f1160a33fb79c764cdc4c023fa700054ae2945ed91880e37348a17c010ca716f

Analysis

max time kernel
103s
max time network
90s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01-02-2023 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nmap-7.93-setup.exe
Size

27.8MB
MD5

f9e753cccea0ffae6871dc65f67d3f89
SHA1

ab2de49f90330cc3b305457a9a0f897f296e95f4
SHA256

f1160a33fb79c764cdc4c023fa700054ae2945ed91880e37348a17c010ca716f
SHA512

0c6f6c14ecf8ef028e6a556f58e720321a7808b0a1f602e019f6b21d9cef970424185c27e7647368d2fca256d47844310d76d626209d406a961d048063410d1d
SSDEEP

786432:eCw4jIIk4AN6o6JWCRCLz4NFMqt9+26UgRY5YYnDEWW:e/T4hJZRCgMkg+5HEv

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 12 IoCs

pid	Process
972	npcap-1.71.exe
1668	NPFInstall.exe
1980	NPFInstall.exe
1520	NPFInstall.exe
1696	NPFInstall.exe
1488	Uninstall.exe
836	NPFInstall.exe
1664	NPFInstall.exe
1704	NPFInstall.exe
1692	NPFInstall.exe
1696	zenmap.exe
1268	nmap.exe

Loads dropped DLL 64 IoCs

pid	Process
1112	nmap-7.93-setup.exe
1112	nmap-7.93-setup.exe
1112	nmap-7.93-setup.exe
972	npcap-1.71.exe
972	npcap-1.71.exe
972	npcap-1.71.exe
972	npcap-1.71.exe
972	npcap-1.71.exe
972	npcap-1.71.exe
972	npcap-1.71.exe
924	Process not Found
972	npcap-1.71.exe
972	npcap-1.71.exe
972	npcap-1.71.exe
972	npcap-1.71.exe
1956	Process not Found
972	npcap-1.71.exe
1284	Process not Found
972	npcap-1.71.exe
1084	Process not Found
972	npcap-1.71.exe
972	npcap-1.71.exe
1488	Uninstall.exe
1488	Uninstall.exe
904	Process not Found
1488	Uninstall.exe
1488	Uninstall.exe
1824	Process not Found
1488	Uninstall.exe
1072	Process not Found
1488	Uninstall.exe
2004	Process not Found
1488	Uninstall.exe
1112	nmap-7.93-setup.exe
1112	nmap-7.93-setup.exe
1112	nmap-7.93-setup.exe
1112	nmap-7.93-setup.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe
1696	zenmap.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 44 IoCs

