Analysis Overview
SHA256
b67c56c28907408cf73bd7a1dbf7d827700500a6eb3899dd92cead3ab56e81b7
Threat Level: Known bad
The file Multi Flash Kit v.4.11.11.exe was found to be: Known bad.
Malicious Activity Summary
Gozi
UPX packed file
Executes dropped EXE
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Program crash
Enumerates physical storage devices
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-17 10:22
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-17 10:21
Reported
2024-05-17 10:26
Platform
win11-20240508-en
Max time kernel
151s
Max time network
145s
Command Line
Signatures
Gozi
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Multi Flash Kit\Menu.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\i386\MIGRATE.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 7\Files\mysetup.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\badgrub.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\chinese\badgrub.$AA | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\th.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Recuva\portable.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Check\ChkFlsh.$AA | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Chip XP 2014 Final DVD\set.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\testdisk_win.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\tools\RMBootSect.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\BOOTMGR.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\syslinux\ldlinux.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CheckUDisk\CheckUDisk.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\winsetup\MNT.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\DirectGRUB\MBTY\RU\FONT.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\MagicDataRecovery\Magic Data Recovery Pack Portable by Boomer\Registry.rw.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\cur\timer_a.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Puppyrus-A (14.08)\set.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 7 SP1 RUS-ENG x86-x64 -18in1- Activated v2 (AIO)\Files\list.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\fo.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_ZA.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Paragon\PAT.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\FONTS\MSYH_BOOT.$AA | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\rusfont.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Recuva\License.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\plugins\BartPE\SCRIPTS\StaticINF.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 7 SP1 RUS-ENG x86-x64 -18in1- Activated v2 (AIO)\Files\autorun.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\WinPE&uVS 3.83\set.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\i386\setupwst.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\blue\background.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\Shizuku\background.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\MagicDataRecovery\Magic Data Recovery Pack Portable by Boomer\%Local AppData%\Microsoft\Windows\Explorer\thumbcache_256.