Overview

overview

8

Static

static

1

nmap-7.93-setup.exe

windows7-x64

8

nmap-7.93-setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    105s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    13-02-2023 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nmap-7.93-setup.exe

  • Size

    27.8MB

  • MD5

    f9e753cccea0ffae6871dc65f67d3f89

  • SHA1

    ab2de49f90330cc3b305457a9a0f897f296e95f4

  • SHA256

    f1160a33fb79c764cdc4c023fa700054ae2945ed91880e37348a17c010ca716f

  • SHA512

    0c6f6c14ecf8ef028e6a556f58e720321a7808b0a1f602e019f6b21d9cef970424185c27e7647368d2fca256d47844310d76d626209d406a961d048063410d1d

  • SSDEEP

    786432:eCw4jIIk4AN6o6JWCRCLz4NFMqt9+26UgRY5YYnDEWW:e/T4hJZRCgMkg+5HEv

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 24 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 36 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies data under HKEY_USERS 64 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\nmap-7.93-setup.exe
    "C:\Users\Admin\AppData\Local\Temp\nmap-7.93-setup.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\Users\Admin\AppData\Local\Temp\nst1DB1.tmp\npcap-1.71.exe
      "C:\Users\Admin\AppData\Local\Temp\nst1DB1.tmp\npcap-1.71.exe" /loopback_support=no
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1452
      • C:\Windows\SysWOW64\cmd.exe
        cmd /Q /C "%SYSTEMROOT%\System32\wbem\wmic.exe qfe get hotfixid | %SYSTEMROOT%\System32\findstr.exe "^KB4474419""
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1484
        • C:\Windows\SysWOW64\wbem\WMIC.exe
          C:\Windows\System32\wbem\wmic.exe qfe get hotfixid
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:580
        • C:\Windows\SysWOW64\findstr.exe
          C:\Windows\System32\findstr.exe "^KB4474419"
          4⤵
            PID:564
        • C:\Users\Admin\AppData\Local\Temp\nso6D66.tmp\NPFInstall.exe
          "C:\Users\Admin\AppData\Local\Temp\nso6D66.tmp\NPFInstall.exe" -n -check_dll
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1176
        • C:\Windows\SysWOW64\certutil.exe
          certutil -addstore -f "Root" "C:\Users\Admin\AppData\Local\Temp\nso6D66.tmp\roots.p7b"
          3⤵
            PID:1328
          • C:\Windows\SysWOW64\certutil.exe
            certutil -addstore -f "TrustedPublisher" "C:\Users\Admin\AppData\Local\Temp\nso6D66.tmp\signing.p7b"
            3⤵
              PID:852
            • C:\Program Files\Npcap\NPFInstall.exe
              "C:\Program Files\Npcap\NPFInstall.exe" -n -c
              3⤵
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:1976
              • C:\Windows\system32\pnputil.exe
                pnputil.exe -e
                4⤵
                • Drops file in Windows directory
                • Suspicious use of AdjustPrivilegeToken
                PID:1692
            • C:\Program Files\Npcap\NPFInstall.exe
              "C:\Program Files\Npcap\NPFInstall.exe" -n -iw
              3⤵
              • Executes dropped EXE
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              PID:1732
            • C:\Program Files\Npcap\NPFInstall.exe
              "C:\Program Files\Npcap\NPFInstall.exe" -n -i
              3⤵
              • Drops file in Drivers directory
              • Executes dropped EXE
              • Drops file in System32 directory
              • Drops file in Windows directory
              • Suspicious use of AdjustPrivilegeToken
              PID:2008
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Microsoft.PowerShell.Management\Start-Service -Name npcap -PassThru | Microsoft.PowerShell.Management\Stop-Service -PassThru | Microsoft.PowerShell.Management\Start-Service"
              3⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:2028
            • C:\Windows\SysWOW64\SCHTASKS.EXE
              SCHTASKS.EXE /Create /F /RU SYSTEM /SC ONSTART /TN npcapwatchdog /TR "'C:\Program Files\Npcap\CheckStatus.bat'" /NP
              3⤵
              • Creates scheduled task(s)
              PID:1532
          • C:\Windows\SysWOW64\regedt32.exe
            regedt32 /S "C:\Users\Admin\AppData\Local\Temp\nst1DB1.tmp\nmap_performance.reg"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:2036
            • C:\Windows\SysWOW64\regedit.exe
              "C:\Windows\regedit.exe" /S "C:\Users\Admin\AppData\Local\Temp\nst1DB1.tmp\nmap_performance.reg"
              3⤵
              • Runs .reg file with regedit
              PID:240
        • C:\Windows\system32\DrvInst.exe
          DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{16b3349b-766b-4175-2c01-3a3be5ba8178}\NPCAP.inf" "9" "605306be3" "0000000000000578" "WinSta0\Default" "0000000000000590" "208" "C:\Program Files\Npcap"
          1⤵
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Modifies data under HKEY_USERS
          • Suspicious use of WriteProcessMemory
          PID:1120
          • C:\Windows\system32\rundll32.exe
            rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{1fdce032-4ee6-5f30-0ec7-516301be6e17} Global\{0fa5e0a8-16ce-2595-290c-2f4525ca5f12} C:\Windows\System32\DriverStore\Temp\{044000ba-ac69-6a64-9c8d-1c0728f13d7c}\NPCAP.inf C:\Windows\System32\DriverStore\Temp\{044000ba-ac69-6a64-9c8d-1c0728f13d7c}\npcap.cat
            2⤵
              PID:1576
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
              PID:1792
            • C:\Windows\system32\DrvInst.exe
              DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005BC" "00000000000005C0"
              1⤵
              • Drops file in Windows directory
              • Modifies data under HKEY_USERS
              PID:1352

