Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Wireshark-...64.exe

windows10-1703-x64

9

Analysis

  • max time kernel
    129s
  • max time network
    134s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/05/2024, 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Wireshark-4.2.4-x64.exe

  • Size

    82.5MB

  • MD5

    c38012af36b2f24cf15f971e62e08d87

  • SHA1

    caa0849461201937fa995afc5d2b80986c506891

  • SHA256

    b621718ffe64748590ea9568fbbed0f3d86b0939906dc9f7fe064e20ce385492

  • SHA512

    84f1da60f8f974ccc24bbf054a40d6380865707d51401a70a19bc2d5e8a271fd68abce1b5fd14fd339cee57729e908e0aec70d7f5fb3046b03b183da4b233784

  • SSDEEP

    1572864:qgwkqSnN5BNMnT8RjmZq2j+efj6e1u4lQ2D9jdd840ownGiwDNPjPrnrLYA:qgVqSbBinu6q2j+ixu4lQU8XhwD5PJ

Score
9/10
discoveryevasionpersistence

Malware Config

Signatures

  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Blocklisted process makes network request 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 50 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 15 IoCs
  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 14 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Wireshark-4.2.4-x64.exe
    "C:\Users\Admin\AppData\Local\Temp\Wireshark-4.2.4-x64.exe"
    1⤵
    • Drops file in Program Files directory
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3572
    • C:\Program Files\Wireshark\vc_redist.x64.exe
      "C:\Program Files\Wireshark\vc_redist.x64.exe" /install /quiet /norestart
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4244
      • C:\Windows\Temp\{60EA83A5-252E-485C-9AF7-E5721FCD28C5}\.cr\vc_redist.x64.exe
        "C:\Windows\Temp\{60EA83A5-252E-485C-9AF7-E5721FCD28C5}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Program Files\Wireshark\vc_redist.x64.exe" -burn.filehandle.attached=512 -burn.filehandle.self=532 /install /quiet /norestart
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:4900
        • C:\Windows\Temp\{8A570C43-9774-47BF-97BF-AF585D481579}\.be\VC_redist.x64.exe
          "C:\Windows\Temp\{8A570C43-9774-47BF-97BF-AF585D481579}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{B03D79B9-46D8-4A16-8274-D04FA922A2D4} {7209D2BE-7FA6-4A96-A766-5F248BA1C22A} 4900
          4⤵
          • Adds Run key to start application
          • Executes dropped EXE
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4364
          • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
            "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=896 -burn.embedded BurnPipe.{01BA25EE-D2C7-4235-A976-31112F7D3B65} {18BADB62-D2E8-4F73-9B1F-C483DE2BBD29} 4364
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:4480
            • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
              "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=512 -burn.filehandle.self=532 -uninstall -quiet -burn.related.upgrade -burn.ancestors={8bdfe669-9705-4184-9368-db9ce581e0e7} -burn.filehandle.self=896 -burn.embedded BurnPipe.{01BA25EE-D2C7-4235-A976-31112F7D3B65} {18BADB62-D2E8-4F73-9B1F-C483DE2BBD29} 4364
              6⤵
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:2152
              • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
                "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{8A8A6C2E-4039-46A3-96F9-BA7E1AE9A07B} {F2A61943-212C-488C-9325-BBA77501E2D7} 2152
                7⤵
                • Modifies registry class
                PID:2720
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4940
  • C:\Windows\system32\srtasks.exe
    C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
    1⤵
      PID:1196
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Blocklisted process makes network request
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1592
    • C:\Program Files\Wireshark\Wireshark.exe
      "C:\Program Files\Wireshark\Wireshark.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2844
      • C:\Program Files\Wireshark\dumpcap.exe
        "C:\Program Files\Wireshark\dumpcap.exe" -D -Z none
        2⤵
        • Executes dropped EXE
        • Checks processor information in registry
        PID:4412

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Config.Msi\e589b27.rbs
      Filesize

      17KB

      MD5

      c6778883c0afb6bff3ba9b9490352ec4

      SHA1

      cfa7e5d3a756486ca2489291969612511d6efe58

      SHA256

      3f497be41ae742a8f89d6bf369502edb1c867c57573d4917f5ddf6d0ed1863db

      SHA512

      516c450a10b86fdb501b33c2a98c59ae8fde0bb6a272c75a3afe55c38d2c5e0d39f6d6c1326e3d0277d0f2a2e83cfc1ec316f07c58774de275dcb109d7241f01

