes dropped EXE
    PID:1900
- - C:\Program Files\Npcap\NPFInstall.exe
    "C:\Program Files\Npcap\NPFInstall.exe" -n -i2
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    PID:2260
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Microsoft.PowerShell.Management\Start-Service -Name npcap -PassThru | Microsoft.PowerShell.Management\Stop-Service -PassThru | Microsoft.PowerShell.Management\Start-Service"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:312
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "ScheduledTasks\Register-ScheduledTask -Force -TaskName 'npcapwatchdog' -Description 'Ensure Npcap service is configured to start at boot' -Action (ScheduledTasks\New-ScheduledTaskAction -Execute 'C:\Program Files\Npcap\CheckStatus.bat') -Principal (ScheduledTasks\New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount) -Trigger (ScheduledTasks\New-ScheduledTaskTrigger -AtStartup) -Settings (ScheduledTasks\New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Compatibility Win8)"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2340
- C:\Windows\SysWOW64\regedt32.exe
  regedt32 /S "C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\nmap_performance.reg"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:388
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\nmap_performance.reg"
    3⤵
    - Runs .reg file with regedit
    PID:2952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{66922a4d-3bcc-ff44-9baf-2b36ef487b64}\NPCAP.inf" "9" "405306be3" "0000000000000154" "WinSta0\Default" "0000000000000164" "208" "C:\Program Files\Npcap"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4544

C:\Program Files (x86)\Nmap\zenmap.exe
"C:\Program Files (x86)\Nmap\zenmap.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Program Files (x86)\Nmap\nmap.exe
  nmap -p 1-65535 -T4 -A -v -oX c:\users\admin\appdata\local\temp\zenmap-ndlgj3.xml
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\System32\net.exe" start npcap
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3188
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 start npcap
      4⤵
      PID:556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~1\Npcap\npcap.cat

Filesize
12KB

MD5
be2a59b225dace6a52b98f17678786c0

SHA1
abec30ea6b668f9ccff77209d54b971ce6a22711

SHA256
43d10d470320041e663a82439d79cfac78de99addd98e02c4d60171710d032b2

SHA512
9a9acfe84f822b7f20148725a4abaa51118759f5688d4a3841c4a9e73b59801128adf4df54a14078408fb14ad0acea068a2bdd1cf0f9ffc6c44e6e38721f79d6

Download Submit
C:\PROGRA~1\Npcap\npcap.sys

Filesize
75KB

MD5
08a2def8efc2619ddabe13a041703aea

SHA1
f9fd929c77d5a47766623abaa7490bcd98b3ad97

SHA256
a2039b552dfacd4edc2b8ed42bbe32cb0a481240fce18f78aeb1a68dbb747d39

SHA512
0afb5d2dd6747b37162494f4f90387160c5b90c58a71703d2ddd07256e848ee1f3e4237b660d511262255e54038ab11699808526a3574450c9407eb1e830dfac

Download Submit
C:\Program Files (x86)\Nmap\PYTHON27.DLL

Filesize
2.5MB

MD5
77f43ca8468be239a76a12c2d640f1d9

SHA1
8a30bf4db3e95eecbdc694f501e9d670b76f5019

SHA256
a92dcb68cb58be8fbc695893ab8c9975a37b17f4cf21fc69cf802b48b2b5350e

SHA512
98791cd05b81e5a1daaddb3ddf0cdbb57f38fe4bab1397c2d825cf11d3fcdf4d8cc3a6d8f465cace72a04fea5e5c178e64738c48dc2871c56375a00d6f7dc94c

Download Submit
C:\Program Files (x86)\Nmap\py2exe\bz2.pyd

Filesize
69KB

MD5
813c016e2898c6a2c1825b586de0ae61

SHA1
7113efcccb6ab047cdfdb65ba4241980c88196f4

SHA256
693dfc5ccb8555a4183d4e196865ef0a766d7e53087c39059d096d03d6f64724

SHA512
dbb4add301ea127669d5dac4226ce0f5d6e5b2e50773db5c8083a9045a3cba0fcf6ea253a1183a4c87752bd3c5eb84128103a6d8ade71a7e410831b826d323ad