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\PROGRA~1\Npcap\npcap.sys
              Filesize

              65KB

              MD5

              61613f1bef848e6c08bfce931753dedc

              SHA1

              c902177d2ed221019ea728443ef32bfff8688d3a

              SHA256

              81142d0f58c32f54d54b2f3fe725a5e09b5b9b81e72704aea2ecfae15a2a9085

              SHA512

              358567c89e16f9e9e29d27710f46b700075dda5ecfea5f42a4c5d00c3ce3d82a69dcb3301635bd6b0f1af91c232c1b8395431cf8141061a7e8c0a4f964b7e33d

              Download Submit

            • C:\Program Files\Npcap\NPCAP.inf
              Filesize

              8KB

              MD5

              974e3b4529ff617b0d1a3383a9f7ac74

              SHA1

              a7993a1758e402ca1d5529c9392f98799054f860

              SHA256

              aace2ab10f7849737298900e5e8fdf3f980ed311bdc8d1ac7c7006688104aab3

              SHA512

              7f98f2a15ddadcaf390f4876d7c849744509961866de34b04336edf192466272af3d9417fee09c1e32c5f1e9fd7b8350e93970169191cbf1eb27db1d73db16f5

              Download Submit

            • C:\Program Files\Npcap\NPCAP_wfp.inf
              Filesize

              2KB

              MD5

              a5971e56a78ee221cd0c05c1940cc360

              SHA1

              92e184e154af9d3a61d7c66d90922e1064bd0895

              SHA256

              f0bd3192542df8e0c774c9ffcbbd8a0a92d9d2a250bec7c976b402ea900bb222

              SHA512

              687f4621fb931bed5061983bca394e0ea3d62bcfedaccfc08dbf83c30e1e25edf011b9e3cd24859ba0493ee595b5e1fc1e762337546a7939ef56dc4c9bdc2e93

              Download Submit

            • C:\Program Files\Npcap\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • C:\Program Files\Npcap\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • C:\Program Files\Npcap\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • C:\Program Files\Npcap\NPFInstall.log
              Filesize

