gozi | b67c56c28907408cf73bd7a1dbf7d827700500a6eb3899dd92cead3ab56e81b7

Analysis

max time kernel
151s
max time network
145s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
17-05-2024 10:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Multi Flash Kit v.4.11.11.exe
Size

154.8MB
MD5

16bb6020b61440318452fbd3afddb5fa
SHA1

bcf98da8d742ea1d62cdb35e9d3d302925da93fe
SHA256

b67c56c28907408cf73bd7a1dbf7d827700500a6eb3899dd92cead3ab56e81b7
SHA512

0feb99209e7018ca0a324311a235398ab2476aa8dbfd69a029082b4807705ca776959a79d5a2adf0439259cc5c685056ea9af47ff1dcdeffbf84ba6b53361856
SSDEEP

3145728:o1bOLj9uGkxoMDpWjhqOfH8V+VV3V46D2ONovKMWoJRfkP1KVhdX6kJ:o9OP9uG2BQjPrV4E2AoCMWSkAVDXp

Score

10^/10

gozi banker discovery isfb trojan upx

Malware Config

Extracted

Family

gozi

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi
Executes dropped EXE 6 IoCs

Processes:

Menu.exerufus.exeDiskMark.exeDiskMark.exeHPUSBFW.exeInstallUSB.exe

pid process

1752 Menu.exe
4868 rufus.exe
2392 DiskMark.exe
3992 DiskMark.exe
4540 HPUSBFW.exe
4884 InstallUSB.exe

pid	process
1752	Menu.exe
4868	rufus.exe
2392	DiskMark.exe
3992	DiskMark.exe
4540	HPUSBFW.exe
4884	InstallUSB.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\testdisk_win.$$A	upx
C:\Program Files (x86)\Multi Flash Kit\Files\tools\BootICE.$$A	upx
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe	upx
behavioral1/memory/4868-1569-0x0000000000400000-0x0000000000592000-memory.dmp	upx
behavioral1/memory/4868-1589-0x0000000000400000-0x0000000000592000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

HPUSBFW.exe

description ioc process

File opened (read-only) \??\F: HPUSBFW.exe

description	ioc	process
File opened (read-only)	\??\F:	HPUSBFW.exe

Drops file in System32 directory 5 IoCs

Processes:

rufus.exe

description	ioc	process
File opened for modification	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	rufus.exe
File opened for modification	C:\Windows\System32\GroupPolicy	rufus.exe
File opened for modification	C:\Windows\SysWOW64\GroupPolicy\gpt.ini	rufus.exe
File created	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	rufus.exe
File opened for modification	C:\Windows\System32\GroupPolicy\GPT.INI	rufus.exe

Drops file in Program Files directory 64 IoCs

Processes:

Multi Flash Kit v.4.11.11.exe

description	ioc	process
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\i386\MIGRATE.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 7\Files\mysetup.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\badgrub.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\chinese\badgrub.$AA	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\th.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Recuva\portable.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Check\ChkFlsh.$AA	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Chip XP 2014 Final DVD\set.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\testdisk_win.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\tools\RMBootSect.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\BOOTMGR.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\syslinux\ldlinux.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CheckUDisk\CheckUDisk.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\winsetup\MNT.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\DirectGRUB\MBTY\RU\FONT.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\MagicDataRecovery\Magic Data Recovery Pack Portable by Boomer\Registry.rw.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\cur\timer_a.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Puppyrus-A (14.08)\set.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 7 SP1 RUS-ENG x86-x64 -18in1- Activated v2 (AIO)\Files\list.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\fo.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_ZA.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Paragon\PAT.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\FONTS\MSYH_BOOT.$AA	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\rusfont.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Recuva\License.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\plugins\BartPE\SCRIPTS\StaticINF.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 7 SP1 RUS-ENG x86-x64 -18in1- Activated v2 (AIO)\Files\autorun.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\WinPE&uVS 3.83\set.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\i386\setupwst.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\blue\background.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\Shizuku\background.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\MagicDataRecovery\Magic Data Recovery Pack Portable by Boomer\%Local AppData%\Microsoft\Windows\Explorer\thumbcache_256.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_CZ.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_SK.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\chinese\badgrub.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\plugins\BartPE\testdisk_nu2menu.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 7 SP1 RUS-ENG x86-x64 -18in1- Activated v2 (AIO)\Files\mysetup.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\ChangeLog_chenall.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Chip\FlashGenius.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\W8PE x86x64 by Xemom1 (27.06.2013)\set.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\fr.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\DirectGRUB\MBTY\MBTY.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\bootmgr\BCD\BCD.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\qres.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Kaspersky Rescue Disk 10\set.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\i386\firadisk.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\buttonHover.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\BOOTMGR.$AA	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\def\id.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\qemu\License\LICENSE.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Flashnul\readme.rus.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Butler\ts.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\sv.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\sample\config.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\Main.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Acronis Disk 17\set.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\BOOTWS\fd.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\BOOTICE.$AA	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\BOOT\bootx64.$AA	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\def\16x16.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Chip\ChipEasy.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_VI.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\background.$$A	Multi Flash Kit v.4.11.11.exe
File created	C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\flower\button.$$A	Multi Flash Kit v.4.11.11.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

