c2b9998b798219e8966f25a04411b3910ca1b2901ac8e5e1fde29950264cc6e0

Analysis

max time kernel
83s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 08:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CUMMINS INSITE 8.7 Pro/INSITE 8.7 Pro.exe
Size

5.1MB
MD5

a90c789176cf3aa4fbeb1541758e7001
SHA1

89746901191b074d7b36ef7c17c01017a7ad9f66
SHA256

f5986e91f714b4f3736ee40a0e197203552034ec956b797b779decfce8e20d5b
SHA512

eb86d922e9d96825a3c9aaf003ff2a70ab7534b5276417ae6d0bfbb2322b4f2126e849aed6671d88c31561095d03e912c593c61acad4e03a3880ba3d6b3b844c
SSDEEP

98304:HKVf4M+N3gKCai9IiNFeMBAyKdpuYQmmGLQeAjMMtmr6EnQgyxcdxU:qVYiai/FeLpSmmiemr6hxedx

Score

9^/10

bootkit evasion persistence trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 7 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

INSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	INSITE 8.7 Pro.exe

Checks BIOS information in registry 2 TTPs 14 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

INSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	INSITE 8.7 Pro.exe

Executes dropped EXE 6 IoCs

Processes:

RestartApp.exeRestartApp.exeRestartApp.exeRestartApp.exeRestartApp.exeRestartApp.exe

pid process

4480 RestartApp.exe
3800 RestartApp.exe
2724 RestartApp.exe
1840 RestartApp.exe
3992 RestartApp.exe
5056 RestartApp.exe

pid	process
4480	RestartApp.exe
3800	RestartApp.exe
2724	RestartApp.exe
1840	RestartApp.exe
3992	RestartApp.exe
5056	RestartApp.exe

Identifies Wine through registry keys 2 TTPs 7 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

INSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Software\Wine	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Software\Wine	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Software\Wine	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Software\Wine	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Software\Wine	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Software\Wine	INSITE 8.7 Pro.exe
Key opened	\REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Software\Wine	INSITE 8.7 Pro.exe

Checks whether UAC is enabled 1 TTPs 7 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

INSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	INSITE 8.7 Pro.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	INSITE 8.7 Pro.exe

Writes to the Master Boot Record (MBR) 1 TTPs 7 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

INSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	INSITE 8.7 Pro.exe
File opened for modification	\??\PhysicalDrive0	INSITE 8.7 Pro.exe
File opened for modification	\??\PhysicalDrive0	INSITE 8.7 Pro.exe
File opened for modification	\??\PhysicalDrive0	INSITE 8.7 Pro.exe
File opened for modification	\??\PhysicalDrive0	INSITE 8.7 Pro.exe
File opened for modification	\??\PhysicalDrive0	INSITE 8.7 Pro.exe
File opened for modification	\??\PhysicalDrive0	INSITE 8.7 Pro.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 7 IoCs

Processes:

INSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exe

pid	process
5072	INSITE 8.7 Pro.exe
1900	INSITE 8.7 Pro.exe
2556	INSITE 8.7 Pro.exe
2780	INSITE 8.7 Pro.exe
1440	INSITE 8.7 Pro.exe
2464	INSITE 8.7 Pro.exe
2668	INSITE 8.7 Pro.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

INSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exeINSITE 8.7 Pro.exe

pid	process
5072	INSITE 8.7 Pro.exe
5072	INSITE 8.7 Pro.exe
1900	INSITE 8.7 Pro.exe
1900	INSITE 8.7 Pro.exe
2556	INSITE 8.7 Pro.exe
2556	INSITE 8.7 Pro.exe
2780	INSITE 8.7 Pro.exe
2780	INSITE 8.7 Pro.exe
1440	INSITE 8.7 Pro.exe
1440	INSITE 8.7 Pro.exe
2464	INSITE 8.7 Pro.exe
2464	INSITE 8.7 Pro.exe
2668	INSITE 8.7 Pro.exe
2668	INSITE 8.7 Pro.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

INSITE 8.7 Pro.exe

pid process

2464 INSITE 8.7 Pro.exe

pid	process
2464	INSITE 8.7 Pro.exe

Suspicious use of WriteProcessMemory 36 IoCs

Processes:

