cf1f6cad1eee1bee797a0f80fbccbb12059cf2ea228c6b3d5cce8c7f3e1c814a

Analysis

max time kernel
148s
max time network
193s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/01/2023, 23:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

librewolf-107.0-1.en-US.win64-setup.exe
Size

122.4MB
MD5

5dc0adc3e8ed206cf8a239825c7ed089
SHA1

5d6ab93da3ac2db4625f1d5a6dc63b6f5c40cc7a
SHA256

cf1f6cad1eee1bee797a0f80fbccbb12059cf2ea228c6b3d5cce8c7f3e1c814a
SHA512

38f991ee220c0b728ced104a65ed61bf28e13baf63303975eead6b8a2d7f5c233abe75dfe57d19569d0df3d2b64f1be5ce2bdc4bd3ba6b31fc0b4324206cdcb3
SSDEEP

3145728:ejRO1NnrkOLVuBUrC6FaWNnAnLeoP1FM68uzuZV55U4qV87/ZL0T09E:8RO1JrnYqOUaWNnAndM68uyT52+779E

Score

8^/10

discovery evasion persistence trojan

Malware Config

Signatures

Blocklisted process makes network request 3 IoCs

flow	pid	Process
3	1160	msiexec.exe
5	1160	msiexec.exe
7	1160	msiexec.exe

Executes dropped EXE 14 IoCs

pid	Process
1648	vc_redist.x64.exe
948	vc_redist.x64.exe
1312	VC_redist.x64.exe
376	Process not Found
1380	librewolf.exe
268	librewolf.exe
2044	librewolf.exe
2012	librewolf.exe
1124	librewolf.exe
1464	librewolf.exe
1940	librewolf.exe
1660	librewolf.exe
2468	librewolf.exe
2912	librewolf.exe

Loads dropped DLL 64 IoCs

pid	Process
964	librewolf-107.0-1.en-US.win64-setup.exe
964	librewolf-107.0-1.en-US.win64-setup.exe
964	librewolf-107.0-1.en-US.win64-setup.exe
964	librewolf-107.0-1.en-US.win64-setup.exe
1648	vc_redist.x64.exe
948	vc_redist.x64.exe
948	vc_redist.x64.exe
1484	VC_redist.x64.exe
964	librewolf-107.0-1.en-US.win64-setup.exe
1412	Process not Found
376	Process not Found
1380	librewolf.exe
1380	librewolf.exe
1380	librewolf.exe
1380	librewolf.exe
268	librewolf.exe
268	librewolf.exe
268	librewolf.exe
268	librewolf.exe
268	librewolf.exe
268	librewolf.exe
268	librewolf.exe
2044	librewolf.exe
2044	librewolf.exe
2044	librewolf.exe
2044	librewolf.exe
2044	librewolf.exe
2044	librewolf.exe
2044	librewolf.exe
2044	librewolf.exe
2044	librewolf.exe
2044	librewolf.exe
2012	librewolf.exe
2012	librewolf.exe
2012	librewolf.exe
2012	librewolf.exe
2012	librewolf.exe
2012	librewolf.exe
2012	librewolf.exe
268	librewolf.exe
268	librewolf.exe
1124	librewolf.exe
1124	librewolf.exe
1124	librewolf.exe
1124	librewolf.exe
1464	librewolf.exe
1464	librewolf.exe
1464	librewolf.exe
1464	librewolf.exe
268	librewolf.exe
268	librewolf.exe
1940	librewolf.exe
1940	librewolf.exe
1940	librewolf.exe
1940	librewolf.exe
1940	librewolf.exe
1940	librewolf.exe
1940	librewolf.exe
1660	librewolf.exe
1660	librewolf.exe
1660	librewolf.exe
1660	librewolf.exe
1660	librewolf.exe
1660	librewolf.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{d4cecf3b-b68f-4995-8840-52ea0fab646e} = "\"C:\\ProgramData\\Package Cache\\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\\VC_redist.x64.exe\" /burn.runonce"	VC_redist.x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	librewolf.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Drops file in System32 directory 50 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\system32\mfc140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140cht.dll	msiexec.exe
File created	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfc140rus.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File created	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File opened for modification	C:\Windows\system32\concrt140.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_codecvt_ids.dll	msiexec.exe
File created	C:\Windows\system32\mfc140kor.dll	msiexec.exe
File created	C:\Windows\system32\mfcm140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140esn.dll	msiexec.exe
File created	C:\Windows\system32\mfc140chs.dll	msiexec.exe
File created	C:\Windows\system32\mfc140deu.dll	msiexec.exe
File created	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcp140_1.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcomp140.dll	msiexec.exe
File created	C:\Windows\system32\concrt140.dll	msiexec.exe
File created	C:\Windows\system32\vcamp140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm140u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc140jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vcruntime140_1.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_2.dll	msiexec.exe
File created	C:\Windows\system32\msvcp140_atomic_wait.dll	msiexec.exe
File created	C:\Windows\system32\mfc140enu.dll	msiexec.exe
File created	C:\Windows\system32\mfc140fra.dll	msiexec.exe
File created	C:\Windows\system32\mfc140ita.dll	msiexec.exe

