4fda471663f28d238af3e66a7ea99b1510a5ca4d36c12484ef4057c556f7f40d

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fing.exe
Size

103.4MB
MD5

80b77369342697ba77efbc4294d90c79
SHA1

6bba4b5b250cae9981ade102a39360455b689e3f
SHA256

4fda471663f28d238af3e66a7ea99b1510a5ca4d36c12484ef4057c556f7f40d
SHA512

1d8bb9274708fa11da52331076ea10b94d1ff2ca7b5d77504e4d41dd1824d10f048b5cbd4fc71f7d25ec772d66eb5d13b60bc66bb92b8b9c6575459b493aa60a
SSDEEP

3145728:6SFkGY54YMeEZyk9H+Oyo/jK2wj4YICK1UWR:hE5Ey4vx2j4YJIv

Score

8^/10

discovery execution persistence

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
4548	powershell.exe

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DRIVERS\SET8279.tmp	NPFInstall.exe
File created	C:\Windows\system32\DRIVERS\SET8279.tmp	NPFInstall.exe
File opened for modification	C:\Windows\system32\DRIVERS\npcap.sys	NPFInstall.exe

Manipulates Digital Signatures 1 TTPs 8 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\60EE3FC53D4BDFD1697AE5BEAE1CAB1C0F3AD4E3\Blob = 03000000010000001400000060ee3fc53d4bdfd1697ae5beae1cab1c0f3ad4e32000000001000000c0060000308206bc308205a4a003020102021003f1b4e15f3a82f1149678b3d7d8475c300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3132303431383132303030305a170d3237303431383132303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e672043412028534841322930820122300d06092a864886f70d01010105000382010f003082010a0282010100a753fa0fb2b513f164cf8480fcae8035d1b6d7c7a32cac1a2cacf184ac3a35123a9291ba57e4c4c9f32fa8483cb7d66edc9722ba517961af432f0db79bb44931ae44583ea4a196a7874f237ec36c652490553ea1ca237cc542e9c47a62459b7dde6374cb9e6325f8849a9aad454fae7d1fc813cb759bc9e1e18af80b0c98f4ca3ed045aa7a1ea558933634be2b2e2b315866b432109f9df052a1efe83ed376f2405adcfa6a3d1b4bad76b08c5cee36ba83ea30a84cdef10b2a584188ae0089ab03d11682202276eb5e54381262e1d27024dbed1f70d26409802de2b69dce1ff2bb21f36cdbd8b3197b8a509fefec360a5c9ab74ad308a03979fdddbf3d3a09250203010001a38203583082035430120603551d130101ff040830060101ff020100300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070303307f06082b0601050507010104733071302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304906082b06010505073002863d687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274486967684173737572616e63654556526f6f7443412e63727430818f0603551d1f0481873081843040a03ea03c863a687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274486967684173737572616e63654556526f6f7443412e63726c3040a03ea03c863a687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274486967684173737572616e63654556526f6f7443412e63726c308201c40603551d20048201bb308201b7308201b306096086480186fd6c0302308201a4303a06082b06010505070201162e687474703a2f2f7777772e64696769636572742e636f6d2f73736c2d6370732d7265706f7369746f72792e68746d3082016406082b06010505070202308201561e8201520041006e007900200075007300650020006f00660020007400680069007300200043006500720074006900660069006300610074006500200063006f006e0073007400690074007500740065007300200061006300630065007000740061006e006300650020006f00660020007400680065002000440069006700690043006500720074002000430050002f00430050005300200061006e00640020007400680065002000520065006c00790069006e0067002000500061007200740079002000410067007200650065006d0065006e00740020007700680069006300680020006c0069006d006900740020006c0069006100620069006c00690074007900200061006e0064002000610072006500200069006e0063006f00720070006f00720061007400650064002000680065007200650069006e0020006200790020007200650066006500720065006e00630065002e301d0603551d0e041604148fe87ef06d326a000523c770976a3a90ff6bead4301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d01010b0500038201010019334a0c813337dbad36c9e4c93abbb51b2e7aa2e2f44342179ebf4ea14de1b1dbe981dd9f01f2e488d5e9fe09fd21c1ec5d80d2f0d6c143c2fe772bdbf9d79133ce6cd5b2193be62ed6c9934f88408ecde1f57ef10fc6595672e8eb6a41bd1cd546d57c49ca663815c1bfe091707787dcc98d31c90c29a233ed8de287cd898d3f1bffd5e01a978b7cda6dfba8c6b23a666b7b01b3cdd8a634ec1201ab9558a5c45357a860e6e70212a0b92364a24dbb7c81256421becfee42184397bba53706af4dff26a54d614bec4641b865ceb8799e08960b818c8a3b8fc7998ca32a6e986d5e61c696b78ab9612d93b8eb0e0443d7f5fea6f062d4996aa5c1c1f0649480	certutil.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\3BA63A6E4841355772DEBEF9CDCF4D5AF353A297\Blob = 0300000001000000140000003ba63a6e4841355772debef9cdcf4d5af353a2972000000001000000350500003082053130820419a00302010202100aa125d6d6321b7e41e405da3697c215300d06092a864886f70d01010b05003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3136303130373132303030305a170d3331303130373132303030305a3072310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3131302f060355040313284469676943657274205348413220417373757265642049442054696d657374616d70696e6720434130820122300d06092a864886f70d01010105000382010f003082010a0282010100bdd032ee4bcd8f7fdda9ba8299c539542857b6234ac40e07453351107dd0f97d4d687ee7b6a0f48db388e497bf63219098bf13bc57d3c3e17e08d66a140038f72e1e3beecca6f63259fe5f653fe09bebe34647061a557e0b277ec0a2f5a0e0de223f0eff7e95fbf3a3ba223e18ac11e4f099036d3b857c09d3ee5dc89a0b54e3a809716be0cf22100f75cf71724e0aaddf403a5cb751e1a17914c64d2423305dbcec3c606aac2f07ccfdf0ea47d988505efd666e56612729898451e682e74650fd942a2ca7e4753eba980f847f9f3114d6add5f264cb7b1e05d084197217f11706ef3dcdd64def0642fda2532a4f851dc41d3cafcfdaac10f5ddacace956ff930203010001a38201ce308201ca301d0603551d0e04160414f4b6e1201dfe29aed2e461a5b2a225b2c817356e301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f30120603551d130101ff040830060101ff020100300e0603551d0f0101ff04040302018630130603551d25040c300a06082b06010505070308307906082b06010505070101046d306b302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304306082b060105050730028637687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274417373757265644944526f6f7443412e6372743081810603551d1f047a3078303aa038a0368634687474703a2f2f63726c342e64696769636572742e636f6d2f4469676943657274417373757265644944526f6f7443412e63726c303aa038a0368634687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274417373757265644944526f6f7443412e63726c30500603551d20044930473038060a6086480186fd6c000204302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053300b06096086480186fd6c0701300d06092a864886f70d01010b05000382010100719512e951875669cdefddda7caa637ab378cf06374084ef4b84bfcacf0302fdc5a7c30e20422caf77f32b1f0c215a2ab705341d6aae99f827a266bf09aa60df76a43a930ff8b2d1d87c1962e85e82251ec4ba1c7b2c21e2d65b2c1435430468b2db7502e072c798d63c64e51f4810185f8938614d62462487638c91522caf2989e5781fd60b14a580d7124770b375d59385937eb69267fb536189a8f56b96c0f458690d7cc801b1b92875b7996385228c61ca79947e59fc8c0fe36fb50126b66ca5ee875121e458609bba0c2d2b6da2c47ebbc4252b4702087c49ae13b6e17c424228c61856cf4134b6665db6747bf55633222f2236b24ba24a95d8f5a68e52	certutil.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E1D782A8E191BEEF6BCA1691B5AAB494A6249BF3\Blob = 030000000100000014000000e1d782a8e191beef6bca1691b5aab494a6249bf3200000000100000002050000308204fe308203e6a00302010202100d424ae0be3a88ff604021ce1400f0dd300d06092a864886f70d01010b05003072310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3131302f060355040313284469676943657274205348413220417373757265642049442054696d657374616d70696e67204341301e170d3231303130313030303030305a170d3331303130363030303030305a3048310b300906035504061302555331173015060355040a130e44696769436572742c20496e632e3120301e0603550403131744696769436572742054696d657374616d70203230323130820122300d06092a864886f70d01010105000382010f003082010a0282010100c2e6618467c58af50d08a445ca636b51d73a1142bd0a75754d94b40c50b52610fe1dc86f916b0c96e71a5c48ef44e5bf9b61cd1591625ab8ff670b9c63fd366a81fa29f8dd2b7085de0218f3786dbc7df9c76d093dbe6a7687e98abdf8845d1e76c9e4c676763a53d1d1d35a368fc6a3e12f1b3ab761d673ec4e6d338a7c5d452d4bb150e6413a375686dc93238df75025e864e6ddd38f2f57b58720eb0e8e2cd523daf44d7846e3038331294a5c0c318a4a8c88c5f7305af914af155f6c434909fd262353f68d63e81aab5bb11d30c29b6982b4dbfc5654bc1fa187abbe7a5b0a202f4b09c995a78db2fad6638b4ea5721cee9f7a0173f819d6fe0d4984bd010203010001a38201b8308201b4300e0603551d0f0101ff040403020780300c0603551d130101ff0402300030160603551d250101ff040c300a06082b0601050507030830410603551d20043a3038303606096086480186fd6c07013029302706082b06010505070201161b687474703a2f2f7777772e64696769636572742e636f6d2f435053301f0603551d23041830168014f4b6e1201dfe29aed2e461a5b2a225b2c817356e301d0603551d0e041604143644868ea4bab066bebc282d1d4436dde36a7abc30710603551d1f046a30683032a030a02e862c687474703a2f2f63726c332e64696769636572742e636f6d2f736861322d617373757265642d74732e63726c3032a030a02e862c687474703a2f2f63726c342e64696769636572742e636f6d2f736861322d617373757265642d74732e63726c30818506082b0601050507010104793077302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304f06082b060105050730028643687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572745348413241737375726564494454696d657374616d70696e6743412e637274300d06092a864886f70d01010b05000382010100481cdcb5e99a23bce71ae7200e8e6746fd427251740a2347a3ab92d225c47059be14a0e52781a54d1415190779f0d104c386d93bbdfe4402664ded69a40ff6b870cf62e8f5514a7879367a27b7f3e7529f93a7ed439e7be7b4dd412289fb87a246034efcf4feb76477635f2352698382fa1a53ed90cc8da117730df4f36539704bf39cd67a7bda0cbc3d32d01bcbf561fc75080076bc810ef8c0e15ccfc41172e71b6449d8229a751542f52d323881daf460a2bab452fb5ce06124254fb2dfc929a8734351dabd63d61f5b9bf72e1b4f131df74a0d717e97b7f43f84ebc1e3a349a1facea7bf56cfba597661895f7ea7b48e6778f93698e1cb28da5b87a68a2f	certutil.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\3C0D087ECDCC76D1084ABE00F1FEE5040400AE37\Blob = 0300000001000000140000003c0d087ecdcc76d1084abe00f1fee5040400ae372000000001000000c6050000308205c2308204aaa00302010202100aa60783ebb5076ebc2d12da9b04c290300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e6720434120285348413229301e170d3231303530353030303030305a170d3234303631303233353935395a3081d2311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e31133011060b2b0601040182373c02010313025553311b3019060b2b0601040182373c020102130a43616c69666f726e6961311530130603550405130c323030303130333130303133310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e0603550407130753656174746c6531193017060355040a1310496e7365637572652e436f6d204c4c433119301706035504031310496e7365637572652e436f6d204c4c4330820122300d06092a864886f70d01010105000382010f003082010a0282010100a6ec814ee2c7075e2e29ac7ebd10b6188055929370a213b83fb6e337d82ed0756d15e267f6bc645e6db5bb1d586ef1098ead1595147d03897af04b666aa5a50def2b3af23974896c6fb4f5246baf3ec374dbfd90eeec7575ffb11a6efea7a0d7da0adb04eaf000b1ad520d9e9529b2a8cf420998d4c7a46c1f95e405e35f69ad8c05d62df0f9745017a6284134afba26f905d900da1c412200e6ca5c6b148f3f785aa0ebe35ea9160644bd6924b54625eb404ab39db981f6b216b6dd960930a1443b26aab08cdbcf1c5fd74dbb56c3e9df791f8429401dee5869e90c39f95000fc616b5ac8396b588e24407235ea074328c608112f6cb4f07347cd4d28d28ab90203010001a38201f7308201f3301f0603551d230418301680148fe87ef06d326a000523c770976a3a90ff6bead4301d0603551d0e04160414c5b210483c7598f90d32838cd0763d3cd85fef5130350603551d11042e302ca02a06082b06010505070803a01e301c0c1a55532d43414c49464f524e49412d323030303130333130303133300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303307b0603551d1f047430723037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c3037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c304a0603551d2004433041303606096086480186fd6c03023029302706082b06010505070201161b687474703a2f2f7777772e64696769636572742e636f6d2f4350533007060567810c0103307e06082b0601050507010104723070302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304806082b06010505073002863c687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572744556436f64655369676e696e6743412d534841322e637274300c0603551d130101ff04023000300d06092a864886f70d01010b050003820101008b2182887ada0e08e4afe89019ded16e88ff6ff1b12fd9b2994b945b8c76c63862ae35a1751672c474c8575a039250105e346bb7ce7ae1f2494e760de418b9453f1bbac9255b0dccafd296adb3cdb49d46d54c3413bfc34a3e640e244da7b1e1dbd1b04cea414ff64fe57f0ef28944a42e41065548e4834f2b05d4aae8516a1f154c5b09af25fe059a69a7dc75a7deb4cf3068c402614ece0509edf02b0968b5c8d1081cdafcfba3b7c1599256e6685ef7391f46746eaf829bc8fd40f55be70a3fc51142648b78a903e750158328cb80d54aaddce82df8fe983b0e36af4dafbdbdffe8896bee9a93c370e77f735fe9c42fc2259a3e5672e9f75f37ecf7104e53	certutil.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\4CE89794FE2D2F7E30121F10BCF76AC3CCF77CA9\Blob = 0300000001000000140000004ce89794fe2d2f7e30121f10bcf76ac3ccf77ca92000000001000000c7050000308205c3308204aba003020102021009256314069e7e6a88cb823075c0d9c9300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e6720434120285348413229301e170d3230303530313030303030305a170d3231303530373132303030305a3081d231133011060b2b0601040182373c02010313025553311b3019060b2b0601040182373c020102130a43616c69666f726e6961311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e311530130603550405130c323030303130333130303133310b3009060355040613025553311330110603550408130a57617368696e67746f6e3110300e0603550407130753656174746c6531193017060355040a1310496e7365637572652e436f6d204c4c433119301706035504031310496e7365637572652e436f6d204c4c4330820122300d06092a864886f70d01010105000382010f003082010a0282010100a88cd713346c50a5cd2a62900419f091330f9820b73b38785a8b5a25ceda8e11b71b2d11ff4b0c18cad405a2a195a6462619fa3ddf6d14466a350d1cf1c6ad48cce166fe6011a62ee62751046dd264b1cc145c4a4354537cec1ae615b6b8566a28ddf3b510fee92023dbe4190b44bb4174f94c4ec62256bd4aa5ba541ee833388db8cc411365e094ee6314eaff59ca6659bb6388300e7ffbd0f8b299889b8e3ea526f8ca926ded79eac89a6b068757ae428022e2602ec98babf5998216b0c28a709129a1300872878d9971e3130826a7d1ce894fe649a017003f07ee3c53ca0cba998fab097e573723fbd3e0ea1b742dd6d076b4c2284b93500021a7d27109630203010001a38201f8308201f4301f0603551d230418301680148fe87ef06d326a000523c770976a3a90ff6bead4301d0603551d0e041604140a9c208099309acdddf9c9909a03890dcd30c8ea30350603551d11042e302ca02a06082b06010505070803a01e301c0c1a55532d43414c49464f524e49412d323030303130333130303133300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303307b0603551d1f047430723037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c3037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c304b0603551d2004443042303706096086480186fd6c0302302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f4350533007060567810c0103307e06082b0601050507010104723070302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304806082b06010505073002863c687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572744556436f64655369676e696e6743412d534841322e637274300c0603551d130101ff04023000300d06092a864886f70d01010b0500038201010042368fc33025a2a1338cf35a08d00e263958f825e79b6d3af23e0e4e4cf59bc8502022d452cbba14a53274e3a12a5b01f4aee16abfcb1b28d63484a0ae1995c9759c6f0970254da8902fb479f5f7869a566aa285f2c28e50096dfd2e14a9ecf0000963c570d2338def108dfe66b1e44d22182826749871a7f3977eba4976910f1f0de866fc75b918c1a9f466fcf96ae90df932071b9c770f0f3193f8ca500abe52cc316549403a5ca5b5422d1ebffffc3cbe3b926de552f493b53c6570fdd0736550f080c2db204b03bc00ff724241581b5dfb0dff7b8f2cc28f136c19cca8bd4b3c3d81404e69f4598e7b5458e41c6f2e6622a212d28c2615565782a1f66987	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7\Name = "szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL"	certutil.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\electron.app.Fing = "C:\\Program Files\\Fing\\Fing.exe --processStart \"Fing.exe\" --process-start-args \"--hidden\""	Fing.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000\Control Panel\International\Geo\Nation	Fing.exe