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_CZ.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_SK.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\chinese\badgrub.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\plugins\BartPE\testdisk_nu2menu.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 7 SP1 RUS-ENG x86-x64 -18in1- Activated v2 (AIO)\Files\mysetup.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\ChangeLog_chenall.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Chip\FlashGenius.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\W8PE x86x64 by Xemom1 (27.06.2013)\set.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\fr.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\DirectGRUB\MBTY\MBTY.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\bootmgr\BCD\BCD.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\qres.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Kaspersky Rescue Disk 10\set.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\i386\firadisk.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\buttonHover.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\BOOTMGR.$AA | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\def\id.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\qemu\License\LICENSE.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Flashnul\readme.rus.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Butler\ts.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\qemu\keymaps\sv.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\sample\config.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\Main.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Acronis Disk 17\set.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\BOOTWS\fd.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\BOOTICE.$AA | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\BOOT\bootx64.$AA | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\gfx\def\16x16.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Chip\ChipEasy.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_VI.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\background.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
| File created | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\flower\button.$$A | C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Filters | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe
"C:\Users\Admin\AppData\Local\Temp\Multi Flash Kit v.4.11.11.exe"
C:\Program Files (x86)\Multi Flash Kit\Menu.exe
"C:\Program Files (x86)\Multi Flash Kit\Menu.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004EC
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe
"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2392 -ip 2392
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 1512
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3992 -ip 3992
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 1492
C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe
"C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe"
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe
"C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe"
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 104.86.110.104:443 | tcp | |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| NL | 23.62.61.56:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| US | 52.182.143.211:443 | browser.pipe.aria.microsoft.com | tcp |
Files
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\background.$$A
| MD5 | 1cfda5ca069d29fef4ee61f8a119249a |
| SHA1 | 279abccffe16cda3c5f1b3a2588f1db6db0f7041 |
| SHA256 | 0201ee1a84e8ce5d1cdea826c3b793fd26106517de12d07765e66c97a884b3e3 |
| SHA512 | 8d8cf02671fa14d26fa975a636956fda5d1f45cbc2f524ab76896762cbef5d802df80879a792c05c56e1f111020bbdb6f598a8c27347acaf57b764ed0ba32c43 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\flower\transparent.$$A
| MD5 | c002e269a0fccbea740d2ee128f99342 |
| SHA1 | 08342064dcace0deae971205642b2fb80297fc07 |
| SHA256 | 28c3f9df5e1fbbba53d7aabfd64869d2f5c767755809c8008bca95920185a0bc |
| SHA512 | 82c4726d86e805ed0158f228c295d86dc2729370b9aae2a5306c20fd559a39c6d67e9046c462521252bf75a22bd69621f69064d00ecf5a96d66c1832c03a65d8 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ImageUSB\Help\HTML\purchasing_information.$$A
| MD5 | 91c607c546b12f3406af7b9aea923b4d |
| SHA1 | e973cadda584c8e182cf0f85356196cd659c2462 |
| SHA256 | b3960927cf7a6975b35911327cc719c7c400252c7573d079c438848778405c70 |
| SHA512 | 7794d019028201ebdea850302ca45ee2cdf6aa69c987e821745d5cae82221928659dfd4a908cc21afa51255d969f3a47b3916392316288370b43349ab8d37b74 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\JetFlash\Language\SChinese.$$A
| MD5 | 6ad0f0f329f03a6042f559af3c28b23f |
| SHA1 | e47e52357a12342ab8a9f8d480e86d92c6252731 |
| SHA256 | 4c5e1183664ac6851610c5034fd40b1542ce7eac6ba795872905959f27fc2ae3 |
| SHA512 | dde2793fe1bc736ebd5c929f2bfacfb4b6868fe75f78ab60933a5ba1fb46ade1ad9b02bb21b839e4ae808a7d09684ffdf5656284f77839865cd51fbfc8a917ca |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Testdisk\testdisk_win.$$A
| MD5 | c2f68b0d9b106ca7414e03c70b8d2fc4 |
| SHA1 | 8c4533458e7dfaaa76555a8cfb19f388ecbddfcd |
| SHA256 | 2e6a22b5a6d40b3cb2b007e6f5181bf6a0ff846f8fe6e2e1424bcb0ce8b4a07f |
| SHA512 | 2eba3ce9da6b68c57bc6a17c75c939d261fb9dad5448267b4b2df706bb105d2fae7e596d8317269e3379668a618c37d55478728c7ebbe3b09754b7c82ab528bc |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\BOOTICE.$$A
| MD5 | ebecfae82e2832bae077e165957ed84b |
| SHA1 | 6f326f5e5aac0df675fb39f95f054047ab476fe1 |
| SHA256 | e0fd023d030b1b97d5072ab7ee3fe361bae561d7c67628a260eebdf9cc03040c |
| SHA512 | bdea1aae7759a6404247828b6c85a18d1fa54e81f0d7a7d45ebde963e08e7795c2b64249810eed28e469bd6be5a9d05fd740abdf083ce7eda57231eaa45f0e8d |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\pf\EFI\MICROSOFT\BOOT\FONTS\MSJH_BOOT.$$A
| MD5 | 5a8ed2f52757d1ca0e83ab32ca50b123 |
| SHA1 | a69409976762e4d34736fb135ef7fc510cb44513 |
| SHA256 | a30698ce0c848a6d0d1ca979e0ad85a70d7256ce8936b487020cd57f37a24b49 |