      Download Submit

    • C:\Config.Msi\e589b33.rbs
      Filesize

      16KB

      MD5

      9c9004d5b1cfcd4ea955ebfd36603565

      SHA1

      69a33e594e5059c6d5f9803700a10eb1cb98ba3a

      SHA256

      1e7088a6fb7953470294017b8dfa13b9a2acdbeac304fe016c47adf08b342fd4

      SHA512

      de4f30e0dfe7704edc75d61f6b160764cefcb79fad4c52277112442fbded54e90a29c641f1aafefda10c187238093a7bef4fbe682c6340ba3b564285daa7f759

      Download Submit

    • C:\Config.Msi\e589b3a.rbs
      Filesize

      19KB

      MD5

      fbbd5655225443f820087e00b9a22010

      SHA1

      5cb69fa88dabc3d43fea85d75245af57b5dbebad

      SHA256

      3f46a36c3b91e966b397fc0bae4bc768a4088f39d5f6c14ed1e08cd85cfe2857

      SHA512

      122c439f5ad01ef51f8aab0ee6603ef41d80d3da89499b78e9946f5cb7b255c82bed81625c1c07b4e17395af562278e980a0d27b77fb9b0f25f0d45b6fc35af4

      Download Submit

    • C:\Config.Msi\e589b49.rbs
      Filesize

      18KB

      MD5

      3582e43f8b74328ab216b61f5d9ae824

      SHA1

      3eb045013217879571473133099fb77730c3e77c

      SHA256

      4ffef5d93e2b9fa7f84389b3419551dc2a1a3233ea117c3fabf1c8a4e0dba134

      SHA512

      82388d8b3bb7c6dc906aad2631400827b7a11cebc2e2bf102d94557d471b3d59ebe05afe1cad33ccc2004fa09317e866ccf0fb2445f39ae8cd93591b82db4e0c

      Download Submit

    • C:\Program Files\Wireshark\Qt6Network.dll
      Filesize

      1.3MB

      MD5

      7d8a6710705e4e383f7794f01609f335

      SHA1

      08070ad1566139badb25759e7e9740dd44f700f5

      SHA256

      effb6370eef0e3338bb7339efa20d6eee49defa044418c0a564eee045fc9a606

      SHA512

      38c836a53b807886015ebe3495fdf371c9fbfb26a92c6ac577270464d6300dc1957bd35ae73b0bec6b3e90e552fafafff15417e4ac91f6c937ba64b8998e278c

      Download Submit

    • C:\Program Files\Wireshark\Wireshark.exe
      Filesize

      9.2MB

      MD5

      9e04e2a7e52e281b6a2ca074a23d1962

      SHA1

      bde314c399271acffba0189a1034af87695b905f

      SHA256

      e641193fa2fceca701553b91a36524b39cf965137b957f9f7c8d8149e28ebdb0

      SHA512

      09724ec416e67102c89c0ef763f3e0e75a450246ed5aae33e55638648b72620f124492a7f9ee4ca85a6a1a8a7322b10a2039d3402b406d8a0d7a8c1fc713125c

      Download Submit

    • C:\Program Files\Wireshark\libwireshark.dll
      Filesize

      84.7MB

      MD5

      f66d60de4dcaf76b766d3ce16d48353a

      SHA1

      9dceca83f15be352378c5c4285510b86b7cb92ef

      SHA256

      5a9f137b6292d9f9a74c059abc2aa08f2e013ca7b0880bab31d0c04d6cc10a1f

      SHA512

      ca96133595a9e97997f7a9e7aef2224f1fc37ead55c411ba2f17d1065a4e2f54bca904a962a5488842ed19ec9c7b99322ef6f18c6b1dc6b8d830c3cfb0281cd7

      Download Submit

    • C:\Program Files\Wireshark\vc_redist.x64.exe
      Filesize

      24.2MB

      MD5

      077f0abdc2a3881d5c6c774af821f787

      SHA1

      c483f66c48ba83e99c764d957729789317b09c6b

      SHA256

      917c37d816488545b70affd77d6e486e4dd27e2ece63f6bbaaf486b178b2b888

      SHA512

      70a888d5891efd2a48d33c22f35e9178bd113032162dc5a170e7c56f2d592e3c59a08904b9f1b54450c80f8863bda746e431b396e4c1624b91ff15dd701bd939