description	ioc	Process
File created	C:\Windows\system32\WlanHelper.exe	npcap-1.71.exe
File created	C:\Windows\system32\Npcap\Packet.dll	npcap-1.71.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\npcap.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}	DrvInst.exe
File opened for modification	C:\Windows\SysWOW64\WlanHelper.exe.del	Uninstall.exe
File opened for modification	C:\Windows\SysWOW64\Npcap\wpcap.dll.del	Uninstall.exe
File opened for modification	C:\Windows\SysWOW64\Npcap\WlanHelper.exe.del	Uninstall.exe
File opened for modification	C:\Windows\system32\Packet.dll.del	Uninstall.exe
File created	C:\Windows\SysWOW64\WlanHelper.exe	npcap-1.71.exe
File created	C:\Windows\SysWOW64\Npcap\wpcap.dll	npcap-1.71.exe
File created	C:\Windows\SysWOW64\Npcap\NpcapHelper.exe	npcap-1.71.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\SET81FE.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\SET81FE.tmp	DrvInst.exe
File opened for modification	C:\Windows\SysWOW64\Packet.dll.del	Uninstall.exe
File opened for modification	C:\Windows\SysWOW64\Npcap\Packet.dll.del	Uninstall.exe
File opened for modification	C:\Windows\system32\NpcapHelper.exe.del	Uninstall.exe
File opened for modification	C:\Windows\system32\Npcap\WlanHelper.exe.del	Uninstall.exe
File created	C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\SET81FF.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\Npcap\wpcap.dll.del	Uninstall.exe
File created	C:\Windows\SysWOW64\wpcap.dll	npcap-1.71.exe
File created	C:\Windows\system32\wpcap.dll	npcap-1.71.exe
File created	C:\Windows\system32\Packet.dll	npcap-1.71.exe
File created	C:\Windows\system32\Npcap\WlanHelper.exe	npcap-1.71.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\NPCAP.inf	DrvInst.exe
File opened for modification	C:\Windows\SysWOW64\Npcap\NpcapHelper.exe.del	Uninstall.exe
File opened for modification	C:\Windows\system32\Npcap\	Uninstall.exe
File created	C:\Windows\SysWOW64\Npcap\WlanHelper.exe	npcap-1.71.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\SET81FF.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\Npcap\NpcapHelper.exe.del	Uninstall.exe
File created	C:\Windows\SysWOW64\Packet.dll	npcap-1.71.exe
File created	C:\Windows\SysWOW64\NpcapHelper.exe	npcap-1.71.exe
File created	C:\Windows\SysWOW64\Npcap\Packet.dll	npcap-1.71.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\npcap.sys	DrvInst.exe
File opened for modification	C:\Windows\SysWOW64\wpcap.dll.del	Uninstall.exe
File opened for modification	C:\Windows\SysWOW64\Npcap\	Uninstall.exe
File created	C:\Windows\system32\Npcap\wpcap.dll	npcap-1.71.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\SET81ED.tmp	DrvInst.exe
File opened for modification	C:\Windows\SysWOW64\NpcapHelper.exe.del	Uninstall.exe
File opened for modification	C:\Windows\system32\WlanHelper.exe.del	Uninstall.exe
File created	C:\Windows\system32\NpcapHelper.exe	npcap-1.71.exe
File created	C:\Windows\system32\Npcap\NpcapHelper.exe	npcap-1.71.exe
File created	C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\SET81ED.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\wpcap.dll.del	Uninstall.exe
File opened for modification	C:\Windows\system32\Npcap\Packet.dll.del	Uninstall.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Nmap\scripts\whois-domain.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\py2exe\libxml2-2.dll	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\dns-service-discovery.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\snmp-brute.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-mobileversion-checker.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-vuln-cve2011-3368.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-vuln-cve2014-3704.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\snmp-info.nse	nmap-7.93-setup.exe
File opened for modification	C:\Program Files (x86)\Nmap\py2exe\libxml2-2.dll	nmap-7.93-setup.exe
File opened for modification	C:\Program Files (x86)\Nmap\py2exe\select.pyd	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\broadcast-ping.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-icloud-sendmsg.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\smb-os-discovery.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\comm.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\data\jdwp-class\JDWPSystemInfo.java	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-iis-webdav-vuln.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\ovs-agent-version.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-favicon.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-generator.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\cassandra.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\broadcast-listener.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\dicom-ping.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\share\zenmap\pixmaps\vl_3_32.png	nmap-7.93-setup.exe
File opened for modification	C:\Program Files (x86)\Nmap\py2exe\lib\gtk-2.0\2.10.0\engines\libpixmap.dll	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\share\zenmap\pixmaps\irix_75.png	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\knx-gateway-discover.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\smb-flood.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\rsync-list-modules.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\nrpc.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\share\zenmap\locale\ja\LC_MESSAGES\zenmap.mo	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\share\zenmap\pixmaps\macosx_32.png	nmap-7.93-setup.exe
File opened for modification	C:\Program Files (x86)\Nmap\py2exe\gobject._gobject.pyd	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-vuln-cve2010-2861.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\rmi-dumpregistry.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\formulas.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\ldap.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\share\zenmap\pixmaps\vl_1_32.png	nmap-7.93-setup.exe
File opened for modification	C:\Program Files (x86)\Nmap\python27.dll	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\smb-vuln-regsvc-dos.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\x11-access.nse	nmap-7.93-setup.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File created	C:\Program Files (x86)\Nmap\nselib\libssh2-utility.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\multicast.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\pjl-ready-message.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\broadcast-dhcp-discover.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\ip-geolocation-map-bing.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\smb-vuln-ms10-054.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\lfs.luadoc	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\mongodb.lua	nmap-7.93-setup.exe
File opened for modification	C:\Program Files (x86)\Nmap\py2exe\etc\fonts\fonts.conf	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\licenses\Lua-license.txt	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\hadoop-datanode-info.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\ipmi-cipher-zero.nse	nmap-7.93-setup.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File created	C:\Program Files (x86)\Nmap\scripts\dns-nsid.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\informix-tables.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\lu-enum.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\share\zenmap\pixmaps\radialnet\padlock.png	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\skypev2-version.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\eigrp.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\nselib\mysql.lua	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-phpmyadmin-dir-traversal.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-vuln-cve2017-1001000.nse	nmap-7.93-setup.exe
File created	C:\Program Files (x86)\Nmap\scripts\http-sap-netweaver-leak.nse	nmap-7.93-setup.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\INF\oem0.PNF	pnputil.exe
File created	C:\Windows\INF\oem1.PNF	pnputil.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	NPFInstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	NPFInstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	NPFInstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies data under HKEY_USERS 43 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe

Runs .reg file with regedit 1 IoCs

pid	Process
668	regedit.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1668	NPFInstall.exe
836	NPFInstall.exe
292	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	540	WMIC.exe
Token: SeSecurityPrivilege	540	WMIC.exe
Token: SeTakeOwnershipPrivilege	540	WMIC.exe
Token: SeLoadDriverPrivilege	540	WMIC.exe
Token: SeSystemProfilePrivilege	540	WMIC.exe
Token: SeSystemtimePrivilege	540	WMIC.exe
Token: SeProfSingleProcessPrivilege	540	WMIC.exe
Token: SeIncBasePriorityPrivilege	540	WMIC.exe
Token: SeCreatePagefilePrivilege	540	WMIC.exe
Token: SeBackupPrivilege	540	WMIC.exe
Token: SeRestorePrivilege	540	WMIC.exe
Token: SeShutdownPrivilege	540	WMIC.exe
Token: SeDebugPrivilege	540	WMIC.exe
Token: SeSystemEnvironmentPrivilege	540	WMIC.exe
Token: SeRemoteShutdownPrivilege	540	WMIC.exe
Token: SeUndockPrivilege	540	WMIC.exe
Token: SeManageVolumePrivilege	540	WMIC.exe
Token: 33	540	WMIC.exe
Token: 34	540	WMIC.exe
Token: 35	540	WMIC.exe
Token: SeIncreaseQuotaPrivilege	540	WMIC.exe
Token: SeSecurityPrivilege	540	WMIC.exe
Token: SeTakeOwnershipPrivilege	540	WMIC.exe
Token: SeLoadDriverPrivilege	540	WMIC.exe
Token: SeSystemProfilePrivilege	540	WMIC.exe
Token: SeSystemtimePrivilege	540	WMIC.exe
Token: SeProfSingleProcessPrivilege	540	WMIC.exe
Token: SeIncBasePriorityPrivilege	540	WMIC.exe
Token: SeCreatePagefilePrivilege	540	WMIC.exe
Token: SeBackupPrivilege	540	WMIC.exe
Token: SeRestorePrivilege	540	WMIC.exe
Token: SeShutdownPrivilege	540	WMIC.exe
Token: SeDebugPrivilege	540	WMIC.exe
Token: SeSystemEnvironmentPrivilege	540	WMIC.exe
Token: SeRemoteShutdownPrivilege	540	WMIC.exe
Token: SeUndockPrivilege	540	WMIC.exe
Token: SeManageVolumePrivilege	540	WMIC.exe
Token: 33	540	WMIC.exe
Token: 34	540	WMIC.exe
Token: 35	540	WMIC.exe
Token: SeDebugPrivilege	1668	NPFInstall.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1072	pnputil.exe
Token: SeRestorePrivilege	1520	NPFInstall.exe
Token: SeRestorePrivilege	1520	NPFInstall.exe
Token: SeRestorePrivilege	1520	NPFInstall.exe
Token: SeRestorePrivilege	1520	NPFInstall.exe
Token: SeRestorePrivilege	1520	NPFInstall.exe
Token: SeRestorePrivilege	1520	NPFInstall.exe
Token: SeRestorePrivilege	1520	NPFInstall.exe
Token: SeRestorePrivilege	1696	NPFInstall.exe
Token: SeRestorePrivilege	1696	NPFInstall.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 972	1112	nmap-7.93-setup.exe	28
PID 1112 wrote to memory of 972	1112	nmap-7.93-setup.exe	28
PID 1112 wrote to memory of 972	1112	nmap-7.93-setup.exe	28
PID 1112 wrote to memory of 972	1112	nmap-7.93-setup.exe	28
PID 1112 wrote to memory of 972	1112	nmap-7.93-setup.exe	28
PID 1112 wrote to memory of 972	1112	nmap-7.93-setup.exe	28
PID 1112 wrote to memory of 972	1112	nmap-7.93-setup.exe	28
PID 972 wrote to memory of 768	972	npcap-1.71.exe	29
PID 972 wrote to memory of 768	972	npcap-1.71.exe	29
PID 972 wrote to memory of 768	972	npcap-1.71.exe	29
PID 972 wrote to memory of 768	972	npcap-1.71.exe	29
PID 768 wrote to memory of 540	768	cmd.exe	31
PID 768 wrote to memory of 540	768	cmd.exe	31
PID 768 wrote to memory of 540	768	cmd.exe	31
PID 768 wrote to memory of 540	768	cmd.exe	31
PID 768 wrote to memory of 1992	768	cmd.exe	32
PID 768 wrote to memory of 1992	768	cmd.exe	32
PID 768 wrote to memory of 1992	768	cmd.exe	32
PID 768 wrote to memory of 1992	768	cmd.exe	32
PID 972 wrote to memory of 1668	972	npcap-1.71.exe	34
PID 972 wrote to memory of 1668	972	npcap-1.71.exe	34
PID 972 wrote to memory of 1668	972	npcap-1.71.exe	34
PID 972 wrote to memory of 1668	972	npcap-1.71.exe	34
PID 972 wrote to memory of 628	972	npcap-1.71.exe	36
PID 972 wrote to memory of 628	972	npcap-1.71.exe	36
PID 972 wrote to memory of 628	972	npcap-1.71.exe	36
PID 972 wrote to memory of 628	972	npcap-1.71.exe	36
PID 972 wrote to memory of 1252	972	npcap-1.71.exe	38
PID 972 wrote to memory of 1252	972	npcap-1.71.exe	38
PID 972 wrote to memory of 1252	972	npcap-1.71.exe	38
PID 972 wrote to memory of 1252	972	npcap-1.71.exe	38
PID 972 wrote to memory of 1980	972	npcap-1.71.exe	40
PID 972 wrote to memory of 1980	972	npcap-1.71.exe	40
PID 972 wrote to memory of 1980	972	npcap-1.71.exe	40
PID 972 wrote to memory of 1980	972	npcap-1.71.exe	40
PID 1980 wrote to memory of 1072	1980	NPFInstall.exe	42
PID 1980 wrote to memory of 1072	1980	NPFInstall.exe	42
PID 1980 wrote to memory of 1072	1980	NPFInstall.exe	42
PID 972 wrote to memory of 1520	972	npcap-1.71.exe	44
PID 972 wrote to memory of 1520	972	npcap-1.71.exe	44
PID 972 wrote to memory of 1520	972	npcap-1.71.exe	44
PID 972 wrote to memory of 1520	972	npcap-1.71.exe	44
PID 972 wrote to memory of 1696	972	npcap-1.71.exe	46
PID 972 wrote to memory of 1696	972	npcap-1.71.exe	46
PID 972 wrote to memory of 1696	972	npcap-1.71.exe	46
PID 972 wrote to memory of 1696	972	npcap-1.71.exe	46
PID 1152 wrote to memory of 1640	1152	DrvInst.exe	49
PID 1152 wrote to memory of 1640	1152	DrvInst.exe	49
PID 1152 wrote to memory of 1640	1152	DrvInst.exe	49
PID 972 wrote to memory of 1488	972	npcap-1.71.exe	50
PID 972 wrote to memory of 1488	972	npcap-1.71.exe	50
PID 972 wrote to memory of 1488	972	npcap-1.71.exe	50
PID 972 wrote to memory of 1488	972	npcap-1.71.exe	50
PID 972 wrote to memory of 1488	972	npcap-1.71.exe	50
PID 972 wrote to memory of 1488	972	npcap-1.71.exe	50
PID 972 wrote to memory of 1488	972	npcap-1.71.exe	50
PID 1488 wrote to memory of 836	1488	Uninstall.exe	51
PID 1488 wrote to memory of 836	1488	Uninstall.exe	51
PID 1488 wrote to memory of 836	1488	Uninstall.exe	51
PID 1488 wrote to memory of 836	1488	Uninstall.exe	51
PID 1488 wrote to memory of 292	1488	Uninstall.exe	53
PID 1488 wrote to memory of 292	1488	Uninstall.exe	53
PID 1488 wrote to memory of 292	1488	Uninstall.exe	53
PID 1488 wrote to memory of 292	1488	Uninstall.exe	53