3536 2392 WerFault.exe DiskMark.exe
3708 3992 WerFault.exe DiskMark.exe

pid	pid_target	process	target process
3536	2392	WerFault.exe	DiskMark.exe
3708	3992	WerFault.exe	DiskMark.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

rufus.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	rufus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters	rufus.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	rufus.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	rufus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	rufus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	rufus.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	rufus.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters	rufus.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	rufus.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	rufus.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters	rufus.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters	rufus.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

AUDIODG.EXErufus.exe

description	pid	process
Token: 33	588	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	588	AUDIODG.EXE
Token: SeLoadDriverPrivilege	4868	rufus.exe
Token: SeLoadDriverPrivilege	4868	rufus.exe
Token: SeLoadDriverPrivilege	4868	rufus.exe
Token: SeLoadDriverPrivilege	4868	rufus.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

rufus.exe

pid process

4868 rufus.exe

pid	process
4868	rufus.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

DiskMark.exeDiskMark.exeInstallUSB.exe

pid	process
2392	DiskMark.exe
2392	DiskMark.exe
2392	DiskMark.exe
2392	DiskMark.exe
3992	DiskMark.exe
3992	DiskMark.exe
3992	DiskMark.exe
3992	DiskMark.exe
4884	InstallUSB.exe
4884	InstallUSB.exe

Suspicious use of WriteProcessMemory 18 IoCs

Processes:

Multi Flash Kit v.4.11.11.exeMenu.exe

description	pid	process	target process
PID 2164 wrote to memory of 1752	2164	Multi Flash Kit v.4.11.11.exe	Menu.exe
PID 2164 wrote to memory of 1752	2164	Multi Flash Kit v.4.11.11.exe	Menu.exe
PID 2164 wrote to memory of 1752	2164	Multi Flash Kit v.4.11.11.exe	Menu.exe
PID 1752 wrote to memory of 4868	1752	Menu.exe	rufus.exe
PID 1752 wrote to memory of 4868	1752	Menu.exe	rufus.exe
PID 1752 wrote to memory of 4868	1752	Menu.exe	rufus.exe
PID 1752 wrote to memory of 2392	1752	Menu.exe	DiskMark.exe
PID 1752 wrote to memory of 2392	1752	Menu.exe	DiskMark.exe
PID 1752 wrote to memory of 2392	1752	Menu.exe	DiskMark.exe
PID 1752 wrote to memory of 3992	1752	Menu.exe	DiskMark.exe
PID 1752 wrote to memory of 3992	1752	Menu.exe	DiskMark.exe
PID 1752 wrote to memory of 3992	1752	Menu.exe	DiskMark.exe
PID 1752 wrote to memory of 4540	1752	Menu.exe	HPUSBFW.exe
PID 1752 wrote to memory of 4540	1752	Menu.exe	HPUSBFW.exe
PID 1752 wrote to memory of 4540	1752	Menu.exe	HPUSBFW.exe
PID 1752 wrote to memory of 4884	1752	Menu.exe	InstallUSB.exe
PID 1752 wrote to memory of 4884	1752	Menu.exe	InstallUSB.exe
PID 1752 wrote to memory of 4884	1752	Menu.exe	InstallUSB.exe

C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe
"C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2164

