7cb380bb249c35afb4a56dfe8a8dec9a6a87a76c1dc7301d9a4e62eabd03a3d1

Resubmissions

01-04-2023 02:07

230401-ckct9sfc79 10

01-04-2023 02:03

230401-cgrt1sgf2y 7

01-04-2023 01:57

230401-cc9h9sfc42 10

Analysis

max time kernel
58s
max time network
122s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01-04-2023 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ghast Setup.exe
Size

47.0MB
MD5

aade6b70530baa03c6f520119161d224
SHA1

ba2d3b60a32e5a4ca5033ceb27ef4bc0613086c8
SHA256

7cb380bb249c35afb4a56dfe8a8dec9a6a87a76c1dc7301d9a4e62eabd03a3d1
SHA512

e8d8f3385efa219368d2a153031e0ef934e8c4e480cca22a54be526297e9093acbd6fe5bc4e6c8353c3712612d2b36f7b6f2312e0d182b73a8bba746b7092296
SSDEEP

786432:F1pKaCrTgJhsBqMCiMz0WSt++sQVOcHJ4ok7icr1TEDgvFGv1XqWHb:F6fWwsnSt++tAwq7icnvm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Ghast Setup.tmp

pid process

1968 Ghast Setup.tmp
Loads dropped DLL 1 IoCs

Processes:

Ghast Setup.exe

pid process

2016 Ghast Setup.exe

pid	process
1968	Ghast Setup.tmp

pid	process
2016	Ghast Setup.exe

Drops file in Program Files directory 2 IoCs

Processes:

Ghast Setup.tmp

description	ioc	process
File created	C:\Program Files (x86)\Ghast\unins000.dat	Ghast Setup.tmp
File created	C:\Program Files (x86)\Ghast\is-VTNOS.tmp	Ghast Setup.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

chrome.exeGhast Setup.tmp

pid process

1676 chrome.exe
1676 chrome.exe
1968 Ghast Setup.tmp
1968 Ghast Setup.tmp

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe
Token: SeShutdownPrivilege	1676	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

chrome.exeGhast Setup.tmp

pid	process
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1968	Ghast Setup.tmp

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe
1676	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Ghast Setup.exechrome.exe

description	pid	process	target process
PID 2016 wrote to memory of 1968	2016	Ghast Setup.exe	Ghast Setup.tmp
PID 2016 wrote to memory of 1968	2016	Ghast Setup.exe	Ghast Setup.tmp
PID 2016 wrote to memory of 1968	2016	Ghast Setup.exe	Ghast Setup.tmp
PID 2016 wrote to memory of 1968	2016	Ghast Setup.exe	Ghast Setup.tmp
PID 2016 wrote to memory of 1968	2016	Ghast Setup.exe	Ghast Setup.tmp
PID 2016 wrote to memory of 1968	2016	Ghast Setup.exe	Ghast Setup.tmp
PID 2016 wrote to memory of 1968	2016	Ghast Setup.exe	Ghast Setup.tmp
PID 1676 wrote to memory of 1212	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1212	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1212	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1432	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1896	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1896	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1896	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe
PID 1676 wrote to memory of 1712	1676	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Ghast Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Ghast Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2016

C:\Users\Admin\AppData\Local\Temp\is-ODNNE.tmp\Ghast Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-ODNNE.tmp\Ghast Setup.tmp" /SL5="$70124,48404993,898048,C:\Users\Admin\AppData\Local\Temp\Ghast Setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68a9758,0x7fef68a9768,0x7fef68a9778
2⤵
PID:1212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1260,i,3996353790255129821,5330743836343886562,131072 /prefetch:2
2⤵
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1536 --field-trial-handle=1260,i,3996353790255129821,5330743836343886562,131072 /prefetch:8
2⤵
PID:1712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1260,i,3996353790255129821,5330743836343886562,131072 /prefetch:8
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1260,i,3996353790255129821,5330743836343886562,131072 /prefetch:1
2⤵
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2352 --field-trial-handle=1260,i,3996353790255129821,5330743836343886562,131072 /prefetch:1
2⤵
PID:2000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1444 --field-trial-handle=1260,i,3996353790255129821,5330743836343886562,131072 /prefetch:2
2⤵
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2272 --field-trial-handle=1260,i,3996353790255129821,5330743836343886562,131072 /prefetch:1
2⤵
PID:2180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3928 --field-trial-handle=1260,i,3996353790255129821,5330743836343886562,131072 /prefetch:8
2⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4044 --field-trial-handle=1260,i,3996353790255129821,5330743836343886562,131072 /prefetch:8
2⤵
PID:2208

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1740

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Ghast\unins000.exe
Filesize
3.1MB

MD5
161d1bd06392e424ebf8e4f7971db25b

SHA1
e77ded0d21db752db95dee086137cf138701c99a

SHA256
8c5f29f44a196946191e3ef6f6e8b829c9e6123176b4a4223ada06724471437c

SHA512
e3474f14633de67411ca0e3c26f18b0629b60d6e8f330c71bfadf0a6995cbcf356dc0b063eedd6712a764bfae4ada901ffdcc9285a337a02d045aabcdb4135f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
6455a194a6369c35cd8f29338991356d