C:\Users\Admin\AppData\Local\Temp\nmap-7.93-setup.exe
"C:\Users\Admin\AppData\Local\Temp\nmap-7.93-setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Users\Admin\AppData\Local\Temp\nso1A86.tmp\npcap-1.71.exe
  "C:\Users\Admin\AppData\Local\Temp\nso1A86.tmp\npcap-1.71.exe" /loopback_support=no
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:972
- - C:\Windows\SysWOW64\cmd.exe
    cmd /Q /C "%SYSTEMROOT%\System32\wbem\wmic.exe qfe get hotfixid | %SYSTEMROOT%\System32\findstr.exe "^KB4474419""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:768
  - - C:\Windows\SysWOW64\wbem\WMIC.exe
      C:\Windows\System32\wbem\wmic.exe qfe get hotfixid
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:540
  - - C:\Windows\SysWOW64\findstr.exe
      C:\Windows\System32\findstr.exe "^KB4474419"
      4⤵
      PID:1992
- - C:\Users\Admin\AppData\Local\Temp\nsy4878.tmp\NPFInstall.exe
    "C:\Users\Admin\AppData\Local\Temp\nsy4878.tmp\NPFInstall.exe" -n -check_dll
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1668
- - C:\Windows\SysWOW64\certutil.exe
    certutil -addstore -f "Root" "C:\Users\Admin\AppData\Local\Temp\nsy4878.tmp\roots.p7b"
    3⤵
    PID:628
- - C:\Windows\SysWOW64\certutil.exe
    certutil -addstore -f "TrustedPublisher" "C:\Users\Admin\AppData\Local\Temp\nsy4878.tmp\signing.p7b"
    3⤵
    PID:1252
- - C:\Program Files\Npcap\NPFInstall.exe
    "C:\Program Files\Npcap\NPFInstall.exe" -n -c
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:1980
  - - C:\Windows\system32\pnputil.exe
      pnputil.exe -e
      4⤵
      Drops file in Windows directory
      Suspicious use of AdjustPrivilegeToken
      PID:1072
- - C:\Program Files\Npcap\NPFInstall.exe
    "C:\Program Files\Npcap\NPFInstall.exe" -n -iw
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious use of AdjustPrivilegeToken
    PID:1520
- - C:\Program Files\Npcap\NPFInstall.exe
    "C:\Program Files\Npcap\NPFInstall.exe" -n -i
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious use of AdjustPrivilegeToken
    PID:1696
- - C:\Program Files\Npcap\Uninstall.exe
    "C:\Program Files\Npcap\Uninstall.exe" /Q /keep_logs=yes /force=yes _?=C:\Program Files\Npcap
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in System32 directory
    - Suspicious use of WriteProcessMemory
    PID:1488
  - - C:\Program Files\Npcap\NPFInstall.exe
      "C:\Program Files\Npcap\NPFInstall.exe" -n -check_dll
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:836
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Microsoft.PowerShell.Management\Stop-Service -Name npcap -PassThru | Microsoft.PowerShell.Utility\Select-Object -ExpandProperty Status"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:292
  - - C:\Program Files\Npcap\NPFInstall.exe
      "C:\Program Files\Npcap\NPFInstall.exe" -n -u
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:1664
  - - C:\Program Files\Npcap\NPFInstall.exe
      "C:\Program Files\Npcap\NPFInstall.exe" -n -uw
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      PID:1704
  - - C:\Program Files\Npcap\NPFInstall.exe
      "C:\Program Files\Npcap\NPFInstall.exe" -n -c
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:1692
    - - C:\Windows\system32\pnputil.exe
        
        pnputil.exe -e
        5⤵
        
        PID:1924
  - - C:\Windows\SysWOW64\SCHTASKS.EXE
      SCHTASKS.EXE /Delete /F /TN npcapwatchdog
      4⤵
      PID:1740
- C:\Windows\SysWOW64\regedt32.exe
  regedt32 /S "C:\Users\Admin\AppData\Local\Temp\nso1A86.tmp\nmap_performance.reg"
  2⤵
  PID:1764
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\nso1A86.tmp\nmap_performance.reg"
    3⤵
    - Runs .reg file with regedit
    PID:668

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{612a5116-a9f6-5f8c-e6ee-802252c49532}\NPCAP.inf" "9" "605306be3" "000000000000053C" "WinSta0\Default" "00000000000005A8" "208" "C:\Program Files\Npcap"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\system32\rundll32.exe
  rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{12370116-51b0-06dc-fa76-782807c15a55} Global\{2787a22a-51ef-48fe-7706-aa75d71e943a} C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\NPCAP.inf C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\npcap.cat
  2⤵
  PID:1640

C:\Program Files (x86)\Nmap\zenmap.exe
"C:\Program Files (x86)\Nmap\zenmap.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1696
- C:\Program Files (x86)\Nmap\nmap.exe
  nmap -T4 -A -v -oX c:\users\admin\appdata\local\temp\zenmap-ncrpxz.xml 1
  2⤵
  - Executes dropped EXE
  PID:1268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~1\Npcap\npcap.sys

