c8a98ca7102b1aecf35ef43bdf5769635eab84a66a6031aea21be2c589a2ade8

Analysis

max time kernel
109s
max time network
370s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/04/2024, 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Flashcheck.exe
Size

1.9MB
MD5

4f23de38c2668ef9f757e2c3de3f1af6
SHA1

ac056e746c8bd5caa77560f576169fa647d55b38
SHA256

6a808085bd19b514d68eb1e79245baa65f1c91f252a56f64fc72a7b552a57ddb
SHA512

23ffe0f4dd92b3ef49cc5fa962647a7e654dc315e3b5eb514a03237fc2d4d486ac528ab7b90cea15507f3e870079945f860e8f52a0253c0ccaf3f3e8143d6d13
SSDEEP

49152:JkbpwOY6X9zbcNYZRpJWhTWMJEci+s8KuqGaX0ToIBAUZLYyQ:4ahTzE6JBAUZLHQ

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2868	Flashcheck.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe
Token: SeShutdownPrivilege	3008	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe
3008	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2868	Flashcheck.exe
2868	Flashcheck.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2480	3008	chrome.exe	29
PID 3008 wrote to memory of 2480	3008	chrome.exe	29
PID 3008 wrote to memory of 2480	3008	chrome.exe	29
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2544	3008	chrome.exe	31
PID 3008 wrote to memory of 2560	3008	chrome.exe	32
PID 3008 wrote to memory of 2560	3008	chrome.exe	32
PID 3008 wrote to memory of 2560	3008	chrome.exe	32
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33
PID 3008 wrote to memory of 2376	3008	chrome.exe	33

C:\Users\Admin\AppData\Local\Temp\Flashcheck.exe
"C:\Users\Admin\AppData\Local\Temp\Flashcheck.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef74b9758,0x7fef74b9768,0x7fef74b9778
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1124 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:2
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2248 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2256 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1444 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:2
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1420 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3440 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3740 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2452 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3712 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4148 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4164 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2724 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2388 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2080 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:1356
- C:\Users\Admin\Downloads\Wireshark-4.2.4-x64.exe
  "C:\Users\Admin\Downloads\Wireshark-4.2.4-x64.exe"
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4204 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3684 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:1160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1236 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:2020
- C:\Users\Admin\Downloads\Wireshark-win64-4.0.14.exe
  "C:\Users\Admin\Downloads\Wireshark-win64-4.0.14.exe"
  2⤵
  PID:744
- - C:\Program Files\Wireshark\vc_redist.x64.exe
    "C:\Program Files\Wireshark\vc_redist.x64.exe" /install /quiet /norestart
    3⤵
    PID:2148
  - - C:\Windows\Temp\{BDCC54AE-62AF-4098-9F48-D43839CF579B}\.cr\vc_redist.x64.exe
      "C:\Windows\Temp\{BDCC54AE-62AF-4098-9F48-D43839CF579B}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Program Files\Wireshark\vc_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart
      4⤵
      PID:1484
    - - C:\Windows\Temp\{588D5E03-78E1-48F7-B3E2-7EA0A6EDFF2B}\.be\VC_redist.x64.exe
        
        "C:\Windows\Temp\{588D5E03-78E1-48F7-B3E2-7EA0A6EDFF2B}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{3E153A7A-33BF-42B5-AFF8-65501179753D} {A9BC9F06-A42B-42B9-A8FA-89519FC9151B} 1484
        5⤵
        
        PID:1220
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=500 -burn.embedded BurnPipe.{20E7766E-AA07-4E43-8F82-1C87C286AD38} {4F961F0E-5611-4CEF-991D-94562557280C} 1220
        6⤵
        
        PID:2844
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=500 -burn.embedded BurnPipe.{20E7766E-AA07-4E43-8F82-1C87C286AD38} {4F961F0E-5611-4CEF-991D-94562557280C} 1220
        7⤵
        
        PID:2996
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{6580EA9C-34DF-4496-9E34-BD4B46A075B3} {1F4154BA-5C52-4E36-9356-EF187BFCCA5E} 2996
        8⤵
        
        PID:1704
- - C:\Program Files\Wireshark\npcap-1.71.exe
    "C:\Program Files\Wireshark\npcap-1.71.exe" /winpcap_mode=no /loopback_support=no
    3⤵
    PID:3024
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /Q /C "%SYSTEMROOT%\System32\wbem\wmic.exe qfe get hotfixid | %SYSTEMROOT%\System32\findstr.exe "^KB4474419""
      4⤵
      PID:1896
    - - C:\Windows\SysWOW64\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\wmic.exe qfe get hotfixid
        5⤵
        