Drops file in Program Files directory 50 IoCs

description	ioc	Process
File created	C:\Program Files\LibreWolf\application.ini	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\firefox.VisualElementsManifest.xml	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\librewolf.cfg	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\browser\features\[email protected]	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\defaults\pref\channel-prefs.js	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\fonts\TwemojiMozilla.ttf	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\gmp-clearkey\0.1\manifest.json	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\dependentlibs.list	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\librewolf.exe	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\plugin-container.exe	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\qipcap64.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\xul.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\browser\VisualElements\VisualElements_150.png	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\browser\VisualElements\VisualElements_70.png	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\uninstall\helper.exe	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\AccessibleHandler.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\AccessibleMarshal.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\mozavcodec.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\nssckbi.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\removed-files	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\gmp-clearkey\0.1\clearkey.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\Accessible.tlb	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\lgpllibs.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\libEGL.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\precomplete	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\private_browsing.exe	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\browser\features\[email protected]	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\browser\features\[email protected]	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\ipcclientcerts.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\private_browsing.VisualElementsManifest.xml	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\softokn3.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\browser\omni.ja	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\browser\VisualElements\PrivateBrowsing_70.png	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\freebl3.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\mozavutil.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\mozglue.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\notificationserver.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\uninstall.exe	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\IA2Marshal.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\librewolf.ico	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\nss3.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\omni.ja	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\platform.ini	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\browser\features\[email protected]	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\distribution\policies.json	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\d3dcompiler_47.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\libGLESv2.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\osclientcerts.dll	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\pingsender.exe	librewolf-107.0-1.en-US.win64-setup.exe
File created	C:\Program Files\LibreWolf\browser\VisualElements\PrivateBrowsing_150.png	librewolf-107.0-1.en-US.win64-setup.exe

Drops file in Windows directory 20 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.ev3	DrvInst.exe
File created	C:\Windows\Installer\6d4482.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\6d4482.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\6d4492.msi	msiexec.exe
File created	C:\Windows\Installer\6d4494.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5DB9.tmp	msiexec.exe
File opened for modification	C:\Windows\WindowsUpdate.log	VC_redist.x64.exe
File opened for modification	C:\Windows\INF\setupapi.ev1	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Installer\6d4491.msi	msiexec.exe
File created	C:\Windows\Installer\6d4492.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5BD3.tmp	msiexec.exe
File created	C:\Windows\Installer\6d4480.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6d4480.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5160.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5430.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\6d44a6.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6d4494.ipi	msiexec.exe
File opened for modification	C:\Windows\WindowsUpdate.log	VC_redist.x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	librewolf.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	librewolf.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	librewolf.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	librewolf.exe