Download Submit
C:\Program Files (x86)\Nmap\py2exe\bz2.pyd

Filesize
69KB

MD5
813c016e2898c6a2c1825b586de0ae61

SHA1
7113efcccb6ab047cdfdb65ba4241980c88196f4

SHA256
693dfc5ccb8555a4183d4e196865ef0a766d7e53087c39059d096d03d6f64724

SHA512
dbb4add301ea127669d5dac4226ce0f5d6e5b2e50773db5c8083a9045a3cba0fcf6ea253a1183a4c87752bd3c5eb84128103a6d8ade71a7e410831b826d323ad

Download Submit
C:\Program Files (x86)\Nmap\py2exe\glib._glib.pyd

Filesize
57KB

MD5
0de636503e43c4eb00e80927bc9bda97

SHA1
a332441ccc490fcfcaf913b657ec9ef5d1ceed08

SHA256
f820c17ae8327aac088cf0f98fef17ef34fce27dda19ad279abbbc1aaac0293c

SHA512
0e9da1a0c643689328e888bade660868b111ab9008c3586fc1595ae990a6763d426779bfee6dfb0451c11bda55f098d413f5eb5e3b163c3cf3bf5feadc26819c

Download Submit
C:\Program Files (x86)\Nmap\py2exe\glib._glib.pyd

Filesize
57KB

MD5
0de636503e43c4eb00e80927bc9bda97

SHA1
a332441ccc490fcfcaf913b657ec9ef5d1ceed08

SHA256
f820c17ae8327aac088cf0f98fef17ef34fce27dda19ad279abbbc1aaac0293c

SHA512
0e9da1a0c643689328e888bade660868b111ab9008c3586fc1595ae990a6763d426779bfee6dfb0451c11bda55f098d413f5eb5e3b163c3cf3bf5feadc26819c

Download Submit
C:\Program Files (x86)\Nmap\py2exe\gobject._gobject.pyd

Filesize
110KB

MD5
3d05dd191361f83aa247b62c700fa04e

SHA1
0d39e3150502787342280b1f91977d3cf9e5980c

SHA256
6703b0ad37abeb83d6001ab60cf473ad800c502c99aeb7284df221dbff1bbf41

SHA512
059d3fac7c5f6fd2adb554d39f657827cf11f450d8a4771a0becb2b47cc99a5a6ec261a550c4c0bab5522beb9e7a84a63d0763e1f5c0156bbb331fde5c11f790

Download Submit
C:\Program Files (x86)\Nmap\py2exe\gobject._gobject.pyd

Filesize
110KB

MD5
3d05dd191361f83aa247b62c700fa04e

SHA1
0d39e3150502787342280b1f91977d3cf9e5980c

SHA256
6703b0ad37abeb83d6001ab60cf473ad800c502c99aeb7284df221dbff1bbf41

SHA512
059d3fac7c5f6fd2adb554d39f657827cf11f450d8a4771a0becb2b47cc99a5a6ec261a550c4c0bab5522beb9e7a84a63d0763e1f5c0156bbb331fde5c11f790

Download Submit
C:\Program Files (x86)\Nmap\py2exe\gtk._gtk.pyd

Filesize
1.8MB

MD5
bbb1d1e41bbebc6abf69bed719d50497

SHA1
eb39465742e1cc76abe96faa4985a6f20693cec5

SHA256
0b3cf4d32404d91d69dc8c7b04c6b3e1e05e88e1c844aec38c5d3b5e2e84f1d5

SHA512
6fbdfed6978c1629fe7482895ba397b353db585a82af12cdd8e7c202bc462693cbc43177f4ade66de18ab0dc6360e89a11473ec401f4e1dadb7a3bf8b49405d3

Download Submit
C:\Program Files (x86)\Nmap\py2exe\gtk._gtk.pyd

Filesize
1.8MB

MD5
bbb1d1e41bbebc6abf69bed719d50497

SHA1
eb39465742e1cc76abe96faa4985a6f20693cec5

SHA256
0b3cf4d32404d91d69dc8c7b04c6b3e1e05e88e1c844aec38c5d3b5e2e84f1d5

SHA512
6fbdfed6978c1629fe7482895ba397b353db585a82af12cdd8e7c202bc462693cbc43177f4ade66de18ab0dc6360e89a11473ec401f4e1dadb7a3bf8b49405d3