C:\Program Files (x86)\Multi Flash Kit\Menu.exe
"C:\Program Files (x86)\Multi Flash Kit\Menu.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1752

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe
"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe"
3⤵
- Executes dropped EXE
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4868

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 1512
4⤵
- Program crash
PID:3536

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 1492
4⤵
- Program crash
PID:3708

C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe
"C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe"
3⤵
- Executes dropped EXE
- Enumerates connected drives
PID:4540

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe
"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4884

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004EC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:588

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:1044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2392 -ip 2392
1⤵
PID:1084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3992 -ip 3992
1⤵
PID:3144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\dialog\Main.html

Filesize
3KB

MD5
da04406bb694e600fe207ac6b3985117

SHA1
9b49930a134f77f904166c953550a86a89d7f574

SHA256
fca9ff9d2bfac7c57c9a971732d4afd485b5150149f23ab8259ae86d1bec6825

SHA512
44b8360696d360cdbc97c122fb962d3d916c5985e43043e26886c4cb5a242091be705eb060a66e3a3dc6341d5177a64c6cfd87ea98a79b9bba87fe465cf946ce

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\language\English.lang

Filesize
1KB

MD5
c5bb9eaa1f6d5a5603a12fa91efa7a2d

SHA1
3cfa70c18beded5510960f10387f4191091823e2

SHA256
0418fc43a8a4268af390e5ce1d92a22839335a6f2a174a66ef715b95ee358525

SHA512
ed73a44d8f1a549b502ba3f26c9d1c09ab4ee3addbd8bd6990ca1b7d8c9c4d43acc352e72b61d2e4d2e2c27c619492e162ebd660cfdbc2f5a6d74e762c65e516

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\language\Russian.lang

Filesize
1KB

MD5
65e3af290ab649d4423ee779529fc8fc

SHA1
6057e80ef525a21fbcc5e7b33f953ed65b08e2b5

SHA256
9b93f8c643c29adec520e953a249acf29b6e4bb52b8c1d3b63a28c7d97f06841

SHA512
fd641a7befcd1d70a3e3e4709495764801778d6678028b3362a8b43cd7585f440aa08595e7960e48f5a02262d398fedfa799e703f9c524b795d12ff286d3c1ed

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\Main.css

Filesize
2KB

MD5
7edd828da79b9b9ce62c9220c2cb4d08

SHA1
e75affb7760b1be828e1338536e32c36ed603bae

SHA256
9425f6e1124be29d95feacc4a159f3bcace65cdd0d307180a1c22585a1715308

SHA512
a42e33ec95d2c1b7fc82eb8cc9c4a03e3ccdf401419c60039d73147003ada0ce16ef21a619664fa99769300bf796509e25be8c81daf9cbcf1fb84f6a7025f1c7

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\background.$$A

Filesize
119B

MD5
1cfda5ca069d29fef4ee61f8a119249a

SHA1
279abccffe16cda3c5f1b3a2588f1db6db0f7041

SHA256
0201ee1a84e8ce5d1cdea826c3b793fd26106517de12d07765e66c97a884b3e3

SHA512
8d8cf02671fa14d26fa975a636956fda5d1f45cbc2f524ab76896762cbef5d802df80879a792c05c56e1f111020bbdb6f598a8c27347acaf57b764ed0ba32c43

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\flower\transparent.$$A

Filesize
121B

MD5
c002e269a0fccbea740d2ee128f99342

SHA1
08342064dcace0deae971205642b2fb80297fc07

SHA256
28c3f9df5e1fbbba53d7aabfd64869d2f5c767755809c8008bca95920185a0bc

SHA512
82c4726d86e805ed0158f228c295d86dc2729370b9aae2a5306c20fd559a39c6d67e9046c462521252bf75a22bd69621f69064d00ecf5a96d66c1832c03a65d8

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe

Filesize
499KB

MD5
05ea08f8da86f2b63d92eb8f262a04e6

SHA1
070d9c4794a320a5324d1552a97767d96213f8c7

SHA256
97745297a4d360ba7e09996e8b632d71b39052a687a60462bbe3a3194eb9ebae

SHA512
b21f5b8b599e1aa0e687ea1ffd66dcebafe8001cafc3f905433c8dbd32fe9aa6f4ac0b015ff1ca0f2f58c264bf91827d911214d594997575c1ace6ad03b876ae