Modifies data under HKEY_USERS 52 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\31	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2F	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\30	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\ = "{CF4C347D-954E-4543-88D2-EC17F07F466F}"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{CF4C347D-954E-4543-88D2-EC17F07F466F}v14.34.31931\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\Language = "1033"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.34,bundle\Dependents	VC_redist.x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\Version = "237141179"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\ProductName = "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31931"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\PackageCode = "1DBC1304665E4F940B80D553526312EA"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Dependents\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.34,bundle\Dependents\{d4cecf3b-b68f-4995-8840-52ea0fab646e}	VC_redist.x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\InstanceType = "0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{EAE242B1-0A26-485A-BFEB-0292EE9F03CB}v14.34.31931\\packages\\vcRuntimeAdditional_amd64\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LibreWolfHTM\DefaultIcon\ = "C:\\Program Files\\LibreWolf\\librewolf.exe,0"	librewolf-107.0-1.en-US.win64-setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53\D743C4FCE4593454882DCE710FF764F6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LibreWolfHTM\ = "LibreWolf Handler"	librewolf-107.0-1.en-US.win64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LibreWolfHTM\Application\ApplicationName = "LibreWolf"	librewolf-107.0-1.en-US.win64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LibreWolfHTM\Application\ApplicationDescription = "Start the LibreWolf Browser"	librewolf-107.0-1.en-US.win64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D743C4FCE4593454882DCE710FF764F6\Provider	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LibreWolfHTM\shell\open	librewolf-107.0-1.en-US.win64-setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.30,bundle\Dependents\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D743C4FCE4593454882DCE710FF764F6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D743C4FCE4593454882DCE710FF764F6\VC_Runtime_Minimum	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\SourceList\PackageName = "vc_runtimeMinimum_x64.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\AuthorizedLUAApp = "0"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\LibreWolfHTM\Application	librewolf-107.0-1.en-US.win64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LibreWolfHTM\Application\ApplicationCompany = "LibreWolf Community"	librewolf-107.0-1.en-US.win64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Version = "14.34.31931"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\ProductName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14	VC_redist.x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LibreWolfHTM\AppUserModelId = "LibreWolf"	librewolf-107.0-1.en-US.win64-setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LibreWolfHTM\shell\open\command\ = "\"C:\\Program Files\\LibreWolf\\librewolf.exe\" -osint -url \"%1\""	librewolf-107.0-1.en-US.win64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.34,bundle\DisplayName = "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31931"	VC_redist.x64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8800A266DCF6DD54E97A86760485EA5D	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\Version = "14.34.31931"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v14\DisplayName = "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31931"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\09A86F63C932FD435BC8463B1035EC53	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D743C4FCE4593454882DCE710FF764F6\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Net	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\VC,redist.x64,amd64,14.34,bundle	VC_redist.x64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\SourceList\Net	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_amd64,v14\Dependents\{57A73DF6-4BA9-4C1D-BBBB-517289FF6C13}	VC_redist.x64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\LibreWolfHTM\shell\open\command	librewolf-107.0-1.en-US.win64-setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LibreWolfHTM\shell	librewolf-107.0-1.en-US.win64-setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\88AAB0B9F51EF1A3CA0C2B609EDD7FC1	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\DeploymentFlags = "3"	msiexec.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\8A567BD6FA501A947AD1F646E53EEC14\SourceList\Media	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1B242EAE62A0A584FBBE2029EEF930BC\SourceList\PackageName = "vc_runtimeAdditional_x64.msi"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
964	librewolf-107.0-1.en-US.win64-setup.exe
964	librewolf-107.0-1.en-US.win64-setup.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe
1160	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeBackupPrivilege	1468	vssvc.exe
Token: SeRestorePrivilege	1468	vssvc.exe
Token: SeAuditPrivilege	1468	vssvc.exe
Token: SeRestorePrivilege	820	DrvInst.exe
Token: SeRestorePrivilege	820	DrvInst.exe
Token: SeRestorePrivilege	820	DrvInst.exe
Token: SeRestorePrivilege	820	DrvInst.exe
Token: SeRestorePrivilege	820	DrvInst.exe
Token: SeRestorePrivilege	820	DrvInst.exe
Token: SeRestorePrivilege	820	DrvInst.exe
Token: SeLoadDriverPrivilege	820	DrvInst.exe
Token: SeLoadDriverPrivilege	820	DrvInst.exe
Token: SeLoadDriverPrivilege	820	DrvInst.exe
Token: SeShutdownPrivilege	1312	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	1312	VC_redist.x64.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeSecurityPrivilege	1160	msiexec.exe
Token: SeCreateTokenPrivilege	1312	VC_redist.x64.exe
Token: SeAssignPrimaryTokenPrivilege	1312	VC_redist.x64.exe
Token: SeLockMemoryPrivilege	1312	VC_redist.x64.exe
Token: SeIncreaseQuotaPrivilege	1312	VC_redist.x64.exe
Token: SeMachineAccountPrivilege	1312	VC_redist.x64.exe
Token: SeTcbPrivilege	1312	VC_redist.x64.exe
Token: SeSecurityPrivilege	1312	VC_redist.x64.exe
Token: SeTakeOwnershipPrivilege	1312	VC_redist.x64.exe
Token: SeLoadDriverPrivilege	1312	VC_redist.x64.exe
Token: SeSystemProfilePrivilege	1312	VC_redist.x64.exe
Token: SeSystemtimePrivilege	1312	VC_redist.x64.exe
Token: SeProfSingleProcessPrivilege	1312	VC_redist.x64.exe
Token: SeIncBasePriorityPrivilege	1312	VC_redist.x64.exe
Token: SeCreatePagefilePrivilege	1312	VC_redist.x64.exe
Token: SeCreatePermanentPrivilege	1312	VC_redist.x64.exe
Token: SeBackupPrivilege	1312	VC_redist.x64.exe
Token: SeRestorePrivilege	1312	VC_redist.x64.exe
Token: SeShutdownPrivilege	1312	VC_redist.x64.exe
Token: SeDebugPrivilege	1312	VC_redist.x64.exe
Token: SeAuditPrivilege	1312	VC_redist.x64.exe
Token: SeSystemEnvironmentPrivilege	1312	VC_redist.x64.exe
Token: SeChangeNotifyPrivilege	1312	VC_redist.x64.exe
Token: SeRemoteShutdownPrivilege	1312	VC_redist.x64.exe
Token: SeUndockPrivilege	1312	VC_redist.x64.exe
Token: SeSyncAgentPrivilege	1312	VC_redist.x64.exe
Token: SeEnableDelegationPrivilege	1312	VC_redist.x64.exe
Token: SeManageVolumePrivilege	1312	VC_redist.x64.exe
Token: SeImpersonatePrivilege	1312	VC_redist.x64.exe
Token: SeCreateGlobalPrivilege	1312	VC_redist.x64.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeRestorePrivilege	1160	msiexec.exe
Token: SeTakeOwnershipPrivilege	1160	msiexec.exe
Token: SeRestorePrivilege	1160	msiexec.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
268	librewolf.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 1648	964	librewolf-107.0-1.en-US.win64-setup.exe	26
PID 964 wrote to memory of 1648	964	librewolf-107.0-1.en-US.win64-setup.exe	26
PID 964 wrote to memory of 1648	964	librewolf-107.0-1.en-US.win64-setup.exe	26
PID 964 wrote to memory of 1648	964	librewolf-107.0-1.en-US.win64-setup.exe	26
PID 964 wrote to memory of 1648	964	librewolf-107.0-1.en-US.win64-setup.exe	26
PID 964 wrote to memory of 1648	964	librewolf-107.0-1.en-US.win64-setup.exe	26
PID 964 wrote to memory of 1648	964	librewolf-107.0-1.en-US.win64-setup.exe	26
PID 1648 wrote to memory of 948	1648	vc_redist.x64.exe	27
PID 1648 wrote to memory of 948	1648	vc_redist.x64.exe	27
PID 1648 wrote to memory of 948	1648	vc_redist.x64.exe	27
PID 1648 wrote to memory of 948	1648	vc_redist.x64.exe	27
PID 1648 wrote to memory of 948	1648	vc_redist.x64.exe	27
PID 1648 wrote to memory of 948	1648	vc_redist.x64.exe	27
PID 1648 wrote to memory of 948	1648	vc_redist.x64.exe	27
PID 948 wrote to memory of 1312	948	vc_redist.x64.exe	28
PID 948 wrote to memory of 1312	948	vc_redist.x64.exe	28
PID 948 wrote to memory of 1312	948	vc_redist.x64.exe	28
PID 948 wrote to memory of 1312	948	vc_redist.x64.exe	28
PID 948 wrote to memory of 1312	948	vc_redist.x64.exe	28
PID 948 wrote to memory of 1312	948	vc_redist.x64.exe	28
PID 948 wrote to memory of 1312	948	vc_redist.x64.exe	28
PID 1312 wrote to memory of 512	1312	VC_redist.x64.exe	34
PID 1312 wrote to memory of 512	1312	VC_redist.x64.exe	34
PID 1312 wrote to memory of 512	1312	VC_redist.x64.exe	34
PID 1312 wrote to memory of 512	1312	VC_redist.x64.exe	34
PID 1312 wrote to memory of 512	1312	VC_redist.x64.exe	34
PID 1312 wrote to memory of 512	1312	VC_redist.x64.exe	34
PID 1312 wrote to memory of 512	1312	VC_redist.x64.exe	34
PID 512 wrote to memory of 1484	512	VC_redist.x64.exe	35
PID 512 wrote to memory of 1484	512	VC_redist.x64.exe	35
PID 512 wrote to memory of 1484	512	VC_redist.x64.exe	35
PID 512 wrote to memory of 1484	512	VC_redist.x64.exe	35
PID 512 wrote to memory of 1484	512	VC_redist.x64.exe	35
PID 512 wrote to memory of 1484	512	VC_redist.x64.exe	35
PID 512 wrote to memory of 1484	512	VC_redist.x64.exe	35
PID 1484 wrote to memory of 760	1484	VC_redist.x64.exe	36
PID 1484 wrote to memory of 760	1484	VC_redist.x64.exe	36
PID 1484 wrote to memory of 760	1484	VC_redist.x64.exe	36
PID 1484 wrote to memory of 760	1484	VC_redist.x64.exe	36
PID 1484 wrote to memory of 760	1484	VC_redist.x64.exe	36
PID 1484 wrote to memory of 760	1484	VC_redist.x64.exe	36
PID 1484 wrote to memory of 760	1484	VC_redist.x64.exe	36
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 1380 wrote to memory of 268	1380	librewolf.exe	38
PID 268 wrote to memory of 2044	268	librewolf.exe	39
PID 268 wrote to memory of 2044	268	librewolf.exe	39
PID 268 wrote to memory of 2044	268	librewolf.exe	39
PID 268 wrote to memory of 2044	268	librewolf.exe	39
PID 268 wrote to memory of 2044	268	librewolf.exe	39
PID 268 wrote to memory of 2044	268	librewolf.exe	39
PID 268 wrote to memory of 2044	268	librewolf.exe	39
PID 268 wrote to memory of 2044	268	librewolf.exe	39
PID 268 wrote to memory of 2044	268	librewolf.exe	39
PID 268 wrote to memory of 2044	268	librewolf.exe	39