INSITE 8.7 Pro.exeRestartApp.exeINSITE 8.7 Pro.exeRestartApp.exeINSITE 8.7 Pro.exeRestartApp.exeINSITE 8.7 Pro.exeRestartApp.exeINSITE 8.7 Pro.exeRestartApp.exeINSITE 8.7 Pro.exeRestartApp.exe

description	pid	process	target process
PID 5072 wrote to memory of 4480	5072	INSITE 8.7 Pro.exe	RestartApp.exe
PID 5072 wrote to memory of 4480	5072	INSITE 8.7 Pro.exe	RestartApp.exe
PID 5072 wrote to memory of 4480	5072	INSITE 8.7 Pro.exe	RestartApp.exe
PID 4480 wrote to memory of 1900	4480	RestartApp.exe	INSITE 8.7 Pro.exe
PID 4480 wrote to memory of 1900	4480	RestartApp.exe	INSITE 8.7 Pro.exe
PID 4480 wrote to memory of 1900	4480	RestartApp.exe	INSITE 8.7 Pro.exe
PID 1900 wrote to memory of 3800	1900	INSITE 8.7 Pro.exe	RestartApp.exe
PID 1900 wrote to memory of 3800	1900	INSITE 8.7 Pro.exe	RestartApp.exe
PID 1900 wrote to memory of 3800	1900	INSITE 8.7 Pro.exe	RestartApp.exe
PID 3800 wrote to memory of 2556	3800	RestartApp.exe	INSITE 8.7 Pro.exe
PID 3800 wrote to memory of 2556	3800	RestartApp.exe	INSITE 8.7 Pro.exe
PID 3800 wrote to memory of 2556	3800	RestartApp.exe	INSITE 8.7 Pro.exe
PID 2556 wrote to memory of 2724	2556	INSITE 8.7 Pro.exe	RestartApp.exe
PID 2556 wrote to memory of 2724	2556	INSITE 8.7 Pro.exe	RestartApp.exe
PID 2556 wrote to memory of 2724	2556	INSITE 8.7 Pro.exe	RestartApp.exe
PID 2724 wrote to memory of 2780	2724	RestartApp.exe	INSITE 8.7 Pro.exe
PID 2724 wrote to memory of 2780	2724	RestartApp.exe	INSITE 8.7 Pro.exe
PID 2724 wrote to memory of 2780	2724	RestartApp.exe	INSITE 8.7 Pro.exe
PID 2780 wrote to memory of 1840	2780	INSITE 8.7 Pro.exe	RestartApp.exe
PID 2780 wrote to memory of 1840	2780	INSITE 8.7 Pro.exe	RestartApp.exe
PID 2780 wrote to memory of 1840	2780	INSITE 8.7 Pro.exe	RestartApp.exe
PID 1840 wrote to memory of 1440	1840	RestartApp.exe	INSITE 8.7 Pro.exe
PID 1840 wrote to memory of 1440	1840	RestartApp.exe	INSITE 8.7 Pro.exe
PID 1840 wrote to memory of 1440	1840	RestartApp.exe	INSITE 8.7 Pro.exe
PID 1440 wrote to memory of 3992	1440	INSITE 8.7 Pro.exe	RestartApp.exe
PID 1440 wrote to memory of 3992	1440	INSITE 8.7 Pro.exe	RestartApp.exe
PID 1440 wrote to memory of 3992	1440	INSITE 8.7 Pro.exe	RestartApp.exe
PID 3992 wrote to memory of 2464	3992	RestartApp.exe	INSITE 8.7 Pro.exe
PID 3992 wrote to memory of 2464	3992	RestartApp.exe	INSITE 8.7 Pro.exe
PID 3992 wrote to memory of 2464	3992	RestartApp.exe	INSITE 8.7 Pro.exe
PID 2464 wrote to memory of 5056	2464	INSITE 8.7 Pro.exe	RestartApp.exe
PID 2464 wrote to memory of 5056	2464	INSITE 8.7 Pro.exe	RestartApp.exe
PID 2464 wrote to memory of 5056	2464	INSITE 8.7 Pro.exe	RestartApp.exe
PID 5056 wrote to memory of 2668	5056	RestartApp.exe	INSITE 8.7 Pro.exe
PID 5056 wrote to memory of 2668	5056	RestartApp.exe	INSITE 8.7 Pro.exe
PID 5056 wrote to memory of 2668	5056	RestartApp.exe	INSITE 8.7 Pro.exe

C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe
"C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Users\Admin\AppData\Roaming\RestartApp.exe
  C:\Users\Admin\AppData\Roaming\RestartApp.exe "5072" "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4480
- - C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe
    "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Identifies Wine through registry keys
    - Checks whether UAC is enabled
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1900
  - - C:\Users\Admin\AppData\Roaming\RestartApp.exe
      C:\Users\Admin\AppData\Roaming\RestartApp.exe "1900" "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Identifies Wine through registry keys
        Checks whether UAC is enabled
        Writes to the Master Boot Record (MBR)
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2556
      - C:\Users\Admin\AppData\Roaming\RestartApp.exe
        
        C:\Users\Admin\AppData\Roaming\RestartApp.exe "2556" "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
        7⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Identifies Wine through registry keys
        Checks whether UAC is enabled
        Writes to the Master Boot Record (MBR)
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:2780
        
        C:\Users\Admin\AppData\Roaming\RestartApp.exe
        
        C:\Users\Admin\AppData\Roaming\RestartApp.exe "2780" "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
        9⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Identifies Wine through registry keys
        Checks whether UAC is enabled
        Writes to the Master Boot Record (MBR)
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:1440
        