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.ini

Filesize
111B

MD5
347d90aecda9c28004b2f02f437514c7

SHA1
fc5d19d2dcd19b7db0211ad1af7bb4420b82cc9c

SHA256
04a7eb862c36bba9cbbcc3d3926f6f1fcfb4853b0ebf337246b14d280104258b

SHA512
6d049c650437c5f7970de7ed30b0b394bd76db7ea1c77cd921809557ca33ba54a10a014b70dc297c0b9b436b83ac0516296fe024cbef21fb751f8052def16a97

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ImageUSB\Help\HTML\purchasing_information.$$A

Filesize
3KB

MD5
91c607c546b12f3406af7b9aea923b4d

SHA1
e973cadda584c8e182cf0f85356196cd659c2462

SHA256
b3960927cf7a6975b35911327cc719c7c400252c7573d079c438848778405c70

SHA512
7794d019028201ebdea850302ca45ee2cdf6aa69c987e821745d5cae82221928659dfd4a908cc21afa51255d969f3a47b3916392316288370b43349ab8d37b74

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe

Filesize
10.0MB

MD5
5087b6276f39ea86baad4f6f4b29d0b7

SHA1
5e2d10851ec1148a0e1eaacdeeb8e453fac49d69

SHA256
9d2b7f0055636e562d24f1cb5585ccc8b4ed7a26a82f95a76e7178febbd607dc

SHA512
f0224da36ab168e3caf594470a7be469ead234941737926e96de97013b01adaee2f97740744a1c10b1e4671eb567d5b7ec3e139f72759550a589e495d45fcfda

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\JetFlash\Language\SChinese.$$A

Filesize
101KB

MD5
6ad0f0f329f03a6042f559af3c28b23f

SHA1
e47e52357a12342ab8a9f8d480e86d92c6252731

SHA256
4c5e1183664ac6851610c5034fd40b1542ce7eac6ba795872905959f27fc2ae3

SHA512
dde2793fe1bc736ebd5c929f2bfacfb4b6868fe75f78ab60933a5ba1fb46ade1ad9b02bb21b839e4ae808a7d09684ffdf5656284f77839865cd51fbfc8a917ca

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe

Filesize
625KB

MD5
b3d8190e1b90aa01904354bf82b248de

SHA1
1dd5e47a7d8c49131340f7d6fe006298f82850fb

SHA256
cf6ef948cb06222b8dfc78148adfe1b6b231c33bfda18611227b71cf0acda6f6

SHA512
d74959cb6ff719bd7d92c67fe43f72ef13dc2bbcb5e2682f71f28ffa975ee736c16ffce9a854109540792fe76c7bc4daaac1839d7be05739a764899170a40159

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\testdisk_win.$$A

Filesize
1.3MB

MD5
c2f68b0d9b106ca7414e03c70b8d2fc4

SHA1
8c4533458e7dfaaa76555a8cfb19f388ecbddfcd

SHA256
2e6a22b5a6d40b3cb2b007e6f5181bf6a0ff846f8fe6e2e1424bcb0ce8b4a07f

SHA512
2eba3ce9da6b68c57bc6a17c75c939d261fb9dad5448267b4b2df706bb105d2fae7e596d8317269e3379668a618c37d55478728c7ebbe3b09754b7c82ab528bc

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Plop Boot Manager 5.0.15\Files\plpbt.$$A

Filesize
42KB

MD5
b97f9274d467365d9ec902f7d361f1b8

SHA1
1a8c026cf7b360fd6228d977fedc0708ff83f239

SHA256
33c67d0978bbb3889ab29d3e16a7706571858cbc7e02a0e432b9cca02c915b1b

SHA512
3ff5099695c4720d0d84bf6c1093be70e0a722974c4ab1666faf779e20e575c1ca1cee783aec86f6cb8b5f82ca55d7c9b91c67d8c42ad9a16ea9e5bfff558c85

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Plop Boot Manager 5.0.15\Files\plpbt.$$A

Filesize
42KB

MD5
fe3aa8856aedace7b8aaf4a7c7d85cbe

SHA1
e1477a71df0a5f7b6b95a73e8ed5f255b9318e41

SHA256
1b592beb013772a677d239b799fc56902c2bb5c3506203a4160239bd57d40fab

SHA512
0f8fad4624f5af6d587836aad0f751353a8aa48e28a8ae4c037c9885be278144b7d76beba4e57a0438c17649a81e37b12128740c2381e451af5dfac88e2ae3e0