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240501130139_000_vcRuntimeMinimum_x64.log
      Filesize

      2KB

      MD5

      8099a7cdaf09cc8b3e81b26aba16a065

      SHA1

      75d9a2dd53b628f29e1afc55e4585e9a6bf0e21e

      SHA256

      b157a19cfd353c249735199d29b39dbe52518839604c1f3f89b0e38ed10c078c

      SHA512

      c8ab75035e3df8a5ce3cc718e4186fa1703f95e38fb46cc0fa5b9b02eaa7cc2caeb2771bf434878de612c5dacde778cafb72d9c77e1a2026f3f44ed3dd60d2bd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20240501130139_001_vcRuntimeAdditional_x64.log
      Filesize

      2KB

      MD5

      caf0d52083fcf5f9e16917f332337041

      SHA1

      03f98accc60633dc361977aebe431c38d3eb3bdc

      SHA256

      2e3c6578c4f8f61627a9bce9dbf33a51e0d0a8c2fcabed887fb778e65cd4e08a

      SHA512

      a562434c33f697c37b6d25111e8d9309d8fa8b49675b8bb9bee1327272bb724fde6d543517cc306b48b5fdb4adb41fa1cdd4f2052dcbe5c8317f038598a72409

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nss8C06.tmp\DonatePage.ini
      Filesize

      904B

      MD5

      a7503cc175535989650d0749c18c8881

      SHA1

      1f4d8aed9a2677e9a2f0467c022fc98b732ce81a

      SHA256

      e0f775ff3740334da3924a6537b87d8fc1211942e42d4565f9edd26cf50e7b3f

      SHA512

      3495eee44dd3756b180e50a6f59e3b5fb41707bd243e9f2631e8f23e8f2cc1f668e449a0f905d8876e997c341adbc234ca4a0b7a6f9857d77ee7fd2f689face5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nss8C06.tmp\NpcapPage.ini
      Filesize

      2KB

      MD5

      d3ac8e2aa30cf8eb25fe6d2a4b0ab349

      SHA1

      ae0e059d5a00cb9f8f2a91e4225f03e521450fed

      SHA256

      73bfe0316d7c8944bdb4a5474ad02e70e0b6d4a2da8920156c533e59bb07d459

      SHA512

      d486958c5b8f0d56871fe0c741dd20ba20b9e2cf2496d589fcb433a6731a021d45f18949199407447e2562d8e4ea546a6566929635650c589a0ad71c7d8c7e13

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nss8C06.tmp\NpcapPage.ini
      Filesize

      2KB

      MD5

      6d92cfc906fb0684194241de46130860

      SHA1

      f1b71ec77becf094746fc2b1e5c7b8a06f4c8568

      SHA256

      eca18a27265e0c02a715cd107848253f8b4dd95728090f3f05a2721201bfe8cb

      SHA512

      4128cffdb1f9a94c37e5e800772c0214399ac164b0a8b92071c7215d937f80853a39f14e9ebd759b50d85b96c96efcb3ffd25a17fcea63cd9293dcbcadfd9a96

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nss8C06.tmp\USBPcapPage.ini
      Filesize

      2KB

      MD5

      e99e395d6bfc37663626c4a01c732692

      SHA1

      75813eb6682b97de44dafdd6f98afae7e4d3868b

      SHA256

      b4c5e164a7dc968941eab553a3c0f53f3aae8209b8eef74d4be9838b78b51503

      SHA512

      e13cf96693c5d3971fdb5b14ee25e629b7016b045719f59d451789651127323b0a260f6c085f0b746b64d04a06a4d408aafc20eb71635d6064d8584af20973f6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nss8C06.tmp\USBPcapPage.ini
      Filesize

      2KB

      MD5

      1f8935bb3e88caa67499d81df3e5ca1d

      SHA1

      497d7e5b9baf3e6a59d7068cad561971d1064af6

      SHA256

      c27363edc27d1e10fb48b601c301243ecf8def4a96e4df97f10f323283678e8a

      SHA512

      fb1a240b7dd45788b317649f9f9e11d57aff4850c8280190daa237c39111dc9165791a8d9f947d132d19a78b2d930baded38732b3197b848c3368f5fc9246858