Drops file in System32 directory 42 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\netnb.PNF	NPFInstall.exe
File created	C:\Windows\system32\wpcap.dll	npcap-1.55-oem.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{18e5090e-7c00-3a47-a092-a40b73cfeeed}\npcap.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_3b688b7c3aea98ac\npcap.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF	NPFInstall.exe
File created	C:\Windows\system32\Npcap\NpcapHelper.exe	npcap-1.55-oem.exe
File created	C:\Windows\System32\DriverStore\Temp\{18e5090e-7c00-3a47-a092-a40b73cfeeed}\SET7FFA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{18e5090e-7c00-3a47-a092-a40b73cfeeed}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF	NPFInstall.exe
File created	C:\Windows\SysWOW64\Npcap\wpcap.dll	npcap-1.55-oem.exe
File created	C:\Windows\SysWOW64\Npcap\Packet.dll	npcap-1.55-oem.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{18e5090e-7c00-3a47-a092-a40b73cfeeed}\NPCAP.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_3b688b7c3aea98ac\NPCAP.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{18e5090e-7c00-3a47-a092-a40b73cfeeed}\npcap.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\SysWOW64\Npcap\NpcapHelper.exe	npcap-1.55-oem.exe
File created	C:\Windows\system32\NpcapHelper.exe	npcap-1.55-oem.exe
File created	C:\Windows\system32\Npcap\WlanHelper.exe	npcap-1.55-oem.exe
File created	C:\Windows\System32\DriverStore\Temp\{18e5090e-7c00-3a47-a092-a40b73cfeeed}\SET800A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_3b688b7c3aea98ac\npcap.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF	NPFInstall.exe
File created	C:\Windows\SysWOW64\Npcap\WlanHelper.exe	npcap-1.55-oem.exe
File created	C:\Windows\system32\Packet.dll	npcap-1.55-oem.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\netrass.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF	NPFInstall.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{18e5090e-7c00-3a47-a092-a40b73cfeeed}\SET7FFA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_3b688b7c3aea98ac\npcap.sys	DrvInst.exe
File created	C:\Windows\SysWOW64\NpcapHelper.exe	npcap-1.55-oem.exe
File created	C:\Windows\SysWOW64\WlanHelper.exe	npcap-1.55-oem.exe
File created	C:\Windows\system32\WlanHelper.exe	npcap-1.55-oem.exe
File created	C:\Windows\System32\DriverStore\Temp\{18e5090e-7c00-3a47-a092-a40b73cfeeed}\SET7FD9.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ndiscap.PNF	NPFInstall.exe
File created	C:\Windows\SysWOW64\wpcap.dll	npcap-1.55-oem.exe
File created	C:\Windows\SysWOW64\Packet.dll	npcap-1.55-oem.exe
File created	C:\Windows\system32\Npcap\wpcap.dll	npcap-1.55-oem.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\system32\Npcap\Packet.dll	npcap-1.55-oem.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{18e5090e-7c00-3a47-a092-a40b73cfeeed}\SET7FD9.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{18e5090e-7c00-3a47-a092-a40b73cfeeed}\SET800A.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\c_netservice.PNF	NPFInstall.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Fing\locales\fi.pak	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\npcap-1.55-oem.exe	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\npcap-1.20-oem.exe	Fing.exe
File opened for modification	C:\Program Files\Fing\chrome_100_percent.pak	Fing.exe
File created	C:\Program Files\Fing\locales\zh-TW.pak	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\[email protected]	Fing.exe
File created	C:\Program Files\Fing\Uninstall Fing.exe	Fing.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File created	C:\Program Files\Fing\locales\gu.pak	Fing.exe
File created	C:\Program Files\Fing\locales\uk.pak	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\boost_thread-vc90-mt-1_58.dll	Fing.exe
File created	C:\Program Files\Fing\locales\et.pak	Fing.exe
File created	C:\Program Files\Fing\locales\sv.pak	Fing.exe
File created	C:\Program Files\Fing\resources\app-update.yml	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\boost_chrono-vc90-mt-1_58.dll	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\fing.ico	Fing.exe
File created	C:\Program Files\Fing\chrome_100_percent.pak	Fing.exe
File created	C:\Program Files\Fing\locales\am.pak	Fing.exe
File created	C:\Program Files\Fing\locales\cs.pak	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\msvcr90.dll	Fing.exe
File created	C:\Program Files\Npcap\CheckStatus.bat	npcap-1.55-oem.exe
File created	C:\Program Files\Fing\locales\lt.pak	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\boost_program_options-vc90-mt-1_58.dll	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\[email protected]	Fing.exe
File created	C:\Program Files\Fing\locales\ru.pak	Fing.exe
File created	C:\Program Files\Fing\locales\sk.pak	Fing.exe
File created	C:\Program Files\Fing\locales\th.pak	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\boost_filesystem-vc90-mt-1_58.dll	Fing.exe
File created	C:\Program Files\Fing\locales\ar.pak	Fing.exe
File created	C:\Program Files\Fing\locales\es.pak	Fing.exe
File created	C:\Program Files\Fing\locales\ro.pak	Fing.exe
File opened for modification	C:\Program Files\Fing\resources\extraFiles	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\[email protected]	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\fingagent.exe	Fing.exe
File created	C:\Program Files\Npcap\NPFInstall.exe	npcap-1.55-oem.exe
File created	C:\Program Files\Npcap\npcap_wfp.inf	npcap-1.55-oem.exe
File created	C:\Program Files\Fing\Fing.exe	Fing.exe
File created	C:\Program Files\Fing\LICENSES.chromium.html	Fing.exe
File created	C:\Program Files\Fing\locales\fr.pak	Fing.exe
File created	C:\Program Files\Fing\resources.pak	Fing.exe
File created	C:\Program Files\Fing\vk_swiftshader.dll	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\ndt.dll	Fing.exe
File opened for modification	C:\Program Files\Fing\swiftshader	Fing.exe
File created	C:\Program Files\Fing\locales\it.pak	Fing.exe
File created	C:\Program Files\Fing\locales\mr.pak	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\boost_locale-vc90-mt-1_58.dll	Fing.exe
File created	C:\Program Files\Fing\resources\app.asar	Fing.exe
File created	C:\Program Files\Fing\locales\bg.pak	Fing.exe
File created	C:\Program Files\Fing\locales\sl.pak	Fing.exe
File created	C:\Program Files\Fing\locales\vi.pak	Fing.exe
File created	C:\Program Files\Npcap\npcap.inf	npcap-1.55-oem.exe
File created	C:\Program Files\Fing\resources\extraResources\msvcm90.dll	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\npptools.dll	Fing.exe
File created	C:\Program Files\Fing\LICENSE.electron.txt	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\boost_date_time-vc90-mt-1_58.dll	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\[email protected]	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\netsnmp.dll	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\overlook.dll	Fing.exe
File created	C:\Program Files\Fing\swiftshader\libGLESv2.dll	Fing.exe
File created	C:\Program Files\Npcap\DiagReport.bat	npcap-1.55-oem.exe
File created	C:\Program Files\Fing\locales\fa.pak	Fing.exe
File created	C:\Program Files\Fing\locales\fil.pak	Fing.exe
File created	C:\Program Files\Fing\resources\extraResources\[email protected]	Fing.exe
File created	C:\Program Files\Fing\resources\extraFiles\ip-services.properties	Fing.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\INF\oem3.PNF	NPFInstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	NPFInstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe

Executes dropped EXE 9 IoCs

pid	Process
5048	npcap-1.55-oem.exe
5092	NPFInstall.exe
2440	NPFInstall.exe
972	NPFInstall.exe
1760	NPFInstall.exe
2944	fingagent.exe
2336	fingagent.exe
4280	Fing.exe
1416	Fing.exe

Loads dropped DLL 64 IoCs

pid	Process
4084	Fing.exe
4084	Fing.exe
4084	Fing.exe
4084	Fing.exe
4084	Fing.exe
4084	Fing.exe
4084	Fing.exe
4084	Fing.exe
4084	Fing.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
5048	npcap-1.55-oem.exe
4084	Fing.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2944	fingagent.exe
2336	fingagent.exe
2336	fingagent.exe
2336	fingagent.exe
2336	fingagent.exe
2336	fingagent.exe
2336	fingagent.exe
2336	fingagent.exe
2336	fingagent.exe
2336	fingagent.exe
2336	fingagent.exe
2336	fingagent.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x000700000002355d-804.dat	nsis_installer_1
behavioral2/files/0x000700000002355d-804.dat	nsis_installer_2

Checks SCSI registry key(s) 3 TTPs 38 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	NPFInstall.exe

Modifies data under HKEY_USERS 45 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	fingagent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	fingagent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	fingagent.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	fingagent.exe

