Malware Analysis Report

2024-10-16 02:50

Sample ID 240517-md1mvsdd9x
Target Multi Flash Kit v.4.11.11.exe
SHA256 b67c56c28907408cf73bd7a1dbf7d827700500a6eb3899dd92cead3ab56e81b7
Tags
gozi banker discovery isfb trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b67c56c28907408cf73bd7a1dbf7d827700500a6eb3899dd92cead3ab56e81b7

Threat Level: Known bad

The file Multi Flash Kit v.4.11.11.exe was found to be: Known bad.

Malicious Activity Summary

gozi banker discovery isfb trojan upx

Gozi

UPX packed file

Executes dropped EXE

Checks installed software on the system

Enumerates connected drives

Drops file in System32 directory

Drops file in Program Files directory

Unsigned PE

Program crash

Enumerates physical storage devices

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-17 10:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-17 10:21

Reported

2024-05-17 10:26

Platform

win11-20240508-en

Max time kernel

151s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe"

Signatures

Gozi

banker trojan gozi

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
File opened for modification C:\Windows\SysWOW64\GroupPolicy\gpt.ini C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
File created C:\Windows\System32\GroupPolicy\Machine\Registry.pol C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
File opened for modification C:\Windows\System32\GroupPolicy\GPT.INI C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\i386\MIGRATE.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 7\Files\mysetup.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\badgrub.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\chinese\badgrub.$AA C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\th.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Recuva\portable.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Check\ChkFlsh.$AA C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Chip XP 2014 Final DVD\set.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\testdisk_win.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\tools\RMBootSect.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\BOOTMGR.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\syslinux\ldlinux.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CheckUDisk\CheckUDisk.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\winsetup\MNT.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\DirectGRUB\MBTY\RU\FONT.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\MagicDataRecovery\Magic Data Recovery Pack Portable by Boomer\Registry.rw.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\cur\timer_a.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Puppyrus-A (14.08)\set.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 7 SP1 RUS-ENG x86-x64 -18in1- Activated v2 (AIO)\Files\list.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\fo.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_ZA.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Paragon\PAT.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\FONTS\MSYH_BOOT.$AA C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\rusfont.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Recuva\License.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\plugins\BartPE\SCRIPTS\StaticINF.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 7 SP1 RUS-ENG x86-x64 -18in1- Activated v2 (AIO)\Files\autorun.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\WinPE&uVS 3.83\set.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\i386\setupwst.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\blue\background.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\Shizuku\background.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\MagicDataRecovery\Magic Data Recovery Pack Portable by Boomer\%Local AppData%\Microsoft\Windows\Explorer\thumbcache_256.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_CZ.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_SK.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\chinese\badgrub.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\plugins\BartPE\testdisk_nu2menu.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 7 SP1 RUS-ENG x86-x64 -18in1- Activated v2 (AIO)\Files\mysetup.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\ChangeLog_chenall.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Chip\FlashGenius.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\W8PE x86x64 by Xemom1 (27.06.2013)\set.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\fr.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\DirectGRUB\MBTY\MBTY.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\bootmgr\BCD\BCD.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\qres.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Kaspersky Rescue Disk 10\set.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\i386\firadisk.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\buttonHover.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\BOOTMGR.$AA C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\def\id.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\qemu\License\LICENSE.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Flashnul\readme.rus.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Butler\ts.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\sv.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\sample\config.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\Main.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Acronis Disk 17\set.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\BOOTWS\fd.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\BOOTICE.$AA C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\BOOT\bootx64.$AA C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\def\16x16.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Chip\ChipEasy.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_VI.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\background.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A
File created C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\flower\button.$$A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2164 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe C:\Program Files (x86)\Multi Flash Kit\Menu.exe
PID 2164 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe C:\Program Files (x86)\Multi Flash Kit\Menu.exe
PID 2164 wrote to memory of 1752 N/A C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe C:\Program Files (x86)\Multi Flash Kit\Menu.exe
PID 1752 wrote to memory of 4868 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe
PID 1752 wrote to memory of 4868 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe
PID 1752 wrote to memory of 4868 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe
PID 1752 wrote to memory of 2392 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
PID 1752 wrote to memory of 2392 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
PID 1752 wrote to memory of 2392 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
PID 1752 wrote to memory of 3992 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
PID 1752 wrote to memory of 3992 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
PID 1752 wrote to memory of 3992 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
PID 1752 wrote to memory of 4540 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe
PID 1752 wrote to memory of 4540 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe
PID 1752 wrote to memory of 4540 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe
PID 1752 wrote to memory of 4884 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe
PID 1752 wrote to memory of 4884 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe
PID 1752 wrote to memory of 4884 N/A C:\Program Files (x86)\Multi Flash Kit\Menu.exe C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe

"C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe"

C:\Program Files (x86)\Multi Flash Kit\Menu.exe

"C:\Program Files (x86)\Multi Flash Kit\Menu.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004EC

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe

"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe

"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2392 -ip 2392

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 1512

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe

"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3992 -ip 3992

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 1492

C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe

"C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe"

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe

"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe"

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 104.86.110.104:443 tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
NL 23.62.61.56:443 r.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp
US 52.182.143.211:443 browser.pipe.aria.microsoft.com tcp

Files

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\background.$$A

MD5 1cfda5ca069d29fef4ee61f8a119249a
SHA1 279abccffe16cda3c5f1b3a2588f1db6db0f7041
SHA256 0201ee1a84e8ce5d1cdea826c3b793fd26106517de12d07765e66c97a884b3e3
SHA512 8d8cf02671fa14d26fa975a636956fda5d1f45cbc2f524ab76896762cbef5d802df80879a792c05c56e1f111020bbdb6f598a8c27347acaf57b764ed0ba32c43

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\flower\transparent.$$A

MD5 c002e269a0fccbea740d2ee128f99342
SHA1 08342064dcace0deae971205642b2fb80297fc07
SHA256 28c3f9df5e1fbbba53d7aabfd64869d2f5c767755809c8008bca95920185a0bc
SHA512 82c4726d86e805ed0158f228c295d86dc2729370b9aae2a5306c20fd559a39c6d67e9046c462521252bf75a22bd69621f69064d00ecf5a96d66c1832c03a65d8

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ImageUSB\Help\HTML\purchasing_information.$$A

MD5 91c607c546b12f3406af7b9aea923b4d
SHA1 e973cadda584c8e182cf0f85356196cd659c2462
SHA256 b3960927cf7a6975b35911327cc719c7c400252c7573d079c438848778405c70
SHA512 7794d019028201ebdea850302ca45ee2cdf6aa69c987e821745d5cae82221928659dfd4a908cc21afa51255d969f3a47b3916392316288370b43349ab8d37b74

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\JetFlash\Language\SChinese.$$A

MD5 6ad0f0f329f03a6042f559af3c28b23f
SHA1 e47e52357a12342ab8a9f8d480e86d92c6252731
SHA256 4c5e1183664ac6851610c5034fd40b1542ce7eac6ba795872905959f27fc2ae3
SHA512 dde2793fe1bc736ebd5c929f2bfacfb4b6868fe75f78ab60933a5ba1fb46ade1ad9b02bb21b839e4ae808a7d09684ffdf5656284f77839865cd51fbfc8a917ca

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\testdisk_win.$$A

MD5 c2f68b0d9b106ca7414e03c70b8d2fc4
SHA1 8c4533458e7dfaaa76555a8cfb19f388ecbddfcd
SHA256 2e6a22b5a6d40b3cb2b007e6f5181bf6a0ff846f8fe6e2e1424bcb0ce8b4a07f
SHA512 2eba3ce9da6b68c57bc6a17c75c939d261fb9dad5448267b4b2df706bb105d2fae7e596d8317269e3379668a618c37d55478728c7ebbe3b09754b7c82ab528bc

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\BOOTICE.$$A

MD5 ebecfae82e2832bae077e165957ed84b
SHA1 6f326f5e5aac0df675fb39f95f054047ab476fe1
SHA256 e0fd023d030b1b97d5072ab7ee3fe361bae561d7c67628a260eebdf9cc03040c
SHA512 bdea1aae7759a6404247828b6c85a18d1fa54e81f0d7a7d45ebde963e08e7795c2b64249810eed28e469bd6be5a9d05fd740abdf083ce7eda57231eaa45f0e8d

