d630e0751df816caa05fd67f06acce68449a2df82608830ac338e7ec81cf05a2

Resubmissions

23-04-2024 22:45

240423-2pgfpace4s 7

23-04-2024 22:43

240423-2nfsrsce3w 7

Analysis

max time kernel
41s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 22:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ezping.exe
Size

6.3MB
MD5

2bd6857555922c383735781ac65f6815
SHA1

4b6716196bec722f262fd2e9388ed9ecd54b410d
SHA256

d630e0751df816caa05fd67f06acce68449a2df82608830ac338e7ec81cf05a2
SHA512

d70068375443bd115af63d4509e42de1cb517ee847e5c8f3f702d850e40ab954b4a54b66a7404c64ec63cb67eb5452922b9f2e96f65bd5fbb2241845be82ac69
SSDEEP

196608:HhNt0udbn3Zdo82vHflFx2s91uWZ84dd3dmp:HZ0udjZUFxz5Z8kop

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

ezping.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation ezping.exe
Executes dropped EXE 1 IoCs

Processes:

EzPing.UI.exe

pid process

1848 EzPing.UI.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation	ezping.exe

pid	process
1848	EzPing.UI.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

msedge.exemsedge.exepowershell.exeidentity_helper.exe

pid	process
1764	msedge.exe
1764	msedge.exe
3444	msedge.exe
3444	msedge.exe
1596	powershell.exe
1596	powershell.exe
1596	powershell.exe
5208	identity_helper.exe
5208	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

3444 msedge.exe
3444 msedge.exe
3444 msedge.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 1596 powershell.exe

description	pid	process
Token: SeDebugPrivilege	1596	powershell.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe
3444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ezping.exemsedge.exe

description	pid	process	target process
PID 8 wrote to memory of 1848	8	ezping.exe	EzPing.UI.exe
PID 8 wrote to memory of 1848	8	ezping.exe	EzPing.UI.exe
PID 8 wrote to memory of 3444	8	ezping.exe	msedge.exe
PID 8 wrote to memory of 3444	8	ezping.exe	msedge.exe
PID 3444 wrote to memory of 4776	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 4776	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1404	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1764	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 1764	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe
PID 3444 wrote to memory of 884	3444	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\ezping.exe
"C:\Users\Admin\AppData\Local\Temp\ezping.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:8

C:\Users\Admin\AppData\Local\Temp\EzPingFiles\EzPing.UI.exe
"C:\Users\Admin\AppData\Local\Temp\EzPingFiles\EzPing.UI.exe"
2⤵
- Executes dropped EXE
PID:1848

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sapphire.ac/
2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe27b046f8,0x7ffe27b04708,0x7ffe27b04718
3⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4956686915376523870,1162919961507806365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
3⤵
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4956686915376523870,1162919961507806365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4956686915376523870,1162919961507806365,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
3⤵
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4956686915376523870,1162919961507806365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
3⤵
PID:1828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4956686915376523870,1162919961507806365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
3⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4956686915376523870,1162919961507806365,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
3⤵
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4956686915376523870,1162919961507806365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 /prefetch:8
3⤵
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4956686915376523870,1162919961507806365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4220

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
201KB

MD5
f5bc40498b73af1cc23f51ea60130601

SHA1
44de2c184cf4e0a2b9106756fc860df9ed584666

SHA256
c11b6273f0c5f039dfef3bf5d8efe45a2ecf65966e89eeb1a6c2277d712ae9fb

SHA512
9c993ef3ec746cbe937bbe32735410257f94ceb6f734d75e401fb78dc2e3ab3b7d83c086086f0e1230dc8dafd5328f9af664341eb781c72e67c4d84d1f6c1112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
9042efb4c78ff1f4330f24180735603b

SHA1
60e2ca6b21fa81b56dbeb0a5ca82fd3bf3dd86d0

SHA256
1639366234d426376c18750617e5b3d2c225e2cfffcced93ce4b2a42a63b684b

SHA512
8308760de9e58275f089d4619861fbb7bfdca6115cb1476c5fc3399b4bc74e19a37a941fa636831f28ecbfed83c948a5db314e5b525904abb0077a7a5fb85e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
20a76827d2b2c680c1ca6a79437e3be7

SHA1
8ccb6c7f8e2424c4f5eeef744a4f9c4528a77ec6

SHA256
44c234656cbed7d5288514feb3b4b43c8cbd64910a49364ea61936b0b24b2881

SHA512
c72d0e37ec7e23d5505fac94f598d0cc1b1d41367efec6b4288fa41f8ee32474e856d9d0fb42127a9f3dc6aa90887f7a713d2fb170f2ac8fb9d051c20a0be202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
de994ec3dee475d46659691dbbc14bec