Download Submit
C:\Program Files (x86)\Nmap\py2exe\intl.dll

Filesize
148KB

MD5
eb2d4c4d4a527bc88a69a16cc99afcf5

SHA1
b326ec4919e1ec9595c064b24853b1e6b71530a3

SHA256
682d4277092472cac940558f9e679b44a6394159e49c9bbda299e33bfc6fdc92

SHA512
009f31cd68a87a40aef4be07af805ab50fac03f4c621144b170d9d3313b1b6a73415f6dd878b048f85afc1b662659a88e4cc89e9a8c76f631f6f1b79d57fd0b0

Download Submit
C:\Program Files (x86)\Nmap\py2exe\intl.dll

Filesize
148KB

MD5
eb2d4c4d4a527bc88a69a16cc99afcf5

SHA1
b326ec4919e1ec9595c064b24853b1e6b71530a3

SHA256
682d4277092472cac940558f9e679b44a6394159e49c9bbda299e33bfc6fdc92

SHA512
009f31cd68a87a40aef4be07af805ab50fac03f4c621144b170d9d3313b1b6a73415f6dd878b048f85afc1b662659a88e4cc89e9a8c76f631f6f1b79d57fd0b0

Download Submit
C:\Program Files (x86)\Nmap\py2exe\libcairo-2.dll

Filesize
1.2MB

MD5
c0da2a3ab704f338f0fc6df51fd99497

SHA1
31ee2a59a7dde8c0adf9a19ed0b7cff9e0fa0c4a

SHA256
d91d6b0577e0334aa63d9ab8a31edc16270d00f60c32eb7bcc50092d81cb6a21

SHA512
abccaede1b47ad856097f1546928c6ce8a6bd8a71056317f0768ea0fb41c6bb06b32370235a8ec04abde3d8f2632ae82867b2415cda7f4d0342055c5eaa7ea4e

Download Submit
C:\Program Files (x86)\Nmap\py2exe\libcairo-2.dll

Filesize
1.2MB

MD5
c0da2a3ab704f338f0fc6df51fd99497

SHA1
31ee2a59a7dde8c0adf9a19ed0b7cff9e0fa0c4a

SHA256
d91d6b0577e0334aa63d9ab8a31edc16270d00f60c32eb7bcc50092d81cb6a21

SHA512
abccaede1b47ad856097f1546928c6ce8a6bd8a71056317f0768ea0fb41c6bb06b32370235a8ec04abde3d8f2632ae82867b2415cda7f4d0342055c5eaa7ea4e

Download Submit
C:\Program Files (x86)\Nmap\py2exe\libgdk-win32-2.0-0.dll

Filesize
910KB

MD5
b859fdde699b323553fdb4aa7914b681

SHA1
93610e08a9f24bba0e14223bd5f00cbb25b83e5f

SHA256
84a8b0041d806dc92cdb19e6127e25fbdb8c3cc6a93cb014ea57351a22685b78

SHA512
e4ad0b779a9c4a95a5e68e184cf34ebec9592a9d3d8b28a3aeb951d4db13075fcb1854917b692cd3fb4a18ef8c601b08fa0d87b04933175d8529d62eaae6c174

Download Submit
C:\Program Files (x86)\Nmap\py2exe\libglib-2.0-0.dll

Filesize
1.2MB

MD5
18e88b04da123bf05b07ff60a4e96654

SHA1
f46cd8411e579da9f31749809a5707fecb28b7db

SHA256
c0f35b0e5f9b25f36bf9ef885a8135e7dcdb77d425f8ac88124d90cf2bf32fde

SHA512
735158b60194205c6262dae0689599babdc2bd0e10d0d6a71c1e1c56695caf432b207e439b5f84a3995c2d8aef3ab26706cf796848c0af0ddd340d388a76f1d4

Download Submit
C:\Program Files (x86)\Nmap\py2exe\libglib-2.0-0.dll

Filesize
1.2MB

MD5
18e88b04da123bf05b07ff60a4e96654

SHA1
f46cd8411e579da9f31749809a5707fecb28b7db

SHA256
c0f35b0e5f9b25f36bf9ef885a8135e7dcdb77d425f8ac88124d90cf2bf32fde

SHA512
735158b60194205c6262dae0689599babdc2bd0e10d0d6a71c1e1c56695caf432b207e439b5f84a3995c2d8aef3ab26706cf796848c0af0ddd340d388a76f1d4