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nss8C06.tmp\modern-wizard.bmp
      Filesize

      25KB

      MD5

      cbe40fd2b1ec96daedc65da172d90022

      SHA1

      366c216220aa4329dff6c485fd0e9b0f4f0a7944

      SHA256

      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

      SHA512

      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

      Download Submit

    • C:\Windows\Temp\{60EA83A5-252E-485C-9AF7-E5721FCD28C5}\.cr\vc_redist.x64.exe
      Filesize

      635KB

      MD5

      35e545dac78234e4040a99cbb53000ac

      SHA1

      ae674cc167601bd94e12d7ae190156e2c8913dc5

      SHA256

      9a6c005e1a71e11617f87ede695af32baac8a2056f11031941df18b23c4eeba6

      SHA512

      bd984c20f59674d1c54ca19785f54f937f89661014573c5966e5f196f776ae38f1fc9a7f3b68c5bc9bf0784adc5c381f8083f2aecdef620965aeda9ecba504f3

      Download Submit

    • C:\Windows\Temp\{8A570C43-9774-47BF-97BF-AF585D481579}\.ba\logo.png
      Filesize

      1KB

      MD5

      d6bd210f227442b3362493d046cea233

      SHA1

      ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

      SHA256

      335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

      SHA512

      464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

      Download Submit

    • C:\Windows\Temp\{8A570C43-9774-47BF-97BF-AF585D481579}\cab2C04DDC374BD96EB5C8EB8208F2C7C92
      Filesize

      5.4MB

      MD5

      46efc5476e6d948067b9ba2e822fd300

      SHA1

      d17c2bf232f308e53544b2a773e646d4b35e3171

      SHA256

      2de285c0fc328d30501cad8aa66a0ca9556ad5e30d03b198ebdbc422347db138

      SHA512

      58c9b43b0f93da00166f53fda324fcf78fb1696411e3c453b66e72143e774f68d377a0368b586fb3f3133db7775eb9ab7e109f89bb3c5e21ddd0b13eaa7bd64c

      Download Submit

    • C:\Windows\Temp\{8A570C43-9774-47BF-97BF-AF585D481579}\cab5046A8AB272BF37297BB7928664C9503
      Filesize

      935KB

      MD5

      c2df6cb9082ac285f6acfe56e3a4430a

      SHA1

      591e03bf436d448296798a4d80f6a39a00502595

      SHA256

      b8b4732a600b741e824ab749321e029a07390aa730ec59401964b38105d5fa11

      SHA512

      9f21b621fc871dd72de0c518174d1cbe41c8c93527269c3765b65edee870a8945ecc2700d49f5da8f6fab0aa3e4c2db422b505ffcbcb2c5a1ddf4b9cec0e8e13

      Download Submit

    • C:\Windows\Temp\{8A570C43-9774-47BF-97BF-AF585D481579}\vcRuntimeAdditional_x64
      Filesize

      188KB

      MD5

      dd070483eda0af71a2e52b65867d7f5d

      SHA1

      2b182fc81d19ae8808e5b37d8e19c4dafeec8106

      SHA256

      1c450cacdbf38527c27eb2107a674cd9da30aaf93a36be3c5729293f6f586e07

      SHA512

      69e16ee172d923173e874b12037629201017698997e8ae7a6696aab1ad3222ae2359f90dea73a7487ca9ff6b7c01dc6c4c98b0153b6f1ada8b59d2cec029ec1a

      Download Submit

    • C:\Windows\Temp\{8A570C43-9774-47BF-97BF-AF585D481579}\vcRuntimeMinimum_x64
      Filesize

      188KB

      MD5

      a4075b745d8e506c48581c4a99ec78aa

      SHA1

      389e8b1dbeebdff749834b63ae06644c30feac84

      SHA256

      ee130110a29393dcbc7be1f26106d68b629afd2544b91e6caf3a50069a979b93

      SHA512

      0b980f397972bfc55e30c06e6e98e07b474e963832b76cdb48717e6772d0348f99c79d91ea0b4944fe0181ad5d6701d9527e2ee62c14123f1f232c1da977cada