        C:\Users\Admin\AppData\Roaming\RestartApp.exe
        
        C:\Users\Admin\AppData\Roaming\RestartApp.exe "1440" "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
        11⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Identifies Wine through registry keys
        Checks whether UAC is enabled
        Writes to the Master Boot Record (MBR)
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:2464
        
        C:\Users\Admin\AppData\Roaming\RestartApp.exe
        
        C:\Users\Admin\AppData\Roaming\RestartApp.exe "2464" "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\INSITE 8.7 Pro.exe"
        13⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Identifies Wine through registry keys
        Checks whether UAC is enabled
        Writes to the Master Boot Record (MBR)
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        
        PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\jyhedjaj.zlm

Filesize
4KB

MD5
1d7d8486fbdcbb080eac498a277da300

SHA1
d2be7d7591c9fa096e6d15bc16b4c440f5584102

SHA256
5914abb1e9dff7cbf0d9935d58c877707bb3372338e7eb45e88b681e980d33ea

SHA512
576f21aa8ad74302f803e6a4bd3c6d31e91d530e41eb969f75f93b2fa2d8b967ecfffd5173e0ad11c24ef4564217737cd43882895835614ac21984ead5411732

Download Submit
C:\ProgramData\mntemp

Filesize
16B

MD5
369ddfe9173c66657bfdeb8872d7273f

SHA1
a21db8a1c0d082a8ccbef59a85f584d953ba23a7

SHA256
0cd9bb8d19a3bb678d2300e9f09b2d80fd1b35f56aa5530d88482d446e740102

SHA512
cb06b9bf53228d827454958ea0e080a42c0486a1921a9e205bf5f35bc048d14890ea14df759f2a2a7c12c42d8a2591286ae8210622d975d3a7d7a945eb8116fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\insite.dll

Filesize
4B

MD5
b31354630625aba12cf47a8731b72e11

SHA1
c4722463484941e0d702c068f41badecb2f79f1d

SHA256
acb1e5e36c913ea9f4272a0be75fdbc556130c136a27c2d1a719779c36b11e32

SHA512
97930ed59eb0bce2baed7bdc806725b00ccdf17ae6b14614afbca7ac4761dba5b136c958bceaa6c6edb0bf759c724b7b7aa0599f4d6bf80074be0e3b4ef13637

Download Submit
C:\Users\Admin\AppData\Local\Temp\CUMMINS INSITE 8.7 Pro\insite.dll

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\RestartApp.exe

Filesize
3KB

MD5
021ec3cc05e073e136aa1d19e199b77c

SHA1
f386c2997fd05878ee3bb9638550deed6e2cf296

SHA256
86ffd39f8c53924a25935a4e1667487c2a63c7c8313e4d4f6bb13a9ac742db3b

SHA512
154f53c13191fb39abbfef36ba0a06ba6c444d3a12308d749a1a6307ecd34af51337d99efd4805e275d8a9fbaeed61bd49015b31b37a8e75f317ae2588c517d5

Download Submit
memory/1440-111-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/1440-136-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/1900-47-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/1900-32-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/1900-30-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/1900-56-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/1900-46-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/1900-41-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/1900-45-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/1900-44-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/1900-43-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/1900-42-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/1900-48-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/1900-39-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/1900-40-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2464-165-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/2464-159-0x0000000004F80000-0x0000000004F81000-memory.dmp

Filesize
4KB

Download
memory/2464-137-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/2464-158-0x00000000050F0000-0x00000000050FA000-memory.dmp

Filesize
40KB

Download
memory/2464-166-0x00000000050F0000-0x00000000050F5000-memory.dmp

Filesize
20KB

Download
memory/2464-160-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/2556-57-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/2556-68-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2556-74-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2556-73-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2556-83-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/2556-78-0x0000000004F80000-0x0000000004F81000-memory.dmp

Filesize
4KB

Download
memory/2556-76-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2556-75-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2556-67-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2556-69-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2556-70-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2556-71-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2556-72-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2668-167-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/2668-188-0x0000000005080000-0x0000000005081000-memory.dmp

Filesize
4KB

Download
memory/2780-84-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/2780-105-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/2780-110-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/2780-99-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2780-98-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2780-94-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2780-95-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2780-96-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/2780-97-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-14-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-12-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-0-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/5072-17-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-16-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-15-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-18-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-13-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-29-0x0000000000400000-0x0000000000EA6000-memory.dmp

Filesize
10.6MB

Download
memory/5072-11-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-9-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-10-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-2-0x0000000004DD0000-0x0000000004E37000-memory.dmp

Filesize
412KB

Download
memory/5072-19-0x0000000077114000-0x0000000077116000-memory.dmp

Filesize
8KB

Download
memory/5072-23-0x0000000005070000-0x0000000005071000-memory.dmp

Filesize
4KB

Download