              2KB

              MD5

              5516cc433076517550c3920282e1a703

              SHA1

              515b2538fbeef7356462093d98a46d69d371b3a3

              SHA256

              6ba55d7cc66388a46333941119ca8a13654c916b78a8e060f0e093b71c8067cd

              SHA512

              42b457039b7685e2b4798f13d15cb3022f308d0eed0c90cbbb481757c2d3e4cacce33c6aff4fb94376c2f30f571c211dbc004f5e8630b206556e958cb895e03c

              Download Submit

            • C:\Program Files\Npcap\NPFInstall.log
              Filesize

              739B

              MD5

              8abeb74d0550ee7012181e5be4fc5485

              SHA1

              95a7ac607b96297f8c81df1680bb6cb99ce8a7ed

              SHA256

              77dc0dbf9c1ae5932357c1d05952f874646e2bcd6ace3487e578e705f0879701

              SHA512

              8ec6244984a59464b29415a598fb6ce3668098f96bd978f690dcd8153ceeff4b538f70518f8cef6d1fe8484169b2fa289ba70786dcdaab7e005f4217bbc0bcdd

              Download Submit

            • C:\Program Files\Npcap\NPFInstall.log
              Filesize

              1KB

              MD5

              636a616122d1a10fceb6ee9861c6901b

              SHA1

              4dc65ff48b7880f8dce1d2cf3dd15f4bbe0ec1c2

              SHA256

              01314b4a7b8b3d777bb87d4a270c5b25417f278932fec3b8463d8042d967fea2

              SHA512

              2d420056581a7feb2b200be4b2a250e120bad5f32946e40974228bb76f2dd82b3a04d507e73f2119ce49f79833e0dc2ace2166682e330126f97a68b4570e2fed

              Download Submit

            • C:\Program Files\Npcap\npcap.cat
              Filesize

              12KB

              MD5

              476aefd0a4901004fb2bc4ad796910b9

              SHA1

              a3b4bb1c474aaca684bbfc5f686bfe8060422a6d

              SHA256

              a2baec34bbcbf3f655c7d6d91ad117d0aae555a2f55c0187d487b6c21c0785a2

              SHA512

              b93da1583b224faa3209f4083322bbc5b1b9239dd25b389bdb13406c43c66dff82ab2539dc48272908f799ff01536438f12f848af35a9092d5e84493dafeb49f

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\nso6D66.tmp\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\nso6D66.tmp\roots.p7b
              Filesize

              1KB

              MD5

              397a5848d3696fc6ba0823088fea83db

              SHA1

              9189985f027de80d4882ab5e01604c59d6fc1f16

              SHA256

              ad3bca6f2b0ec032c7f1fe1adb186bd73be6a332c868bf16c9765087fff1c1ca

              SHA512

              66129a206990753967cd98c14a0a3e0e2a73bc4cd10cf84a5a05da7bf20719376989d64c6c7880a3e4754fc74653dd49f2ffeffd55fc4ee5966f65beb857118c

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\nso6D66.tmp\signing.p7b
              Filesize

              7KB

              MD5

              dd4bc901ef817319791337fb345932e8

              SHA1

              f8a3454a09d90a09273935020c1418fdb7b7eb7c

              SHA256

              8e681692403c0f7c0b24160f4642daa1eb080ce5ec754b6f47cc56b43e731b71

              SHA512

              0a67cc346f9752e1c868b7dc60b25704255ab1e6ea745850c069212f2724eba62ffaaa48309d5eba6ae0235223518610fb4b60fc422e4babba4f33d331c71db5

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\nst1DB1.tmp\nmap_performance.reg
              Filesize

              192B

              MD5

              3cd4a36a0dcc9e0e79d1df1d6cc712df

              SHA1

              a9b6fe5c0e01aec042e68c2bc700a721c4ecc995

              SHA256

              e77d7b5158ec99d19e552025facf50f477a2f2b1dc3ef2f198520cfa76e9707f

              SHA512

              d3d5ab7cc0943dd7ae85445449249109eeb5f871e1c7baf3139cd9e2d3858f70040102dc30b089fc99ee82ebbf99335c2323b1d070552cf7e565a1ac70ef2487