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 8.1 with Update RUS-ENG x86-x64 -12in1- Activated (AIO)\Files\Unat\unat812pmc.$$A

Filesize
1KB

MD5
133018d6b0dde620925df80700e3d33c

SHA1
5320e2ea8fa28da42dfbdb4dc1c34f46073b51fe

SHA256
6d29485153d69de0d2183972335f93927657f23720daecd95c2ba8c2f1f0d13d

SHA512
baeb0e9133c70f8d926af9c69ef156c8b796007d2ba2992fcd2e7ce3724ea7cba71e70a51a672cf2b18dc330ac61a67a8cd94cd39dd638421fec7d3a0af464ba

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 8.1 with Update RUS-ENG x86-x64 -12in1- Activated (AIO)\Files\winpeshl.$$A

Filesize
41B

MD5
12fc38d5ca98bf29461044d4db3d30be

SHA1
1d3c00d6b6a72785d94637d0e10995d776aaf43b

SHA256
56744322e2270090ea5fedc287aeb6341bfe5b67de456229c0457fdaa07d313e

SHA512
51c1ac3d95133217ab7bc8101d61a8a9c066d4c847435b4e0d0ab9261bc72122a3d601de5d44ef7770be7f3a1a192d92fc76dfd2c7954a33f6dfd3ee1b7e89c3

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\xp.$$A

Filesize
780KB

MD5
62d38a2d86d441819f3ecf806266a72d

SHA1
ecef529e651a6ba5a0241cf7faa284e5988ac82e

SHA256
ffd05d3b3484416c6da70fd7f893cb9ead330ca0dfe40ffbc40de05ab27fcbd5

SHA512
23f2e47042b45cb0d2b1f2ec70fcadec488fcb6d1e229732c64b77af7867717300e0975431acf5cb4f2322387abf4200fcad05a2af88996a68cd2e798986de98

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 7\Files\list.$$A

Filesize
94B

MD5
82765a39ce63bcebbfbd0e206b7563a3

SHA1
544bf3ad611d5f4ec67642ced6e100e4c57085d5

SHA256
8372fbf375b6965ec36b1ee59e6e80bafd630e5bfbf56402ee316790c552e0f5

SHA512
5977c2b7cf4a8b93b9aecc5acf2b9b3210f1117d953b224aeb2a7ed3c8fd66a238ff5ecd8f66128ea5a8d0bccfd991610dfbafaf7f888988db602760cc31d043

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 8\Files\mysetup.$$A

Filesize
979B

MD5
1c4d779a44f92548aad5d697c4b0736f

SHA1
a30046eb689d9ef7f7035b4b282a6b1c6752eee8

SHA256
db6019fb2e88a76d7b836daf34b30760f27a4007cd8b06aaff0196b61a8b2d3b

SHA512
0f576d0e54da3f00f69883f93b453deafdaf550d751506568aaaee2e45687e1fba79597f03e58189b88c61279dbe231780a9bd2f2cf677875f9b2cb232a75efc

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\MIGRATE.$$A

Filesize
1KB

MD5
08caa6c747a8d6c4f4e632cb132ff739

SHA1
ddd498ac042641d4958c2d8207285bd072a26278

SHA256
5446e5db5191fc54eb616b0f64e08eb2a29cfac4cd0306720f1487e63734f21a

SHA512
f1265a9d08589b4d2fcc75981aa2d58dc6f3c2b50e4182c1be95aa756dab23eaf2be4a9e7bce3bf7836f53dad57e96e4ce5dcb8b8f874984f6aa55622d026307

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\MNT.$$A

Filesize
2KB

MD5
312ba7c3f1d4074768e366d631752f45

SHA1
95e0d9c3cb78aae13613a40215139fbb2526c5b7

SHA256
6b403fdfef199ffaff190fbf793093850b8bc80ff0f84e519b5226fb9fa3accb

SHA512
75347515e04b48ffcc5689ca6373613cae95f64afb0d14b3db9614fe0d1c2bda453470fb5f87cf72fd3317e455ba6e8813dd3af43287f72723df3bb6b589b664