Filesize
65KB

MD5
61613f1bef848e6c08bfce931753dedc

SHA1
c902177d2ed221019ea728443ef32bfff8688d3a

SHA256
81142d0f58c32f54d54b2f3fe725a5e09b5b9b81e72704aea2ecfae15a2a9085

SHA512
358567c89e16f9e9e29d27710f46b700075dda5ecfea5f42a4c5d00c3ce3d82a69dcb3301635bd6b0f1af91c232c1b8395431cf8141061a7e8c0a4f964b7e33d

Download Submit
C:\Program Files\Npcap\NPCAP.inf

Filesize
8KB

MD5
974e3b4529ff617b0d1a3383a9f7ac74

SHA1
a7993a1758e402ca1d5529c9392f98799054f860

SHA256
aace2ab10f7849737298900e5e8fdf3f980ed311bdc8d1ac7c7006688104aab3

SHA512
7f98f2a15ddadcaf390f4876d7c849744509961866de34b04336edf192466272af3d9417fee09c1e32c5f1e9fd7b8350e93970169191cbf1eb27db1d73db16f5

Download Submit
C:\Program Files\Npcap\NPCAP_wfp.inf

Filesize
2KB

MD5
a5971e56a78ee221cd0c05c1940cc360

SHA1
92e184e154af9d3a61d7c66d90922e1064bd0895

SHA256
f0bd3192542df8e0c774c9ffcbbd8a0a92d9d2a250bec7c976b402ea900bb222

SHA512
687f4621fb931bed5061983bca394e0ea3d62bcfedaccfc08dbf83c30e1e25edf011b9e3cd24859ba0493ee595b5e1fc1e762337546a7939ef56dc4c9bdc2e93

Download Submit
C:\Program Files\Npcap\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
C:\Program Files\Npcap\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
C:\Program Files\Npcap\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
C:\Program Files\Npcap\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
3KB

MD5
905bfcaa8c39840fa499b200dedb2228

SHA1
53f0e870c0c5c5ce149b500673710c93f0dd4062

SHA256
0e4916bf83a67796f7e5d0be10bb1a2000192441416ec3a1d144a8b7b8387348

SHA512
8207a999d4e11b007b2b1eda4ac0163399b6ba615fafc958cf56d87601459b04e6dcfe6cbf6bdbda1a2d0cfc1f21ce14422745ee1825176e44f1f3dedf800b4d

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
877B

MD5
889e35034ff5a039989bf9d0b46c4c56

SHA1
b6cd943a1fca8f920d1326cb16f9d372894935d1

SHA256
352d84aeb49a6f9a0de85456ac272e64b4cbe0fcc88fbb4bc0d47294862567ff

SHA512
081ea3403f1a8bce17caf230e05d8ee4844f74ee034a19899595b7e02f6ba26442aff890d3df4d41a5df146d99713acea0e5bbd06ff78fb8eac045da9583c6b7

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
2KB

MD5
b9fe9f1443b9c4f83b9c546f49b2e3b7

SHA1
a9bbb07403a040eeccb0455e2124758cecbdb573

SHA256
b97a3e3d017d6a33a4b3790c042031dc5ab95809c49692f67e90e2791b8c15b0

SHA512
16beca673202c6edbda977c0d85ca19fde9c148a646dccd742c668b4db8cec3d08441d25e1a992b7e37bb5de9e25d68709000021780fcfb6b3aa4fa1aa33afd1

Download Submit
C:\Program Files\Npcap\Uninstall.exe

Filesize
1.0MB

MD5
eafe97644e1f8d030cf3107aae393b14

SHA1
d8008a9c6b165f8389af9546992eb3bd96329c00

SHA256
69b1d5911044809ef5e585c32c02760b06d2eaeec340c59bfd65d82f47542c68

SHA512
87e1d841f38aa34860703fa0f818113c3f08ea47f309c295e399f9b3815f512c8cd3263ff2792b779c87c5ef87df675d3ef19b13cb2f3a773c906e132709dc77

Download Submit
C:\Program Files\Npcap\Uninstall.exe

Filesize
1.0MB

MD5
eafe97644e1f8d030cf3107aae393b14

SHA1
d8008a9c6b165f8389af9546992eb3bd96329c00

SHA256
69b1d5911044809ef5e585c32c02760b06d2eaeec340c59bfd65d82f47542c68

SHA512
87e1d841f38aa34860703fa0f818113c3f08ea47f309c295e399f9b3815f512c8cd3263ff2792b779c87c5ef87df675d3ef19b13cb2f3a773c906e132709dc77

Download Submit
C:\Program Files\Npcap\install.log

Filesize
27KB

MD5
0cfccb308453f9b9109fbb2d31b7d3b1

SHA1
9d64ccbd2dee0c8ef10d347a489a9a34ecd109e5

SHA256
a496ff01cbd90ea9ce8720f2997616a35d051f07082fe152c89b9eaab519522a

SHA512
a2048581bebffafad633e8f02a75c6b4f3f905461a4a6487d432f8a38d3b336aad297b59af67c1e7679daafeeafee2f8cc29825250d172478cfc45e9a3356c60

Download Submit
C:\Program Files\Npcap\npcap.cat

Filesize
12KB

MD5
476aefd0a4901004fb2bc4ad796910b9

SHA1
a3b4bb1c474aaca684bbfc5f686bfe8060422a6d

SHA256
a2baec34bbcbf3f655c7d6d91ad117d0aae555a2f55c0187d487b6c21c0785a2

SHA512
b93da1583b224faa3209f4083322bbc5b1b9239dd25b389bdb13406c43c66dff82ab2539dc48272908f799ff01536438f12f848af35a9092d5e84493dafeb49f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso1A86.tmp\npcap-1.71.exe