| SHA512 | fbdfcfb5623313b2d8fd4a5375a511e3e572cefe150c2b682bb7754b6aaf335aff71bc38f60d55fddbcac95722fff2eaa573e2d49c48543014ec11c1fd37f021 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Plop Boot Manager 5.0.15\Files\plpbt.$$A
| MD5 | b97f9274d467365d9ec902f7d361f1b8 |
| SHA1 | 1a8c026cf7b360fd6228d977fedc0708ff83f239 |
| SHA256 | 33c67d0978bbb3889ab29d3e16a7706571858cbc7e02a0e432b9cca02c915b1b |
| SHA512 | 3ff5099695c4720d0d84bf6c1093be70e0a722974c4ab1666faf779e20e575c1ca1cee783aec86f6cb8b5f82ca55d7c9b91c67d8c42ad9a16ea9e5bfff558c85 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Plop Boot Manager 5.0.15\Files\plpbt.$$A
| MD5 | fe3aa8856aedace7b8aaf4a7c7d85cbe |
| SHA1 | e1477a71df0a5f7b6b95a73e8ed5f255b9318e41 |
| SHA256 | 1b592beb013772a677d239b799fc56902c2bb5c3506203a4160239bd57d40fab |
| SHA512 | 0f8fad4624f5af6d587836aad0f751353a8aa48e28a8ae4c037c9885be278144b7d76beba4e57a0438c17649a81e37b12128740c2381e451af5dfac88e2ae3e0 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 8.1 with Update RUS-ENG x86-x64 -12in1- Activated (AIO)\Files\Unat\unat812pmc.$$A
| MD5 | 133018d6b0dde620925df80700e3d33c |
| SHA1 | 5320e2ea8fa28da42dfbdb4dc1c34f46073b51fe |
| SHA256 | 6d29485153d69de0d2183972335f93927657f23720daecd95c2ba8c2f1f0d13d |
| SHA512 | baeb0e9133c70f8d926af9c69ef156c8b796007d2ba2992fcd2e7ce3724ea7cba71e70a51a672cf2b18dc330ac61a67a8cd94cd39dd638421fec7d3a0af464ba |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Windows 8.1 with Update RUS-ENG x86-x64 -12in1- Activated (AIO)\Files\winpeshl.$$A
| MD5 | 12fc38d5ca98bf29461044d4db3d30be |
| SHA1 | 1d3c00d6b6a72785d94637d0e10995d776aaf43b |
| SHA256 | 56744322e2270090ea5fedc287aeb6341bfe5b67de456229c0457fdaa07d313e |
| SHA512 | 51c1ac3d95133217ab7bc8101d61a8a9c066d4c847435b4e0d0ab9261bc72122a3d601de5d44ef7770be7f3a1a192d92fc76dfd2c7954a33f6dfd3ee1b7e89c3 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 7\Files\list.$$A
| MD5 | 82765a39ce63bcebbfbd0e206b7563a3 |
| SHA1 | 544bf3ad611d5f4ec67642ced6e100e4c57085d5 |
| SHA256 | 8372fbf375b6965ec36b1ee59e6e80bafd630e5bfbf56402ee316790c552e0f5 |
| SHA512 | 5977c2b7cf4a8b93b9aecc5acf2b9b3210f1117d953b224aeb2a7ed3c8fd66a238ff5ecd8f66128ea5a8d0bccfd991610dfbafaf7f888988db602760cc31d043 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 8\Files\mysetup.$$A
| MD5 | 1c4d779a44f92548aad5d697c4b0736f |
| SHA1 | a30046eb689d9ef7f7035b4b282a6b1c6752eee8 |
| SHA256 | db6019fb2e88a76d7b836daf34b30760f27a4007cd8b06aaff0196b61a8b2d3b |
| SHA512 | 0f576d0e54da3f00f69883f93b453deafdaf550d751506568aaaee2e45687e1fba79597f03e58189b88c61279dbe231780a9bd2f2cf677875f9b2cb232a75efc |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows 2000-2003-XP\Files\xp.$$A
| MD5 | 62d38a2d86d441819f3ecf806266a72d |
| SHA1 | ecef529e651a6ba5a0241cf7faa284e5988ac82e |
| SHA256 | ffd05d3b3484416c6da70fd7f893cb9ead330ca0dfe40ffbc40de05ab27fcbd5 |
| SHA512 | 23f2e47042b45cb0d2b1f2ec70fcadec488fcb6d1e229732c64b77af7867717300e0975431acf5cb4f2322387abf4200fcad05a2af88996a68cd2e798986de98 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\firadisk.$$A