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\firadisk.$$A

Filesize
15KB

MD5
0accae3522ad4aac6acce17737841d6a

SHA1
de2d4c9502b3b60d70bc3674858450a20b8fcb95

SHA256
a6018483ad156338b7d0fd9cace302e5ee0fb24563d76ba28d825cb8b7dfd2af

SHA512
4123cbc7348041569401601212bb60858ab80caa2a61bea590da51f06fb50ca0e94fd5d4e4893c231ac23a036f3bb4744c38f14f37aecd7b779618907ed43dd5

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\setup.$$A

Filesize
14KB

MD5
10d077c0e98662d2b9b7568d79ea5882

SHA1
b8fcee60ac8eb658dfaf039ad20dd8852b699221

SHA256
39bfb4e1b1550d4680a18a0125a86122c316266a7b48b3f0fc23d2e46f00bc7f

SHA512
bed7f214f6b0efffb3f39f63fcfab51cd4152479096f17ad043362f92ca0bce61c4ce90545300dd17dfe3ee3718cc9d4ef9b4b107821b5e5e11c30ac6048c600

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\setup.$$A

Filesize
2KB

MD5
c169f9c6f08fd57f71c8d8b5e64b3dd3

SHA1
d4c431b9ad59345bd2f9e20cda833dc8fcc755be

SHA256
aa68d27eeff208672bd0494a37ddf6f662135a965bb3387378cf43d605e54671

SHA512
f99c50b0c26c747104b0bf4e86665bddcbb0311cd77f3c959da54bcc9c7dd4a0513b7aca6b06ee1597db88650327d720dab89739124edc9741e738691838cec5

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\setupwst.$$A

Filesize
12KB

MD5
8af3cc3c29343a0170f10c1b8ed68841

SHA1
6013ef8cbdaf0eb924a84a5c398cf3468018eca8

SHA256
24363a083480d41384dd190050c32275ba1b227a5b748bbbdc9cc62fba031df6

SHA512
91bbfb05a3f7ff34e06a8acf7b41702285fde04f1c6b32d779e5ca6466125cd848e95b5b3d6e6bc775471299a52f9cff70827ce04fbdd942db45264ee46a7e08

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\BOOTICE.$$A

Filesize
363KB

MD5
ebecfae82e2832bae077e165957ed84b

SHA1
6f326f5e5aac0df675fb39f95f054047ab476fe1

SHA256
e0fd023d030b1b97d5072ab7ee3fe361bae561d7c67628a260eebdf9cc03040c

SHA512
bdea1aae7759a6404247828b6c85a18d1fa54e81f0d7a7d45ebde963e08e7795c2b64249810eed28e469bd6be5a9d05fd740abdf083ce7eda57231eaa45f0e8d

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\FONTS\MSJH_BOOT.$$A

Filesize
164KB

MD5
5a8ed2f52757d1ca0e83ab32ca50b123

SHA1
a69409976762e4d34736fb135ef7fc510cb44513

SHA256
a30698ce0c848a6d0d1ca979e0ad85a70d7256ce8936b487020cd57f37a24b49

SHA512
fbdfcfb5623313b2d8fd4a5375a511e3e572cefe150c2b682bb7754b6aaf335aff71bc38f60d55fddbcac95722fff2eaa573e2d49c48543014ec11c1fd37f021

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\chinese\grub.$$A

Filesize
279KB

MD5
fecca103d6c97ea6dbf7cda535ebc217

SHA1
e3fe36c879bc5cce793758088fc13a437ebf3d88

SHA256
a122ccf17cd05589964f6963ed5f5033aa2c9d9e2e2dec34db9b56ba3c385ff9

SHA512
723565183fba21fb0d8b9f6a843a29657ad102d404c9a5429a2ce0a014b90fb631cd5192a89f932912bf50f36c136e1c7ebad9e8cc4a3f11a48eee578e1b127a

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\grldr.$$A

Filesize
263KB

MD5
0bfc59aafb40167bfd7b358ddb088881

SHA1
faddc29bcf64a002fa2a86b63f9927fa8f17dcf0

SHA256
b1044ce38666959089b8f47796233fc99ff7ef5eb2c2a88f806c1468087a631e

SHA512
59bbb981195e1fea96fa58adb80c7a2740f2e816f137d01ff878d17a3be90704a5ec4ea333fc3d940c488599a04dfc193ebeb230d28d685fa4d2f66b5800eed8