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\nst1DB1.tmp\npcap-1.71.exe
              Filesize

              1.1MB

              MD5

              40cfea6d5a3ff15caf6dd4ae88a012b2

              SHA1

              287b229cecf54ea110a8b8422dcda20922bdf65e

              SHA256

              5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c

              SHA512

              6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\nst1DB1.tmp\npcap-1.71.exe
              Filesize

              1.1MB

              MD5

              40cfea6d5a3ff15caf6dd4ae88a012b2

              SHA1

              287b229cecf54ea110a8b8422dcda20922bdf65e

              SHA256

              5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c

              SHA512

              6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\{16B33~1\npcap.sys
              Filesize

              65KB

              MD5

              61613f1bef848e6c08bfce931753dedc

              SHA1

              c902177d2ed221019ea728443ef32bfff8688d3a

              SHA256

              81142d0f58c32f54d54b2f3fe725a5e09b5b9b81e72704aea2ecfae15a2a9085

              SHA512

              358567c89e16f9e9e29d27710f46b700075dda5ecfea5f42a4c5d00c3ce3d82a69dcb3301635bd6b0f1af91c232c1b8395431cf8141061a7e8c0a4f964b7e33d

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\{16b3349b-766b-4175-2c01-3a3be5ba8178}\NPCAP.inf
              Filesize

              8KB

              MD5

              974e3b4529ff617b0d1a3383a9f7ac74

              SHA1

              a7993a1758e402ca1d5529c9392f98799054f860

              SHA256

              aace2ab10f7849737298900e5e8fdf3f980ed311bdc8d1ac7c7006688104aab3

              SHA512

              7f98f2a15ddadcaf390f4876d7c849744509961866de34b04336edf192466272af3d9417fee09c1e32c5f1e9fd7b8350e93970169191cbf1eb27db1d73db16f5

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\{16b3349b-766b-4175-2c01-3a3be5ba8178}\npcap.cat
              Filesize

              12KB

              MD5

              476aefd0a4901004fb2bc4ad796910b9

              SHA1

              a3b4bb1c474aaca684bbfc5f686bfe8060422a6d

              SHA256

              a2baec34bbcbf3f655c7d6d91ad117d0aae555a2f55c0187d487b6c21c0785a2

              SHA512

              b93da1583b224faa3209f4083322bbc5b1b9239dd25b389bdb13406c43c66dff82ab2539dc48272908f799ff01536438f12f848af35a9092d5e84493dafeb49f

              Download Submit

            • C:\Windows\INF\oem2.inf
              Filesize

              8KB

              MD5

              974e3b4529ff617b0d1a3383a9f7ac74

              SHA1

              a7993a1758e402ca1d5529c9392f98799054f860

              SHA256

              aace2ab10f7849737298900e5e8fdf3f980ed311bdc8d1ac7c7006688104aab3

              SHA512

              7f98f2a15ddadcaf390f4876d7c849744509961866de34b04336edf192466272af3d9417fee09c1e32c5f1e9fd7b8350e93970169191cbf1eb27db1d73db16f5

              Download Submit

            • C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_neutral_5fbe69d0387e1c8c\npcap.PNF
              Filesize

              11KB

              MD5

              7d3bcf84c2de1d5a2e73b38556a0ef9e

              SHA1

              7ee6649518d1fcd7fba0fae928dcd259b06f502e

              SHA256

              88be6e0c80a0bab7de5d99576395e28305299de949e389b9831b2db59c135925

              SHA512

              869e4217466b2a792719f572431957a59e775e702f42d1da13cced50ce58fb802ef911376c41439a8a2a13951defe1ff9b3f64f74240f5503b83578837de8a3a