Download Submit
C:\Program Files (x86)\Nmap\py2exe\libgobject-2.0-0.dll

Filesize
333KB

MD5
356d697647a480562c4e2e921b13f8ed

SHA1
1218243c9b4e8e6fabcc5f2eac1adb78002b01c2

SHA256
75b4e8a0757f7db26ef195f3c5e2da5770d95c3af081c2cdae0ec15b460aa9ea

SHA512
4ef4ad1648f508cb3ad5ab446196d351219a28083df096353a343b81a6d699691bb8a77158a6085d00d4c9eae408a0193dac7e3b806156d62bb6ee552dc8095a

Download Submit
C:\Program Files (x86)\Nmap\py2exe\libgobject-2.0-0.dll

Filesize
333KB

MD5
356d697647a480562c4e2e921b13f8ed

SHA1
1218243c9b4e8e6fabcc5f2eac1adb78002b01c2

SHA256
75b4e8a0757f7db26ef195f3c5e2da5770d95c3af081c2cdae0ec15b460aa9ea

SHA512
4ef4ad1648f508cb3ad5ab446196d351219a28083df096353a343b81a6d699691bb8a77158a6085d00d4c9eae408a0193dac7e3b806156d62bb6ee552dc8095a

Download Submit
C:\Program Files (x86)\Nmap\py2exe\libgthread-2.0-0.dll

Filesize
43KB

MD5
7ad6f303082b382bff7bafbab246c61f

SHA1
8d94c4d4b0633a80e28504a3c694dd2bae252854

SHA256
ee2e8485fdbfb2c5626099ccafcdc41ac60414dffd5c6c3befaf786634baf5c3

SHA512
eee840f217ff65b22efd16e78fb898990116efdfb6ee1cbf9d9fb64b9f3209f18860f6477c1df60352fb242671d973dcac043134748f823d210fc393ed4e2598

Download Submit
C:\Program Files (x86)\Nmap\py2exe\libgthread-2.0-0.dll

Filesize
43KB

MD5
7ad6f303082b382bff7bafbab246c61f

SHA1
8d94c4d4b0633a80e28504a3c694dd2bae252854

SHA256
ee2e8485fdbfb2c5626099ccafcdc41ac60414dffd5c6c3befaf786634baf5c3

SHA512
eee840f217ff65b22efd16e78fb898990116efdfb6ee1cbf9d9fb64b9f3209f18860f6477c1df60352fb242671d973dcac043134748f823d210fc393ed4e2598

Download Submit
C:\Program Files (x86)\Nmap\py2exe\library.zip

Filesize
1.1MB

MD5
30f8aa89d164976d86f20c46a425a106

SHA1
a7a8be0f15dddd63e09e3f4dff4f70c34f460d71

SHA256
2f0a1e523dfe2471ac7a67eb581cf11b453607c1ab77bc8163435b89f1cbfdb9

SHA512
f65cb50087470f14f9bea4dd3d3746b598e4dfaa8f98473a404b806ca286885bb0d624bd559d1150e82ba0ca8fb5b98d7dfa4db5841033f5dd07403641394484

Download Submit
C:\Program Files (x86)\Nmap\python27.dll

Filesize
2.5MB

MD5
77f43ca8468be239a76a12c2d640f1d9

SHA1
8a30bf4db3e95eecbdc694f501e9d670b76f5019

SHA256
a92dcb68cb58be8fbc695893ab8c9975a37b17f4cf21fc69cf802b48b2b5350e

SHA512
98791cd05b81e5a1daaddb3ddf0cdbb57f38fe4bab1397c2d825cf11d3fcdf4d8cc3a6d8f465cace72a04fea5e5c178e64738c48dc2871c56375a00d6f7dc94c

Download Submit
C:\Program Files (x86)\Nmap\zenmap.exe

Filesize
441KB

MD5
9096cca0244a3f6860e31c32b01830c2

SHA1
f338101391120cb91d7892b9c4f6375557150a43

SHA256
080f3c25e76808357208530dbd45d4bd6b72377e479e4e3d1e68e77d36dd2646

SHA512
298f60583f0dc80a51ebcb70afdeacd6a38cc20b8e438b8fcfe0e7de963be3a66f3d6339b7881d338a2b5cc90b88d30a3d1692f12e7f9a5127604b0f612ed2b5