        PID:2748
    - - C:\Windows\SysWOW64\findstr.exe
        
        C:\Windows\System32\findstr.exe "^KB4474419"
        5⤵
        
        PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3708 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3416 --field-trial-handle=1164,i,18191598719739536567,12909388021381514271,131072 /prefetch:8
  2⤵
  PID:2848

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:332

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1764

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000005AC" "00000000000003DC"
1⤵
PID:2040

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\f7b325d.rbs

Filesize
17KB

MD5
8b6c90e051a8ca552ff90c0ad91549bd

SHA1
3afa22fdc02c178d4c43cbc2b91d0004ba468193

SHA256
f4e9a35b2ecfd8aedc7cbe9e8ea00b42566120262fb4159f70cc240160d86a86

SHA512
b538d1abfeadf98905d1ebfcffea7c8df9785394a7c4b90c48642b0842c7290465ff122ec396bb34e38603899970e49acf5ef77cfbba7f2c2393224b36e43c66

Download Submit
C:\Config.Msi\f7b3269.rbs

Filesize
16KB

MD5
97a9bfc69149dfc2a0b9db1f08c516ad

SHA1
e3e877ffa93e1f7d6b4c94462effc09d5b69653e

SHA256
79963e6a7d5927378f63427cb83f2e18ef9392297906660d7013f6e7ce809b65

SHA512
edc713103ca382e2c189e975598ebcac656d7c2d5a83c752da5dcdad8d45c5ef3b4fb67a862470d61af2ccc439aee4a6379ee749794c2cd2ff4c9b03058e4118

Download Submit
C:\Config.Msi\f7b3271.rbs

Filesize
18KB

MD5
9a5407f867fed26c06739801d79f4c25

SHA1
e0e1701b988b3988bf14bca186b9308dd8f547d7

SHA256
4228321f9ffd7e60e5cc2a62417e4af08187855fc303028c0ba7b33f0a7b5960

SHA512
5db5ba8855321efbf46cf94b5401fa8e51b0c9f840c674340bdae7217d5fd865593c87d4552251de079bf3676bdefe48534381c01fd0f208571558781ff5e4b4

Download Submit
C:\Config.Msi\f7b3280.rbs

Filesize
17KB

MD5
e88a936da68b4a8ef6769780be047141

SHA1
4b3918ec97675b68983cac5fb04b695ca066f7c0

SHA256
af09232d00fc0952ba4ebae5e551e013256122276ffac26fd29df34bfe9e6b75

SHA512
6eac5d7844936a5f59db4199e9cb3819bf11fe121426690c8b34af6091cfb076e4020ae54ca86f8aa2cbfb0777a2c0cccd9bb96dc16f1d7fc86651b2e73a7c7a

Download Submit
C:\Program Files\Wireshark\vc_redist.x64.exe

Filesize
24.2MB

MD5
077f0abdc2a3881d5c6c774af821f787

SHA1
c483f66c48ba83e99c764d957729789317b09c6b

SHA256
917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888

SHA512
70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0b018e399336eff0be24fa95030f1067

SHA1
6ff59a3ea6197c8f37c04889d321ea94eeb08787

SHA256
79bb1dbabb282eb7e6a5ec90449e38f6d42eaa5f540fdc3fc3ddf92e7a5732aa

SHA512
33339dae0018fbac01e1a5559b213e92513aa1acc6d305aa1f479fea99df5f63100c3b364acc67c3bb823fe743aa7efc2a5ab3e61b5c6aab55149b4eb48e05f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9a7efb32-1dd9-4a01-95fd-0d2190aaa4f4.tmp

Filesize
6KB

MD5
1d767484ac481a08f2aac190edabb9b5

SHA1
f0320274d0f26ea912e64015bde059e8c152015f

SHA256
e12a2c5818d06cd40af238bbf4f4510ad0e2b91bfe89a012fe23b7a03337b407

SHA512
594543bbd860eb58e7d419923f41eb57d443426991a1f917c71845ea84b48052f8fa571e8a7668b2f2e0f202bab29068b67ef382def1b953eaf06653849e8cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8f74b9e22a9e0943120b5b7a28e39a00