Filesize
1.1MB

MD5
40cfea6d5a3ff15caf6dd4ae88a012b2

SHA1
287b229cecf54ea110a8b8422dcda20922bdf65e

SHA256
5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c

SHA512
6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso1A86.tmp\npcap-1.71.exe

Filesize
1.1MB

MD5
40cfea6d5a3ff15caf6dd4ae88a012b2

SHA1
287b229cecf54ea110a8b8422dcda20922bdf65e

SHA256
5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c

SHA512
6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy4878.tmp\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy4878.tmp\roots.p7b

Filesize
1KB

MD5
397a5848d3696fc6ba0823088fea83db

SHA1
9189985f027de80d4882ab5e01604c59d6fc1f16

SHA256
ad3bca6f2b0ec032c7f1fe1adb186bd73be6a332c868bf16c9765087fff1c1ca

SHA512
66129a206990753967cd98c14a0a3e0e2a73bc4cd10cf84a5a05da7bf20719376989d64c6c7880a3e4754fc74653dd49f2ffeffd55fc4ee5966f65beb857118c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy4878.tmp\signing.p7b

Filesize
7KB

MD5
dd4bc901ef817319791337fb345932e8

SHA1
f8a3454a09d90a09273935020c1418fdb7b7eb7c

SHA256
8e681692403c0f7c0b24160f4642daa1eb080ce5ec754b6f47cc56b43e731b71

SHA512
0a67cc346f9752e1c868b7dc60b25704255ab1e6ea745850c069212f2724eba62ffaaa48309d5eba6ae0235223518610fb4b60fc422e4babba4f33d331c71db5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{612A5~1\npcap.sys

Filesize
65KB

MD5
61613f1bef848e6c08bfce931753dedc

SHA1
c902177d2ed221019ea728443ef32bfff8688d3a

SHA256
81142d0f58c32f54d54b2f3fe725a5e09b5b9b81e72704aea2ecfae15a2a9085

SHA512
358567c89e16f9e9e29d27710f46b700075dda5ecfea5f42a4c5d00c3ce3d82a69dcb3301635bd6b0f1af91c232c1b8395431cf8141061a7e8c0a4f964b7e33d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{612a5116-a9f6-5f8c-e6ee-802252c49532}\NPCAP.inf

Filesize
8KB

MD5
974e3b4529ff617b0d1a3383a9f7ac74

SHA1
a7993a1758e402ca1d5529c9392f98799054f860

SHA256
aace2ab10f7849737298900e5e8fdf3f980ed311bdc8d1ac7c7006688104aab3

SHA512
7f98f2a15ddadcaf390f4876d7c849744509961866de34b04336edf192466272af3d9417fee09c1e32c5f1e9fd7b8350e93970169191cbf1eb27db1d73db16f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{612a5116-a9f6-5f8c-e6ee-802252c49532}\npcap.cat

Filesize
12KB

MD5
476aefd0a4901004fb2bc4ad796910b9

SHA1
a3b4bb1c474aaca684bbfc5f686bfe8060422a6d

SHA256
a2baec34bbcbf3f655c7d6d91ad117d0aae555a2f55c0187d487b6c21c0785a2

SHA512
b93da1583b224faa3209f4083322bbc5b1b9239dd25b389bdb13406c43c66dff82ab2539dc48272908f799ff01536438f12f848af35a9092d5e84493dafeb49f

Download Submit
C:\Windows\SysWOW64\NpcapHelper.exe

Filesize
126KB

MD5
c7d5ade66d275d67a9d272b32d6e071e

SHA1
bec9d22e1e54fb2c7f28c021b54b1ab02c18fd6e

SHA256
6496d33d3bd318b85a8a18423816d51b052196903b1409078ffd76e4597d4056

SHA512
0981ae428a3c543d67c4ab75ae7632c6994cf60f780013e0cc37225f0fc3984b823e1d782247e6502814ac8652c60bbe2a86971e775598bb862895bbd511f369

Download Submit
C:\Windows\SysWOW64\Npcap\NpcapHelper.exe

Filesize
126KB

MD5
c7d5ade66d275d67a9d272b32d6e071e

SHA1
bec9d22e1e54fb2c7f28c021b54b1ab02c18fd6e

SHA256
6496d33d3bd318b85a8a18423816d51b052196903b1409078ffd76e4597d4056

SHA512
0981ae428a3c543d67c4ab75ae7632c6994cf60f780013e0cc37225f0fc3984b823e1d782247e6502814ac8652c60bbe2a86971e775598bb862895bbd511f369

Download Submit
C:\Windows\SysWOW64\Npcap\Packet.dll

Filesize
169KB

MD5
813ed46976b6154e3ffbeecc5159ba5a

SHA1
d5c488e0b61ad8d2b28521435488a4e2ffaab8f8

SHA256
dd420632b7535ac9f40c12ae0830d2f3464ff295b4f698f9b16a1cd84ea32737

SHA512
f4940a6a120a4e1473ab3c159614798cc9dd08412f85b64a7e5ba763086f39263aef92e9c517f4b4873b0b8191655532856a7d45fd9589fd90ae12b61cd23fae

Download Submit
C:\Windows\SysWOW64\Npcap\WlanHelper.exe

Filesize
210KB

MD5
6f7781328f418c833234e825dd141fe0

SHA1
2f5faf1b16bac1e60c61b732b94c8bc0816c3915

SHA256
59ee12726a69f451e7f59325ddd8673a62b4fc87efedd0d555e3b2b710b3cc68

SHA512
c2738c8d081787359b18b56a879043ccd1a154d555164314ab71d824595fe938415ec5d1f876fcfb91e9723c2fd59d8320f65d74700228788a9618d05d45f7a7