Download Submit
C:\Program Files (x86)\Nmap\zenmap.exe

Filesize
441KB

MD5
9096cca0244a3f6860e31c32b01830c2

SHA1
f338101391120cb91d7892b9c4f6375557150a43

SHA256
080f3c25e76808357208530dbd45d4bd6b72377e479e4e3d1e68e77d36dd2646

SHA512
298f60583f0dc80a51ebcb70afdeacd6a38cc20b8e438b8fcfe0e7de963be3a66f3d6339b7881d338a2b5cc90b88d30a3d1692f12e7f9a5127604b0f612ed2b5

Download Submit
C:\Program Files\Npcap\NPCAP.inf

Filesize
8KB

MD5
ff536154cf4932322ca818eda6712e49

SHA1
873bb1d640cdc9c41596f46fbc37b48a5d6b03cd

SHA256
4c1b4785d35a4828b98b7acacf8b18b0a4e4d0c9da683cd9294f6a6ae6cf7bf2

SHA512
164d9c7eca15fa83aa2645fd4eefbf2a562b49615978b72f6c9c1b072cbdd1bffdc3295d95b69d2cf26dba67f25d6fe82ddbfa6decda07fa855bfa3c2311d7b4

Download Submit
C:\Program Files\Npcap\NPCAP_wfp.inf

Filesize
2KB

MD5
4b72b37d904cbf298fb8351cc80a048e

SHA1
f77357bd263f88acdb1b5cad300e7b116a1c2ee7

SHA256
953b89b39c78dafb27a05f27bc8faa97c70f2a6ec3bc2f81070a46b85d305f08

SHA512
e63d013ca9badc2d40634c6bdc1629adbade70a65753f317c7e7ac09078ad299105ad6e37fb18a8a6a0b0d994a2ea01c32a55cbc9a19b53466cd49603ee81181

Download Submit
C:\Program Files\Npcap\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
C:\Program Files\Npcap\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
C:\Program Files\Npcap\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
1KB

MD5
57ab4515bc47f7f34551aaf849d8e2fe

SHA1
fdf379be9f4ef8db096bf8c9cdd9b9f269ba7ea3

SHA256
65dc3e1fdb5c782ed39af506ef88bb04fae52c7cb36a71119cbd0cd50134e5a3

SHA512
4528cc167e4064ce518067b35b2932b08d0ad625bbf1a740ba03c2d599212c174e09950f7039b582b80b2ad634347a6cd21370d9ae366903f2ffb448a36145ab

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
3KB

MD5
22fef7ddc73a8ece9c1109b86d48bb22

SHA1
98fb3ab891449377bc74b22fd0ed4c4fcc20187f

SHA256
a4a3d1f743418006c18444a7c90a3e4a3f678616a0f54fe41fd9f21a9bb88e63

SHA512
4fc1ab358fd36d04a3240aa0c3a78bcbd367d42c933f466a620e1d6949516965e30600746e0af094dc3bc54014d3fca4f53d7b16529a7a0ce8669502cf38c6db

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
4KB

MD5
6cb296d07068d737e5570e0ea3580b55

SHA1
831235590b99927e21dd0e570176e36e9521c73e

SHA256
60a1c9d3df1cd2a3f27ef8871402234c6f3b54e5ac3b9a317a16129ba4957311

SHA512
02b3cbef4b4c63201fbe528b5a861460125d13068e29a6805c62314f8fda92170581a83e07695575252f959a565b29ad67c549cabcb66628b15ad60b4b64501a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
1KB

MD5
def65711d78669d7f8e69313be4acf2e

SHA1
6522ebf1de09eeb981e270bd95114bc69a49cda6

SHA256
aa1c97cdbce9a848f1db2ad483f19caa535b55a3a1ef2ad1260e0437002bc82c

SHA512
05b2f9cd9bc3b46f52fded320b68e05f79b2b3ceaeb13e5d87ae9f8cd8e6c90bbb4ffa4da8192c2bfe0f58826cabff2e99e7c5cc8dd47037d4eb7bfc6f2710a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
17KB