C:\Users\Admin\AppData\Local\Temp\librewolf-107.0-1.en-US.win64-setup.exe
"C:\Users\Admin\AppData\Local\Temp\librewolf-107.0-1.en-US.win64-setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:964
- C:\Users\Admin\AppData\Local\Temp\nst8680.tmp\vc_redist.x64.exe
  C:\Users\Admin\AppData\Local\Temp\nst8680.tmp\vc_redist.x64.exe /install /quiet /norestart
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1648
- - C:\Windows\Temp\{2BB57FD8-8E88-4454-943A-3F8A5EFC09A9}\.cr\vc_redist.x64.exe
    "C:\Windows\Temp\{2BB57FD8-8E88-4454-943A-3F8A5EFC09A9}\.cr\vc_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nst8680.tmp\vc_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 /install /quiet /norestart
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:948
  - - C:\Windows\Temp\{E2517516-92F9-45CD-A88F-498BD038BC46}\.be\VC_redist.x64.exe
      "C:\Windows\Temp\{E2517516-92F9-45CD-A88F-498BD038BC46}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{7DE2826B-2232-424E-950B-D0F37CB2BF00} {1F440564-A430-4030-9F1F-D7D314426A9D} 948
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Drops file in Windows directory
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1312
    - - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=512 -burn.embedded BurnPipe.{9693F894-CAB4-451B-8120-883A970A175A} {98C4C306-17A4-45E6-8E11-5B0F9AE3A6F2} 1312
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:512
      - C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.clean.room="C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188 -uninstall -quiet -burn.related.upgrade -burn.ancestors={d4cecf3b-b68f-4995-8840-52ea0fab646e} -burn.filehandle.self=512 -burn.embedded BurnPipe.{9693F894-CAB4-451B-8120-883A970A175A} {98C4C306-17A4-45E6-8E11-5B0F9AE3A6F2} 1312
        6⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1484
        