Modifies registry class 18 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fing\DefaultIcon\ = "C:\\Program Files\\Fing\\Fing.exe"	Fing.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fing\shell\Open\command	Fing.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fing\shell\Open\command\ = "C:\\Program Files\\Fing\\Fing.exe %1"	Fing.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fing	Fing.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fing\ = "URL:fing"	Fing.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\fing\URL Protocol	Fing.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fing\shell	Fing.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fing\shell\Open	Fing.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\fing	Fing.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\fing\ = "URL:fing"	Fing.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\fing\shell\open	Fing.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\fing\shell\open\command\ = "\"C:\\Program Files\\Fing\\Fing.exe\" \"%1\""	Fing.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fing\URL Protocol	Fing.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fing\shell\	Fing.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\fing\shell\open\command	Fing.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\fing\shell	Fing.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\fing\DefaultIcon	Fing.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\fing\shell\Open\	Fing.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4084	Fing.exe
4084	Fing.exe
5092	NPFInstall.exe
5092	NPFInstall.exe
4548	powershell.exe
4548	powershell.exe
2336	fingagent.exe
2336	fingagent.exe
4280	Fing.exe
4280	Fing.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeSecurityPrivilege	4084	Fing.exe
Token: SeDebugPrivilege	5092	NPFInstall.exe
Token: SeAuditPrivilege	3916	svchost.exe
Token: SeSecurityPrivilege	3916	svchost.exe
Token: SeDebugPrivilege	4548	powershell.exe
Token: SeIncreaseQuotaPrivilege	4548	powershell.exe
Token: SeSecurityPrivilege	4548	powershell.exe
Token: SeTakeOwnershipPrivilege	4548	powershell.exe
Token: SeLoadDriverPrivilege	4548	powershell.exe
Token: SeSystemProfilePrivilege	4548	powershell.exe
Token: SeSystemtimePrivilege	4548	powershell.exe
Token: SeProfSingleProcessPrivilege	4548	powershell.exe
Token: SeIncBasePriorityPrivilege	4548	powershell.exe
Token: SeCreatePagefilePrivilege	4548	powershell.exe
Token: SeBackupPrivilege	4548	powershell.exe
Token: SeRestorePrivilege	4548	powershell.exe
Token: SeShutdownPrivilege	4548	powershell.exe
Token: SeDebugPrivilege	4548	powershell.exe
Token: SeSystemEnvironmentPrivilege	4548	powershell.exe
Token: SeRemoteShutdownPrivilege	4548	powershell.exe
Token: SeUndockPrivilege	4548	powershell.exe
Token: SeManageVolumePrivilege	4548	powershell.exe
Token: 33	4548	powershell.exe
Token: 34	4548	powershell.exe
Token: 35	4548	powershell.exe
Token: 36	4548	powershell.exe
Token: SeIncreaseQuotaPrivilege	4548	powershell.exe
Token: SeSecurityPrivilege	4548	powershell.exe
Token: SeTakeOwnershipPrivilege	4548	powershell.exe
Token: SeLoadDriverPrivilege	4548	powershell.exe
Token: SeSystemProfilePrivilege	4548	powershell.exe
Token: SeSystemtimePrivilege	4548	powershell.exe
Token: SeProfSingleProcessPrivilege	4548	powershell.exe
Token: SeIncBasePriorityPrivilege	4548	powershell.exe
Token: SeCreatePagefilePrivilege	4548	powershell.exe
Token: SeBackupPrivilege	4548	powershell.exe
Token: SeRestorePrivilege	4548	powershell.exe
Token: SeShutdownPrivilege	4548	powershell.exe
Token: SeDebugPrivilege	4548	powershell.exe
Token: SeSystemEnvironmentPrivilege	4548	powershell.exe
Token: SeRemoteShutdownPrivilege	4548	powershell.exe
Token: SeUndockPrivilege	4548	powershell.exe
Token: SeManageVolumePrivilege	4548	powershell.exe
Token: 33	4548	powershell.exe
Token: 34	4548	powershell.exe
Token: 35	4548	powershell.exe
Token: 36	4548	powershell.exe
Token: SeIncreaseQuotaPrivilege	4548	powershell.exe
Token: SeSecurityPrivilege	4548	powershell.exe
Token: SeTakeOwnershipPrivilege	4548	powershell.exe
Token: SeLoadDriverPrivilege	4548	powershell.exe
Token: SeSystemProfilePrivilege	4548	powershell.exe
Token: SeSystemtimePrivilege	4548	powershell.exe
Token: SeProfSingleProcessPrivilege	4548	powershell.exe
Token: SeIncBasePriorityPrivilege	4548	powershell.exe
Token: SeCreatePagefilePrivilege	4548	powershell.exe
Token: SeBackupPrivilege	4548	powershell.exe
Token: SeRestorePrivilege	4548	powershell.exe
Token: SeShutdownPrivilege	4548	powershell.exe
Token: SeDebugPrivilege	4548	powershell.exe
Token: SeSystemEnvironmentPrivilege	4548	powershell.exe
Token: SeRemoteShutdownPrivilege	4548	powershell.exe
Token: SeUndockPrivilege	4548	powershell.exe
Token: SeManageVolumePrivilege	4548	powershell.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4084	Fing.exe
4280	Fing.exe
4280	Fing.exe
4280	Fing.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4280	Fing.exe
4280	Fing.exe
4280	Fing.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 3312	4084	Fing.exe	89
PID 4084 wrote to memory of 3312	4084	Fing.exe	89
PID 4084 wrote to memory of 3312	4084	Fing.exe	89
PID 3312 wrote to memory of 3916	3312	net.exe	91
PID 3312 wrote to memory of 3916	3312	net.exe	91
PID 3312 wrote to memory of 3916	3312	net.exe	91
PID 4084 wrote to memory of 5048	4084	Fing.exe	92
PID 4084 wrote to memory of 5048	4084	Fing.exe	92
PID 4084 wrote to memory of 5048	4084	Fing.exe	92
PID 5048 wrote to memory of 5092	5048	npcap-1.55-oem.exe	94
PID 5048 wrote to memory of 5092	5048	npcap-1.55-oem.exe	94
PID 5048 wrote to memory of 2896	5048	npcap-1.55-oem.exe	96
PID 5048 wrote to memory of 2896	5048	npcap-1.55-oem.exe	96
PID 5048 wrote to memory of 2896	5048	npcap-1.55-oem.exe	96
PID 5048 wrote to memory of 2096	5048	npcap-1.55-oem.exe	98
PID 5048 wrote to memory of 2096	5048	npcap-1.55-oem.exe	98
PID 5048 wrote to memory of 2096	5048	npcap-1.55-oem.exe	98
PID 5048 wrote to memory of 2440	5048	npcap-1.55-oem.exe	100
PID 5048 wrote to memory of 2440	5048	npcap-1.55-oem.exe	100
PID 2440 wrote to memory of 4400	2440	NPFInstall.exe	102
PID 2440 wrote to memory of 4400	2440	NPFInstall.exe	102
PID 5048 wrote to memory of 972	5048	npcap-1.55-oem.exe	104
PID 5048 wrote to memory of 972	5048	npcap-1.55-oem.exe	104
PID 5048 wrote to memory of 1760	5048	npcap-1.55-oem.exe	106
PID 5048 wrote to memory of 1760	5048	npcap-1.55-oem.exe	106
PID 3916 wrote to memory of 4908	3916	svchost.exe	110
PID 3916 wrote to memory of 4908	3916	svchost.exe	110
PID 5048 wrote to memory of 4548	5048	npcap-1.55-oem.exe	111
PID 5048 wrote to memory of 4548	5048	npcap-1.55-oem.exe	111
PID 5048 wrote to memory of 4548	5048	npcap-1.55-oem.exe	111
PID 4084 wrote to memory of 2944	4084	Fing.exe	114
PID 4084 wrote to memory of 2944	4084	Fing.exe	114
PID 4084 wrote to memory of 2944	4084	Fing.exe	114
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119
PID 4280 wrote to memory of 1416	4280	Fing.exe	119

C:\Users\Admin\AppData\Local\Temp\Fing.exe
"C:\Users\Admin\AppData\Local\Temp\Fing.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Windows\SysWOW64\net.exe
  net stop Fing.Agent
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3312
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop Fing.Agent
    3⤵
    PID:3916
- C:\Program Files\Fing\resources\extraResources\npcap-1.55-oem.exe
  "C:\Program Files\Fing\resources\extraResources\npcap-1.55-oem.exe" /S
  2⤵
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:5048
- - C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\NPFInstall.exe
    "C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\NPFInstall.exe" -n -check_dll
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5092
- - C:\Windows\SysWOW64\certutil.exe
    certutil -addstore -f "Root" "C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\roots.p7b"
    3⤵
    - Manipulates Digital Signatures
    PID:2896
- - C:\Windows\SysWOW64\certutil.exe
    certutil -addstore -f "TrustedPublisher" "C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\signing.p7b"
    3⤵
    - Manipulates Digital Signatures
    PID:2096
- - C:\Program Files\Npcap\NPFInstall.exe
    "C:\Program Files\Npcap\NPFInstall.exe" -n -c
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Windows\SYSTEM32\pnputil.exe
      pnputil.exe -e
      4⤵
      PID:4400
- - C:\Program Files\Npcap\NPFInstall.exe
    "C:\Program Files\Npcap\NPFInstall.exe" -n -iw
    3⤵
    - Executes dropped EXE
    PID:972
- - C:\Program Files\Npcap\NPFInstall.exe
    "C:\Program Files\Npcap\NPFInstall.exe" -n -i
    3⤵
    - Drops file in Drivers directory
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Executes dropped EXE
    - Checks SCSI registry key(s)
    PID:1760
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Register-ScheduledTask -Force -TaskName 'npcapwatchdog' -Description 'Ensure Npcap service is configured to start at boot' -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Npcap\CheckStatus.bat') -Principal (New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount) -Trigger (New-ScheduledTaskTrigger -AtStartup)"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4548
- C:\Program Files\Fing\resources\extraResources\fingagent.exe
  "C:\Program Files\Fing\resources\extraResources\fingagent.exe" --installservice Fing.Agent
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2944

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{610dc830-3982-6b47-918e-dd55055817c4}\NPCAP.inf" "9" "405306be3" "0000000000000140" "WinSta0\Default" "0000000000000158" "208" "C:\Program Files\Npcap"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4908

C:\Program Files\Fing\resources\extraResources\fingagent.exe
"C:\Program Files\Fing\resources\extraResources\fingagent.exe" --servicemode Fing.Agent --agentroot "C:\Users\Admin\AppData\Roaming"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:2336

C:\Program Files\Fing\Fing.exe
"C:\Program Files\Fing\Fing.exe"
1⤵
- Adds Run key to start application
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Program Files\Fing\Fing.exe
  "C:\Program Files\Fing\Fing.exe" --type=gpu-process --field-trial-handle=1812,18440669847874188176,12285537354765159968,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~1\Npcap\npcap.cat

Filesize
10KB

MD5
0f62be24ef9d8ea40db3e8513bbeac36

SHA1
5e255fde5d3bb4855840c4cc509e2bf11914febb

SHA256
d46b631ecb002033d217c5a526c341b6e27dbdf8f625b7e3642cbb69e2db20a7

SHA512
a4617557cf16d1a6778ff1a9c1be13faeb73260472dc0cf41d4dcf9db66f5a26745cda669eb5bd81d77ec87ef6a39188760bae2a15cb83acfa0c5ba830cb8297

Download Submit
C:\PROGRA~1\Npcap\npcap.sys

Filesize
70KB

MD5
0248e428603d75c9b57ece50a6af8bd8

SHA1
326858172444949a25a0fb8ec5bb9e90c5eeb7e8

SHA256
4faca21d8e1d609e53b606039de2aff06e1067023bee7fc2492244e32e6aa9f5

SHA512
30846312b80ef14315f50ea3402fc021107252432614fba30c02fa37517e375adb6060bbf7926b59c6b9bbe9b6a19d4374d92739359eaf0de719da969db36851

Download Submit
C:\Program Files\Fing\chrome_100_percent.pak

Filesize
138KB

MD5
03aaa4f8525ba4b3e30d2a02cb40ab7a

SHA1
dd9ae5f8b56d317c71d0a0a738f5d4a320a02085

SHA256
c3f131faeefab4f506bf61c4b7752a6481f320429731d758ef5413a2f71441f7

SHA512
c89a1b89b669602ba7c8bf2c004755cac7320189603fecb4f4c5cf7a36db72da651c7b613607146f0c6da9eec5df412c7fba75475352192351c02aebdaa7d9a9

Download Submit
C:\Program Files\Fing\resources.pak

Filesize
4.9MB

MD5
d22a5445f36b9ffaafc235e56ae90456

SHA1
c6acefdf31e440c71ff830eb9150efe69775ec63

SHA256
7b94d96c56df3635cd72eac4f970fe3b2df97749427a4e7986612d86aae4b6a8

SHA512
dec6c599ed1045c962a4bd52904eace69c0d323ee68e4ed67b56185ea36712fa4ccf138e7f9552f6483c9c62d5d63e98cbd61b1a0c84a4e6f5f625bc58463673

Download Submit
C:\Program Files\Fing\resources\extraResources\fing-tray-badge.png

Filesize
681B

MD5
ea249d5c72477d9697d792a55aaf9e04

SHA1
e15f2ecacfa890f2eace17d87df57ab4b1ec9ecc

SHA256
c0e22cf1c1297748d0cffe6355f274c03d7b99a310c9f05a95f6b10f79aee3cb

SHA512
b8cef023eafb4911954f9e50cda87559eb83b05208e8d0154f17dc5abde032ad816e3aa1544734550479f975f07e468a1e958d6ebe810d5383c7d75a34d1132d

Download Submit
C:\Program Files\Npcap\NPCAP.inf

Filesize
8KB

MD5
7d67d9bb6165a936f2d0bf2356f869a3

SHA1
f67443cd52865660b414a3e1d6a0226708a9a1e4

SHA256
828956a98d9dff6a5348466ca4bf6afc904913db4e2b766d249d920a424f739c

SHA512
57cc1466e119d8a487ccfaa507368e1dcde332a3e396b56651c4a3ff53fa73301b6d3563c4c3eb365a6bdbcc55a49c799bf0bbd2ef9f5f8bbbec7a98eb33ea8b

Download Submit
C:\Program Files\Npcap\NPCAP_wfp.inf

Filesize
2KB

MD5
a7f3f42da4034f1d1f4ce8953263fcd9

SHA1
07bb1c3ac657bd43cd24976a7ef94161b3b58059

SHA256
8bfb3416a3a9c59028d8baf19f87bc88686f7b0c7ad2c95dece9b12c1e860212

SHA512
cf98f349050da01fbd70a63dc425fc64f2c0decfd91c779560399597ac67184569924ded57b594fdf415852b684d4c7f4b828cad1b68349a3748b23dead7b658

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
2KB

MD5
3d0225f7014037a9222abc317ea07dcb

SHA1
ccc6ea15a713ff78cf90e3aa3617961c3619ca48

SHA256
4a86883c0c7ee2409e0ac6dc4430105d39e15f4ac717c8eda1cca6ba9cb60e3f

SHA512
1b7ba02e3a4861b6bdac41e9d5b04fc6e43576c51a2043e9823dc28a81297c4fab2e07b2e3769c9dde275a5b943e1acd935f8ba0c5f556ede530aa80c8e7dfe9