| MD5 | 0accae3522ad4aac6acce17737841d6a |
| SHA1 | de2d4c9502b3b60d70bc3674858450a20b8fcb95 |
| SHA256 | a6018483ad156338b7d0fd9cace302e5ee0fb24563d76ba28d825cb8b7dfd2af |
| SHA512 | 4123cbc7348041569401601212bb60858ab80caa2a61bea590da51f06fb50ca0e94fd5d4e4893c231ac23a036f3bb4744c38f14f37aecd7b779618907ed43dd5 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\MIGRATE.$$A
| MD5 | 08caa6c747a8d6c4f4e632cb132ff739 |
| SHA1 | ddd498ac042641d4958c2d8207285bd072a26278 |
| SHA256 | 5446e5db5191fc54eb616b0f64e08eb2a29cfac4cd0306720f1487e63734f21a |
| SHA512 | f1265a9d08589b4d2fcc75981aa2d58dc6f3c2b50e4182c1be95aa756dab23eaf2be4a9e7bce3bf7836f53dad57e96e4ce5dcb8b8f874984f6aa55622d026307 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\setup.$$A
| MD5 | c169f9c6f08fd57f71c8d8b5e64b3dd3 |
| SHA1 | d4c431b9ad59345bd2f9e20cda833dc8fcc755be |
| SHA256 | aa68d27eeff208672bd0494a37ddf6f662135a965bb3387378cf43d605e54671 |
| SHA512 | f99c50b0c26c747104b0bf4e86665bddcbb0311cd77f3c959da54bcc9c7dd4a0513b7aca6b06ee1597db88650327d720dab89739124edc9741e738691838cec5 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\setup.$$A
| MD5 | 10d077c0e98662d2b9b7568d79ea5882 |
| SHA1 | b8fcee60ac8eb658dfaf039ad20dd8852b699221 |
| SHA256 | 39bfb4e1b1550d4680a18a0125a86122c316266a7b48b3f0fc23d2e46f00bc7f |
| SHA512 | bed7f214f6b0efffb3f39f63fcfab51cd4152479096f17ad043362f92ca0bce61c4ce90545300dd17dfe3ee3718cc9d4ef9b4b107821b5e5e11c30ac6048c600 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\setupwst.$$A
| MD5 | 8af3cc3c29343a0170f10c1b8ed68841 |
| SHA1 | 6013ef8cbdaf0eb924a84a5c398cf3468018eca8 |
| SHA256 | 24363a083480d41384dd190050c32275ba1b227a5b748bbbdc9cc62fba031df6 |
| SHA512 | 91bbfb05a3f7ff34e06a8acf7b41702285fde04f1c6b32d779e5ca6466125cd848e95b5b3d6e6bc775471299a52f9cff70827ce04fbdd942db45264ee46a7e08 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\ZXBFM 2.1b\Plugs\Óñòàíîâêà Windows XP XTreme Ultimate Edition 04.06.14\Files\i386\MNT.$$A
| MD5 | 312ba7c3f1d4074768e366d631752f45 |
| SHA1 | 95e0d9c3cb78aae13613a40215139fbb2526c5b7 |
| SHA256 | 6b403fdfef199ffaff190fbf793093850b8bc80ff0f84e519b5226fb9fa3accb |
| SHA512 | 75347515e04b48ffcc5689ca6373613cae95f64afb0d14b3db9614fe0d1c2bda453470fb5f87cf72fd3317e455ba6e8813dd3af43287f72723df3bb6b589b664 |
C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\chinese\grub.$$A
| MD5 | fecca103d6c97ea6dbf7cda535ebc217 |
| SHA1 | e3fe36c879bc5cce793758088fc13a437ebf3d88 |
| SHA256 | a122ccf17cd05589964f6963ed5f5033aa2c9d9e2e2dec34db9b56ba3c385ff9 |
| SHA512 | 723565183fba21fb0d8b9f6a843a29657ad102d404c9a5429a2ce0a014b90fb631cd5192a89f932912bf50f36c136e1c7ebad9e8cc4a3f11a48eee578e1b127a |
C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\grldr.$$A
| MD5 | 0bfc59aafb40167bfd7b358ddb088881 |
| SHA1 | faddc29bcf64a002fa2a86b63f9927fa8f17dcf0 |
| SHA256 | b1044ce38666959089b8f47796233fc99ff7ef5eb2c2a88f806c1468087a631e |
| SHA512 | 59bbb981195e1fea96fa58adb80c7a2740f2e816f137d01ff878d17a3be90704a5ec4ea333fc3d940c488599a04dfc193ebeb230d28d685fa4d2f66b5800eed8 |