SHA1
6a88bcb106b74b8748418cc9e9e23b079c602192

SHA256
81661405badb31c057286a43bd0a933b4a8805cf56cece4e15cef1ae492c272a

SHA512
baf60748a835d7d140375343038d159ea985326004619c2cf5daf2b77cf02bdf9388f53223554980859dacdc47b9060fcb9ff9857d30bcb6ea768329371a5bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a34c4cd766824e99291c341890476b2b

SHA1
53296d0012539ba6dc524ddc46532890945c4db9

SHA256
34f10440fdce11fb39e308a5fc070e8d453a3d9594bdb2a818293b3dee85a565

SHA512
6f129dd66ba000fba6bb9ed1f672a856959b6d352ba746554d20392e93fa8e1713a58b4b85e05a7db7da04f1b811b7aa6533ddd5da616c7727644ffc83d76283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
39cfa03aece4bdb76d928e8a3a0028bb

SHA1
9e9e87e8aa68875e812aec6ca0370bdaa4946f23

SHA256
b178e14ec8ee7f01627dab9bb13d4d7820237db5c4830b2e6a7fb11b37cf1c58

SHA512
8ee556285b7dad27f18490632fa8d053bcb18af8a204ecb003adb7b55ec2ac7b26de4df01a0307449a69169580b34b01dc9f7b1ad5a9ef72b0e0e4d699ab2567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
b5e2e4eaa4913fcd4573bf9f652d0af0

SHA1
d47ab9716a14bf34f9289bbd107b027ded3ebf1f

SHA256
ceea60421bf803e4c40b7d468bdd10b916c20fc5a3a4186ca191f0c4aad2142c

SHA512
1185c50f865b22678215cacd05e33eeaadb89eba4330f206b525be9ed94e22f22f90a24ce4efedd9c0775ca8533cbd5f376d2a81cf38c453a553d5413b8656c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6309dc952d65d75b9a3fcdbd6865ec88

SHA1
a23682b6cc69123097f886835ba4a9bacf911829

SHA256
0e33431f3d3c8879dbdaf811dc6f1ecec411883d1a62d181b55a3a7568af09ae

SHA512
7050af050b173c7cf08aa3cf86283eabb45aeafea718fd155798314db04877ed6abdf4ae672e99cdeafaa7972d9c2232d9e0311d0155a61f1ae4107cf445a351

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\ControlzEx.dll
Filesize
244KB

MD5
37dbeb3e804d61cefed67d1a60dde873

SHA1
31fb981cc429cd24066363160e49c85fd74df8db

SHA256
f15d89d9720eedb94c09b1db32ca6a514e9eff2906da91396ffd7f877714911e

SHA512
7279e2354a9e1a583098bc9f6ff9ec05bb2b526ca151265d4c8c2bb42edd15b3d157425bc76e01b9f0e03cb1c87cb46bc94f9a1f47dc2a79daee784d6122f3fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\EzPing.Core.dll
Filesize
37KB

MD5
2f94f2263d597a6bd778dd481c5cacc2

SHA1
1149a8c2dce3f7929bf68be0fdbdc704237432b9

SHA256
eafe28022485a6ba87922c88d34cce2f07edb4a4437787aaaac3b5fc1cba6b12

SHA512
dda90378f55794446d87ce7cf32121e50dab876e2f732aff598b7fb381814aff88bdeb9eae78bc31a06b92f0f6898b400ddee49e731b36701063e4ca81e86157

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\EzPing.UI.exe
Filesize
1.1MB

MD5
e28520a104618842e640e9aff6c8803d

SHA1
90c0b1ebb0f16550b1fd9a878f0aac79aba4b366

SHA256
615cd3b6aad84696e5e051d53f523ab36a3552dc4821d62b079c53684d8540c8

SHA512
41d118fa2053b21618b2536c80a7e73396944e97a2591d67146fba3582076d981c43d7fc65f5b6693680938ebdce8ccc8fe073e6b0fbd1618d97dd35443c9355

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\MahApps.Metro.dll
Filesize
3.4MB

MD5
4c6ee8f47105a84521fc4b30165c9454

SHA1
cd378771c395e0de6c3087f9a37a9c8a51387c76

SHA256
7d73c79b4bcf30c079da8fc9e8c520e79247241a74956b13b6c36dc2290ecc88

SHA512
c99f99427ae5058ede11bb1c8a176c84ae7d04ef55e46aa58fe0734e6f4aefcc1ab026c97df65789d020601de9d9fa530cee6e26b57e478dcd18a21b58bc00bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\MaterialDesignColors.dll
Filesize
295KB