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
3KB

MD5
31688fd3c013c0da899b6358b387e9ea

SHA1
2ee8ed564192ce02724cae6a55fe7883b6f3feb3

SHA256
c919fc62d4900d8648700c03a0ed68343f9ce3ed7abdc8fd131b2303b451812a

SHA512
264293b86fa481f2ad69d604a6cbb4286f3fc1cd60cfee19c0d846f853db6ab636b20c8685e3867679d6c1a09861724d9e0d9f9516824e5c5781cd61535499bf

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
4KB

MD5
30cab75326d5631c19583d458faf3976

SHA1
8112c25e82d02608649e0d9d2f0f83ae257aca26

SHA256
73a92b66eef6ee41219f74f853884361cb01f5900e916df1b16e9a4b821aefc0

SHA512
68857e01ffd32ca16f3667ea7c7c9158422e75d5dbc576c6cf0ffbbced3c7be6326b3cde05ae7fac02b88c700c68190f57ff673d88ac07b1c82f55110f3d81fc

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
4KB

MD5
3ba6d0ba89a4a94426114d695ad1f25b

SHA1
7aaa0483cb14b80fb118cf0dd5f9ea7552533ff7

SHA256
767c6b0b1cdd58f919edd1ac867d7267dbbf1b06811374237ad9ebbde57c4beb

SHA512
630bc61f60e44f4610183d8b01647fffe106c4af1865d842ca3cc3db85211ad44f9f6017ecb05ec9176c2a43c502df273a57cf7eb806437f358dd11b469cd4a4

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
1KB

MD5
a9cc251353ae93cab0a4a2f8c7a047d2

SHA1
dcfcefb65d5dd6e723efaf0763b5ec8a66ed2f27

SHA256
480f3414181bbccc1470fa35d8e6fddf9f829d4ab9972662e9830f7328ac716d

SHA512
4042ff71f94ef282e073d4442e071708d937a1dae1141f110a90ef5abc94e4f4fa9162be1cdc21033ef8bc5534dff9e1602536ffea228ea919ca5e04d2c504fa

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
2KB

MD5
ca974a0d34ea19275ce4b608a3ca7ef2

SHA1
6cb848e5efc6353520eba4b7278e7950ed366782

SHA256
ef33067dd936155a1181aeb093e7381238a03d3063d8df8ace278b47a7feea4e

SHA512
a513d6c18533d4deead1ab0684efa97dc92f7f1c1d1bca90bc36d35ace845a02e8ea76cec6bc6b646c1a3ef9d585539dfb632063e8970da1646c3a9833b4a1d9

Download Submit
C:\Program Files\Npcap\NPFInstall.log

Filesize
2KB

MD5
447b4a4ffebd8a34c89d94908bffc64c

SHA1
a344b89119246940d7a611e8da37c9e7d25d2cb4

SHA256
baa9558a308614d3c5f799408c30cb7363d43834effe8ba7670c78b0f23bdb55

SHA512
3ced2dcd4f02e9c00b76e0203e4c654fac25b91f5471dbdf778ce415b35cde5ddee70c75af6cd65e40d39ce6277b88af0d47dbe16ceedeeedae32fac4b5c6319

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3mfzoe4k.5vn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\LICENSES.chromium.html

Filesize
5.1MB

MD5
6b84319ee8a0a0af690273d3d2dcbaf4

SHA1
857ca353e0582d100dcbc6cb6761bb4430d0cb90

SHA256
fc2a256467fb4d4ff72be6c423e5961e98b418554deeec296aded0e757b9a585

SHA512
26f9842bfdb429ef132cc1a930da9187071a339927eda402e8d54b5eb9e03067612cdadc3a2dad3d0977f8e6af18c05eab6ac91720221c6a0104f96638f85a8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\chrome_200_percent.pak

Filesize
202KB

MD5
7d4f330a5443eadf32e041c63e7e70ad

SHA1
26ce6fb98c0f28f508d7b88cf94a442b81e80c88

SHA256
b8704be578e7396ee3f2188d0c87d0ede5c5702e9bb8c841b5f8d458abf1356d

SHA512
f1b9b0dd7396863aa0feca06175b7f9ea0be4122351ecf0a0549ee4c34f85ac8c63cc927d7409a40b6e19fa91d2cb00a145616ba19f47045b2345bfbc2d4802d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.3MB

MD5
9e3cfe5b031178007e32f3158a0a4709

SHA1
88d168dfc1a4fe57bd7e4fdd8d63db0f4283ffcc

SHA256
66ffce2d7c50ae2a362d224aaf4f052c6c7e727918e687ee80c1a47bd9788ce9

SHA512
1ba4ae67ae4bce66d1b269ae5e5099d5f576506008577ed8d255bcca8fcc46508438ed7e2e7d4cbbf98d644a42babd5db0c7e19557c24b1c303cc4cb6868598e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
9f9ff30c5787f1d95678da954afe37d4

SHA1
e0a27ffa6c9821d32967242a54175e3023ab9dc6

SHA256
2846554b14bff58f110dfd7fc849c7a52d48700f9830b5f4a89f4404d38c5edb

SHA512
716093a76a28791c919117e445033713ffa7b01c08e549d96efaeb044062f491c36d9f6516e81c2714252b9d2e716f9e83aa7d4176669d67106cffe89a492c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\icudtl.dat

Filesize
9.9MB

MD5
80a7528515595d8b0bf99a477a7eff0d

SHA1
fde9a195fc5a6a23ec82b8594f958cfcf3159437

SHA256
6e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b

SHA512
c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\libEGL.dll

Filesize
440KB

MD5
ddc32c47ce436f189cea3d81b3aa395d

SHA1
9588c5a701ede68b8175995263465d0ab5d35d8f

SHA256
2ddd933b33a398a8e0bed7472571139d36870f15dd92fdada4f40a3c160afb5a

SHA512
c6ba50ba98f79786fe13cc9f7ff336180bc2d0fbcc8528c6b387b2c2e674a9a5b2d3cf5ee660117b280119b416e48a967f5e8fd8e9dd3b06e51026a27cfa1e5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\libGLESv2.dll

Filesize
7.6MB

MD5
548d6e8bd9347afb902c94c5d1b39e17

SHA1
847f470d8a901b32c5b8f01e18837e0db5bf8634

SHA256
2e5e0ca4668da819d1ea22cb9e03d38be4c4633b33c4701f3bd9c6f7d816a35a

SHA512
4f991235b44c2fdf86a70f0357979fd32d1f1a2f4f1f9a1a587000f02f2c711673a133e62e450f11cdc491a0a90dea3462568b12baec216a3b40fcb7731b4cb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\am.pak

Filesize
150KB

MD5
5c617f3833923fca5717a549fa57adca

SHA1
0102ac3c8041fab6a1a65a3bcaf7e79c0b7fd719

SHA256
5f323c0bd185d5bd5f7ea737018f14fd6ea500ba5440bc74f5c09b635518eadc

SHA512
87034e798355875f3459567ed1f11e5455fc5adc9634eec33e9db2446451febf7f35f617709a9b09bf3bc52f195edea0cb47d474d2c11ca93a8b5383142d45e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\ar.pak

Filesize
153KB

MD5
8f9c8dd93b03202220b5e226c6956025

SHA1
8290dba9b8dcc89928821ead04f7cf599c0ba557

SHA256
e7f9a474399c0ca0daf28c6153f6ec7ae87423e66c8ffe0849407471d20b6237

SHA512
3eb0b80cc7243ed646cfc7be31eb27f0aa15f2aa8a5d2c50c3e5efd8a81759637e3f986c5c294262ff3bc94a939bb3803268b4eda46b3cfe224f596bfb4ed00a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\bg.pak

Filesize
166KB

MD5
00d012a55a50bba5de8b2fc2e0d163b2

SHA1
89163fa9905876167a0c7d3446bcb0bd30f88ef4

SHA256
bd3a3aacc3cee9864404755eee9542e0f21efbebd4a71e5333d15783d4ce18c9

SHA512
3bd6c774729f3531d316917deb7d8fe977c5bf5a3e85846f061c4af5fb6c45f79d8a3557a47d4569ad52819b3ccab13d386a9f5c1801e25e969e194a956d40a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\bn.pak

Filesize
216KB

MD5
80c804a82c617e7e0fc1e7f0df63290c

SHA1
a81f3ac6e92785e4c96e7dbd01fca8bfd446071a

SHA256
b4ed891e8b38452623348da12d325b52407446114cba664a8e25a26a7cfaf773

SHA512
919856917f185dcaa6204a0b990e49498ef59b72cf93f8b6da44785f4e889b70c0b05300ac15009260ddb36a8d4f06fee5d8c4796e60a43c2957ea436f7316bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\ca.pak

Filesize
105KB

MD5
79ec325651589f138c7840c61316d8f5

SHA1
37503edcae710e2d61f390064fa2d9893d4b9c8d

SHA256
9a4e286a58bb9a58e9e30d982783663c9bce40730cb6dad4c37980038040919e

SHA512
f00a9354871c77947d2b99e83b54babcb46b5a45c24702c1b5f750156abcb2a00d12c6b4c2e15634d4d560de0afa5b9c368d31f08cf447f2209f51c0b8ef6384

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\cs.pak

Filesize
107KB

MD5
0325d16a747cca73a3a2b0c94fac123d

SHA1
e5989627742ecee5f8996001002e97627bfbe10d

SHA256
c00829fc57c7e1e5419fe3202f114d394a590b8b32b1e55af42772c93755945d

SHA512
b824297df25c097251432fa72ae1258092e692ff3e4c527599897d7d3e71007cbd80e300de54b87146889f71d537c7d297c1b3cac04b6e08d7ce29132ec9e5dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\da.pak

Filesize
98KB

MD5
29f37a66ad8035d0657a1c7176330c40

SHA1
ebf26afa557b44ff5248207425083c750a397f49

SHA256
6da77a20fd6fbb228b2de5f197225342da18cbc58d26ebf542cf20d23e00f033

SHA512
4c360f13c499a9b4b8e2b6f29efecedcc571130b90cb93a3c21486642704711db0a182b63b3be307b39c382de73787269822af76af9032e4f9c4a5596eae8e50

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\de.pak

Filesize
105KB

MD5
5f9f5187b2c3a4bbe6077a329ef5c2c1

SHA1
68ab6991f89f5c41c055b07fd97ea6d394d87f12

SHA256
e964d841b9588b7412f1ff86f004e6b052f993bf2153e4dc4bee6c5536be1744

SHA512
560a90d24c5fba776ae526033163ce61662978599c4b171f0bdbc80c72206a9443ed1aab58819ae71345ecafa795527c0673c12b73ba7ac381b7def7bbbee118

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\el.pak

Filesize
184KB

MD5
f4083cf1c56edb2d8701fc1809c9d8ec

SHA1
909337883e1f898c98de9b35f7889d257e5455b2

SHA256
b624633365c19e6e3cbe200b39889711994809796dbee7988883165d0cc1d6c2

SHA512
27726b5cf51760d6938c17e3b1346f0f9c36940a94fbb9428d9ba8809598e07d7c5429fcfc3ec56ea795d65555b4d19676cdc299d0f8937c503d92cb87b80ee4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\en-GB.pak

Filesize
87KB

MD5
b8b8de138e6cd2ad1eee182f2befc905

SHA1
acb5fbb8d3026d2cf0d5afcc0b2407f7dc7f7cee

SHA256
4a5e6439c6731a5273970c8c053b4a89018c57f1d9be81d85f24978233675442

SHA512
c5575f68aee1284a82a47e4d412df6175550bde1d8ffd3845d295f88687ece4a7c04f0ab9fcab78182fcabb6876ccb9a1f6ee815b0abc0eb96fe59f5ff849e4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\en-US.pak

Filesize
88KB

MD5
af5c77e1d94dc4f772cb641bd310bc87

SHA1
0ceeb456e2601e22d873250bcc713bab573f2247

SHA256
781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4

SHA512
8c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\es-419.pak

Filesize
103KB

MD5
84a1995559e8fc00c3e46ba63eff51a6

SHA1
24b57babee3291419fc29aab9c9a2fc0fe9c3d8a

SHA256
2e1cf9d3e3eebe607da44873cfe37b9a84615962e3450313c3947920d4de4fda

SHA512
1b8453367bbeb12f237f850eb0ef67d4b6caa973f2e6accdae6ff5b7b3991d5be2c5d76f787d2c7ca5a10d2d0a92b47fd55141c9d900c850f80cd916abf5425a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\es.pak

Filesize
105KB

MD5
4acad14261fa458cbc61451f4255c891

SHA1
bfbf2429190b85f692bc97d12822cedd53a70742

SHA256
b927984d25359f3d7a20d71aa4b16d2ec4c574461177825b5221865f416d1e71

SHA512
24a71134f5c8f3e03b29491e11d0d0d2b9988c2528593c753893986c6db6ff2bd88e2e5389b086e0785e24141894441efe3db976111e2ad5ee5afbf7374fec1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\et.pak

Filesize
94KB

MD5
3f2f42e0e8ffe5c26295f5e15480edca

SHA1
e183e93fe99145ce0471687e930926018b1fcc19

SHA256
9cdefc472c67247e67da040b984e800cc8b903a1b39c742e6962ff5c423f391e

SHA512
bb61da1665100b59433d03d05fcd074d36e07ea3c29f2f7c5305e2b560e2a2a8fc508d38b45798d98cd3c1987165667cd723726397e3d1e4be006c17efe11c3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\fa.pak

Filesize
147KB

MD5
0fbe88d360abc020ef6d511ff5cb70a5

SHA1
8abc47bc30bb0128b84ca4335dc09a67b051edf4

SHA256
7e8f7f42300178f001ea5f74c63db25d813b7c25989114dc7673c76fd92a72c9

SHA512
1eb2f414521b4ead4eccc26305cf89eddf2a9e26bc5e8d100946a8b442694e48df6fdcde858197b23cdd47c83ed7c316d280a642017e7516c5db73c3322fba26