      Download Submit

    • \Program Files\Wireshark\Qt6Core.dll
      Filesize

      5.5MB

      MD5

      e08fa31bfa514a7143d53e5a1eb1523f

      SHA1

      37a029e5df80e7190f15ce17f785b633baac7e3b

      SHA256

      128811f29f9b8eb852f904686290ec5af33c8b31d5d79d6e34b6c2bc74aa0e9d

      SHA512

      b2593c95cfcec50ba4db2ac97899e3b4024b39b66115d816b9e39d61efde118f7316be85af91b5a078ecc4abb0b579098692f43553a3d8cd69ccb592d69f4855

      Download Submit

    • \Program Files\Wireshark\Qt6Core5Compat.dll
      Filesize

      813KB

      MD5

      b6d2da7af19af9963f13fe5893969aeb

      SHA1

      4230c6d2a14a2b1d7a5c44242e078f3a1bbbf3d6

      SHA256

      b12300777905153ae568eba9657e0af2ff57b23e8bba9d02bf120bc78dedcb6c

      SHA512

      c7b600ef41693d16f8745c7683bcf5f2601668945a8f03cbbd894e836878564a44a23f8a7196e2cc571429d4e72c107530e398626b66f813e1f2a05e30a812b8

      Download Submit

    • \Program Files\Wireshark\Qt6Gui.dll
      Filesize

      7.7MB

      MD5

      5e3505a32c0ba5904f5a352117a5064c

      SHA1

      0bda8522e9821438cf031d86c4b834e14503819a

      SHA256

      a7b828d2f6e136e47af6959cfe5f91f81e11791835afb42c2fd110aec0b5cfec

      SHA512

      82451d5e7aef2a1bd78ad3d1a4b3b18c97d96ef58316fe16fc5454c24b91570002739f520fa7e7df855d2363942d93419a7ab95c9cee0d3b7f529290d1093a90

      Download Submit

    • \Program Files\Wireshark\Qt6Multimedia.dll
      Filesize

      748KB

      MD5

      16e39ff93215452733c9cdab43b6bb8b

      SHA1

      59ccbff5d5d71dedb0c13759b921a37ef67b1d5e

      SHA256

      3e556455e25fbc16cb0ee39ceaad047913b8f7ce57673739a89bf5cef946c183

      SHA512

      8e1dcd1ad1ca421301195b8034dcaba8e7fa9d4d7b3990cb87fcfc36bade6c2c0e5194614f807b5b58bea8ea7b0633d4525b8b3a06dc2b04c8a7b65674388cd1

      Download Submit

    • \Program Files\Wireshark\Qt6PrintSupport.dll
      Filesize

      383KB

      MD5

      e5bfc814bb82d29a08d762240f6dd9a5

      SHA1

      bf86e404c0c7e18ebff14c8b1c770703b7000bac

      SHA256

      9b8de8e42a14cac1d5996124d739217737d14872426a6d2737b795d29f30357f

      SHA512

      5ad2be7b4ebf970c749b6a86aee3b42256d1b523ac68480e8f4271d84ff9a59d1f7654f45d4349a4df086a05123ef7ce470d98a9986ac607ae980b8d9364c2ae

      Download Submit

    • \Program Files\Wireshark\Qt6Widgets.dll
      Filesize

      5.7MB

      MD5

      4800a31faf075ddfc8e7460dbf2b4025

      SHA1

      6fa0828bd85eb63f347dae0cc35f635ebd8a13cf

      SHA256

      6c8ea8a476e368c83972a78cf9982f6ba3cffe8645040092f9217cf6d9dd5d8f

      SHA512

      5b4d22072b91fc1a3c67bb2616f4e9e959bdf6f1dc5665744480707ce678aa9e729990dc244f31d59dd2594f8f7dde311384cc5766057a017d670fed25c9e97d

      Download Submit

    • \Program Files\Wireshark\WinSparkle.dll
      Filesize

      2.3MB

      MD5

      fa13a90d06a9310afdb2f2a8e13a0d69

      SHA1

      a9c7bd3ca0f5a9d0ff1f3e88bdc2d9766a65800f

      SHA256

      b447c1b8ab5bbab454e04cc90774298e788608fec59a71247c5e53027a161b3d

      SHA512

      85e212a16e0813d27e439a2c893f4ff032aaa386a2f3353f20777b503147366b60d38809002e442cf51dc8b9e5461b155997c910391ad7c5dab8b18c337fc1ae