SHA1
7e3d30360b6cfe3454a002ac60a0ad0e7f2c3237

SHA256
2276ca9b74c184e7da4ea9906f53445192a06ab08ee346caf88e2c892fdd57a6

SHA512
8b5f7f915e729e3eb24fce4baf6b150f8a8bf803b806e21a6f15974f8b860a021fa62e5c251475d30ba59753d949dc846c7ce2063decb950e7e3eedda1409c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6096c1f2f3b53031aa73969fde331b6d

SHA1
1f8d2c25674b0d715dd80f81952e24c4a20272c7

SHA256
c1920dcaae1119542ff2654947c40df7d8d83c44a6d0110de61e7c40e7cac534

SHA512
2e1da796cd88f8ba852897244621f9b8bb59b9092108dfa955a3ebff7a4312d8fe247caefff651338a02708ce6da503e3b064675396736ed221cc2d0919ae9f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
683B

MD5
24d6c447b6bd2be212022edec3c35b7e

SHA1
3e81600994f1dfd2f306b0ba2d2a0655ccc175ea

SHA256
3fd7f7e0b1730b525204ac574b682d19dc82586f4a312e9af752557716aaec1f

SHA512
c18dc624c26fb64bc742b7569604166356d7f2874f54ac66fd0f50750f7baf6fe0f5587ce5544dee25262d0b0685519f8f3883f022d0010609a8cf5e8146db6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
840B

MD5
9966d416c993caaf7635677b5aecd337

SHA1
a02f9523dbaaf9a74897069d24de59b19c6adc19

SHA256
ec13bce92e3d5a6e9b1cea74a94b9a0f1fa0ff682070f40383000a747cba4cf2

SHA512
1a22c3bcb335c057ee048ecbe3c4a340af19a3dc4e8aad9d732beeb3edee4e376da0bea462c952d35b54935babd03b42d68055766862ec0cd64ef9d9961a5328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
52995fc210fd7ac387b145a5be26d984

SHA1
25807233a7ae4b2ebf324de5c15770feb99fb324

SHA256
058690bec2de3e22caf9c1333225d194c7329cb35d4c69a35386aa4e966b75b7

SHA512
26511418c9b632eb1c6668ea46d634a054c4a4cbd74b3a41e10892067a749cd710b6aa107897b3b5df9b6ecc39a64c692d968050132dd01a8d98e41028787e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
90b8cf8a22c439aaca07877fcfd22253

SHA1
468ffcbd7895e7fb9c9c90e184d6e85a9b9d01e8

SHA256
623d35625c78f8ee709fabe828d470840724c27549bf0346898322b44d10ae8e

SHA512
bbcbd2addcb05ad922438a103ec098c0a7e19f98f101c0c41585a819a4ff7b9124c61900eae6327c7ac44a625a36bc836fc9036b94744ca2eb4a374766a66682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2ad6dd4d8478c4cfab749333938271be

SHA1
5732d19c9fc70aea75c9bb13d4179c3c036831cc

SHA256
d845f01a5da8e3266d690252d8f97596f187b06099d3438b248ba6fa7537ef74

SHA512
ca02fb4c686e85abac01cef71fbebf5f4c327be191eb0bd005cf9d095e9f7b3e9cf7885eca52c66cdf0fa48ae35d406f5b7f1148f2c1fca2d1c397352371cefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8b451f2799888f780a99d7b3c8397f9f

SHA1
ab7d1dfffbdbc9786f3b496375de8ff99408585b

SHA256
a2594b83ca84ac8d3e3331d3a699977e341695c00a5e09100007a2a5cc668ebb

SHA512
f8e76ff0492f55c9c0c2cbfbe0387d5efe175457eea02725cb0b6e785ef2910b005577d6ee983bea6255b6fcf0175b5118093cf2f15943d830f0796729957a49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf766613.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab32E5.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar32E8.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar388D.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240423102345_000_vcRuntimeMinimum_x64.log

Filesize
2KB

MD5
996d05bdcc346ac2e648ef0128c9c22d

SHA1
74e11ae826bda961302dd3a44a984eba3e58b7bd

SHA256
5fb1ff9d23f9ad37e0ef3834b79d4c6c11117e4c988bebd3fd4dd82ff4fe307e

SHA512
f7c71444a204f12a60f37510a81c176b4131ae79d7c7db8a2bcdf299a57b77add8c5fe9c7b33e0ed4ab94a42903896f63ed928298defef8bc40b0c23fe2f93d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240423102345_001_vcRuntimeAdditional_x64.log