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\fi.pak

Filesize
97KB

MD5
0c5f18712c639646e37fed054781b147

SHA1
faecb7cb6838783e15bc52c8dc019736a334d59b

SHA256
4e538a14f1dbc872a85fdb4be1e19145553ecfa3b07ee7c810b690c52b889684

SHA512
ef9f1158c35045bbef92fe70d9006cd7dcc3c834f5a4beba5b269ad6c16f9790e316b7e2617100567919ad647a1353cfa8b80d5ede23cec9e5f7ae9b4e49c154

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\fil.pak

Filesize
107KB

MD5
249ac7111d6310c67b42e973f6aa7646

SHA1
db19f2fa4eeeec09906ed31bf6295e7831bf9e2c

SHA256
cb536b478feffd3b55ec53676cce84cefc9e000c1205273bafcdaf6ee6edd381

SHA512
e96d000925be9fae898602f5d62ae3e642e91aa2957d723ffdfe9cac9bd277ba2155be31620fbc326d5cc43d47a0e08314fe27688a6eaf786491d6b39a52a00a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\fr.pak

Filesize
113KB

MD5
a9552c30b27aca538388ba34c2374d75

SHA1
39173220e9da4c3d591bdb1d0dbba77dc8fba6de

SHA256
f3bfcd6a297a7634c24f2fbd3de96f02588b0603d4a7618bb7588f6c091beb2e

SHA512
f6d01a2b0c03741092858b7616de8b52662b73a00e49b2d7b5e1a05195eddae507c432557b2bf8697ec0b8e3b620fa3f38ba577a7edd909556d73498fcffb9da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\gu.pak

Filesize
207KB

MD5
cf428ecec583b73172fa789ba3f9aa6b

SHA1
9a7456009b5a53c4f6470a370319395da394e462

SHA256
1d4d407233a4c78d5a9a242b43b21aa89fb68a0632bc52b0a515d69491632e85

SHA512
2f86f9679e04b8188d7ce44bf0a7bf4b998d9771e9a8a83b4be4dba5e5d21ebf6a00091792896d9a8d4ed38eaecd43d8d2cad920237af1ea702dadc0341be9c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\he.pak

Filesize
129KB

MD5
a275c3557e819c6e9fb029643e38fa17

SHA1
8c005cb081417ff2be0d7d8fb6356519a96f5703

SHA256
4a9862ee8e139ae74e6336e0207d484e1a1ae0f689b5f1cc06b6fea66d2090d9

SHA512
72936ffb29ad5b7fab17357286eee7fa9a6b933423fc8618b19fdd841b37d9cc613a35e04614cb74f69f49a4e8bf7a8b48bb55a10e160d8363dbdf697bc314c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\hi.pak

Filesize
213KB

MD5
eb017ac26477d54c707d3e965ec352c5

SHA1
112001c7a38d9b95d3d0e422e10c585079356018

SHA256
06424570167c9bdd7e13b115a632d6ab58de7a4fa14f8d094627bd12d85e9318

SHA512
8dfb1f8b18ae62841a40de244ce725b9ad865b4de7d250c0d5799f6896d274276e73672e3de455d0312a397d20598c768462895e4a768511b7ca530717611837

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\hr.pak

Filesize
102KB

MD5
551026fcbd640c1b911ed5b4cb7ada68

SHA1
3aac7631c7f23e15a1abc4fa1cee98acb695aadb

SHA256
cc48d7deaf73103e22e3e5900503396e2a2c9e5bf1450a4df8ce94179b1e47a2

SHA512
7bed851acc8a137c481968902006917c6eabdf1476c4cd74dea7bfa731bd45eff6b742c4b4ef48ba9c9eb4b2ba86c09c14878c05ff797bf56da075da9e53bfc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\hu.pak

Filesize
110KB

MD5
e51afbba3250e655bc01e424a29e3162

SHA1
d7aaf2f2f9629ba9f7cf8a513c2905a13d0b6a8f

SHA256
61ae4e65474cb4ecf5edb2ec9bb9ea2b7a47bbf769f81c8fee1282c13b209783

SHA512
57fc72149761cdf1de5c021bf7e63d79d91ef2e54dea57b9bd9f659dbb2c2f76dc43904c53518c00fe4ca80b92b6fc57489e275fd0006b2295f31dd45c0618ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\id.pak

Filesize
94KB

MD5
0b9e5f5651aed9d1299f3246597ac182

SHA1
62aa835853c07e66d027d129265429adc6779491

SHA256
e07be6b1a095f235a4babb2ad5e8018c8c1b2f7cd6feab170124d25898e764c6

SHA512
9d4c238f9506f41a43d531a762f7b8426db83ae093433e075237ec5211451ea6f888ceb14b8a055b67e5c6be43c0087d1c35de558cbc6d828da96043b98338f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\it.pak

Filesize
103KB

MD5
fa6eceaaa453fb66bd631aa9babe0026

SHA1
790bfefc29597d09f313c08e7b23ff298d60fa23

SHA256
4e2089d3fd90977f9a3a88b2af7fa9ff3b9864969d2f4582431626ae1f37c158

SHA512
88eb70a25a6b76e5b3272d4bae0721f23610ddd1284f54cb991eef3ad78eca13f47c6a8d79d5fb73f8fe171d5abea770b6902d0a1541884cbd5677f3dd4920f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\ja.pak

Filesize
124KB

MD5
932a8b529d16e79c1471fb8c92109eeb

SHA1
4cec50af799472bea97fc1b1a127c31d9d08b176

SHA256
275307a3a9708c0698565f10941c57d42e1d2f55709a025d37e588699b5a985e

SHA512
f2ddb70f819ef08b51c73748f2898ebc987d1d46dfa8e8ea00d2309ac51e37973310bb4f2a3503bb7ad5ef68150b01f3fe5492470d1e30fab374159ef44f8f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\kn.pak

Filesize
237KB

MD5
9224beb43327caf18c4fde76482ae12a

SHA1
ebaa89421838c093e36d74cec8bb3521772f29cf

SHA256
1a3fa5261b58113ae1a5cf140abd93e812b4a866a19a4c54929fffee5f42b18b

SHA512
2c3ae5fd43607f34562b935bf6fb5dc62d083073f430959c4d883c188f744f49ac38d3a3bfa8c3e61113a2e4813d06fcb499ffe3cbfd07979b405b0cd6eb2432

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\ko.pak

Filesize
104KB

MD5
d6c5199671535c5b644d730c9d8c9063

SHA1
7bc876a53b0da752fc93a088af1ecd043dea6ad0

SHA256
0a46cce08401a72e44178349a61cdbae5fd78ca4f071bff2bf5f2e8c877a25f8

SHA512
71f8c2a676c7e672476d578ec36d8e9b16f823fe257f7da7c22b84dcdebfb7c18480fb52a386f14b9d60d2aac6c322aaede7d61f3032842d3bf713edda8cf857

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\lt.pak

Filesize
111KB

MD5
29aeeb61df906c770e43ed477160f5bc

SHA1
d3224dff1967ddd1618d1573d91c3149ded8ae3e

SHA256
225e5784a7a616f83d81e6f3fdc5510e975e9fbde741b673deece5ded1604a9d

SHA512
09f601216ef230c20e58391c566caf388b0ed5421cacbc06fd50bef242acac599e09f92fe63aa055dd314e0ebe9985b76016d82d32b426e51b1f63c7b888ac9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\lv.pak

Filesize
111KB

MD5
ce3cb88e12f86eb6f6ad23a4d34f49e5

SHA1
31ed4ddbfe6befa49c6c28089edb1b1617d896bd

SHA256
d58b6308b64a1cda4ee0b2b395672728ce7abb73c44961fc911386569caee60e

SHA512
5db77b4e3fe2a2c76fc15134b7db1c4acdcd08cd296aa1657a08b55871353fc7f911222ff16078379a8596d401a66272a431fa9feff8bda5bedac9d7479d02f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\ml.pak

Filesize
250KB

MD5
aa549352ce43c7f3aadcf24db4b28039

SHA1
52f9de28a67e438a4b055b0988f2c4dc480a61fa

SHA256
e51d9a02ad11cb9825368da9a17af7294b7e6bf11079e2072e4bec028ecaf20f

SHA512
d220ac779b5aa363e4837430fb66fc3833fe0331fba3c634ad920f8dba8dbb1f32fde0eb6da26cabd9c089326a46252df22ade62299d6bc37c9b0f3694e8ab51

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\mr.pak

Filesize
204KB

MD5
896759a28d38e5d8f415570dd6f4d85e

SHA1
23f55cde464192839434a1e727ceb285b8b1f82b

SHA256
4293afacf1c4dce2423c368a45fec4b33aac7232e7b7c1919aa8a5a20fb026a1

SHA512
4392943394e2ebc257ed230f993d6f0280ad4106e2623bd9a498c8cbb8dcaf05a49fb998f855fbba637030f43e68d15dc429d71604ef285f211a9c86480c4e60

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\ms.pak

Filesize
97KB

MD5
407dd10484a99b21ffdae6016132bf26

SHA1
d1d7a5524fdf026a49391522c42d059406bd0442

SHA256
83248a2aaefb87fc19454afa34bf5df99b95b98f823b534de0bae552c8260d93

SHA512
908b71411e34ec56e77c5837a856898f929dddc81d95a7e2b6d47f4f4e1d72b499d627a8cec7233e4f39292f592b6a90354e6325aafacc145c994abea1ff6f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\nb.pak

Filesize
96KB

MD5
1bdfc009f54c1e5bc8eeeb5017f9de53

SHA1
7427d3f37771886af1c0af1d20468960c524377d

SHA256
21f3efe54a2a0ed9e2f618b2a50f89b44957bc7c779e7f88c1f10b310cea8bd5

SHA512
eee4aed543d30c7a74a64350cf67b454ec4ad56dc6a51f88dec648b80a33146f5bd3ffadab16a1f0b8e1ffe427f56f58a86da748ed1b118ea7fa72610d84c07a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\nl.pak

Filesize
99KB

MD5
fa16e91633aa0f20e49b7e19bb57aacb

SHA1
595d392d20df35ed71f4461cd5c85b77a68612f1

SHA256
e94551ca94505f068ecd0619af676b7b3a869f6068af87f0f537cace8055ba4b

SHA512
d3fa50f247cb216e07d4905bfec4ab39d15bbc9b60cf0e3dc733bdcd2a0cbb1f8513589c40111335797248119e59ab2d2d46c2cf18c496796fd4b7233a829a30

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\pl.pak

Filesize
108KB

MD5
da0bfc4ef754490879e8dd567961064a

SHA1
f331c571422c5bb85f90fe915756ad9787103c24

SHA256
c57c2e534da554e42388815cd3e848630ed46e1e61e640a6f3d4fd7cbdfb2aed

SHA512
1ccde932c1354fc0880afb7eb1fe9a8b93297cfbb21e0dbdb78a07b116b951672a2d1dd25e0dc94fa1384ac7bb22a007b468a391457851bf8c88efb9708a7f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\pt-BR.pak

Filesize
102KB

MD5
31e00c1fdfb9f86d7f5b5b285689cff8

SHA1
c5131466499d78c7282f29b3b12f8934a139991f

SHA256
ed9adacad575344216ee986e9c04908a5093aa7a0ebfbf2549df4c668a35f356

SHA512
b36b87330b29f99ca32d781175f1fd485fa034eafa2458f4191b70bdbfb2866fd56edb0e97ce7232b0dc3135b939eb7ac1161b1002d9322dbc7ee016b8069f09

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\pt-PT.pak

Filesize
103KB

MD5
f33190e2616875ed2349115e128a54fb

SHA1
27e44fb2cdfecc19f5c91ff2f2e69956cd59be57

SHA256
da64b5178bb41be0684cb3ef1204becb457520fe4960c3252f5ccd6a9ee9e29a

SHA512
3020da0fdcf7984557ef7af1c9f0e7cbd1bf364a8841e6671cec4b517ac89e9c4bed680a2a2e76b18db5e2d10c7f1a41c5758306e3f20eb248796b2be6e02fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\ro.pak

Filesize
106KB

MD5
4c4112b99fda13b8fa5373d379f476fb

SHA1
2422afa9ea5b204fe84cc241cf6eda2c8b319fa2

SHA256
99730524e53ca07481f8cdbbdace228aed42abc19d2277d26c42f47653f3cf07

SHA512
c663a678d0eeb66697f430e785c32fdb021a40c6456807f3842fa0e2c9ae3450fd59c3ee15e9a0975b8d100fc7c7118a06afd595404a29d777780106c8e1ad4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\ru.pak

Filesize
166KB

MD5
5d77bc0c2aa843ec5be6a3614c062359

SHA1
0b22c3376169a5bbb4697d586e4a0d3094739dd5

SHA256
ec6654ffd877ec62d8afcf90469ecef5790e17c7306654cfe4b905de449b06d8

SHA512
a2cf1ff9f7020ba1998a7091b802dd1aeb59bf2b800a41ff221152e2d017435372bfcd52ec454db543e856288e2dc381dc46a7926d4bb4b917b8749657fee0ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\sk.pak

Filesize
109KB

MD5
ba56090d9658733694473c7861d04040

SHA1
dde05b47d06fa81abadc1b8f74e5993d0ea61ca1

SHA256
d7baa6b1c0355e1ce9088c6eb508235c7a640ba70cc7ad84c9ac607026400495

SHA512
ed49f76f2ef4975e105fe13850258a51e44d0ffa7167a52b398276898237636aa50f62209757dcd756e3faef5581e314e261baa3a1e46b183a3b93af68605c59

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\sl.pak

Filesize
104KB

MD5
b1e33bbb0abbe113a024694bf4608c5b

SHA1
a157c8578685f5084fd805c9d0734bc7646d77d9

SHA256
48e9004441f8afb200601ec2843a03892076deb1706e1d3a7bbdbfcdd137ab57

SHA512
94854eb7021ab112b710332a410af53e59a42c4a501eb02098a41004613e5b2f7727a192c74e2a1c17bfc584a85477e75bd1eea0187e79db1de83c8253bec322