      Download Submit

    • \Program Files\Wireshark\glib-2.0-0.dll
      Filesize

      1.2MB

      MD5

      fb586ba7096fddc13a2dcc6473509468

      SHA1

      792ca56ef25dacb6a2dbb514b2369c2fbe14d7ab

      SHA256

      3b5024c173e46a2bdf95247b189ae96983c17622b55b5f18d0da1ccb8114ae32

      SHA512

      5516e064ed2b76d7281528b4a97d12ef2977d7832920b699c17c4f1cefca861b29ff00c659a3096ca0a6be56098817eac08f7aa304dcfb51f02b573761b3e2dc

      Download Submit

    • \Program Files\Wireshark\gmodule-2.0-0.dll
      Filesize

      30KB

      MD5

      fd242c79df249b7ce45b55d54adb92e3

      SHA1

      d3bf5505fca1f4ee1bc51778444f8a2b541480ee

      SHA256

      91b3905256b979e4d0567689bf236543368c8998d4d7668c7824b5ba87fdf95c

      SHA512

      09d11787e41f2de318bb7c13514eaeb936d6545f7b0575ac392810c0d721663ec91ecd078d4e666254711e601858073e2f6927a02cbbdb9ecfb6dfb3877754de

      Download Submit

    • \Program Files\Wireshark\libgcrypt-20.dll
      Filesize

      1.3MB

      MD5

      564e73c2b8e403faf8d0e785273b2d6a

      SHA1

      32342a76d54739c89516ead716b6cee9b1dcba02

      SHA256

      c6cdcf52822780b13c591770e523dd7e2f734d1a133b69e25b4eb45cba3fea24

      SHA512

      c57dc3f3cb30eedcc7d28487b43ca0c847d23af7d72d1ca177e85d68f1466dcbc069a017dc78e6cc3c7d1a8ec8d756cee6640b4c365cf90dbf3f0e1533569db8

      Download Submit

    • \Program Files\Wireshark\libspeexdsp.dll
      Filesize

      110KB

      MD5

      b4ef6c041ebeec51405be90c5613f888

      SHA1

      ec84d1bcf053dee0bc83cffd4e3f8ad66be4cc17

      SHA256

      aad4e7ef39bc5dd7629643800fe43b72050133a1d3054d9dc68b7eae9f14394e

      SHA512

      356303a746020c0134b03449fa8a329a37c2de90a4445824f9ee688a884f9941805f9ff03139d63d6ce7a62b12abab76830684ccef10f6d3ff1a305547fc59a6

      Download Submit

    • \Program Files\Wireshark\libwiretap.dll
      Filesize

      561KB

      MD5

      a312acedd714199d7658b840ad28d320

      SHA1

      944d66fa5d8132117a92e68618f923718830cc42

      SHA256

      af244a178358c5da3875e27b2240a427706f4af7d76cc91b2f8580309b60c3aa

      SHA512

      45e2ea0fa8e6db8fca4e9618cdb52e96947e457ed0823488c4065a7aaf04986d059e7bb1417b4992771a4b9afc4b1c90c60a35099d9411127c70614027f878f9

      Download Submit

    • \Program Files\Wireshark\libwsutil.dll
      Filesize

      229KB

      MD5

      1256ddb66185a1a1653e3c508a5b730e

      SHA1

      25650a8180b5b164e2cc25aefb4f7a11d35e476d

      SHA256

      db22d6920f3238e5991dafe60b307878764b4b55bfb7482cc9c2e8036035f417

      SHA512

      89092bfd1c9f9c8fe5c00579bbde5b86be0ac763086afed33ce01f4aa5fc162fe968dacd259082f116f6151db4226d338904bcaf69f3d45a9e1203f238c7f848

      Download Submit

    • \Program Files\Wireshark\minizip.dll
      Filesize

      56KB

      MD5

      a197fbf79866665a49a39af21a51ecf3

      SHA1

      c87c9eda787615b123f84f7d575660a1a542e9aa

      SHA256

      f1fcc4046ae84fb559c28b803cca977296cf5264f0e0fa06254da1de9e74eabd

      SHA512

      8b0923ad58fa3a423acd5b345363dc0bbdcfc4417637ddb462ba6e96bdc3bf8d1c9046c97b701c37c4d71c1a67ba6a5a2c9e17e3fd0a749b57004173d998c75f