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\FONTS\MSJH_BOOT.$$A

MD5 5a8ed2f52757d1ca0e83ab32ca50b123
SHA1 a69409976762e4d34736fb135ef7fc510cb44513
SHA256 a30698ce0c848a6d0d1ca979e0ad85a70d7256ce8936b487020cd57f37a24b49
SHA512 fbdfcfb5623313b2d8fd4a5375a511e3e572cefe150c2b682bb7754b6aaf335aff71bc38f60d55fddbcac95722fff2eaa573e2d49c48543014ec11c1fd37f021

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Plop Boot Manager 5.0.15\Files\plpbt.$$A

MD5 b97f9274d467365d9ec902f7d361f1b8
SHA1 1a8c026cf7b360fd6228d977fedc0708ff83f239
SHA256 33c67d0978bbb3889ab29d3e16a7706571858cbc7e02a0e432b9cca02c915b1b
SHA512 3ff5099695c4720d0d84bf6c1093be70e0a722974c4ab1666faf779e20e575c1ca1cee783aec86f6cb8b5f82ca55d7c9b91c67d8c42ad9a16ea9e5bfff558c85

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Plop Boot Manager 5.0.15\Files\plpbt.$$A

MD5 fe3aa8856aedace7b8aaf4a7c7d85cbe
SHA1 e1477a71df0a5f7b6b95a73e8ed5f255b9318e41
SHA256 1b592beb013772a677d239b799fc56902c2bb5c3506203a4160239bd57d40fab
SHA512 0f8fad4624f5af6d587836aad0f751353a8aa48e28a8ae4c037c9885be278144b7d76beba4e57a0438c17649a81e37b12128740c2381e451af5dfac88e2ae3e0

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 8.1 with Update RUS-ENG x86-x64 -12in1- Activated (AIO)\Files\Unat\unat812pmc.$$A

MD5 133018d6b0dde620925df80700e3d33c
SHA1 5320e2ea8fa28da42dfbdb4dc1c34f46073b51fe
SHA256 6d29485153d69de0d2183972335f93927657f23720daecd95c2ba8c2f1f0d13d
SHA512 baeb0e9133c70f8d926af9c69ef156c8b796007d2ba2992fcd2e7ce3724ea7cba71e70a51a672cf2b18dc330ac61a67a8cd94cd39dd638421fec7d3a0af464ba

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 8.1 with Update RUS-ENG x86-x64 -12in1- Activated (AIO)\Files\winpeshl.$$A

MD5 12fc38d5ca98bf29461044d4db3d30be
SHA1 1d3c00d6b6a72785d94637d0e10995d776aaf43b
SHA256 56744322e2270090ea5fedc287aeb6341bfe5b67de456229c0457fdaa07d313e
SHA512 51c1ac3d95133217ab7bc8101d61a8a9c066d4c847435b4e0d0ab9261bc72122a3d601de5d44ef7770be7f3a1a192d92fc76dfd2c7954a33f6dfd3ee1b7e89c3

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 7\Files\list.$$A

MD5 82765a39ce63bcebbfbd0e206b7563a3
SHA1 544bf3ad611d5f4ec67642ced6e100e4c57085d5
SHA256 8372fbf375b6965ec36b1ee59e6e80bafd630e5bfbf56402ee316790c552e0f5
SHA512 5977c2b7cf4a8b93b9aecc5acf2b9b3210f1117d953b224aeb2a7ed3c8fd66a238ff5ecd8f66128ea5a8d0bccfd991610dfbafaf7f888988db602760cc31d043

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 8\Files\mysetup.$$A

MD5 1c4d779a44f92548aad5d697c4b0736f
SHA1 a30046eb689d9ef7f7035b4b282a6b1c6752eee8
SHA256 db6019fb2e88a76d7b836daf34b30760f27a4007cd8b06aaff0196b61a8b2d3b
SHA512 0f576d0e54da3f00f69883f93b453deafdaf550d751506568aaaee2e45687e1fba79597f03e58189b88c61279dbe231780a9bd2f2cf677875f9b2cb232a75efc

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\xp.$$A

MD5 62d38a2d86d441819f3ecf806266a72d
SHA1 ecef529e651a6ba5a0241cf7faa284e5988ac82e
SHA256 ffd05d3b3484416c6da70fd7f893cb9ead330ca0dfe40ffbc40de05ab27fcbd5
SHA512 23f2e47042b45cb0d2b1f2ec70fcadec488fcb6d1e229732c64b77af7867717300e0975431acf5cb4f2322387abf4200fcad05a2af88996a68cd2e798986de98