MD5
0b3fa388485ac78ef83d1221ba6693b7

SHA1
19c8555dbe8566b91a0344658422bac8f5933e6b

SHA256
9fa38197eed5ca1fac2d056fcfd2767a74648bc836725d255477b251567badb6

SHA512
4969bd704128cbc091bb40f8575690c7479fe2b54048009c6eeb91c1f1a0100d58195d62243712f6fc1d4dcbb4d227596e09e81c45de0b1c7d656ccba65a2d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\MaterialDesignThemes.Wpf.dll
Filesize
7.8MB

MD5
5cea9e8224b3b065bd872e6a319c4afc

SHA1
ff39e380d646042bb2dcb3f00b753532a5a327de

SHA256
9b24e7377cf03ed93cd76c4e11330e2c67cc42e2875a97fa50b9a036a005f75d

SHA512
7ac8e8f4c5de5b6b376315960235fab7199da8118cadf5d49adb03ce22c891311a0e614cb037c2282161ae33257fb460e0bc51deb4468f5d2f2a028274fa832f

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\Microsoft.Diagnostics.Tracing.TraceEvent.dll
Filesize
2.9MB

MD5
6c530ce9c11c3ec95a2ea25c53fe844a

SHA1
9d6b194bc1bfab2f0176f65110b13f4c39d4fab5

SHA256
011bed2efa854fe5ba2a36190de5a65f3bd6008603508a1b950f078ed96bbc71

SHA512
5692235c4a5acfcb99c2923f3ff67929a88cde1df275a145e377fbdbcb1f74e6aaa5cf0866b500c5a59554ced2723d9a33e8097c918fcda82140c752c8f067b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\Microsoft.Xaml.Behaviors.dll
Filesize
141KB

MD5
6b93b0f937d04d39172f9cd61fe58fd5

SHA1
54fb26f8b4f11d01573fd1c6a1b532af2b37d687

SHA256
ff75938fedee596706171916db763ac100bc7164a7346dd739ad61660e068b5a

SHA512
d3b7bbb09842984147b8dc849ef7467c3927cd8730ccfcc310d6d46bf3070e826d7a1cffc43a2ccc33d5d8521ea07d2c19d766b127fafc71edcf288db187df1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\System.Windows.Interactivity.dll
Filesize
39KB

MD5
3ab57a33a6e3a1476695d5a6e856c06a

SHA1
dabb4ecffd0c422a8eebff5d4ec8116a6e90d7e7

SHA256
4aace8c8a330ae8429cd8cc1b6804076d3a9ffd633470f91fd36bdd25bb57876

SHA512
58dbfcf9199d72d370e2d98b8ef2713d74207a597c9494b0ecf5e4c7bf7cf60c5e85f4a92b2a1896dff63d9d5107f0d81d7dddbc7203e9e559ab7219eca0df92

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\debug
Filesize
126B

MD5
9ae7f42e64678ba1e3795b8fd149ef02

SHA1
4bfd09af3f7587158f0e6357ba4be84dfe02b7eb

SHA256
a24a24924e9e13d1291f1f00cfda47581696894314cfc6a27a14a370163c7be8

SHA512
cb27b110ac39d3fdccfb3774061070a3e5844df03d23c4d18099b72a27b8ca6f264283d30528ef9a24505ec2bc472d7f7bdf7a236e704da41848a6d9054af54e

Download Submit
C:\Users\Admin\AppData\Local\Temp\EzPingFiles\instal.log
Filesize
9B

MD5
73329564760013a7824ff9d5d1af91ff

SHA1
85841abddb12dc3591a5990c6527df65a5e63c87

SHA256
a51a6c19a1ffc7416827e89adf20749d23ad42452c396cf7e627409f2896922c

SHA512
344b1271efcc084b24e4e75223f1a900ec127c1e979aeab32bfed887712388a7ceeb8bd9e70d5c1721ac6dd1e64d640ec973f9ef16d6f0f85e6870e53edab00a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pmzokavb.awv.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
\??\pipe\LOCAL\crashpad_3444_UKHOSQLJHUKQAKSQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/8-82-0x0000000074C30000-0x00000000753E0000-memory.dmp