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\sr.pak

Filesize
158KB

MD5
c56d29bcf5fb38ea25ab1a855690f9a9

SHA1
f3161f2890971ef929473c58654dac0718983957

SHA256
68a04bae37629675c49d9aaeb68a1da974aac427b61151a18f3210499702202d

SHA512
551a72041772737139190894f5dee50963f5597a2271bd2e94af390cae34967cc435bf5504601c061cf6c2ccccd19e7bb708538a6789f185412fc715e85d54be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\sv.pak

Filesize
96KB

MD5
2befbabeabbbae5e7c57934acc5cd41f

SHA1
d48e9fd4d73627f4dcc57ec31924d97f6fd6b8d1

SHA256
c63e812fee929492974c9b5dfa14a7587258e6fabed355a105015b296246b068

SHA512
8e06850701c6bc2a4a5ed8b9d59f68b68d631be7b037e2df2a738b5a44d36a37b1419e739341a00ee7681249a434ca69ba53bbc58ff0f204322f7dfde2d43405

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\sw.pak

Filesize
97KB

MD5
2490296567a1cd3c7b0852e1ed7d115d

SHA1
04b527742cea9487344ae08c463d6fd4ba16b1ce

SHA256
8b07bfafa5c97be2da9b6146535b7848d88a44d43a45ab06dfae286d93fd64ce

SHA512
b930c14847012e12bb19bf217c79516c569fc163204d9c2b21a36f6f5061a50c3ec057882970517fc3bc4beebcf3d1b1402ccd521404cba827309940a5496b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\ta.pak

Filesize
245KB

MD5
8c8b63dfb6dbf75603d3e2e4fe981f9d

SHA1
3e7c9a1a01526367b016df20822a41e430328e94

SHA256
22eb9d73331e92c898b27546a9e775fa8df0fdada391734a9291b2a016662652

SHA512
978af09738b4e00ba58f91b82db6cd455ffb3cb4951c25abaf79b8159c6fcd9212348373ef5a5a421f9ff5b4604a3f5b54aea3257dcf566807b6a84824ca54bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\te.pak

Filesize
228KB

MD5
c370f82ff93880c0f32e63ceca8f1050

SHA1
a1190895ea7e699621f930c9b4b672b786fe1d9a

SHA256
2dd8a542ee0778ee39639380208c584d9eec8932d1307bd5563e1eab320fe0d8

SHA512
be8febb9ce42731f6f3dbe0775d2bae10267f0790ce7bb8b437c4dd5e736fc28772812231b0a4a39b28dafc63d54d27fbbfd94375dbceb317fc43debbd566844

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\th.pak

Filesize
195KB

MD5
f265ec50e0eb62893fbc187c1c962dd9

SHA1
5a60ff7287e5d4e35f000d229a4cbb37db76acc0

SHA256
cffd61f7954ca10038529d14fda6a4e34c8ea1a9f202ead0b0c2db93143ef485

SHA512
696140d16655b6d1c17d59b3e280f3f387adb8ad58c4a0d369925bd01cf03a3fd934c3b8e02e9e868bb64f81e7cfbfa532e732d1cd705c52c7b0f588765ecbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\tr.pak

Filesize
101KB

MD5
d8373d7bc1bdee4cfb48d85694a78ff9

SHA1
323408e39b2c953728420e5f21b1d1eb25de6c2b

SHA256
b1b66bfec0aff21c64ec8ba3f19008501f196f80e7e41b2e8ae73114357df458

SHA512
6960d7c0481985e0f151d66d047a02e7c31cdd670afd71a0a3949b9b0ab9e083a5ca55faa48e38c8793ebbf1218a4503043867d1999b163a923e5afce8058888

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\uk.pak

Filesize
167KB

MD5
e87cbe2cffa7d3a95a8f837231d6f44f

SHA1
40f7d1602b47c7a7ad445fe04377e3145f8caff7

SHA256
fa035595c375522d09f9de5a545f5339fcd3ddb224fb19f1828a7958b7dff3e8

SHA512
4a8b970b50da8b92b824c92c6075c8b4440826da5a581c91ad6e5b78bc65e3b80be0080e4fbb20ad91e3ee30f8a3a05ca6925e93c76c8d2474cdb9a8825acc74

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\vi.pak

Filesize
119KB

MD5
dbf8363fe244c7d45d44e987d7194566

SHA1
c3bf0058f956fbd6fa0ad89218a22c7668964b30

SHA256
044c48581c2395a8eb0f85b5905e1b4cce1fc1fef2196710cef06e197afdfa99

SHA512
0953c455581f045a17e2ae35712487f36603b942f754805011047e4dcf531062d1dc1c8755f022177f7e21b7ab52fa71db5eac7c524424e1e5a2563429318e34

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\zh-CN.pak

Filesize
88KB

MD5
d9fb680d115846809114de2b35ab4ce3

SHA1
d1f68e0181233c98ffbe91b09910b9d87c1e35eb

SHA256
690dafdeb5be360e8b3a84c711d0d48b3cfc74c871b89a8f03f8058738ca9834

SHA512
5968bba15bebf047df19b519da87bde959ccf1e564012043ea390b3c1e572bbaed79b8be6bfb884f4f9da8f1c25f3e6709d6620c582910deaf723906fdb04525

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\locales\zh-TW.pak

Filesize
88KB

MD5
d0141fd3e851cdb790549c069a76abcd

SHA1
3da3787a8ea94aa066c5e5d17e42481330e0caff

SHA256
8187e67cde3292c6f18ea0a40f8f8d3f2cd604e62feec9ec40c71b5d2bcdec9d

SHA512
947e19e8fad3a761e5e1d0380547a8f9bc06f28cf8103d80865eb9ced9e3ed3d601bd92710ef1cb9fa68d56eb62ae95c1aad78145d455bcb6dda1b8c280f4162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\app-update.yml

Filesize
118B

MD5
5f81c259d68bffdf1dd7d10fbec25e44

SHA1
b03cf8d2b6507292863dc03a7c94d13ccb419f99

SHA256
ab1aaa4d994774b0cb7f86485d71479d31dd297116e9dbf8cae7050ada8a5b12

SHA512
970330e526ab5f3edd384eb4ff6221f967c5478e0bc550e1a7a4d1488877bf18c1a339dd67e873108a223f3ccb248bb45cb0e4415dc4070d1517613ce711ec9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\elevate.exe

Filesize
116KB

MD5
990f3c8921d150ab4a857b8a98d1b342

SHA1
5bc314a67803658461309c6b28bd35aaa6351f79

SHA256
962474cfa1fb8a86f1727ee9c42290ae80c9f0b5b939a427b66870cb6a90abdd

SHA512
d3da3568c5423dfee6a80ba51aa5bc2a71a0ec170ee51a31746c7b68715ea9f5aa22f54ae9847c9cb30766ca451f831b01c4a0afc7f5673a0ce040d0bf0391bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraFiles\fingagent.env

Filesize
208B

MD5
88e5c67c318815c87d41633c5513d93d

SHA1
80a70ee62462ed6d997f16f3c228e31c9101b652

SHA256
859c1d2d71feecdc44d5bb58488502a02dfa6a86759dd6a546cfe06ba2986566

SHA512
1e0e6de12ee6871e8d1c0323f3618ac84871151b31968a156c923f4aecb7540d8064d4bc5ade55e7213de4665f91e2b0b14b1108592b609475580f709b16ad2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraFiles\ip-services.properties

Filesize
90KB

MD5
5eca6bcb3c5689ca08fe2358457a5e22

SHA1
462bf1fe1a3ba8e618cb0a7f7026ce8e57168557

SHA256
d5b6c2bfd521f1edf66fbeeac4b0df56c8da23361d6f194c1a684a6fd16da46d

SHA512
1814548dd53a73bf0588d93846581e4b29f9c698668eb43dbdf1921fe066a0e5c2e49cfeb0565752f72fb02fe94c8c60e652abbf69617018cb59789b6b4faa86

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\Microsoft.VC90.CRT.manifest

Filesize
524B

MD5
6bb5d2aad0ae1b4a82e7ddf7cf58802a

SHA1
70f7482f5f5c89ce09e26d745c532a9415cd5313

SHA256
9e0220511d4ebdb014cc17ecb8319d57e3b0fea09681a80d8084aa8647196582

SHA512
3ea373dacfd3816405f6268ac05886a7dc8709752c6d955ef881b482176f0671bcdc900906fc1ebdc22e9d349f6d5a8423d19e9e7c0e6f9f16b334c68137df2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\boost_chrono-vc90-mt-1_58.dll

Filesize
33KB

MD5
705868566bcc8c161c131a3a7b23fb80

SHA1
afac44f8db108904ebd6a4b17cca9854da39dfb4

SHA256
a9c3444313ccb58a2c8b0065ebff9350c5d98d7be36e615bea7fa02e049404eb

SHA512
cd802f073891eaed849fbd29e1c8ba8d983b70f32e0a1dbde5576cb255366bad3b81ba2a8a88bc8bd2a1a8c11d8729050cc0e58c1421395fd40ebb8ca305370b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\boost_date_time-vc90-mt-1_58.dll

Filesize
52KB

MD5
323d98795290be2a6c043cf21327ad39

SHA1
391a382e13d297dc9120c76c44f129537fba1b2e

SHA256
b0e9a096381d38696c7985985703afae48da4c1427e2e801a5a9b00c036e2cbf

SHA512
b672e71fea67d24e9e9d8fb258288c02aafd0350d4c21201b581f1f4d6c47cc0b82c0193a2b6157e584129ee1f4665f29aec0eebeee74fc9c7cc1a1252ebafb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\boost_filesystem-vc90-mt-1_58.dll

Filesize
107KB

MD5
39ea1ffa4a004ffbda270188ae0385c8

SHA1
835b9099b56cab27e4d236d678f226456c5c742a

SHA256
a01123a889357f55f625f59af07cba70ba00ef5f7ff18b7e2a986b6dc2f8d14d

SHA512
0219290ca90980d388efb7eb0f4e4f406471934e824b6d9f4209f02b5d6bec3dc3c68a40f0975e1f4b39316428d3fd6ce5e5d48e10d008c0b40c50ac73419312

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\boost_iostreams-vc90-mt-1_58.dll

Filesize
48KB

MD5
3c137fb13a39574125a40ad93c0ca73d

SHA1
625904713ac5e72839b41bcd96a3ef3fa727277c

SHA256
d21d1fae5ad6561855b2028f0babb19993cdd2e258e9ff01c40f9aafbf296d03

SHA512
f456de2d5a2c39133d042aea2832790606bd19ea4d6f8f9e2f68ef3301d316077a7d42cdd92811c9392325de536098bdc7f796c410b4d1e6b9e91a9520f5b624

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\boost_locale-vc90-mt-1_58.dll

Filesize
364KB

MD5
1085b4469c68071073ba40954e0c8e74

SHA1
53952a1c8138d94070e5d7500a813e80fe5b73f7

SHA256
96fbc918104354c6afc2fedb05ea503f5b53b62d7c2daadea5d866b77ee1d3a2

SHA512
8b827e26cebdd93f8314ba7b92a0debb145815c4d522455d8d04c4f91d0d2e0aebba6741ab1c8cd5950de0002d89059810d671b0319df650fd407216c5b7011a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\boost_program_options-vc90-mt-1_58.dll

Filesize
335KB

MD5
00ab4a4aa0dae3f28c1b794c6ae852ed

SHA1
ec1186fd1da950079a61db29aa7569961f39d8bc

SHA256
636d6e0d3f37f1b9bb8421098d803e371fb2cf27908503d5dcd61b9018eb4611

SHA512
cd5cd6fb647366a8b20eb2dfc2ca4cd8982e09c5a462e67f10541f5261fe6a013af409b7f7f8ee20c7931e6c1ca5d8a94bc8aa1b7e4b14ce872bb4279ebee56b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\boost_regex-vc90-mt-1_58.dll

Filesize
712KB

MD5
3a8c0dce96d6a6da853428ace9de64df

SHA1
85f3671793ffdd7232ccda9e41d3d19b0f8d9255

SHA256
c831338c2c76d1a2dea8b65dd299ee65c8c15bf98338d03b502d87894b7546bc

SHA512
745f2e04d92c437a8930d6fc989b7062467064cb16ea39abcbd49f54d9ae452d6c9405c63cec3da8c785d00bb524336708f96ba69a16d1623428e847306e7204

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\boost_system-vc90-mt-1_58.dll

Filesize
24KB

MD5
1f3e7560638403f6ccf09f951a037b04

SHA1
09a4ec4c8ab9093b3b65829edd4356b5fbde0a47

SHA256
d46098ef75e8e4ee1b410313690f6e6a0a033b992d4f72c088f808aea7eaa002

SHA512
dec529dbef78e5d4e9f194ae0bdaacf66253a6bfa468cf894ebfcbf2fedb97748259cb9a0288d5b7423fe3010c73666c35f3650713d5adbfdf9d824d87db3753

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\boost_thread-vc90-mt-1_58.dll

Filesize
95KB

MD5
e571eebd2d9d42e71ae1142e52b25880

SHA1
9f2b378c735f92e18398c193bdf828d18926a678

SHA256
012d3e114d306f8af323059bb04f035e426f80bbd9716db96759d5cf0cef0121

SHA512
292cbd51488561851243c13475ecc99562a98a2aa59cfb05b726b429bc733d8b0951c0965952934c2c0da25fd6b04eb315e8f181bb85bded0a16d5f1884b2dde

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\fing-tray-Template.png

Filesize
442B

MD5
0ab197134ad6cd75617ebbc5203ff574

SHA1
dd28aaad6db1f88f709bc31b6b9eda1c000e0e40

SHA256
b9cb21c6d8de4286230aeb26c0e88292cbd4187fb9f54d4681381f4fdeb869d8

SHA512
92eba09b31306425326e2a757e519ac98312d78508363f226793089fb2c41c8dbcbe569716584281ae8a125a95b7ede2261314cd22e8984173b597eca916eaa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\[email protected]