MD5
763b595bb42b0fe6bdd5872c0c95c8d9

SHA1
70f0a4f0534f9e3623c7578a705cf0869d4f9079

SHA256
875ac614615b0dc58cb458f942b965988e2c2f9131838d16285caf97b7199f50

SHA512
25f7a73f00b57e3bb26947c1268ddadfd39676ba4d6c4a7765488b85508a2dcde6d4b6dbf26446b08d4838954303bb5729e9f3f835ff8156ccda3d2659896e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\InstallOptions.dll

Filesize
22KB

MD5
17c877fec39fc8ce03b7f012ef25211f

SHA1
61adfa25cbd51375f0355aa9b895e1dc28389e19

SHA256
dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

SHA512
45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\InstallOptions.dll

Filesize
22KB

MD5
17c877fec39fc8ce03b7f012ef25211f

SHA1
61adfa25cbd51375f0355aa9b895e1dc28389e19

SHA256
dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

SHA512
45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\InstallOptions.dll

Filesize
22KB

MD5
17c877fec39fc8ce03b7f012ef25211f

SHA1
61adfa25cbd51375f0355aa9b895e1dc28389e19

SHA256
dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

SHA512
45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\InstallOptions.dll

Filesize
22KB

MD5
17c877fec39fc8ce03b7f012ef25211f

SHA1
61adfa25cbd51375f0355aa9b895e1dc28389e19

SHA256
dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

SHA512
45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\nmap_performance.reg

Filesize
192B

MD5
3cd4a36a0dcc9e0e79d1df1d6cc712df

SHA1
a9b6fe5c0e01aec042e68c2bc700a721c4ecc995

SHA256
e77d7b5158ec99d19e552025facf50f477a2f2b1dc3ef2f198520cfa76e9707f

SHA512
d3d5ab7cc0943dd7ae85445449249109eeb5f871e1c7baf3139cd9e2d3858f70040102dc30b089fc99ee82ebbf99335c2323b1d070552cf7e565a1ac70ef2487

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\npcap-1.71.exe

Filesize
1.1MB

MD5
40cfea6d5a3ff15caf6dd4ae88a012b2

SHA1
287b229cecf54ea110a8b8422dcda20922bdf65e

SHA256
5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c

SHA512
6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse85F0.tmp\npcap-1.71.exe

Filesize
1.1MB

MD5
40cfea6d5a3ff15caf6dd4ae88a012b2

SHA1
287b229cecf54ea110a8b8422dcda20922bdf65e

SHA256
5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c

SHA512
6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\System.dll

Filesize
19KB

MD5
f020a8d9ede1fb2af3651ad6e0ac9cb1

SHA1
341f9345d669432b2a51d107cbd101e8b82e37b1

SHA256
7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0

SHA512
408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\roots.p7b

Filesize
1KB

MD5
397a5848d3696fc6ba0823088fea83db

SHA1
9189985f027de80d4882ab5e01604c59d6fc1f16

SHA256
ad3bca6f2b0ec032c7f1fe1adb186bd73be6a332c868bf16c9765087fff1c1ca

SHA512
66129a206990753967cd98c14a0a3e0e2a73bc4cd10cf84a5a05da7bf20719376989d64c6c7880a3e4754fc74653dd49f2ffeffd55fc4ee5966f65beb857118c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE06F.tmp\signing.p7b

Filesize
7KB

MD5
dd4bc901ef817319791337fb345932e8

SHA1
f8a3454a09d90a09273935020c1418fdb7b7eb7c

SHA256
8e681692403c0f7c0b24160f4642daa1eb080ce5ec754b6f47cc56b43e731b71

SHA512
0a67cc346f9752e1c868b7dc60b25704255ab1e6ea745850c069212f2724eba62ffaaa48309d5eba6ae0235223518610fb4b60fc422e4babba4f33d331c71db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66922a4d-3bcc-ff44-9baf-2b36ef487b64}\NPCAP.inf

Filesize
8KB

MD5
ff536154cf4932322ca818eda6712e49

SHA1
873bb1d640cdc9c41596f46fbc37b48a5d6b03cd

SHA256
4c1b4785d35a4828b98b7acacf8b18b0a4e4d0c9da683cd9294f6a6ae6cf7bf2

SHA512
164d9c7eca15fa83aa2645fd4eefbf2a562b49615978b72f6c9c1b072cbdd1bffdc3295d95b69d2cf26dba67f25d6fe82ddbfa6decda07fa855bfa3c2311d7b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66922~1\npcap.cat