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\firadisk.$$A

MD5 0accae3522ad4aac6acce17737841d6a
SHA1 de2d4c9502b3b60d70bc3674858450a20b8fcb95
SHA256 a6018483ad156338b7d0fd9cace302e5ee0fb24563d76ba28d825cb8b7dfd2af
SHA512 4123cbc7348041569401601212bb60858ab80caa2a61bea590da51f06fb50ca0e94fd5d4e4893c231ac23a036f3bb4744c38f14f37aecd7b779618907ed43dd5

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\MIGRATE.$$A

MD5 08caa6c747a8d6c4f4e632cb132ff739
SHA1 ddd498ac042641d4958c2d8207285bd072a26278
SHA256 5446e5db5191fc54eb616b0f64e08eb2a29cfac4cd0306720f1487e63734f21a
SHA512 f1265a9d08589b4d2fcc75981aa2d58dc6f3c2b50e4182c1be95aa756dab23eaf2be4a9e7bce3bf7836f53dad57e96e4ce5dcb8b8f874984f6aa55622d026307

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\setup.$$A

MD5 c169f9c6f08fd57f71c8d8b5e64b3dd3
SHA1 d4c431b9ad59345bd2f9e20cda833dc8fcc755be
SHA256 aa68d27eeff208672bd0494a37ddf6f662135a965bb3387378cf43d605e54671
SHA512 f99c50b0c26c747104b0bf4e86665bddcbb0311cd77f3c959da54bcc9c7dd4a0513b7aca6b06ee1597db88650327d720dab89739124edc9741e738691838cec5

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\setup.$$A

MD5 10d077c0e98662d2b9b7568d79ea5882
SHA1 b8fcee60ac8eb658dfaf039ad20dd8852b699221
SHA256 39bfb4e1b1550d4680a18a0125a86122c316266a7b48b3f0fc23d2e46f00bc7f
SHA512 bed7f214f6b0efffb3f39f63fcfab51cd4152479096f17ad043362f92ca0bce61c4ce90545300dd17dfe3ee3718cc9d4ef9b4b107821b5e5e11c30ac6048c600

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\setupwst.$$A

MD5 8af3cc3c29343a0170f10c1b8ed68841
SHA1 6013ef8cbdaf0eb924a84a5c398cf3468018eca8
SHA256 24363a083480d41384dd190050c32275ba1b227a5b748bbbdc9cc62fba031df6
SHA512 91bbfb05a3f7ff34e06a8acf7b41702285fde04f1c6b32d779e5ca6466125cd848e95b5b3d6e6bc775471299a52f9cff70827ce04fbdd942db45264ee46a7e08

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\MNT.$$A

MD5 312ba7c3f1d4074768e366d631752f45
SHA1 95e0d9c3cb78aae13613a40215139fbb2526c5b7
SHA256 6b403fdfef199ffaff190fbf793093850b8bc80ff0f84e519b5226fb9fa3accb
SHA512 75347515e04b48ffcc5689ca6373613cae95f64afb0d14b3db9614fe0d1c2bda453470fb5f87cf72fd3317e455ba6e8813dd3af43287f72723df3bb6b589b664

C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\chinese\grub.$$A

MD5 fecca103d6c97ea6dbf7cda535ebc217
SHA1 e3fe36c879bc5cce793758088fc13a437ebf3d88
SHA256 a122ccf17cd05589964f6963ed5f5033aa2c9d9e2e2dec34db9b56ba3c385ff9
SHA512 723565183fba21fb0d8b9f6a843a29657ad102d404c9a5429a2ce0a014b90fb631cd5192a89f932912bf50f36c136e1c7ebad9e8cc4a3f11a48eee578e1b127a

C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\grldr.$$A

MD5 0bfc59aafb40167bfd7b358ddb088881
SHA1 faddc29bcf64a002fa2a86b63f9927fa8f17dcf0
SHA256 b1044ce38666959089b8f47796233fc99ff7ef5eb2c2a88f806c1468087a631e
SHA512 59bbb981195e1fea96fa58adb80c7a2740f2e816f137d01ff878d17a3be90704a5ec4ea333fc3d940c488599a04dfc193ebeb230d28d685fa4d2f66b5800eed8