Filesize
7.7MB

Download
memory/8-1-0x00000000005D0000-0x0000000000C18000-memory.dmp

Filesize
6.3MB

Download
memory/8-0-0x0000000074C30000-0x00000000753E0000-memory.dmp

Filesize
7.7MB

Download
memory/8-2-0x0000000002FC0000-0x0000000002FCA000-memory.dmp

Filesize
40KB

Download
memory/8-4-0x00000000055E0000-0x00000000055F2000-memory.dmp

Filesize
72KB

Download
memory/8-5-0x00000000056C0000-0x00000000056D0000-memory.dmp

Filesize
64KB

Download
memory/1596-198-0x000001AAEC610000-0x000001AAEC620000-memory.dmp

Filesize
64KB

Download
memory/1596-186-0x000001AAEBFD0000-0x000001AAEBFF2000-memory.dmp

Filesize
136KB

Download
memory/1596-196-0x000001AAEC870000-0x000001AAEC88A000-memory.dmp

Filesize
104KB

Download
memory/1596-195-0x000001AAEC5E0000-0x000001AAEC5EE000-memory.dmp

Filesize
56KB

Download
memory/1596-194-0x000001AAECCA0000-0x000001AAECD16000-memory.dmp

Filesize
472KB

Download
memory/1596-193-0x000001AAEC820000-0x000001AAEC864000-memory.dmp

Filesize
272KB

Download
memory/1596-192-0x000001AAEC610000-0x000001AAEC620000-memory.dmp

Filesize
64KB

Download
memory/1596-199-0x00007FFE2CFB0000-0x00007FFE2DA71000-memory.dmp

Filesize
10.8MB

Download
memory/1596-191-0x00007FFE2CFB0000-0x00007FFE2DA71000-memory.dmp

Filesize
10.8MB

Download
memory/1848-151-0x000001F6AB950000-0x000001F6AB95E000-memory.dmp

Filesize
56KB

Download
memory/1848-111-0x000001F6ABFC0000-0x000001F6AC2AE000-memory.dmp

Filesize
2.9MB

Download
memory/1848-80-0x000001F691E10000-0x000001F691E52000-memory.dmp

Filesize
264KB

Download
memory/1848-83-0x000001F691DC0000-0x000001F691DC8000-memory.dmp

Filesize
32KB

Download
memory/1848-155-0x000001F6AB5E0000-0x000001F6AB5F0000-memory.dmp

Filesize
64KB

Download
memory/1848-76-0x000001F6AB5E0000-0x000001F6AB5F0000-memory.dmp

Filesize
64KB

Download
memory/1848-156-0x000001F6AB5E0000-0x000001F6AB5F0000-memory.dmp

Filesize
64KB

Download
memory/1848-109-0x000001F691DD0000-0x000001F691DE0000-memory.dmp

Filesize
64KB

Download
memory/1848-148-0x000001F6ABF40000-0x000001F6ABF78000-memory.dmp

Filesize
224KB

Download
memory/1848-126-0x000001F6AB5E0000-0x000001F6AB5F0000-memory.dmp

Filesize
64KB

Download
memory/1848-197-0x00007FFE2CFB0000-0x00007FFE2DA71000-memory.dmp

Filesize
10.8MB

Download
memory/1848-78-0x000001F6AB960000-0x000001F6ABCCA000-memory.dmp

Filesize
3.4MB

Download
memory/1848-84-0x000001F6AB6B0000-0x000001F6AB76A000-memory.dmp

Filesize
744KB

Download
memory/1848-75-0x00007FFE2CFB0000-0x00007FFE2DA71000-memory.dmp

Filesize
10.8MB

Download
memory/1848-74-0x000001F68FF50000-0x000001F69006A000-memory.dmp

Filesize
1.1MB

Download
memory/1848-92-0x000001F6AC4B0000-0x000001F6ACC82000-memory.dmp

Filesize
7.8MB

Download
memory/1848-118-0x000001F691DE0000-0x000001F691DF0000-memory.dmp

Filesize
64KB

Download
memory/1848-94-0x000001F6AB640000-0x000001F6AB690000-memory.dmp

Filesize
320KB

Download
memory/1848-96-0x000001F6AB5B0000-0x000001F6AB5D8000-memory.dmp

Filesize
160KB

Download
memory/1848-331-0x000001F6AB5E0000-0x000001F6AB5F0000-memory.dmp

Filesize
64KB

Download
memory/1848-332-0x000001F6AB5E0000-0x000001F6AB5F0000-memory.dmp

Filesize
64KB

Download
memory/1848-333-0x000001F6AB5E0000-0x000001F6AB5F0000-memory.dmp

Filesize
64KB

Download
memory/1848-334-0x000001F6AB5E0000-0x000001F6AB5F0000-memory.dmp

Filesize
64KB

Download