Filesize
12KB

MD5
be2a59b225dace6a52b98f17678786c0

SHA1
abec30ea6b668f9ccff77209d54b971ce6a22711

SHA256
43d10d470320041e663a82439d79cfac78de99addd98e02c4d60171710d032b2

SHA512
9a9acfe84f822b7f20148725a4abaa51118759f5688d4a3841c4a9e73b59801128adf4df54a14078408fb14ad0acea068a2bdd1cf0f9ffc6c44e6e38721f79d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{66922~1\npcap.sys

Filesize
75KB

MD5
08a2def8efc2619ddabe13a041703aea

SHA1
f9fd929c77d5a47766623abaa7490bcd98b3ad97

SHA256
a2039b552dfacd4edc2b8ed42bbe32cb0a481240fce18f78aeb1a68dbb747d39

SHA512
0afb5d2dd6747b37162494f4f90387160c5b90c58a71703d2ddd07256e848ee1f3e4237b660d511262255e54038ab11699808526a3574450c9407eb1e830dfac

Download Submit
C:\Windows\INF\oem2.inf

Filesize
8KB

MD5
ff536154cf4932322ca818eda6712e49

SHA1
873bb1d640cdc9c41596f46fbc37b48a5d6b03cd

SHA256
4c1b4785d35a4828b98b7acacf8b18b0a4e4d0c9da683cd9294f6a6ae6cf7bf2

SHA512
164d9c7eca15fa83aa2645fd4eefbf2a562b49615978b72f6c9c1b072cbdd1bffdc3295d95b69d2cf26dba67f25d6fe82ddbfa6decda07fa855bfa3c2311d7b4

Download Submit
C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_b5b1a6e95c9e3ae5\npcap.inf

Filesize
8KB

MD5
ff536154cf4932322ca818eda6712e49

SHA1
873bb1d640cdc9c41596f46fbc37b48a5d6b03cd

SHA256
4c1b4785d35a4828b98b7acacf8b18b0a4e4d0c9da683cd9294f6a6ae6cf7bf2

SHA512
164d9c7eca15fa83aa2645fd4eefbf2a562b49615978b72f6c9c1b072cbdd1bffdc3295d95b69d2cf26dba67f25d6fe82ddbfa6decda07fa855bfa3c2311d7b4

Download Submit
memory/312-178-0x0000000004EC0000-0x0000000004F26000-memory.dmp

Filesize
408KB

Download
memory/312-176-0x0000000005120000-0x0000000005748000-memory.dmp

Filesize
6.2MB

Download
memory/312-177-0x0000000004C20000-0x0000000004C42000-memory.dmp

Filesize
136KB

Download
memory/312-184-0x0000000007180000-0x0000000007724000-memory.dmp

Filesize
5.6MB

Download
memory/312-183-0x0000000006020000-0x0000000006042000-memory.dmp

Filesize
136KB

Download
memory/312-182-0x0000000005FD0000-0x0000000005FEA000-memory.dmp

Filesize
104KB

Download
memory/312-181-0x0000000006060000-0x00000000060F6000-memory.dmp

Filesize
600KB

Download
memory/312-180-0x0000000005BD0000-0x0000000005BEE000-memory.dmp

Filesize
120KB

Download
memory/312-179-0x0000000004FA0000-0x0000000005006000-memory.dmp

Filesize
408KB

Download
memory/312-175-0x0000000000AF0000-0x0000000000B26000-memory.dmp

Filesize
216KB

Download
memory/2340-189-0x0000000007050000-0x0000000007082000-memory.dmp

Filesize
200KB

Download
memory/4468-220-0x00000000026B1000-0x00000000027A0000-memory.dmp

Filesize
956KB

Download
memory/4468-221-0x00000000026B0000-0x00000000027C1000-memory.dmp

Filesize
1.1MB

Download
memory/4468-222-0x00000000021F0000-0x000000000222C000-memory.dmp

Filesize
240KB

Download
memory/4468-223-0x0000000002340000-0x0000000002358000-memory.dmp

Filesize
96KB

Download