C:\Program Files (x86)\Multi Flash Kit\Files\grub4dos\grubinst.$$A
| MD5 | 27c8540e22fce2bc1b1c51ff1a0f50c5 |
| SHA1 | 2bd850aee81af8b410d0f814444cc1fe61c5c052 |
| SHA256 | bf346c58109512839f7f3da904902dddb2dbdeb4c91a5a4e407882d9b4b88093 |
| SHA512 | 9bccbfacbd149710848cab431d5409290e3e758991b91f3aef9286d17a0029e58bc36652548126a312c756f3750a850e24a360163b16a4585a4d05016ccec49d |
C:\Program Files (x86)\Multi Flash Kit\Files\tools\BootICE.$$A
| MD5 | b2b518c8662438570c288fdbfbf3b955 |
| SHA1 | fdc1790252ec95463cfcf96a3c95c6b402975ca3 |
| SHA256 | 32171eb19df84a3b6727a579bdeaa81867c564a2ca9aa70f83385d375e8cd6a2 |
| SHA512 | 258761ab7af01ffe06302e1d1c6db587de46795b61b5a426afeb927974c0d41221a9af601af41af9964c0295cadc3bf21363f80904c0020e397e1ddd47c11812 |
C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_EN.$$A
| MD5 | 22ac5d67d9b4cc28beb57ef0c1aae200 |
| SHA1 | 50a8b7a069a4eaf00453d5dce8154e48c6843525 |
| SHA256 | 0d4f5ffd31118285293af2b0cb88f3af8953d40611e4120c67529aa264e85088 |
| SHA512 | dc804a1eae8d64e08d259997d067eee6c6e34dcf5d9e7fd256f5f8fa2c3d637081184d60b8c9c29e86660a3854122111df562c321d9c1a9a4126b21dcbdfe13c |
C:\Program Files (x86)\Multi Flash Kit\Files\tools\WinContig\lang\WinContig_KA.$$A
| MD5 | 0e8faed8a49037f92cd2d6ab7b9409af |
| SHA1 | 9b0af94e2a3b5f8cc0c061da80a2416cce50557c |
| SHA256 | 4a227a630b505b707678c33c2603a3efbe21fcf5a70695a8ec49260ac913df0a |
| SHA512 | 9c3e69b3f1f11f5339ee6236fc0f55d90342087a90d4900c13c1ff19a6e953f593b486e14ab604ccd0eb0e5df5bb9e19e067fb6a08ad724a0f0506d391dc52a1 |
C:\Program Files (x86)\Multi Flash Kit\Menu.$$A
| MD5 | f0310cf2551e01d1c958d28baf7c4969 |
| SHA1 | 6372cee60d555f1ae2303b9b575afd9de7e9ddb5 |
| SHA256 | 33a0a53710adaa31bd5912779029e1f9a7ed513f8a3023bc76c318096a355daa |
| SHA512 | 6d32663f2cd3e615e976b7edac4b7476526efa6ecdf9148f2633d3d565ec491ef8571b0669e530fb993836b2bdd001fe5f3372c5371128e231cd1aaef030d7b3 |
C:\Program Files (x86)\Multi Flash Kit\Menu.exe
| MD5 | 60fbceb9c65f2e38d97cb454a6646fce |
| SHA1 | 054aae7b9ecff4c3a4547a5a3c99e4f3ac5174d7 |
| SHA256 | b34ef92d74043ba8a475436226bfd7c9da953e8d6cfaa197a171c9aa7dd1a90b |
| SHA512 | fec0a4297405d78c567e3f6165af2919aef4847301963a1bc2dd9181b51d9611cbb459696554cc29f6874d80204a9a80dc95cb983aeb34a01f3e472a0a0e1c5d |
memory/1752-1557-0x0000000000A70000-0x0000000000A71000-memory.dmp
C:\Program Files (x86)\Multi Flash Kit\Menu.ini
| MD5 | 9d9292049240d6f7b2388d938e9eb04b |
| SHA1 | 0d0ded35747e6de7c63dd3f1c5217d0eb398f4d9 |
| SHA256 | 8e164de85eca42f113d4f59246a8873997c561c5035365c604f9590ec11163b1 |
| SHA512 | 195b8e8331c00e249a2c1c92c5909906ee79fcafd06f6fb8abaeb201b6eee9e0d81a450260e519fc848e3f0e1ce3b9e21c6f2f966dddf8812a4983d42dc73761 |
C:\Program Files (x86)\Multi Flash Kit\Menu\Fon.bmp
| MD5 | 121e734d59600c88f9fd55a6cdc89134 |
| SHA1 | b486669dc093bff4064ff5bfbf0aadd94181fbce |
| SHA256 | e14fee529fb0bd7e153586f3f43b11b10280910b82b367993c76513e50195a84 |
| SHA512 | ba9b1e0c88ce5e822991ca05e000e6038901dbdfd4445d3f46954d4ed8d1e1de480bba32d51e02dbee875768110798ce11b218febbd1a54bf587d4b57d44157e |
C:\Program Files (x86)\Multi Flash Kit\Menu\go.bmp