              Download Submit

            • C:\Windows\System32\DriverStore\INFCACHE.1
              Filesize

              1.4MB

              MD5

              30c57c9033d789555604ba12a7f95608

              SHA1

              b0f787030d3e149f926cf4048417c4654b395855

              SHA256

              01d7c039fe0c70b575c19f8bbfb86e8c3583aa98c12d8045c9e3560c92e401bb

              SHA512

              24fdd2c13c063d3060bd828578f08eaf1f2b392c2986404262e5e58ac5edadc2843cf067f4a1d8cdb79cd229a3ad916a682ca06d2f72662035c13e2470d22b79

              Download Submit

            • C:\Windows\System32\DriverStore\Temp\{044000ba-ac69-6a64-9c8d-1c0728f13d7c}\NPCAP.inf
              Filesize

              8KB

              MD5

              974e3b4529ff617b0d1a3383a9f7ac74

              SHA1

              a7993a1758e402ca1d5529c9392f98799054f860

              SHA256

              aace2ab10f7849737298900e5e8fdf3f980ed311bdc8d1ac7c7006688104aab3

              SHA512

              7f98f2a15ddadcaf390f4876d7c849744509961866de34b04336edf192466272af3d9417fee09c1e32c5f1e9fd7b8350e93970169191cbf1eb27db1d73db16f5

              Download Submit

            • C:\Windows\System32\DriverStore\Temp\{044000ba-ac69-6a64-9c8d-1c0728f13d7c}\npcap.cat
              Filesize

              12KB

              MD5

              476aefd0a4901004fb2bc4ad796910b9

              SHA1

              a3b4bb1c474aaca684bbfc5f686bfe8060422a6d

              SHA256

              a2baec34bbcbf3f655c7d6d91ad117d0aae555a2f55c0187d487b6c21c0785a2

              SHA512

              b93da1583b224faa3209f4083322bbc5b1b9239dd25b389bdb13406c43c66dff82ab2539dc48272908f799ff01536438f12f848af35a9092d5e84493dafeb49f

              Download Submit

            • \Program Files\Npcap\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • \Program Files\Npcap\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\InstallOptions.dll
              Filesize

              22KB

              MD5

              170c17ac80215d0a377b42557252ae10

              SHA1

              4cbab6cc189d02170dd3ba7c25aa492031679411

              SHA256

              61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

              SHA512

              0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\InstallOptions.dll
              Filesize

              22KB

              MD5

              170c17ac80215d0a377b42557252ae10

              SHA1

              4cbab6cc189d02170dd3ba7c25aa492031679411

              SHA256

              61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

              SHA512

              0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\InstallOptions.dll
              Filesize

              22KB

              MD5

              170c17ac80215d0a377b42557252ae10

              SHA1

              4cbab6cc189d02170dd3ba7c25aa492031679411

              SHA256

              61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

              SHA512

              0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\InstallOptions.dll
              Filesize

              22KB

              MD5

              170c17ac80215d0a377b42557252ae10

              SHA1

              4cbab6cc189d02170dd3ba7c25aa492031679411

              SHA256

              61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

              SHA512

              0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\NPFInstall.exe
              Filesize

              300KB

              MD5

              36f0e125cb870ac28cdff861a684f844

              SHA1

              2e2cdeff8b14ef9146dddb9a659bcc6532c72421

              SHA256

              0560d98683343995d5f2dd5f2607f7298bd81be7746efa0d212481fbfa76788e

              SHA512

              144e014e1047ec0bcf96821207bb4138873557a1ff47843f34ee1c33b6ff1d8365de6177a14c5f8088d0a2087142b7a1f56bf7f7aba67bdd83bbb88f3a36507b

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\System.dll
              Filesize

              19KB

              MD5

              f020a8d9ede1fb2af3651ad6e0ac9cb1

              SHA1

              341f9345d669432b2a51d107cbd101e8b82e37b1

              SHA256

              7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0

              SHA512

              408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\nsExec.dll
              Filesize