        C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        
        "C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{4D044F00-AA9A-4E3C-AD1B-613ACE869D7D} {D615B7CF-7622-43BA-89A2-F5CA6196D268} 1484
        7⤵
        Drops file in Windows directory
        Modifies registry class
        
        PID:760

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1468

C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000490" "0000000000000550"
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:820

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1160

C:\Program Files\LibreWolf\librewolf.exe
"C:\Program Files\LibreWolf\librewolf.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Program Files\LibreWolf\librewolf.exe
  "C:\Program Files\LibreWolf\librewolf.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:268
- - C:\Program Files\LibreWolf\librewolf.exe
    "C:\Program Files\LibreWolf\librewolf.exe" -contentproc --channel="268.0.1427780592\642524894" -parentBuildID 20221115161247 -prefsHandle 1120 -prefMapHandle 1112 -prefsLen 18180 -prefMapSize 228834 -appDir "C:\Program Files\LibreWolf\browser" - {fd7c6b02-c4ec-477d-a2a0-8ac07e9e7622} 268 socket
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2044
- - C:\Program Files\LibreWolf\librewolf.exe
    "C:\Program Files\LibreWolf\librewolf.exe" -contentproc --channel="268.1.1616173533\1936808191" -parentBuildID 20221115161247 -prefsHandle 1424 -prefMapHandle 1396 -prefsLen 18781 -prefMapSize 228834 -appDir "C:\Program Files\LibreWolf\browser" - {19b48eee-ac78-413c-a912-8154df11828e} 268 gpu
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2012
- - C:\Program Files\LibreWolf\librewolf.exe
    "C:\Program Files\LibreWolf\librewolf.exe" -contentproc --channel="268.2.203119125\717230961" -childID 1 -isForBrowser -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 19674 -prefMapSize 228834 -jsInitHandle 832 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221115161247 -appDir "C:\Program Files\LibreWolf\browser" - {c680d355-3e69-4e7d-8813-06d5390d0c84} 268 tab
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1940
- - C:\Program Files\LibreWolf\librewolf.exe
    "C:\Program Files\LibreWolf\librewolf.exe" -contentproc --channel="268.3.909988554\990451940" -childID 2 -isForBrowser -prefsHandle 2140 -prefMapHandle 2112 -prefsLen 19719 -prefMapSize 228834 -jsInitHandle 832 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221115161247 -appDir "C:\Program Files\LibreWolf\browser" - {7b4d0c89-ce74-4358-978a-e4daf8f82ca1} 268 tab
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1660
- - C:\Program Files\LibreWolf\librewolf.exe
    "C:\Program Files\LibreWolf\librewolf.exe" -contentproc --channel="268.4.1456862504\1775041754" -childID 3 -isForBrowser -prefsHandle 2456 -prefMapHandle 2484 -prefsLen 20843 -prefMapSize 228834 -jsInitHandle 832 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221115161247 -appDir "C:\Program Files\LibreWolf\browser" - {6ee03ee5-8bf3-4705-8d01-fe7e53c20aa5} 268 tab
    3⤵
    - Executes dropped EXE
    PID:2468
- - C:\Program Files\LibreWolf\librewolf.exe
    "C:\Program Files\LibreWolf\librewolf.exe" -contentproc --channel="268.5.1974488917\379260061" -parentBuildID 20221115161247 -prefsHandle 2608 -prefMapHandle 976 -prefsLen 20884 -prefMapSize 228834 -appDir "C:\Program Files\LibreWolf\browser" - {1858fa00-16f9-489a-ad45-21040d747405} 268 rdd
    3⤵
    - Executes dropped EXE
    PID:2912
- - C:\Program Files\LibreWolf\librewolf.exe
    "C:\Program Files\LibreWolf\librewolf.exe" -contentproc --channel="268.6.1837486681\1773904180" -childID 4 -isForBrowser -prefsHandle 2936 -prefMapHandle 2964 -prefsLen 26909 -prefMapSize 228834 -jsInitHandle 832 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221115161247 -appDir "C:\Program Files\LibreWolf\browser" - {c5fc8ea7-cf42-49ab-a1eb-13549cc8c851} 268 tab
    3⤵
    PID:2456
- - C:\Program Files\LibreWolf\librewolf.exe
    "C:\Program Files\LibreWolf\librewolf.exe" -contentproc --channel="268.7.314666116\197791174" -childID 5 -isForBrowser -prefsHandle 2952 -prefMapHandle 2924 -prefsLen 26909 -prefMapSize 228834 -jsInitHandle 832 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221115161247 -appDir "C:\Program Files\LibreWolf\browser" - {b7452145-ed69-4ad1-b430-e6b0d164983a} 268 tab
    3⤵
    PID:3056
- - C:\Program Files\LibreWolf\librewolf.exe
    "C:\Program Files\LibreWolf\librewolf.exe" -contentproc --channel="268.8.1863639478\1629058937" -childID 6 -isForBrowser -prefsHandle 3652 -prefMapHandle 3656 -prefsLen 27490 -prefMapSize 228834 -jsInitHandle 832 -jsInitLen 246704 -a11yResourceId 64 -parentBuildID 20221115161247 -appDir "C:\Program Files\LibreWolf\browser" - {727e69b0-8a8d-43fc-8551-3584ae9408d8} 268 tab
    3⤵
    PID:2880