SHA1
ce630519c680d6fa1ed0aa4986891b7e52ea9f64

SHA256
d1674f8b5bfda9318cf7638b0369c456c4b1a3904f0af6873c30727a283b2dc8

SHA512
9cbaef3e9d2358e673e76f7aef03bb9ccce2ee54652f1ed86707a8b8d543ed7136ba7066b46dfb0cb86170aa44e026e035f9bde9d064a2c383684a1e30bb8870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe
Filesize
4.8MB

MD5
9dbec760cb1f6259387d89adf480d75c

SHA1
e855453a2fc08fc529dd647d4d2e2c1444b777bb

SHA256
5b0dc69e9ee9aeb6e9ff56cd793ceb567d9e99dd546a9b16fb24e5fb491d40b5

SHA512
2526da3047677dc20d6c7676152aef7f952120073d36ee22c9f0c9735e6325bc7f456145cb56196baf96326bdbc5d2169ce7c0b099be388e1a71469cfa7a374e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ODNNE.tmp\Ghast Setup.tmp
Filesize
3.1MB

MD5
161d1bd06392e424ebf8e4f7971db25b

SHA1
e77ded0d21db752db95dee086137cf138701c99a

SHA256
8c5f29f44a196946191e3ef6f6e8b829c9e6123176b4a4223ada06724471437c

SHA512
e3474f14633de67411ca0e3c26f18b0629b60d6e8f330c71bfadf0a6995cbcf356dc0b063eedd6712a764bfae4ada901ffdcc9285a337a02d045aabcdb4135f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-ODNNE.tmp\Ghast Setup.tmp
Filesize
3.1MB

MD5
161d1bd06392e424ebf8e4f7971db25b

SHA1
e77ded0d21db752db95dee086137cf138701c99a

SHA256
8c5f29f44a196946191e3ef6f6e8b829c9e6123176b4a4223ada06724471437c

SHA512
e3474f14633de67411ca0e3c26f18b0629b60d6e8f330c71bfadf0a6995cbcf356dc0b063eedd6712a764bfae4ada901ffdcc9285a337a02d045aabcdb4135f6

Download Submit
\??\pipe\crashpad_1676_DDXFUPXXBKGZWRES
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Program Files (x86)\Ghast\unins000.exe
Filesize
3.1MB

MD5
161d1bd06392e424ebf8e4f7971db25b

SHA1
e77ded0d21db752db95dee086137cf138701c99a

SHA256
8c5f29f44a196946191e3ef6f6e8b829c9e6123176b4a4223ada06724471437c

SHA512
e3474f14633de67411ca0e3c26f18b0629b60d6e8f330c71bfadf0a6995cbcf356dc0b063eedd6712a764bfae4ada901ffdcc9285a337a02d045aabcdb4135f6

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe
Filesize
4.8MB

MD5
9dbec760cb1f6259387d89adf480d75c

SHA1
e855453a2fc08fc529dd647d4d2e2c1444b777bb

SHA256
5b0dc69e9ee9aeb6e9ff56cd793ceb567d9e99dd546a9b16fb24e5fb491d40b5

SHA512
2526da3047677dc20d6c7676152aef7f952120073d36ee22c9f0c9735e6325bc7f456145cb56196baf96326bdbc5d2169ce7c0b099be388e1a71469cfa7a374e

Download Submit
\Users\Admin\AppData\Local\Programs\Ghast\Loader.exe
Filesize
4.8MB

MD5
9dbec760cb1f6259387d89adf480d75c

SHA1
e855453a2fc08fc529dd647d4d2e2c1444b777bb

SHA256
5b0dc69e9ee9aeb6e9ff56cd793ceb567d9e99dd546a9b16fb24e5fb491d40b5

SHA512
2526da3047677dc20d6c7676152aef7f952120073d36ee22c9f0c9735e6325bc7f456145cb56196baf96326bdbc5d2169ce7c0b099be388e1a71469cfa7a374e

Download Submit
\Users\Admin\AppData\Local\Temp\is-ODNNE.tmp\Ghast Setup.tmp
Filesize
3.1MB

MD5
161d1bd06392e424ebf8e4f7971db25b

SHA1
e77ded0d21db752db95dee086137cf138701c99a

SHA256
8c5f29f44a196946191e3ef6f6e8b829c9e6123176b4a4223ada06724471437c

SHA512
e3474f14633de67411ca0e3c26f18b0629b60d6e8f330c71bfadf0a6995cbcf356dc0b063eedd6712a764bfae4ada901ffdcc9285a337a02d045aabcdb4135f6

Download Submit
memory/1968-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1968-128-0x0000000000400000-0x0000000000723000-memory.dmp

Filesize
3.1MB

Download
memory/1968-70-0x0000000000400000-0x0000000000723000-memory.dmp

Filesize
3.1MB

Download
memory/1968-64-0x0000000000400000-0x0000000000723000-memory.dmp

Filesize
3.1MB

Download
memory/1968-197-0x0000000000400000-0x0000000000723000-memory.dmp

Filesize
3.1MB

Download
memory/2016-54-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/2016-63-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download