Filesize
2KB

MD5
3eb168d2fd17bfbaa647e668c40884d9

SHA1
e06b4331556e892099ac4dc2c47c93a6b37ce04c

SHA256
98fa7966fc3791946ebc05fcdfe85e4855815618764e5500040a1d504310fcce

SHA512
7d790102fc28c62db072d9d431c3422b74968eea1f792ff55f85882048d6bf8d1b306e3c6889da9a6b06fd575709afc32f99e451e4f2db2b20c60320e876de90

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskD4DE.tmp\DonatePage.ini

Filesize
952B

MD5
a22e796545dc6044cc2cf51979596ea5

SHA1
e7c5d145c9cc0cd423d18ddfc590df81da9011e7

SHA256
888eaa2b971265449bb0ba76af7bceb7d8bfce2f56f4eba2d9931d19ea4da910

SHA512
a816edb8c8077a87c8fbe965134428d6300536aaa610bf5647bbb612e9281b6342d6a803aea5f760f30c76cd9529effe4855a091d8e3b95375d328e714b4d56a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskD4DE.tmp\NpcapPage.ini

Filesize
2KB

MD5
cac85057a38936beb36c7aec539ceec0

SHA1
4937ee87b75a767099b98d953edbe78096eb46dd

SHA256
5e46979b86fa8caca939bb510ae67a59d023c5b9c2cfd26e90d00e8fd33f8926

SHA512
c72367faf8a1dc2ae9c2fb917a24f7ed83bc963af3274bc77ebb083e8f39f1ed1840486919d2e1e866c763778fd35725df4b014106f2a52c0fdcd5c38988ca79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskD4DE.tmp\NpcapPage.ini

Filesize
2KB

MD5
964a4e82f501b93fa15ed1c6233f8e83

SHA1
0991133f8d8030898ac68bfbe15f5b31aa3165c6

SHA256
9a1c8ac6b71a76ec5b5802e206cb65d4fcc3bfba5910c1b04e23f132a79b0796

SHA512
792ad4f8306b8a79a102439680c42126b23a88ef1d88d2f0aa4de8551bc43c1efaf3fccfdcf4a5d71457603549be32f99ecf9171e5629cc0bec0a106fcda451c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nskD4DE.tmp\USBPcapPage.ini

Filesize
2KB

MD5
9b28054d357e0b30b0f93135b040c1ef

SHA1
f7680d8bcc1829e10b033e2dc0147a32f556e6bc

SHA256
85a3d019dc290b0bb392eaef03701e2534a782881290ce9aa1adba232d6ad8a4

SHA512
7aee6b8f8bc8c325cf763b1ace3ae6af05a88400487eeea09e711694cc715bf2e7d930128e7cd0e6ff5ab9d0ec143b9ec626e7f32f79007736aed643b860e94a

Download Submit
C:\Users\Admin\Downloads\Wireshark-4.2.4-x64.exe

Filesize
82.5MB

MD5
c38012af36b2f24cf15f971e62e08d87

SHA1
caa0849461201937fa995afc5d2b80986c506891

SHA256
b621718ffe64748590ea9568fbbed0f3d86b0939906dc9f7fe064e20ce385492

SHA512
84f1da60f8f974ccc24bbf054a40d6380865707d51401a70a19bc2d5e8a271fd68abce1b5fd14fd339cee57729e908e0aec70d7f5fb3046b03b183da4b233784

Download Submit
C:\Users\Admin\Downloads\Wireshark-win64-4.0.14.exe

Filesize
76.1MB

MD5
4aef19ebaa073ef79aeda3b22e9cb77d

SHA1
b80247c133d7d032d84c2b81565426765fb0d742

SHA256
bbcfde102a615413096cf15c4f4e2439e3e26b2b32ca5828c48ca0b318b33cc0

SHA512
aac14757a8da4d3f65cf8ca19a96c70acf61c6e5bacdced0bcf21150a58ccebe0ebfdc02f7200eabbeca2df845fbbb580c31888fd39948119db8b7e35370e5a6

Download Submit
C:\Windows\Temp\{588D5E03-78E1-48F7-B3E2-7EA0A6EDFF2B}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
C:\Windows\Temp\{588D5E03-78E1-48F7-B3E2-7EA0A6EDFF2B}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

Filesize
5.4MB

MD5
46efc5476e6d948067b9ba2e822fd300

SHA1
d17c2bf232f308e53544b2a773e646d4b35e3171

SHA256
2de285c0fc328d30501cad8aa66a0ca9556ad5e30d03b198ebdbc422347db138

SHA512
58c9b43b0f93da00166f53fda324fcf78fb1696411e3c453b66e72143e774f68d377a0368b586fb3f3133db7775eb9ab7e109f89bb3c5e21ddd0b13eaa7bd64c