C:\Program Files\LibreWolf\librewolf.exe
"C:\Program Files\LibreWolf\librewolf.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1124
- C:\Program Files\LibreWolf\librewolf.exe
  "C:\Program Files\LibreWolf\librewolf.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1464

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\LibreWolf\browser\features\[email protected]

Filesize
730KB

MD5
7ba861e2fb1c556b70d758da650e58e4

SHA1
74e5cd8eade0a70b3abdf98b4fa14ea1d6d8e430

SHA256
1c8aa2a732c337f344895e2d19f65cd935fbe9100d90d42a7fdc4b0c57e7d9bc

SHA512
562fb5d6d89e6a63e225b381b623e7c9f8b346f41b40878830cb812728dba5b9688308ad46029ab88237686da83b840863680759b3ef63f7c37283f53466a8df

Download Submit
C:\Program Files\LibreWolf\browser\features\[email protected]

Filesize
43KB

MD5
e8bd09efb7650beb2d11ca2b5366565c

SHA1
3c98104ab597895d34b856db730ed448be90dcca

SHA256
269093e4c14e8e147c1f4894c7b20105a8c9fb27b6e3ac0f4ec71bc5111cfa1c

SHA512
ac7dcd6c2a66116eaedcfcec79b3c1a3d759b9ea6c913a14f87b91995cb43cc07242f0f9b97e0a88cfc0e501573781c42018e4a8106cb5396699369f82741078

Download Submit
C:\Program Files\LibreWolf\browser\features\[email protected]

Filesize
168KB

MD5
5114c26ae781f0abcaeafb6e81863849

SHA1
ec53031ed27405e67840a4facb6f531a56ff10f0

SHA256
f01e455c0121725329e7138718ed874f9b3a684b970a694db0674acd7d46dc00

SHA512
ea9a4d57a1695806d1f8069e772dfe3c93cfc4c43b594a60ed72b5f2832227128c52d744c977ed910f3d0a5e46171a2ab3639029266f655ba6c45b61683902a6

Download Submit
C:\Program Files\LibreWolf\browser\omni.ja

Filesize
88.6MB

MD5
9fdb777d435925e380dae5e5145bd9e7

SHA1
2a6a19c78d310d27db684b64fc2027238e0560ad

SHA256
262e95cada8b85a71f3aa615f98b5ecdcff8d46d52329ebc134f51b14486653e

SHA512
a84a426fdb340b9d2406feb3dd24c238864e19a30deefcb9e58cef4bb73b21f83bf6337700cdae3f92632956841453f1f37892a30f2645c1768a2a857edc0fd2

Download Submit
C:\Program Files\LibreWolf\defaults\pref\channel-prefs.js

Filesize
429B

MD5
7bf8c4ca1cfa4e7fa4d2ba4149e3d217

SHA1
ee563f07617fe87b0b9c37af794874852b6820ff

SHA256
ef9fba57b2c3755b630b44ccfe703e2753d538fa50e3c52fc279c29e6db8200f

SHA512
d9923b90572e6d8d5236a8d76838953553c7b46e812c891f9246ba941c630199feadf16663a002444138839babbff696246a0636993fc1b1ccac17fabbc40cd1