C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\grubinst.$$A

MD5 27c8540e22fce2bc1b1c51ff1a0f50c5
SHA1 2bd850aee81af8b410d0f814444cc1fe61c5c052
SHA256 bf346c58109512839f7f3da904902dddb2dbdeb4c91a5a4e407882d9b4b88093
SHA512 9bccbfacbd149710848cab431d5409290e3e758991b91f3aef9286d17a0029e58bc36652548126a312c756f3750a850e24a360163b16a4585a4d05016ccec49d

C:\Program Files (x86)\Multi Flash Kit\Files\tools\BootICE.$$A

MD5 b2b518c8662438570c288fdbfbf3b955
SHA1 fdc1790252ec95463cfcf96a3c95c6b402975ca3
SHA256 32171eb19df84a3b6727a579bdeaa81867c564a2ca9aa70f83385d375e8cd6a2
SHA512 258761ab7af01ffe06302e1d1c6db587de46795b61b5a426afeb927974c0d41221a9af601af41af9964c0295cadc3bf21363f80904c0020e397e1ddd47c11812

C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_EN.$$A

MD5 22ac5d67d9b4cc28beb57ef0c1aae200
SHA1 50a8b7a069a4eaf00453d5dce8154e48c6843525
SHA256 0d4f5ffd31118285293af2b0cb88f3af8953d40611e4120c67529aa264e85088
SHA512 dc804a1eae8d64e08d259997d067eee6c6e34dcf5d9e7fd256f5f8fa2c3d637081184d60b8c9c29e86660a3854122111df562c321d9c1a9a4126b21dcbdfe13c

C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_KA.$$A

MD5 0e8faed8a49037f92cd2d6ab7b9409af
SHA1 9b0af94e2a3b5f8cc0c061da80a2416cce50557c
SHA256 4a227a630b505b707678c33c2603a3efbe21fcf5a70695a8ec49260ac913df0a
SHA512 9c3e69b3f1f11f5339ee6236fc0f55d90342087a90d4900c13c1ff19a6e953f593b486e14ab604ccd0eb0e5df5bb9e19e067fb6a08ad724a0f0506d391dc52a1

C:\Program Files (x86)\Multi Flash Kit\Menu.$$A

MD5 f0310cf2551e01d1c958d28baf7c4969
SHA1 6372cee60d555f1ae2303b9b575afd9de7e9ddb5
SHA256 33a0a53710adaa31bd5912779029e1f9a7ed513f8a3023bc76c318096a355daa
SHA512 6d32663f2cd3e615e976b7edac4b7476526efa6ecdf9148f2633d3d565ec491ef8571b0669e530fb993836b2bdd001fe5f3372c5371128e231cd1aaef030d7b3

C:\Program Files (x86)\Multi Flash Kit\Menu.exe

MD5 60fbceb9c65f2e38d97cb454a6646fce
SHA1 054aae7b9ecff4c3a4547a5a3c99e4f3ac5174d7
SHA256 b34ef92d74043ba8a475436226bfd7c9da953e8d6cfaa197a171c9aa7dd1a90b
SHA512 fec0a4297405d78c567e3f6165af2919aef4847301963a1bc2dd9181b51d9611cbb459696554cc29f6874d80204a9a80dc95cb983aeb34a01f3e472a0a0e1c5d

memory/1752-1557-0x0000000000A70000-0x0000000000A71000-memory.dmp

C:\Program Files (x86)\Multi Flash Kit\Menu.ini

MD5 9d9292049240d6f7b2388d938e9eb04b
SHA1 0d0ded35747e6de7c63dd3f1c5217d0eb398f4d9
SHA256 8e164de85eca42f113d4f59246a8873997c561c5035365c604f9590ec11163b1
SHA512 195b8e8331c00e249a2c1c92c5909906ee79fcafd06f6fb8abaeb201b6eee9e0d81a450260e519fc848e3f0e1ce3b9e21c6f2f966dddf8812a4983d42dc73761

C:\Program Files (x86)\Multi Flash Kit\Menu\Fon.bmp

MD5 121e734d59600c88f9fd55a6cdc89134
SHA1 b486669dc093bff4064ff5bfbf0aadd94181fbce
SHA256 e14fee529fb0bd7e153586f3f43b11b10280910b82b367993c76513e50195a84
SHA512 ba9b1e0c88ce5e822991ca05e000e6038901dbdfd4445d3f46954d4ed8d1e1de480bba32d51e02dbee875768110798ce11b218febbd1a54bf587d4b57d44157e