Download Submit
C:\Windows\Temp\{588D5E03-78E1-48F7-B3E2-7EA0A6EDFF2B}\cab5046A8AB272BF37297BB7928664C9503

Filesize
935KB

MD5
c2df6cb9082ac285f6acfe56e3a4430a

SHA1
591e03bf436d448296798a4d80f6a39a00502595

SHA256
b8b4732a600b741e824ab749321e029a07390aa730ec59401964b38105d5fa11

SHA512
9f21b621fc871dd72de0c518174d1cbe41c8c93527269c3765b65edee870a8945ecc2700d49f5da8f6fab0aa3e4c2db422b505ffcbcb2c5a1ddf4b9cec0e8e13

Download Submit
C:\Windows\Temp\{588D5E03-78E1-48F7-B3E2-7EA0A6EDFF2B}\vcRuntimeAdditional_x64

Filesize
188KB

MD5
dd070483eda0af71a2e52b65867d7f5d

SHA1
2b182fc81d19ae8808e5b37d8e19c4dafeec8106

SHA256
1c450cacdbf38527c27eb2107a674cd9da30aaf93a36be3c5729293f6f586e07

SHA512
69e16ee172d923173e874b12037629201017698997e8ae7a6696aab1ad3222ae2359f90dea73a7487ca9ff6b7c01dc6c4c98b0153b6f1ada8b59d2cec029ec1a

Download Submit
C:\Windows\Temp\{588D5E03-78E1-48F7-B3E2-7EA0A6EDFF2B}\vcRuntimeMinimum_x64

Filesize
188KB

MD5
a4075b745d8e506c48581c4a99ec78aa

SHA1
389e8b1dbeebdff749834b63ae06644c30feac84

SHA256
ee130110a29393dcbc7be1f26106d68b629afd2544b91e6caf3a50069a979b93

SHA512
0b980f397972bfc55e30c06e6e98e07b474e963832b76cdb48717e6772d0348f99c79d91ea0b4944fe0181ad5d6701d9527e2ee62c14123f1f232c1da977cada

Download Submit
C:\Windows\WindowsUpdate.log

Filesize
16KB

MD5
949f57d1b948c128b0c609762768b379

SHA1
724842ba1ed5bd98bde1fa17cf11e88b781d15c4

SHA256
78b672837a5880d4d82fba58b6218abc41523f2ba8e5852343c0980935f86bf7

SHA512
13e1c8128877fb5c989177c99d097c6f51a9df213b17ed8dac36f523d30aed53f398aae5572bb24f0f95310996826a62370686119e3d7fec013c3444b5847fe3

Download Submit
\Program Files\Wireshark\npcap-1.71.exe

Filesize
1.1MB

MD5
40cfea6d5a3ff15caf6dd4ae88a012b2

SHA1
287b229cecf54ea110a8b8422dcda20922bdf65e

SHA256
5ccb61296c48e3f8cd20db738784bd7bf0daf8fce630f89892678b6dda4e533c

SHA512
6ac4955286a4927ce43f7e85783631c9a801605c89a18ba95dde34d90eecbf4825b09e116890c8aca8defff767ad14843303dd557a67636bed1f1709b5399024

Download Submit
\Users\Admin\AppData\Local\Temp\nsf69AD.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
\Users\Admin\AppData\Local\Temp\nsf69AD.tmp\System.dll

Filesize
19KB

MD5
f020a8d9ede1fb2af3651ad6e0ac9cb1

SHA1
341f9345d669432b2a51d107cbd101e8b82e37b1

SHA256
7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0

SHA512
408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

Download Submit
\Users\Admin\AppData\Local\Temp\nsf69AD.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
\Users\Admin\AppData\Local\Temp\nskD4DE.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
\Users\Admin\AppData\Local\Temp\nskD4DE.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
\Users\Admin\AppData\Local\Temp\nsp9427.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
\Windows\Temp\{588D5E03-78E1-48F7-B3E2-7EA0A6EDFF2B}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
\Windows\Temp\{BDCC54AE-62AF-4098-9F48-D43839CF579B}\.cr\vc_redist.x64.exe

Filesize
635KB

MD5
35e545dac78234e4040a99cbb53000ac

SHA1
ae674cc167601bd94e12d7ae190156e2c8913dc5

SHA256
9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6

SHA512
bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

Download Submit