Download Submit
C:\Program Files\LibreWolf\dependentlibs.list

Filesize
42B

MD5
70b1d09d91bc834e84a48a259f7c1ee9

SHA1
592ddaec59f760c0afe677ad3001f4b1a85bb3c0

SHA256
2b157d7ff7505d10cb5c3a7de9ba14a6832d1f5bfdbfe4fff981b5db394db6ce

SHA512
b37be03d875aa75df5a525f068ed6cf43970d38088d7d28ae100a51e2baa55c2ad5180be0beda2300406db0bdea231dde1d3394ee1c466c0230253edfe6aa6e4

Download Submit
C:\Program Files\LibreWolf\distribution\policies.json

Filesize
21KB

MD5
44a63a28b337485a550d0141fc178403

SHA1
7307d7176e706f45597c0c9334002e3ed56a85fc

SHA256
568a0baf91eac65dabc5283c0f9e5d2c3aae1348e32e2895f399ff7886024ce0

SHA512
013722498b3e437b647276b9f5219f5b80bbc7f26615a0ecadddcdcae5e4d45984ed818ef8d19a8aafc51b60d9cb795cd147b3e3c8c014c3ab6b1f45c37584e0

Download Submit
C:\Program Files\LibreWolf\lgpllibs.dll

Filesize
35KB

MD5
f5b9286424d8e7a0f5ed94b7a48bad3f

SHA1
35257b0cfd9826a31a9353096cabf2c912a2f74e

SHA256
929f7b3a5acbd239ca39b91e9ee927fb4496737fdfb61b3a906f99d563188d41

SHA512
3a9c3425817acb9013dea4d00ad56afaf1f091a62c24883d09c1cd7d79724e67fe1cea9d780208459c8e328648c4d6baec495dda93b9a45d6f5c464de39342a8

Download Submit
C:\Program Files\LibreWolf\librewolf.cfg

Filesize
24KB

MD5
c5a2be812ab3d150b359be74682318b0

SHA1
14ab993253336a64b55d3aefabe0fe2a8bac5cb2

SHA256
782542e5ade03f4f826e52b1a5dba5a9bf06f1d5df7f29bd90b332e3c7664605

SHA512
ff0e01c4b2dd9c2f6c0bd5a0e5efc9f5428cb2e1a8d146c786b78cdaad7c26c55abc3d7d0eb21c225c16226705a91c94e3559b5b91ae8682a730f7fc31439dfc

Download Submit
C:\Program Files\LibreWolf\librewolf.exe

Filesize
640KB

MD5
3ad9a5bd9e2e51e4bbc8d8c56f47bf26

SHA1
b3a0f2112800517c16a5b47a6834761b73185878

SHA256
42a301df9506c8bd098e9a7c80b56554bd4f28352cbd9df68aa9b6f5ebfdd8b1

SHA512
bb874721781ed8075a62e33f6c78c8ff3ade411318564204abc39f0f32653473c4c6ce973cf416bc645003d334d5fd78f8d08347d158102d868b47b06dc7ca41

Download Submit
C:\Program Files\LibreWolf\librewolf.exe

Filesize
640KB

MD5
3ad9a5bd9e2e51e4bbc8d8c56f47bf26

SHA1
b3a0f2112800517c16a5b47a6834761b73185878

SHA256
42a301df9506c8bd098e9a7c80b56554bd4f28352cbd9df68aa9b6f5ebfdd8b1

SHA512
bb874721781ed8075a62e33f6c78c8ff3ade411318564204abc39f0f32653473c4c6ce973cf416bc645003d334d5fd78f8d08347d158102d868b47b06dc7ca41

Download Submit
C:\Program Files\LibreWolf\librewolf.exe

Filesize
640KB

MD5
3ad9a5bd9e2e51e4bbc8d8c56f47bf26

SHA1
b3a0f2112800517c16a5b47a6834761b73185878

SHA256
42a301df9506c8bd098e9a7c80b56554bd4f28352cbd9df68aa9b6f5ebfdd8b1

SHA512
bb874721781ed8075a62e33f6c78c8ff3ade411318564204abc39f0f32653473c4c6ce973cf416bc645003d334d5fd78f8d08347d158102d868b47b06dc7ca41

Download Submit
C:\Program Files\LibreWolf\librewolf.exe

Filesize
640KB

MD5
3ad9a5bd9e2e51e4bbc8d8c56f47bf26

SHA1
b3a0f2112800517c16a5b47a6834761b73185878

SHA256
42a301df9506c8bd098e9a7c80b56554bd4f28352cbd9df68aa9b6f5ebfdd8b1

SHA512
bb874721781ed8075a62e33f6c78c8ff3ade411318564204abc39f0f32653473c4c6ce973cf416bc645003d334d5fd78f8d08347d158102d868b47b06dc7ca41