Download Submit
C:\Windows\SysWOW64\Npcap\wpcap.dll

Filesize
408KB

MD5
f87682059c749ef2960f1c9b962a7f00

SHA1
9c2cbba19cd20687cfa68b9b098974e1a18aaca7

SHA256
1710a612c5bca7fb949b909ea2a9c006cde23146663ea1ce8a55a18c9a1d99a1

SHA512
0c7c673d52ee74c4d74d4b6ba4b31dd45da33bd81cfe112b069324d7e3d81a5f71c4603f44efd8da99328ff397db2b121c0f8f1f9fd74a215dd38816b253b58b

Download Submit
C:\Windows\SysWOW64\Packet.dll

Filesize
169KB

MD5
813ed46976b6154e3ffbeecc5159ba5a

SHA1
d5c488e0b61ad8d2b28521435488a4e2ffaab8f8

SHA256
dd420632b7535ac9f40c12ae0830d2f3464ff295b4f698f9b16a1cd84ea32737

SHA512
f4940a6a120a4e1473ab3c159614798cc9dd08412f85b64a7e5ba763086f39263aef92e9c517f4b4873b0b8191655532856a7d45fd9589fd90ae12b61cd23fae

Download Submit
C:\Windows\SysWOW64\WlanHelper.exe

Filesize
210KB

MD5
6f7781328f418c833234e825dd141fe0

SHA1
2f5faf1b16bac1e60c61b732b94c8bc0816c3915

SHA256
59ee12726a69f451e7f59325ddd8673a62b4fc87efedd0d555e3b2b710b3cc68

SHA512
c2738c8d081787359b18b56a879043ccd1a154d555164314ab71d824595fe938415ec5d1f876fcfb91e9723c2fd59d8320f65d74700228788a9618d05d45f7a7

Download Submit
C:\Windows\SysWOW64\wpcap.dll

Filesize
408KB

MD5
f87682059c749ef2960f1c9b962a7f00

SHA1
9c2cbba19cd20687cfa68b9b098974e1a18aaca7

SHA256
1710a612c5bca7fb949b909ea2a9c006cde23146663ea1ce8a55a18c9a1d99a1

SHA512
0c7c673d52ee74c4d74d4b6ba4b31dd45da33bd81cfe112b069324d7e3d81a5f71c4603f44efd8da99328ff397db2b121c0f8f1f9fd74a215dd38816b253b58b

Download Submit
C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\NPCAP.inf

Filesize
8KB

MD5
974e3b4529ff617b0d1a3383a9f7ac74

SHA1
a7993a1758e402ca1d5529c9392f98799054f860

SHA256
aace2ab10f7849737298900e5e8fdf3f980ed311bdc8d1ac7c7006688104aab3

SHA512
7f98f2a15ddadcaf390f4876d7c849744509961866de34b04336edf192466272af3d9417fee09c1e32c5f1e9fd7b8350e93970169191cbf1eb27db1d73db16f5

Download Submit
C:\Windows\System32\DriverStore\Temp\{5d326767-2bb7-54e8-5fbb-a57b5fbcec65}\npcap.cat

Filesize
12KB

MD5
476aefd0a4901004fb2bc4ad796910b9

SHA1
a3b4bb1c474aaca684bbfc5f686bfe8060422a6d

SHA256
a2baec34bbcbf3f655c7d6d91ad117d0aae555a2f55c0187d487b6c21c0785a2

SHA512
b93da1583b224faa3209f4083322bbc5b1b9239dd25b389bdb13406c43c66dff82ab2539dc48272908f799ff01536438f12f848af35a9092d5e84493dafeb49f

Download Submit
C:\Windows\system32\NpcapHelper.exe

Filesize
152KB

MD5
7629d56639d830a30ec1389e66d5b079

SHA1
c2442b529d27cc90f92511e837d0a8c6e3229f2c

SHA256
afdb72eb31bbae6e25125a5f2657ab17e19c7f83293226409ec25b058bff8cec

SHA512
c0cf0717bcfc5c1b69e7a098fb3cbaed0104b494993c0b34543760a01d80ff15156e0cb679e1588f4de24d0bcd2836c668dcb27b031b60a731bb11bbaba4664b

Download Submit
C:\Windows\system32\Npcap\NpcapHelper.exe

Filesize
152KB

MD5
7629d56639d830a30ec1389e66d5b079

SHA1
c2442b529d27cc90f92511e837d0a8c6e3229f2c

SHA256
afdb72eb31bbae6e25125a5f2657ab17e19c7f83293226409ec25b058bff8cec

SHA512
c0cf0717bcfc5c1b69e7a098fb3cbaed0104b494993c0b34543760a01d80ff15156e0cb679e1588f4de24d0bcd2836c668dcb27b031b60a731bb11bbaba4664b

Download Submit
C:\Windows\system32\Npcap\Packet.dll

Filesize
214KB

MD5
807153c39e2bd6301db1f2f6c456992b

SHA1
ba1113a1c444261400f732afa1c59a11805b876d

SHA256
156dfe96b326b9f94587603a4be0013b1336cd1f8660143d7de83c0b19470e6d

SHA512
1ffd22f40eea7065064922d72fa7fcd0646c9740e001e54646a7c330872e2be048bfe1b415d09789d0ccc7556c9a540bd02330799d614d420de357f30599d202

Download Submit
C:\Windows\system32\Npcap\WlanHelper.exe

Filesize
260KB

MD5
4b904779b9f46ba4097fa5e8e3f1a327

SHA1
7ab3ffac6e6f6834839af3dcd2c1edb6f3a7aec2

SHA256
93b7ec7e5dd8fc7feab5cc1cd0f6dd915f50dd7787ca41283e1dd6eeac897d36

SHA512
6a80e200764eecc784fe4c7721ce4717d54ceca2861a3ab26d7625ff12d16266ac40267eeae65f93d8c2206941d785f132974dc118bf6bdd1d659ce89b87f776