| MD5 | b8020b2e6c380d325e1870b724789464 |
| SHA1 | 84b5ba62952aed7d1452e8614c56c65b1d49c586 |
| SHA256 | f5168214d3fc52709d0df07ef8693e31fd64ea9b2ebdff31a766f30ec42e1de3 |
| SHA512 | 63679ae51d6bbb2e99df59d7d474eb41295c2566c95b9538db92fcc979a627e84aeaee444266f57392cf9cb5c0707c387af670e3d7d252856647b3395b7fbc40 |
C:\Program Files (x86)\Multi Flash Kit\Menu\Close.bmp
| MD5 | 8186f51843061cdff8877cf5160f3c92 |
| SHA1 | 585d541a1561ea4d33993550b3049adf17a7f833 |
| SHA256 | 0593b87e1d08716713597c2631495fa88a956e6b65315ebf0438db5dd7f05992 |
| SHA512 | 40caae2b74bf0b37e884f7e10809678a0ef7c930344ed69a7306afead8edabba785e5c68ef01f69dc22c7ff130b1727d5685d0eda3f17b27e7242abdec3bea0e |
\??\c:\program files (x86)\multi flash kit\menu\start.wav
| MD5 | 4f5f8b8b78806ff5545772c215036e28 |
| SHA1 | 42a344bcc4e5eeb3c3f01f1c1f6ebca7ec2c88f2 |
| SHA256 | 21d4bacebf31d6d2a81549b4aa1bae4d4eb213df6612d9b807bde0ec58ffa159 |
| SHA512 | d5bed2df7f58f439f504f2810c554ff5415433b56592270c10fda3b1e2cb4edda7e1c6e8b35ad0d82ab6635386c1d2a89d7407928d6730c0a5a5481907771c59 |
\??\c:\program files (x86)\multi flash kit\menu\click1.wav
| MD5 | c2e5a28d15ada7bbff5f039c4c55dea3 |
| SHA1 | fb33fd00711440b9d0f3b3d526a753ed75640797 |
| SHA256 | d5712a8963eb3e1e181b25649ecff3080ede89c96350eb07e7d7cad429e959ea |
| SHA512 | fc71704ce1693e368d14d2e26bc7dfd6a6d8a190f26b0d555f534379bd6c3ac8f61eca3c5236acbc348fa5be249e7a9ca8c88270725bc17df10f2c5d8af6ab5f |
memory/1752-1563-0x0000000000400000-0x0000000000498000-memory.dmp
memory/1752-1565-0x0000000000A70000-0x0000000000A71000-memory.dmp
\??\c:\program files (x86)\multi flash kit\menu\click3.wav
| MD5 | da072f2e4e9b66c4e5f263678d334ac2 |
| SHA1 | e3a97ab4c77a6911d023cd89da8d63a01c35d51a |
| SHA256 | b5d01354508221feb555542368f4dd4e4ee7a0dd3085da36380ddf3718664748 |
| SHA512 | c0b54f13f9752993c2a9387e16b47117ca67975f0f117ed6169ed825d6cef1e3803cee47a14d46c9b079a819f49c9df72318f410ef43489cca03421db693112d |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\Rufus\rufus.exe
| MD5 | b3d8190e1b90aa01904354bf82b248de |
| SHA1 | 1dd5e47a7d8c49131340f7d6fe006298f82850fb |
| SHA256 | cf6ef948cb06222b8dfc78148adfe1b6b231c33bfda18611227b71cf0acda6f6 |
| SHA512 | d74959cb6ff719bd7d92c67fe43f72ef13dc2bbcb5e2682f71f28ffa975ee736c16ffce9a854109540792fe76c7bc4daaac1839d7be05739a764899170a40159 |
memory/4868-1569-0x0000000000400000-0x0000000000592000-memory.dmp
memory/1752-1579-0x0000000000400000-0x0000000000498000-memory.dmp
memory/4868-1589-0x0000000000400000-0x0000000000592000-memory.dmp
memory/1752-1590-0x0000000000400000-0x0000000000498000-memory.dmp
memory/1752-1591-0x0000000000400000-0x0000000000498000-memory.dmp
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.exe
| MD5 | 05ea08f8da86f2b63d92eb8f262a04e6 |
| SHA1 | 070d9c4794a320a5324d1552a97767d96213f8c7 |
| SHA256 | 97745297a4d360ba7e09996e8b632d71b39052a687a60462bbe3a3194eb9ebae |
| SHA512 | b21f5b8b599e1aa0e687ea1ffd66dcebafe8001cafc3f905433c8dbd32fe9aa6f4ac0b015ff1ca0f2f58c264bf91827d911214d594997575c1ace6ad03b876ae |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\theme\default\Main.css