Filesize
929B

MD5
918f80b946e121bb05c7a279e2ccd742

SHA1
6b3bb92b1271bd946778013c553a07e6f99322fe

SHA256
3f7a95b1b68bed296031c524d8dc2242655bcd97b376229f80e88de7a89684b2

SHA512
777b11d230338d41fe270b8df28ff0a9e90f9fd8d47a4ca961d27889d7a38cfe7704442c3f13ed88c9401b15f8bd89ef137d93bf7dfc87dab82246e87f438bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\[email protected]

Filesize
1KB

MD5
b1f2a3fbd027dece40718fb91e1938a2

SHA1
886184b0fc2d347cf97658f145af8c7679dfeb64

SHA256
69aee3fff7eb73b44c813191cd34ff7cd524a8ffaa20e3a58ab04d038924dd69

SHA512
3e7da1c6367b813e6ca59343560ba7e90ddfc35b27cddbf5c5bf68c74ce498d728f5770d1e1502d402bc714755407f009bb27d8e5e44e2b4617ca18d3249842c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\fing-tray-badge-Template.png

Filesize
416B

MD5
cc6e5dedfbff42506a6bc59a3acd159b

SHA1
02aaadeaec77362a90d15fed1b51f176ca8ccde0

SHA256
10244ad53fe797a83fcfc8c03300eb372791d7dc7b4e92ae4e474ff2e5f3c9a0

SHA512
1a444b645cbeedf1515cf0e793cb5e764f20ce1f25bd9fd141ff46b811279269db7ce4cea45ee4e3dd1dbe15d8d97c07d346ba304f3dfa777ba4988bf07f0ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\[email protected]

Filesize
853B

MD5
5e5ce76569e8234502a824175bc9bfe3

SHA1
08fccc472afc1204b07ffb5478b30019d4ccc6a7

SHA256
716ced845b30c3e8442a40ad01ab5e63b25fb918667fd6af4e07f2959bb2a773

SHA512
a9f45d05c67318732b896a1c8d82c9a70a18421ce08a78d8ed52c79ae2675d346aa5eb2dd11944e74529312f18d0b4f951172ed2304c1c5949b1234d351af86e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\[email protected]

Filesize
1KB

MD5
eecf0cab95768f338f3598512e9528e1

SHA1
269c2a6ef437984609f5a3799d73644022f03740

SHA256
2cacfe0cdae19c0c2a01fcc50b368a9e54bb9ef5fb3b918559e344fa95d81601

SHA512
db449415cca2627525217c9e146835206eb6920419cc0685c2ac9cdc7888e17c584ea2e099b6bcfbd802f9a0040cae59fcd210f58a4b1ae27ef94909acfe3051

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\[email protected]

Filesize
1KB

MD5
7a3262a52472f4e9d92320e95a59a2d8

SHA1
59710d309fec5da273341575f2356bc3a2537022

SHA256
06335e9d23b44b0f81045579c490d20bfe18a761e2edfb0a627a31004c4a3617

SHA512
7428a1492c12b6a6385c377cc1fa6a4380a8636100ee85cea14b587a099596f1f998fdeeac4f1998c1d09ce1f6bd8707e59796cc592c41ca0b16af4ef6ffbd8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\[email protected]

Filesize
2KB

MD5
0197a16cd7e68f2ad87754167c6b69ae

SHA1
74d420877c9212606aa031bf23317e1ba8f0f851

SHA256
3b3ea83d418e9aa68c90e5d4481b3b55afa64dc3883a82580e905a52fd59e68d

SHA512
f48b15090ebf797958eec295469d5417e7a9eba9245aa29dc84984e9f6ca7cc43885d0ae69276e68f5aa7256d04608751b8473edfcc846a6277b255801333d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\fing-tray-icon.png

Filesize
639B

MD5
0679cc6af430d1d0d6eb4ecab868b430

SHA1
d9f57dcec9939a74f03a5472b1bf9a9764cbc54f

SHA256
9d1ffb3b6aac823273d5ef0233c4f2d316e93a0b6d1f885ea5a350d13deb9fdc

SHA512
4381b2e4318b33c75016fd7f5c725a7a5f3c9dc8fad239c7deb4d70dec5bd3cc779eabfa60705351b3fcacf2fbf33f88f644ce4fa86c3fb02de94cefa39a4a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\[email protected]

Filesize
1KB

MD5
ad1ae3ebd15e9bde1ccd41f9dba10173

SHA1
3fc41cf24e979f9ba894ad3a64d64d7de446e941

SHA256
ae78e0af4b4cb21538fe93796463ff112c0178ff6042b6d9859f2d1716680d77

SHA512
4a696ccbeb5e41d6e1c18a1c3145a1b415af504ba881562aa5f867517abcd78057309d15e8aac07fad9fbc1f1dc1c1e5efaae971db4e8f58ac054d14669abb55

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\[email protected]

Filesize
2KB

MD5
f75e5db7086d02cfd794c9a56af05d26

SHA1
a3dd1676d2c4d0364b6295d03c46b4283318adf1

SHA256
1bc17263eae3be9b8257741f3fc26c1e28f21303ae20087a1d3763e94b324e8a

SHA512
c6c7a33da761208056b4a92874273946c991b6d608236cf8f4e51f55144908de7e282d70a3a626858ae5d5c9b17f69e630dd0ecd60deb4a12b6d975f4d78ad7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\fing.ico

Filesize
37KB

MD5
9898647b975fd9a95ea239e649e6e0f6

SHA1
eb231da4818652a64b843c243e7f9a763eb5934b

SHA256
ca7c8b887485056090aae45daae7ebd6d63cebfdfb07d8c7f1a495eef97e5a62

SHA512
0c967af748fe79a44c96ed1bf959a9ce63cb9633d4aa9ca903209ecc53509e8d7131be1946fffef5b608b99977b59d72a2aac52b90df1176fc520be02310442c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\fingagent.exe

Filesize
2.5MB

MD5
3e775191f660fff3a063837b9d8b2bb3

SHA1
25d2aa8b6635222476bce1d9710cf6d243cb88d6

SHA256
d0e4324037028e6e08ed4f49bd5dea6eac6b7c95887626fcc04bd97479505ea6

SHA512
cf8a33b9f9dc1e31d547af2c625496730e1927fce50b97ddab6601f31855dda8c5510a15b1f60baf4a0d5d0b1aeb62b5991c6c09dd9a247e1e1d835429322041

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\libeay32.dll

Filesize
1.3MB

MD5
65a7b454274723e98b9615850ea1f37f

SHA1
af39c2130af56861ef7824c1fbe6dffa49b6b663

SHA256
1a44edd366f60fcf961bead82d31136979c201bf4878d96a7552edadccb2b68b

SHA512
634284a9a6037fa2f0ee11fbb1e2114e8439912797958f9c472a29c54ab364d7afb06e73e66f97fe8aef0d991d7a15524fa39f08d90d108e1b0274fc98f5952a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\libprotobuf.dll

Filesize
1004KB

MD5
3721f022bcc91479c3143e7c995fb99c

SHA1
f5921751c2d335aac060a31ed1f920e0d6bc1395

SHA256
1c837c87fd4cabda2bb7eb78e17b69d43d9a0eeea847308051a41f75b2ee4241

SHA512
0c3c47a035cc3d2826afd53b66f4a5044b7d6c1cd857fad25ad66716c48a65011976fcba638110937b69441c99e2f7a0d4b8481c6b834f727806b2c12e94e808

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\msvcm90.dll

Filesize
231KB

MD5
175c9bbc995278a3467a4070202d8125

SHA1
3aa1a38c3c0378690973a6cc336e51edade728b0

SHA256
40afddd5d8877400acf3b18fb249a6bd4fa651a800eff6763506891d7bf6d354

SHA512
c5a28e3bcdc826416246c94a30d546cf1825be0dc1c916bba955e0eb37cb6f6e05e97128dbf0ddebe8d291ba071a46632c69845ce12344edfc07892dfc9505bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\msvcp90.dll

Filesize
558KB

MD5
1033ed022335b7128cfed89d281198de

SHA1
16e1ad44171bf5778e4d7a5f0773666f12c9342c

SHA256
bcdbf3df1607b2cb0a1d430376a0e5852848d9a048af779e98aa86e3894de500

SHA512
5de6d991840746d1e300baa4d3fd4b0df7d366e14ae2584088c67735eee6fafdd3346914ac8f87c659517fa89cec353dae1a7f324b059d4768f4637811dc071c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\msvcr90.dll

Filesize
643KB

MD5
fb57e688154b2a541a999259b9f002e0

SHA1
7184e8c777d51d6e732cadc56186bb0350a2e6fd

SHA256
aa29b16bca5d49b64081a585a27a1a1533a8aafcdbdac54696c8620470556f47

SHA512
43f26d60409deef8f02d2f3b8cc4366408af70a4393a7fa8367145a4e903bc6fe206117ab06faca92edd9d256905392014c865ee2b34ea96fd908546ded5e780

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\ndt.dll

Filesize
387KB

MD5
24e6e1456ca4f3782814a76797ca8c77

SHA1
e44b131a7a981b77a9d2a409b97812aa6d42263e

SHA256
74a35c48b1daf55efeaf7964ad22f14f563d3767c82ed0c2682fcf505fa15ca9

SHA512
b869f26c89317ae122e66bbd2417a57d374aaa4fd5717a10a822952a4ee3932de50881722584aaf7fc5dbd93419bbcc55dc9581e862dffffd2183e597b33634c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\ndt7-client.exe

Filesize
11.4MB

MD5
4affa5b2d7c08ff29c36d02e76a71ffb

SHA1
4886ec83710d517050966c9d792d4f8bc221d98b

SHA256
736444fa08bf2a9e11a6d8573482e63aabea0b7795e679da95c393f0469c95e5

SHA512
455805db2498d66c463c78da989a293569d5e5ea77dc3d9e141bde96c78408313e3bb04733784e98599e54b14fb1b1ebfcd620c4e96d5d4e8dc95f19acd6c0de

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\netsnmp.dll

Filesize
414KB

MD5
18b82b4b30618d142f6ea7d54151e077

SHA1
f6f773e7d82e963c3e60cc079c922337c69cc1df

SHA256
916886aa87445d86c01bf9ed05c89c2200e16cd37afc8974769b2be0a0df420b

SHA512
255b4b60596f183fadab393a76189de69c55718908df4353ac6c6fbbee2b674164b39867a176b4ea798d37547d1c445432e186e383ce30376700a46d6fb0a2cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\[email protected]

Filesize
3KB

MD5
716986116ac564068ff3fd18259f9192

SHA1
38ff352ced3dbf213b0c848f43ac3b689aa10621

SHA256
6e9d4279d6799e49455c256d0a1cc02b793bf425f0226e4809cbd133db346dcd

SHA512
99bf630ea1852145a8065ba8a3f2baa29f907ebd3746e90b0481f9c36b0bd3ad1e0bc05418192983447090e05f87f0540670ab572adeef97b689b4cf3c74883a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\[email protected]

Filesize
4KB

MD5
d94b48d7d69aee3904d8762cbe7f7384

SHA1
b5a0d40b322335069a472dbe4ba13a242075befd

SHA256
8c4e386f11a019d572dbd34ba58ca8533ad6b7d7986b8b4aeb2ca3796f72cb04

SHA512
f74b0785a789cd6aab2ad408c9a03e6d9b98f139f4aef807e35b9e5fbc8837290b47419d331f8090a7111dee7a718a477c1473779c8787369f8595864919e22b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\npcap-1.20-oem.exe

Filesize
788KB

MD5
5c8b5b87f598bc59ce911d3bc5c85791

SHA1
744e1082cfc685cac069e969d5afe1a3878f1f11

SHA256
44acd9440d861ae33cf286fb10c61d813cf8861d730e98c2a10a75f9eadaaaaf

SHA512
4c8b6ca57b0a365c9f78dcf9572abb42dd470e31f52369a010c443cca63d43032799f7f4bbbbd49314fd6ed62b3a9760a4f2dd3371c20d8a7665f3df82ba9586

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\npcap-1.55-oem.exe

Filesize
1.3MB

MD5
bf02ee14f0db0598802ee261d776e541

SHA1
be4535563eeb8894e346cfed21cc7cffcc35552b

SHA256
434af4cfa9aef6f255b266b6a2ec95f26b0d65863f85e40186153c07a7fd7107

SHA512
5d369df6b1e2ec6e3d37d96bd0f5bf2cc5829deb0df5c260bf2a3292028d1c55c011cb200ab643436cbc7d111efe43adf760a9ec1edcf2a04c21672c10a24f4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\npptools.dll

Filesize
59KB

MD5
41f5fd025cd343e73e56f5513ac8ae86

SHA1
b871a13cf5d9793dd4e7f588b351040ad65da564

SHA256
d6276089775247364cd0d5203d5e4062cfebfc621b180c247df44f692806f063

SHA512
214d207882d931e884beb6d9d2d6d696b0b4016859bbf300dc4d94421c919ee40d60e46712e01b860f29eff48f4071d36e4df08f7de6b58860432e4d235ca49c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\overlook.dll

Filesize
10.4MB

MD5
ccd84a7cf4dd071266dbebb3c909e028

SHA1
5249ee3b7b646993003dd5609c3ed794fd4e37e9

SHA256
41290946e8db08d9fb966c330cb168977e8f476cde066ba7b1a280e99dbfe505

SHA512
a04223b11e8dfaa272ecf5f78ca30cd6018fa124a09ee9a3072074055f6d3d04c7810fdbc8a6102276d4bdb6f36190c531cab412a7feb707f76855cb511210bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\ssleay32.dll

Filesize
358KB

MD5
bcbdb5c1f0cccbbdd8d76bcce4e88e8e

SHA1
b2c1075173997ad61f71346205ea948140c2f0f3

SHA256
2b1460d66761461c4ba2accca8a3f8ee0630b45a1f116a2ce72a0737f35ce7ea

SHA512
6904a0f8a5ff0337f592bb2590a5bf338adaaf284d03da4c540484c8fc4fac29c69fdcc66ca678563aac3413030a034dc1cc6afb936c061e1b35add7c5dc3fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\resources\extraResources\zlib1.dll