C:\Program Files (x86)\Multi Flash Kit\Menu\go.bmp

MD5 b8020b2e6c380d325e1870b724789464
SHA1 84b5ba62952aed7d1452e8614c56c65b1d49c586
SHA256 f5168214d3fc52709d0df07ef8693e31fd64ea9b2ebdff31a766f30ec42e1de3
SHA512 63679ae51d6bbb2e99df59d7d474eb41295c2566c95b9538db92fcc979a627e84aeaee444266f57392cf9cb5c0707c387af670e3d7d252856647b3395b7fbc40

C:\Program Files (x86)\Multi Flash Kit\Menu\Close.bmp

MD5 8186f51843061cdff8877cf5160f3c92
SHA1 585d541a1561ea4d33993550b3049adf17a7f833
SHA256 0593b87e1d08716713597c2631495fa88a956e6b65315ebf0438db5dd7f05992
SHA512 40caae2b74bf0b37e884f7e10809678a0ef7c930344ed69a7306afead8edabba785e5c68ef01f69dc22c7ff130b1727d5685d0eda3f17b27e7242abdec3bea0e

\??\c:\program files (x86)\multi flash kit\menu\start.wav

MD5 4f5f8b8b78806ff5545772c215036e28
SHA1 42a344bcc4e5eeb3c3f01f1c1f6ebca7ec2c88f2
SHA256 21d4bacebf31d6d2a81549b4aa1bae4d4eb213df6612d9b807bde0ec58ffa159
SHA512 d5bed2df7f58f439f504f2810c554ff5415433b56592270c10fda3b1e2cb4edda7e1c6e8b35ad0d82ab6635386c1d2a89d7407928d6730c0a5a5481907771c59

\??\c:\program files (x86)\multi flash kit\menu\click1.wav

MD5 c2e5a28d15ada7bbff5f039c4c55dea3
SHA1 fb33fd00711440b9d0f3b3d526a753ed75640797
SHA256 d5712a8963eb3e1e181b25649ecff3080ede89c96350eb07e7d7cad429e959ea
SHA512 fc71704ce1693e368d14d2e26bc7dfd6a6d8a190f26b0d555f534379bd6c3ac8f61eca3c5236acbc348fa5be249e7a9ca8c88270725bc17df10f2c5d8af6ab5f

memory/1752-1563-0x0000000000400000-0x0000000000498000-memory.dmp

memory/1752-1565-0x0000000000A70000-0x0000000000A71000-memory.dmp

\??\c:\program files (x86)\multi flash kit\menu\click3.wav

MD5 da072f2e4e9b66c4e5f263678d334ac2
SHA1 e3a97ab4c77a6911d023cd89da8d63a01c35d51a
SHA256 b5d01354508221feb555542368f4dd4e4ee7a0dd3085da36380ddf3718664748
SHA512 c0b54f13f9752993c2a9387e16b47117ca67975f0f117ed6169ed825d6cef1e3803cee47a14d46c9b079a819f49c9df72318f410ef43489cca03421db693112d

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe

MD5 b3d8190e1b90aa01904354bf82b248de
SHA1 1dd5e47a7d8c49131340f7d6fe006298f82850fb
SHA256 cf6ef948cb06222b8dfc78148adfe1b6b231c33bfda18611227b71cf0acda6f6
SHA512 d74959cb6ff719bd7d92c67fe43f72ef13dc2bbcb5e2682f71f28ffa975ee736c16ffce9a854109540792fe76c7bc4daaac1839d7be05739a764899170a40159

memory/4868-1569-0x0000000000400000-0x0000000000592000-memory.dmp

memory/1752-1579-0x0000000000400000-0x0000000000498000-memory.dmp

memory/4868-1589-0x0000000000400000-0x0000000000592000-memory.dmp

memory/1752-1590-0x0000000000400000-0x0000000000498000-memory.dmp

memory/1752-1591-0x0000000000400000-0x0000000000498000-memory.dmp

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe

MD5 05ea08f8da86f2b63d92eb8f262a04e6
SHA1 070d9c4794a320a5324d1552a97767d96213f8c7
SHA256 97745297a4d360ba7e09996e8b632d71b39052a687a60462bbe3a3194eb9ebae
SHA512 b21f5b8b599e1aa0e687ea1ffd66dcebafe8001cafc3f905433c8dbd32fe9aa6f4ac0b015ff1ca0f2f58c264bf91827d911214d594997575c1ace6ad03b876ae