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\grubinst.$$A

Filesize
42KB

MD5
27c8540e22fce2bc1b1c51ff1a0f50c5

SHA1
2bd850aee81af8b410d0f814444cc1fe61c5c052

SHA256
bf346c58109512839f7f3da904902dddb2dbdeb4c91a5a4e407882d9b4b88093

SHA512
9bccbfacbd149710848cab431d5409290e3e758991b91f3aef9286d17a0029e58bc36652548126a312c756f3750a850e24a360163b16a4585a4d05016ccec49d

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\tools\BootICE.$$A

Filesize
458KB

MD5
b2b518c8662438570c288fdbfbf3b955

SHA1
fdc1790252ec95463cfcf96a3c95c6b402975ca3

SHA256
32171eb19df84a3b6727a579bdeaa81867c564a2ca9aa70f83385d375e8cd6a2

SHA512
258761ab7af01ffe06302e1d1c6db587de46795b61b5a426afeb927974c0d41221a9af601af41af9964c0295cadc3bf21363f80904c0020e397e1ddd47c11812

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe

Filesize
42KB

MD5
d48ac244372a1581f7aefbbf768a1a1a

SHA1
f732c1d28ceac22bd74b24999bf23adf8eef362e

SHA256
fe0e7c7ec5f5b7c4ac65c4830e55c28fe1b20a0e8449317e57172e78b1510285

SHA512
9faddce19a3f807fad310ae50c3a2c950c34277807558632a631208c5e0892e597b482254b2f1f63571dbf321030e01096c9b185f4160c38e2753aade8dea301

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_EN.$$A

Filesize
74KB

MD5
22ac5d67d9b4cc28beb57ef0c1aae200

SHA1
50a8b7a069a4eaf00453d5dce8154e48c6843525

SHA256
0d4f5ffd31118285293af2b0cb88f3af8953d40611e4120c67529aa264e85088

SHA512
dc804a1eae8d64e08d259997d067eee6c6e34dcf5d9e7fd256f5f8fa2c3d637081184d60b8c9c29e86660a3854122111df562c321d9c1a9a4126b21dcbdfe13c

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_KA.$$A

Filesize
67KB

MD5
0e8faed8a49037f92cd2d6ab7b9409af

SHA1
9b0af94e2a3b5f8cc0c061da80a2416cce50557c

SHA256
4a227a630b505b707678c33c2603a3efbe21fcf5a70695a8ec49260ac913df0a

SHA512
9c3e69b3f1f11f5339ee6236fc0f55d90342087a90d4900c13c1ff19a6e953f593b486e14ab604ccd0eb0e5df5bb9e19e067fb6a08ad724a0f0506d391dc52a1

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Menu.$$A

Filesize
679KB

MD5
f0310cf2551e01d1c958d28baf7c4969

SHA1
6372cee60d555f1ae2303b9b575afd9de7e9ddb5

SHA256
33a0a53710adaa31bd5912779029e1f9a7ed513f8a3023bc76c318096a355daa

SHA512
6d32663f2cd3e615e976b7edac4b7476526efa6ecdf9148f2633d3d565ec491ef8571b0669e530fb993836b2bdd001fe5f3372c5371128e231cd1aaef030d7b3

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Menu.exe

Filesize
572KB

MD5
60fbceb9c65f2e38d97cb454a6646fce

SHA1
054aae7b9ecff4c3a4547a5a3c99e4f3ac5174d7

SHA256
b34ef92d74043ba8a475436226bfd7c9da953e8d6cfaa197a171c9aa7dd1a90b

SHA512
fec0a4297405d78c567e3f6165af2919aef4847301963a1bc2dd9181b51d9611cbb459696554cc29f6874d80204a9a80dc95cb983aeb34a01f3e472a0a0e1c5d

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Menu.ini

Filesize
12KB

MD5
9d9292049240d6f7b2388d938e9eb04b

SHA1
0d0ded35747e6de7c63dd3f1c5217d0eb398f4d9

SHA256
8e164de85eca42f113d4f59246a8873997c561c5035365c604f9590ec11163b1

SHA512
195b8e8331c00e249a2c1c92c5909906ee79fcafd06f6fb8abaeb201b6eee9e0d81a450260e519fc848e3f0e1ce3b9e21c6f2f966dddf8812a4983d42dc73761