Filesize
70KB

MD5
3ce2e7637c49c406c4f7942de4353422

SHA1
350013566d0443560a2b0b978d4eeb9c940881d9

SHA256
1a3975f77f48093d9b4d28f8a99b0473814ef81f669b0e08dcdc08d3d6c0f4ba

SHA512
2cb67b594ce0fb54320f0541959da0bc516ee57a507977349a95c712e2477a1cb7ff3eac9d5f132cfe1d9d972012c2e07cd3881b1f23c11be9e1d664477f3523

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\snapshot_blob.bin

Filesize
47KB

MD5
ad4b5eddcfa0a283fa0af0592dd4625d

SHA1
175c232b6fbfaeffa24344b876bc839f0920d395

SHA256
3850b3e025566f8af7f6f26a1cdd363340e0ae0c936fb48547221aee967d3d0d

SHA512
7026a872144129eb03eac8a341cfac1d90e78acddbc21278d3e2eaa3e4458a10bedd3ea9386e45133fec876f60f4965c8fb10c4fdd0229a706db0f4765198450

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\swiftshader\libEGL.dll

Filesize
460KB

MD5
aae19c3481319c9e5fd7411954049f96

SHA1
a35ecce9d27762e283c40ac139b985fa5fcfba98

SHA256
fac93bfa3d6cc39f2fe326bf12f82303c15dc5adcc5687552a29fbdc17602a00

SHA512
6c6cd212dfc94093b39e5e8871e0606fb0ad1e920c788d8b360eb94ddd58ffb68ed52a0bea060c4ea31885a3ce1fb4dcc3de7726e3b0320d52cf0b9e7a635e0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\swiftshader\libGLESv2.dll

Filesize
3.1MB

MD5
f598be084bc70d551f0e3748b117f9a0

SHA1
1865a3214d8912a68bbbe55deb1ea40a148860dd

SHA256
2cda43cd447f9d6bf18e7b200111cd56243dd25436edb9381d82836a3831586b

SHA512
987878adc9ea26760a1c9be67143cfd11b60f2347f6e7faf546d65b935e83443ec907e2fe95f5dac51f3bbffab7d5a9111093df897154d9c3f69fe72089b5011

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\v8_context_snapshot.bin

Filesize
161KB

MD5
e082a9ffd52e98b00e501e934a7e9d8d

SHA1
21746f70466633f881581d9bee651619d8b4b109

SHA256
08058ff9086099965041d0e85e8847704c624baf689ec3bb6a041e7776332520

SHA512
5b6a6f58a9037c260b1b76bb7605746c251641e20153b5e75d99f4b4afb1367a7a44ba255034c9090e7c48748402a6e0bad13da2c4c3e8b7b88bd1d80898fd3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\vk_swiftshader.dll

Filesize
4.5MB

MD5
2949ff38e499e13ed501fabd5db3b29b

SHA1
5d24549e0e2a8d5fc320614ee515c00bc68542e6

SHA256
c518d226679ec9fa6f69a88caa5ba9d11dc9cdefb953e70f49fa5d647d3f82cf

SHA512
e8f4dd9ac1b8989894df9435ec96012715273e7083aa3843688ec9f0c990a7471a8369a96eda9ef8de3e72ed2a0d57fdf776702a69baa7ddc01d56a8386bb01d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\7z-out\vulkan-1.dll

Filesize
719KB

MD5
fff2e5163566fbee86d17e1cc4b8d3a9

SHA1
73e3bc524f2245832a8d10dede6f9dfc179eaa79

SHA256
940f3eb01d77bd6eab88158a42824d08425226171311a1c413065e68f5c83ee4

SHA512
0559e7d25fdcfbba9c99709f66efd7cd7c9f4a3f4626e84cf9ab9eb089ca25d8ef0257d1dacb2512b2410c5fb309dfb17c325c7e8e316b6314bf4e2419959c02

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsiA6B1.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\InstallOptions.dll

Filesize
22KB

MD5
170c17ac80215d0a377b42557252ae10

SHA1
4cbab6cc189d02170dd3ba7c25aa492031679411

SHA256
61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

SHA512
0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\NPFInstall.exe

Filesize
301KB

MD5
2bca4e32988e59ebf23abd9b3abe61e1

SHA1
216ea7af13c7077cb0278fdad2e765d8bc025f52

SHA256
3b7d4a3e7e99ed686c1dfa8f51e60efb775a3d10a3bd78670cb53e1f5d2f841d

SHA512
3a5f4fcc447f4189cf24dcbc642d8a03f5beb1b1b7a023a84839c1408f17acefc4500f145a90cafa9587b5f38279f01daf821d19c78679f9fea8a671e4f3afaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\SimpleSC.dll

Filesize
1.1MB

MD5
87ae8e4021a33e862eb526e4115024c5

SHA1
77235246164874afec693a57a80b733307bc2675

SHA256
675201194c7a6222f0cd4d6ee77bbb4e9a19ba03fd3886978a9a9f0b9a10623e

SHA512
3bcbc97c3c69e6a0fc9834cd8e7937ba3aa617543dcb1991f8fa2e77ec5f472b3401703c6dc15a5fa2eb1c74243cdf967a08c955ede69ce06e585b961d611530

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\System.dll

Filesize
19KB

MD5
f020a8d9ede1fb2af3651ad6e0ac9cb1

SHA1
341f9345d669432b2a51d107cbd101e8b82e37b1

SHA256
7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0

SHA512
408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\nsExec.dll

Filesize
14KB

MD5
f9e61a25016dcb49867477c1e71a704e

SHA1
c01dc1fa7475e4812d158d6c00533410c597b5d9

SHA256
274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

SHA512
b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\roots.p7b

Filesize
1KB

MD5
397a5848d3696fc6ba0823088fea83db

SHA1
9189985f027de80d4882ab5e01604c59d6fc1f16

SHA256
ad3bca6f2b0ec032c7f1fe1adb186bd73be6a332c868bf16c9765087fff1c1ca

SHA512
66129a206990753967cd98c14a0a3e0e2a73bc4cd10cf84a5a05da7bf20719376989d64c6c7880a3e4754fc74653dd49f2ffeffd55fc4ee5966f65beb857118c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp7637.tmp\signing.p7b

Filesize
7KB

MD5
dd4bc901ef817319791337fb345932e8

SHA1
f8a3454a09d90a09273935020c1418fdb7b7eb7c

SHA256
8e681692403c0f7c0b24160f4642daa1eb080ce5ec754b6f47cc56b43e731b71

SHA512
0a67cc346f9752e1c868b7dc60b25704255ab1e6ea745850c069212f2724eba62ffaaa48309d5eba6ae0235223518610fb4b60fc422e4babba4f33d331c71db5

Download Submit
C:\Users\Admin\AppData\Roaming\Fing\config.json

Filesize
46B

MD5
40c0231cbdc8b345414a2f32b519fd22

SHA1
59ddcd3d7502f93cc2475b4416248afee233f50a

SHA256
40adcc3b7f2d895de6e799a953085ad43b80d95673f1dad872113cfd5d2290f1

SHA512
df3de5f1d8a0be63b3b4c30ebd4ef0e3909a19b8d526e516652b2e7a59a664321a1d68a1636a383e5302c8ea3d814b5703da83200abdef0efeb491456bff6ba5

Download Submit
C:\Users\Admin\AppData\Roaming\Fing\config.json.tmp-053520150069b5ee

Filesize
90B

MD5
25a0ed507dff20d5d5fe2c67775cfb89

SHA1
590c701b271109bcbdf9b1adbec7ecf6d1292e90

SHA256
01a72cae369d8b9a7f139778ae7040ddb9a645609d966e6445d0b70e34e33bec

SHA512
53f62c511622f170181ec5ac1af7e34cb62a5c8c0e16d58ac9c3f958df00e8abb50a52c50826ac92647901ced21b92348bdc5198e123a9cf954ef87ed3d01c4c

Download Submit
C:\Users\Admin\AppData\Roaming\Fing\config.json.tmp-0535201609a94267

Filesize
120B

MD5
65635b22ecf40a78c047763f1006bc00

SHA1
7e6f00b11c81fa4be88a463b57b94bed6d35c0a7

SHA256
2a9562fc6d461a41e782734c15fd3117fb427fce614d9d3291430cf8fb5cfe8b

SHA512
07341bb6843eb0a22a1637f2b3302899eafa7db65716d304ba581e909c02df8a3952e8703d36e18d252ec587e1ea34e879b48c69c9747ba6966f1f3ba222f0b3

Download Submit
C:\Users\Admin\AppData\Roaming\Fing\logs\main.log

Filesize
566B

MD5
2bcc351b73a79c8208313d926aad4c09

SHA1
a32af176faf14445c361dc8bd4ae08e781342251

SHA256
8353d3719c0cf6bb1f0bad1c64e1998d13683ef7af4a2b2d8631e66fefde70f5

SHA512
576e57f75f45c658b79fdf8ae45c31e607fcca5550d146471c1158c3b6382d398f25777ad35fe3205b93a025bdf7aab7804a4c71f02b13a4de86926b4ec06fcd

Download Submit
C:\Users\Admin\AppData\Roaming\Fing\logs\main.log

Filesize
1KB

MD5
69662a854d2f808496d941b94365248e

SHA1
076ffa3f82d815a3b5e4ee34d07ce75cc5fed499

SHA256
759a9f418adbd4e09c55f7218ff5bdc07a503329f53b794b0640b3fa95427228

SHA512
ac31111fb348dab4af99eb6bd64771af79597cbc78858db01eec75be1d48187ebec7546b0c2ec1c9fdd772b5092166213f8fc7eb49e38a24bfac70611bf346a9

Download Submit
memory/1416-1584-0x00007FFAAB8D0000-0x00007FFAAB8D1000-memory.dmp

Filesize
4KB

Download
memory/2336-1290-0x0000000000DB0000-0x0000000000DBD000-memory.dmp

Filesize
52KB

Download
memory/2336-1293-0x0000000000DF0000-0x0000000000EA2000-memory.dmp

Filesize
712KB

Download
memory/2336-1295-0x0000000000EE0000-0x0000000000F33000-memory.dmp

Filesize
332KB

Download
memory/2336-1297-0x0000000000F50000-0x0000000000F5D000-memory.dmp

Filesize
52KB

Download
memory/2336-1298-0x0000000000F70000-0x0000000000F83000-memory.dmp

Filesize
76KB

Download
memory/2336-1299-0x0000000000FA0000-0x0000000001027000-memory.dmp

Filesize
540KB

Download
memory/2336-1300-0x0000000001030000-0x000000000108B000-memory.dmp

Filesize
364KB

Download
memory/2336-1292-0x0000000000EB0000-0x0000000000ECC000-memory.dmp

Filesize
112KB

Download
memory/2944-1281-0x00000000010B0000-0x00000000010BD000-memory.dmp

Filesize
52KB

Download
memory/2944-1282-0x00000000010D0000-0x00000000010E3000-memory.dmp

Filesize
76KB

Download
memory/2944-1275-0x0000000000FF0000-0x000000000100C000-memory.dmp

Filesize
112KB

Download
memory/2944-1279-0x0000000001040000-0x0000000001093000-memory.dmp

Filesize
332KB

Download
memory/2944-1274-0x0000000000BF0000-0x0000000000BFD000-memory.dmp

Filesize
52KB

Download
memory/2944-1277-0x0000000000F30000-0x0000000000FE2000-memory.dmp

Filesize
712KB

Download
memory/2944-1283-0x0000000001100000-0x0000000001187000-memory.dmp

Filesize
540KB

Download
memory/2944-1284-0x0000000001190000-0x00000000011EB000-memory.dmp

Filesize
364KB

Download
memory/4548-1228-0x0000000007090000-0x0000000007133000-memory.dmp

Filesize
652KB

Download
memory/4548-1215-0x0000000005EE0000-0x0000000005F2C000-memory.dmp

Filesize
304KB

Download
memory/4548-1233-0x00000000073F0000-0x0000000007401000-memory.dmp

Filesize
68KB

Download
memory/4548-1232-0x0000000007440000-0x00000000074D6000-memory.dmp

Filesize
600KB

Download
memory/4548-1229-0x0000000007810000-0x0000000007E8A000-memory.dmp

Filesize
6.5MB

Download
memory/4548-1231-0x0000000007240000-0x000000000724A000-memory.dmp

Filesize
40KB

Download
memory/4548-1217-0x000000006ED40000-0x000000006ED8C000-memory.dmp

Filesize
304KB

Download
memory/4548-1227-0x00000000064B0000-0x00000000064CE000-memory.dmp

Filesize
120KB

Download
memory/4548-1216-0x0000000006470000-0x00000000064A2000-memory.dmp

Filesize
200KB

Download
memory/4548-1230-0x00000000071F0000-0x000000000720A000-memory.dmp

Filesize
104KB

Download
memory/4548-1214-0x0000000005EA0000-0x0000000005EBE000-memory.dmp

Filesize
120KB

Download
memory/4548-1213-0x0000000005890000-0x0000000005BE4000-memory.dmp

Filesize
3.3MB

Download
memory/4548-1203-0x0000000005810000-0x0000000005876000-memory.dmp

Filesize
408KB

Download
memory/4548-1202-0x00000000057A0000-0x0000000005806000-memory.dmp

Filesize
408KB

Download
memory/4548-1201-0x0000000005640000-0x0000000005662000-memory.dmp

Filesize
136KB

Download
memory/4548-1200-0x0000000004FD0000-0x00000000055F8000-memory.dmp

Filesize
6.2MB

Download
memory/4548-1199-0x0000000004910000-0x0000000004946000-memory.dmp

Filesize
216KB

Download
memory/5048-1181-0x0000000003060000-0x000000000317C000-memory.dmp

Filesize
1.1MB

Download