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\Main.css

MD5 7edd828da79b9b9ce62c9220c2cb4d08
SHA1 e75affb7760b1be828e1338536e32c36ed603bae
SHA256 9425f6e1124be29d95feacc4a159f3bcace65cdd0d307180a1c22585a1715308
SHA512 a42e33ec95d2c1b7fc82eb8cc9c4a03e3ccdf401419c60039d73147003ada0ce16ef21a619664fa99769300bf796509e25be8c81daf9cbcf1fb84f6a7025f1c7

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\language\English.lang

MD5 c5bb9eaa1f6d5a5603a12fa91efa7a2d
SHA1 3cfa70c18beded5510960f10387f4191091823e2
SHA256 0418fc43a8a4268af390e5ce1d92a22839335a6f2a174a66ef715b95ee358525
SHA512 ed73a44d8f1a549b502ba3f26c9d1c09ab4ee3addbd8bd6990ca1b7d8c9c4d43acc352e72b61d2e4d2e2c27c619492e162ebd660cfdbc2f5a6d74e762c65e516

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\dialog\Main.html

MD5 da04406bb694e600fe207ac6b3985117
SHA1 9b49930a134f77f904166c953550a86a89d7f574
SHA256 fca9ff9d2bfac7c57c9a971732d4afd485b5150149f23ab8259ae86d1bec6825
SHA512 44b8360696d360cdbc97c122fb962d3d916c5985e43043e26886c4cb5a242091be705eb060a66e3a3dc6341d5177a64c6cfd87ea98a79b9bba87fe465cf946ce

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.ini

MD5 347d90aecda9c28004b2f02f437514c7
SHA1 fc5d19d2dcd19b7db0211ad1af7bb4420b82cc9c
SHA256 04a7eb862c36bba9cbbcc3d3926f6f1fcfb4853b0ebf337246b14d280104258b
SHA512 6d049c650437c5f7970de7ed30b0b394bd76db7ea1c77cd921809557ca33ba54a10a014b70dc297c0b9b436b83ac0516296fe024cbef21fb751f8052def16a97

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\language\Russian.lang

MD5 65e3af290ab649d4423ee779529fc8fc
SHA1 6057e80ef525a21fbcc5e7b33f953ed65b08e2b5
SHA256 9b93f8c643c29adec520e953a249acf29b6e4bb52b8c1d3b63a28c7d97f06841
SHA512 fd641a7befcd1d70a3e3e4709495764801778d6678028b3362a8b43cd7585f440aa08595e7960e48f5a02262d398fedfa799e703f9c524b795d12ff286d3c1ed

memory/1752-1608-0x0000000000400000-0x0000000000498000-memory.dmp

memory/1752-1620-0x0000000000400000-0x0000000000498000-memory.dmp

C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe

MD5 d48ac244372a1581f7aefbbf768a1a1a
SHA1 f732c1d28ceac22bd74b24999bf23adf8eef362e
SHA256 fe0e7c7ec5f5b7c4ac65c4830e55c28fe1b20a0e8449317e57172e78b1510285
SHA512 9faddce19a3f807fad310ae50c3a2c950c34277807558632a631208c5e0892e597b482254b2f1f63571dbf321030e01096c9b185f4160c38e2753aade8dea301

memory/4540-1626-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1752-1625-0x0000000000400000-0x0000000000498000-memory.dmp

memory/4540-1628-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe

MD5 5087b6276f39ea86baad4f6f4b29d0b7
SHA1 5e2d10851ec1148a0e1eaacdeeb8e453fac49d69
SHA256 9d2b7f0055636e562d24f1cb5585ccc8b4ed7a26a82f95a76e7178febbd607dc
SHA512 f0224da36ab168e3caf594470a7be469ead234941737926e96de97013b01adaee2f97740744a1c10b1e4671eb567d5b7ec3e139f72759550a589e495d45fcfda

memory/1752-1631-0x0000000000400000-0x0000000000498000-memory.dmp