              14KB

              MD5

              f9e61a25016dcb49867477c1e71a704e

              SHA1

              c01dc1fa7475e4812d158d6c00533410c597b5d9

              SHA256

              274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

              SHA512

              b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\nsExec.dll
              Filesize

              14KB

              MD5

              f9e61a25016dcb49867477c1e71a704e

              SHA1

              c01dc1fa7475e4812d158d6c00533410c597b5d9

              SHA256

              274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

              SHA512

              b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\nsExec.dll
              Filesize

              14KB

              MD5

              f9e61a25016dcb49867477c1e71a704e

              SHA1

              c01dc1fa7475e4812d158d6c00533410c597b5d9

              SHA256

              274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

              SHA512

              b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\nsExec.dll
              Filesize

              14KB

              MD5

              f9e61a25016dcb49867477c1e71a704e

              SHA1

              c01dc1fa7475e4812d158d6c00533410c597b5d9

              SHA256

              274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

              SHA512

              b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\nsExec.dll
              Filesize

              14KB

              MD5

              f9e61a25016dcb49867477c1e71a704e

              SHA1

              c01dc1fa7475e4812d158d6c00533410c597b5d9

              SHA256

              274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

              SHA512

              b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\nsExec.dll
              Filesize

              14KB

              MD5

              f9e61a25016dcb49867477c1e71a704e

              SHA1

              c01dc1fa7475e4812d158d6c00533410c597b5d9

              SHA256

              274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

              SHA512

              b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\nsExec.dll
              Filesize

              14KB

              MD5

              f9e61a25016dcb49867477c1e71a704e

              SHA1

              c01dc1fa7475e4812d158d6c00533410c597b5d9

              SHA256

              274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

              SHA512

              b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\nsExec.dll
              Filesize

              14KB

              MD5

              f9e61a25016dcb49867477c1e71a704e

              SHA1

              c01dc1fa7475e4812d158d6c00533410c597b5d9

              SHA256

              274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

              SHA512

              b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nso6D66.tmp\nsExec.dll
              Filesize

              14KB

              MD5

              f9e61a25016dcb49867477c1e71a704e

              SHA1

              c01dc1fa7475e4812d158d6c00533410c597b5d9

              SHA256

              274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

              SHA512

              b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nst1DB1.tmp\InstallOptions.dll
              Filesize

              22KB

              MD5

              17c877fec39fc8ce03b7f012ef25211f

              SHA1

              61adfa25cbd51375f0355aa9b895e1dc28389e19

              SHA256

              dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

              SHA512

              45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nst1DB1.tmp\InstallOptions.dll
              Filesize

              22KB

              MD5

              17c877fec39fc8ce03b7f012ef25211f

              SHA1

              61adfa25cbd51375f0355aa9b895e1dc28389e19

              SHA256

              dbb0173bb09d64ca716b3fd9efb0222ecc7c13c11978d29f2b61cf550bcd7aba

              SHA512

              45c44c91bf72d058fcba93e7d96b45fcc3dc06855b86eca0f463aa4eeafc7e68493e33663c68fd3fdceed51dd0e76d3493c47da68a3efdc25af9e78c2643d29d

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nst1DB1.tmp\npcap-1.71.exe
              Filesize

              1.1MB

              MD5

              40cfea6d5a3ff15caf6dd4ae88a012b2

              SHA1

              287b229cecf54ea110a8b8422dcda20922bdf65e

              SHA256

              5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c

              SHA512

              6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024

              Download Submit

            • memory/1244-54-0x0000000075291000-0x0000000075293000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1576-108-0x000007FEFB8E1000-0x000007FEFB8E3000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2028-119-0x0000000073780000-0x0000000073D2B000-memory.dmp

              Filesize

              5.7MB

              Download

            • memory/2028-120-0x0000000073780000-0x0000000073D2B000-memory.dmp

              Filesize

              5.7MB

              Download