| MD5 | 7edd828da79b9b9ce62c9220c2cb4d08 |
| SHA1 | e75affb7760b1be828e1338536e32c36ed603bae |
| SHA256 | 9425f6e1124be29d95feacc4a159f3bcace65cdd0d307180a1c22585a1715308 |
| SHA512 | a42e33ec95d2c1b7fc82eb8cc9c4a03e3ccdf401419c60039d73147003ada0ce16ef21a619664fa99769300bf796509e25be8c81daf9cbcf1fb84f6a7025f1c7 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\language\English.lang
| MD5 | c5bb9eaa1f6d5a5603a12fa91efa7a2d |
| SHA1 | 3cfa70c18beded5510960f10387f4191091823e2 |
| SHA256 | 0418fc43a8a4268af390e5ce1d92a22839335a6f2a174a66ef715b95ee358525 |
| SHA512 | ed73a44d8f1a549b502ba3f26c9d1c09ab4ee3addbd8bd6990ca1b7d8c9c4d43acc352e72b61d2e4d2e2c27c619492e162ebd660cfdbc2f5a6d74e762c65e516 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\dialog\Main.html
| MD5 | da04406bb694e600fe207ac6b3985117 |
| SHA1 | 9b49930a134f77f904166c953550a86a89d7f574 |
| SHA256 | fca9ff9d2bfac7c57c9a971732d4afd485b5150149f23ab8259ae86d1bec6825 |
| SHA512 | 44b8360696d360cdbc97c122fb962d3d916c5985e43043e26886c4cb5a242091be705eb060a66e3a3dc6341d5177a64c6cfd87ea98a79b9bba87fe465cf946ce |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\DiskMark.ini
| MD5 | 347d90aecda9c28004b2f02f437514c7 |
| SHA1 | fc5d19d2dcd19b7db0211ad1af7bb4420b82cc9c |
| SHA256 | 04a7eb862c36bba9cbbcc3d3926f6f1fcfb4853b0ebf337246b14d280104258b |
| SHA512 | 6d049c650437c5f7970de7ed30b0b394bd76db7ea1c77cd921809557ca33ba54a10a014b70dc297c0b9b436b83ac0516296fe024cbef21fb751f8052def16a97 |
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\CrystalDiskMark\CdmResource\language\Russian.lang
| MD5 | 65e3af290ab649d4423ee779529fc8fc |
| SHA1 | 6057e80ef525a21fbcc5e7b33f953ed65b08e2b5 |
| SHA256 | 9b93f8c643c29adec520e953a249acf29b6e4bb52b8c1d3b63a28c7d97f06841 |
| SHA512 | fd641a7befcd1d70a3e3e4709495764801778d6678028b3362a8b43cd7585f440aa08595e7960e48f5a02262d398fedfa799e703f9c524b795d12ff286d3c1ed |
memory/1752-1608-0x0000000000400000-0x0000000000498000-memory.dmp
memory/1752-1620-0x0000000000400000-0x0000000000498000-memory.dmp
C:\Program Files (x86)\Multi Flash Kit\Files\tools\HPUSBFW.exe
| MD5 | d48ac244372a1581f7aefbbf768a1a1a |
| SHA1 | f732c1d28ceac22bd74b24999bf23adf8eef362e |
| SHA256 | fe0e7c7ec5f5b7c4ac65c4830e55c28fe1b20a0e8449317e57172e78b1510285 |
| SHA512 | 9faddce19a3f807fad310ae50c3a2c950c34277807558632a631208c5e0892e597b482254b2f1f63571dbf321030e01096c9b185f4160c38e2753aade8dea301 |
memory/4540-1626-0x0000000000400000-0x000000000041D000-memory.dmp
memory/1752-1625-0x0000000000400000-0x0000000000498000-memory.dmp
memory/4540-1628-0x0000000000400000-0x000000000041D000-memory.dmp
C:\Program Files (x86)\Multi Flash Kit\Files\CORE2\InstallUSB.exe
| MD5 | 5087b6276f39ea86baad4f6f4b29d0b7 |
| SHA1 | 5e2d10851ec1148a0e1eaacdeeb8e453fac49d69 |
| SHA256 | 9d2b7f0055636e562d24f1cb5585ccc8b4ed7a26a82f95a76e7178febbd607dc |
| SHA512 | f0224da36ab168e3caf594470a7be469ead234941737926e96de97013b01adaee2f97740744a1c10b1e4671eb567d5b7ec3e139f72759550a589e495d45fcfda |
memory/1752-1631-0x0000000000400000-0x0000000000498000-memory.dmp