Download Submit
C:\Windows\system32\Npcap\wpcap.dll

Filesize
477KB

MD5
d18d831553573c0bb4f6d9774ea0eb98

SHA1
f9f55503f4baa7e50afe26381bd4407f6891d08e

SHA256
b6fe42548c81b1403178d67320cf32ffb9e2fcea9d610c584cefcdbc1dbdd9e4

SHA512
7d4b6175419895db7aed9745266475d23a4430218a7bcbb12de442672143dcc3c4531c63796e634e58abc2db0e4edb600aee0211aeda6ee385a4c021849a4592

Download Submit
C:\Windows\system32\Packet.dll

Filesize
214KB

MD5
807153c39e2bd6301db1f2f6c456992b

SHA1
ba1113a1c444261400f732afa1c59a11805b876d

SHA256
156dfe96b326b9f94587603a4be0013b1336cd1f8660143d7de83c0b19470e6d

SHA512
1ffd22f40eea7065064922d72fa7fcd0646c9740e001e54646a7c330872e2be048bfe1b415d09789d0ccc7556c9a540bd02330799d614d420de357f30599d202

Download Submit
C:\Windows\system32\WlanHelper.exe

Filesize
260KB

MD5
4b904779b9f46ba4097fa5e8e3f1a327

SHA1
7ab3ffac6e6f6834839af3dcd2c1edb6f3a7aec2

SHA256
93b7ec7e5dd8fc7feab5cc1cd0f6dd915f50dd7787ca41283e1dd6eeac897d36

SHA512
6a80e200764eecc784fe4c7721ce4717d54ceca2861a3ab26d7625ff12d16266ac40267eeae65f93d8c2206941d785f132974dc118bf6bdd1d659ce89b87f776

Download Submit
C:\Windows\system32\wpcap.dll

Filesize
477KB

MD5
d18d831553573c0bb4f6d9774ea0eb98

SHA1
f9f55503f4baa7e50afe26381bd4407f6891d08e

SHA256
b6fe42548c81b1403178d67320cf32ffb9e2fcea9d610c584cefcdbc1dbdd9e4

SHA512
7d4b6175419895db7aed9745266475d23a4430218a7bcbb12de442672143dcc3c4531c63796e634e58abc2db0e4edb600aee0211aeda6ee385a4c021849a4592

Download Submit
\Program Files\Npcap\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
\Program Files\Npcap\Uninstall.exe

Filesize
1.0MB

MD5
eafe97644e1f8d030cf3107aae393b14

SHA1
d8008a9c6b165f8389af9546992eb3bd96329c00

SHA256
69b1d5911044809ef5e585c32c02760b06d2eaeec340c59bfd65d82f47542c68

SHA512
87e1d841f38aa34860703fa0f818113c3f08ea47f309c295e399f9b3815f512c8cd3263ff2792b779c87c5ef87df675d3ef19b13cb2f3a773c906e132709dc77

Download Submit
\Users\Admin\AppData\Local\Temp\nsjA862.tmp\System.dll

Filesize
19KB

MD5
f020a8d9ede1fb2af3651ad6e0ac9cb1

SHA1
341f9345d669432b2a51d107cbd101e8b82e37b1

SHA256
7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0

SHA512
408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

Download Submit
\Users\Admin\AppData\Local\Temp\nsjA862.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
\Users\Admin\AppData\Local\Temp\nso1A86.tmp\InstallOptions.dll

Filesize
22KB

MD5
17c877fec39fc8ce03b7f012ef25211f

SHA1
61adfa25cbd51375f0355aa9b895e1dc28389e19

SHA256
dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

SHA512
45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

Download Submit
\Users\Admin\AppData\Local\Temp\nso1A86.tmp\InstallOptions.dll

Filesize
22KB

MD5
17c877fec39fc8ce03b7f012ef25211f

SHA1
61adfa25cbd51375f0355aa9b895e1dc28389e19

SHA256
dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

SHA512
45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

Download Submit
\Users\Admin\AppData\Local\Temp\nso1A86.tmp\npcap-1.71.exe

Filesize
1.1MB

MD5
40cfea6d5a3ff15caf6dd4ae88a012b2

SHA1
287b229cecf54ea110a8b8422dcda20922bdf65e

SHA256
5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c

SHA512
6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\NPFInstall.exe

Filesize
300KB

MD5
36f0e125cb870ac28cdff861a684f844

SHA1
2e2cdeff8b14ef9146dddb9a659bcc6532c72421

SHA256
0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

SHA512
144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\System.dll

Filesize
19KB

MD5
f020a8d9ede1fb2af3651ad6e0ac9cb1

SHA1
341f9345d669432b2a51d107cbd101e8b82e37b1

SHA256
7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0

SHA512
408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
\Users\Admin\AppData\Local\Temp\nsy4878.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
memory/292-141-0x0000000073FE0000-0x000000007458B000-memory.dmp

Filesize
5.7MB

Download
memory/292-140-0x0000000073FE0000-0x000000007458B000-memory.dmp

Filesize
5.7MB

Download
memory/1112-54-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download
memory/1640-108-0x000007FEFBFC1000-0x000007FEFBFC3000-memory.dmp

Filesize
8KB

Download
memory/1696-152-0x0000000002100000-0x0000000002211000-memory.dmp

Filesize
1.1MB

Download
memory/1696-156-0x00000000001F0000-0x0000000000208000-memory.dmp

Filesize
96KB

Download
memory/1696-154-0x0000000002220000-0x00000000025DB000-memory.dmp

Filesize
3.7MB

Download