      Download Submit

    • \Program Files\Wireshark\zlib1.dll
      Filesize

      98KB

      MD5

      5a2b1ca4bcd22ab4c4b4dfeb287aef2c

      SHA1

      97f6bc50112d87cf21994a66dc1d63bcc2996dfa

      SHA256

      44d79867c2ceb43342cd577531ac31ab4a029e8f2e6b83b637bb38bf02b9ec37

      SHA512

      4b285d71d00be0f886f048d85b53bf64e77a3649165d8fb2d5e79bf1b4dd464e36e736af86c6d6c7f12f96668686b4bfb1f8db9003c750a5af962b3a00727db5

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nss8C06.tmp\InstallOptions.dll
      Filesize

      15KB

      MD5

      d095b082b7c5ba4665d40d9c5042af6d

      SHA1

      2220277304af105ca6c56219f56f04e894b28d27

      SHA256

      b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

      SHA512

      61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nss8C06.tmp\System.dll
      Filesize

      12KB

      MD5

      4add245d4ba34b04f213409bfe504c07

      SHA1

      ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

      SHA256

      9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

      SHA512

      1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nss8C06.tmp\nsDialogs.dll
      Filesize

      9KB

      MD5

      1d8f01a83ddd259bc339902c1d33c8f1

      SHA1

      9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

      SHA256

      4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

      SHA512

      28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

      Download Submit

    • \Windows\System32\msvcp140.dll
      Filesize

      564KB

      MD5

      1ba6d1cf0508775096f9e121a24e5863

      SHA1

      df552810d779476610da3c8b956cc921ed6c91ae

      SHA256

      74892d9b4028c05debaf0b9b5d9dc6d22f7956fa7d7eee00c681318c26792823

      SHA512

      9887d9f5838aa1555ea87968e014edfe2f7747f138f1b551d1f609bc1d5d8214a5fdab0d76fcac98864c1da5eb81405ca373b2a30cb12203c011d89ea6d069af

      Download Submit

    • \Windows\System32\msvcp140_1.dll
      Filesize

      34KB

      MD5

      69d96e09a54fbc5cf92a0e084ab33856

      SHA1

      b4629d51b5c4d8d78ccb3370b40a850f735b8949

      SHA256

      a3a1199de32bbbc8318ec33e2e1ce556247d012851e4b367fe853a51e74ce4ee

      SHA512

      2087827137c473cdbec87789361ed34fad88c9fe80ef86b54e72aea891d91af50b17b7a603f9ae2060b3089ce9966fad6d7fbe22dee980c07ed491a75503f2cf

      Download Submit

    • \Windows\System32\vcruntime140.dll
      Filesize

      106KB

      MD5

      49c96cecda5c6c660a107d378fdfc3d4

      SHA1

      00149b7a66723e3f0310f139489fe172f818ca8e

      SHA256

      69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

      SHA512

      e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

      Download Submit

    • \Windows\System32\vcruntime140_1.dll
      Filesize

      48KB

      MD5

      cf0a1c4776ffe23ada5e570fc36e39fe

      SHA1

      2050fadecc11550ad9bde0b542bcf87e19d37f1a

      SHA256

      6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47

      SHA512

      d95cd98d22ca048d0fc5bca551c9db13d6fa705f6af120bbbb621cf2b30284bfdc7320d0a819bb26dab1e0a46253cc311a370bed4ef72ecb60c69791ed720168

      Download Submit

    • \Windows\Temp\{8A570C43-9774-47BF-97BF-AF585D481579}\.ba\wixstdba.dll
      Filesize

      191KB

      MD5

      eab9caf4277829abdf6223ec1efa0edd

      SHA1

      74862ecf349a9bedd32699f2a7a4e00b4727543d

      SHA256

      a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

      SHA512

      45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

      Download Submit

    • memory/2152-724-0x00000000002E0000-0x0000000000357000-memory.dmp

      Filesize

      476KB

      Download

    • memory/2720-687-0x00000000002E0000-0x0000000000357000-memory.dmp

      Filesize

      476KB

      Download

    • memory/2844-3299-0x00007FFC27490000-0x00007FFC27A51000-memory.dmp

      Filesize

      5.8MB

      Download

    • memory/2844-3300-0x00007FF72FF20000-0x00007FF73085A000-memory.dmp

      Filesize

      9.2MB

      Download

    • memory/4480-725-0x00000000002E0000-0x0000000000357000-memory.dmp

      Filesize

      476KB

      Download