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Menu\Close.bmp

Filesize
12KB

MD5
8186f51843061cdff8877cf5160f3c92

SHA1
585d541a1561ea4d33993550b3049adf17a7f833

SHA256
0593b87e1d08716713597c2631495fa88a956e6b65315ebf0438db5dd7f05992

SHA512
40caae2b74bf0b37e884f7e10809678a0ef7c930344ed69a7306afead8edabba785e5c68ef01f69dc22c7ff130b1727d5685d0eda3f17b27e7242abdec3bea0e

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Menu\Fon.bmp

Filesize
1.1MB

MD5
121e734d59600c88f9fd55a6cdc89134

SHA1
b486669dc093bff4064ff5bfbf0aadd94181fbce

SHA256
e14fee529fb0bd7e153586f3f43b11b10280910b82b367993c76513e50195a84

SHA512
ba9b1e0c88ce5e822991ca05e000e6038901dbdfd4445d3f46954d4ed8d1e1de480bba32d51e02dbee875768110798ce11b218febbd1a54bf587d4b57d44157e

Download Submit
C:\Program Files (x86)\Multi Flash Kit\Menu\go.bmp

Filesize
12KB

MD5
b8020b2e6c380d325e1870b724789464

SHA1
84b5ba62952aed7d1452e8614c56c65b1d49c586

SHA256
f5168214d3fc52709d0df07ef8693e31fd64ea9b2ebdff31a766f30ec42e1de3

SHA512
63679ae51d6bbb2e99df59d7d474eb41295c2566c95b9538db92fcc979a627e84aeaee444266f57392cf9cb5c0707c387af670e3d7d252856647b3395b7fbc40

Download Submit
\??\c:\program files (x86)\multi flash kit\menu\click1.wav

Filesize
2KB

MD5
c2e5a28d15ada7bbff5f039c4c55dea3

SHA1
fb33fd00711440b9d0f3b3d526a753ed75640797

SHA256
d5712a8963eb3e1e181b25649ecff3080ede89c96350eb07e7d7cad429e959ea

SHA512
fc71704ce1693e368d14d2e26bc7dfd6a6d8a190f26b0d555f534379bd6c3ac8f61eca3c5236acbc348fa5be249e7a9ca8c88270725bc17df10f2c5d8af6ab5f

Download Submit
\??\c:\program files (x86)\multi flash kit\menu\click3.wav

Filesize
174KB

MD5
da072f2e4e9b66c4e5f263678d334ac2

SHA1
e3a97ab4c77a6911d023cd89da8d63a01c35d51a

SHA256
b5d01354508221feb555542368f4dd4e4ee7a0dd3085da36380ddf3718664748

SHA512
c0b54f13f9752993c2a9387e16b47117ca67975f0f117ed6169ed825d6cef1e3803cee47a14d46c9b079a819f49c9df72318f410ef43489cca03421db693112d

Download Submit
\??\c:\program files (x86)\multi flash kit\menu\start.wav

Filesize
264KB

MD5
4f5f8b8b78806ff5545772c215036e28

SHA1
42a344bcc4e5eeb3c3f01f1c1f6ebca7ec2c88f2

SHA256
21d4bacebf31d6d2a81549b4aa1bae4d4eb213df6612d9b807bde0ec58ffa159

SHA512
d5bed2df7f58f439f504f2810c554ff5415433b56592270c10fda3b1e2cb4edda7e1c6e8b35ad0d82ab6635386c1d2a89d7407928d6730c0a5a5481907771c59

Download Submit
memory/1752-1591-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1752-1625-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1752-1565-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/1752-1590-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1752-1631-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1752-1579-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1752-1608-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1752-1620-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/1752-1557-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/1752-1563-0x0000000000400000-0x0000000000498000-memory.dmp

Filesize
608KB

Download
memory/4540-1626-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4540-1628-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4868-1569-0x0000000000400000-0x0000000000592000-memory.dmp

Filesize
1.6MB

Download
memory/4868-1589-0x0000000000400000-0x0000000000592000-memory.dmp

Filesize
1.6MB

Download