Download Submit
C:\Program Files\LibreWolf\mozglue.dll

Filesize
664KB

MD5
9af719e9fbf3d4ef9285f90b01f2434f

SHA1
fa18086855e1648af62d3369853486745fd0bc0d

SHA256
ed453d61336245e978c9db13e4e0eeae752912cf22592e2651464ac7b7d62790

SHA512
9522d908b9b1fa1bbedf9ca8c96f510f1b417bf913a019f06c5e03c09fdd67ecb99d1ae12beb20546f32ace69e89d588b6abb7298a986d4bd9e4f615e6091397

Download Submit
C:\Program Files\LibreWolf\nss3.dll

Filesize
2.3MB

MD5
c4a85ce9efbd423f5f74b5d1ce495e4d

SHA1
a74c4bdb27303cf8183c43ca6f4d4e1b521c5b9d

SHA256
4aec1a41a3d0f1c8ddb6193572794cee995f89ee09e9c31dadf81f84a8f27e66

SHA512
b4d36ae192f9d4e35f075501b45c02672a2b04d56da3c3c56f3fa0c23fb3bc2d2806a021ae4b0bf2ac9b5f57808cea84685c2578361f878697da6e6431cd902d

Download Submit
C:\Program Files\LibreWolf\omni.ja

Filesize
67.6MB

MD5
16049db5248c43703ef2f7ebbdcc84f5

SHA1
85703cf716e8eb5c254e33e20856a398faed3425

SHA256
d9a553ab6dfc5dae2428effdfbcfaf19715ec6d00dc5956d2c11ae99a612776b

SHA512
c826b6ff09a0239a00dffd1799b1b1a22f8bb5de8cf54114496ff28c965559774dbf059ac83d4afde22bc98f45ea22a40ddc54698ac58af713d18ac5c2563d09

Download Submit
C:\Program Files\LibreWolf\xul.dll

Filesize
119.5MB

MD5
274c24364433701be646644c8505d115

SHA1
f841e34d33750b665e1b63de819fe30bb4a0c50f

SHA256
e7aee69b5a816e490d731141f1127cd5225a633263b27491b76b80f24c30f9de

SHA512
996ef8f299ef43bb5afd3ddd0a3fbd07127f44d431072a7787d26b250c9ea4f39c7cf3873f1e433d6847556a51ed946adaaa954a7c365283d5734db50f0fa05a

Download Submit
C:\ProgramData\Package Cache\{d4cecf3b-b68f-4995-8840-52ea0fab646e}\VC_redist.x64.exe

Filesize
635KB

MD5
848da6b57cb8acc151a8d64d15ba383d

SHA1
8f4d4a1afa9fd985c67642213b3e7ccf415591da

SHA256
5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12

SHA512
ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20230106000640_000_vcRuntimeMinimum_x64.log

Filesize
2KB

MD5
3542a3dbeec24f1675c3c35d869316ae

SHA1
349d3a651c96a39bdf8a5bffe654f43356a01faf

SHA256
4a8628a3d8d158659efdca53ac9b5cfaf8cf76dc86ab6e2b01b1350f65f19a9a

SHA512
b3b1804f9314a892dc14f3ff01ea1b0635cc6af49a8c3814028ed119a40245ad2ffe920b3d425f4c7ad61ca809ca06ee347be6364f3f02ff4ffec8733b4c4889

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20230106000640_001_vcRuntimeAdditional_x64.log

Filesize
2KB

MD5
bc1825d373012aa9e86aa125a491397a

SHA1
05d1cc420875cee016d8f89e24315ea08f06c263

SHA256
33d0d8c623d68cd884621bc463af167fb0cef8775d4d79e5100ec77dd6335caf

SHA512
546407fad4e7afa53e39d3e78836006695b016dfbf24821d219ecb61dfdc745c5f7bd7630ecbf0d1c0a068192b39c1e352c00501bf166e14c697ccead16c5c23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8680.tmp\vc_redist.x64.exe

Filesize
24.3MB

MD5
703bd677778f2a1ba1eb4338bac3b868

SHA1
a176f140e942920b777f80de89e16ea57ee32be8

SHA256
2257b3fbe3c7559de8b31170155a433faf5b83829e67c589d5674ff086b868b9

SHA512
a66ea382d8bdd31491627fd698242d2eda38b1d9df762c402923ef40bbca6aa2f43f22fa811c5fc894b529f9e77fcdd5ced9cd8af4a19f53845fce3780e8c041

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst8680.tmp\vc_redist.x64.exe

Filesize
24.3MB

MD5
703bd677778f2a1ba1eb4338bac3b868

SHA1
a176f140e942920b777f80de89e16ea57ee32be8

SHA256
2257b3fbe3c7559de8b31170155a433faf5b83829e67c589d5674ff086b868b9

SHA512
a66ea382d8bdd31491627fd698242d2eda38b1d9df762c402923ef40bbca6aa2f43f22fa811c5fc894b529f9e77fcdd5ced9cd8af4a19f53845fce3780e8c041

Download Submit
C:\Windows\Temp\{2BB57FD8-8E88-4454-943A-3F8A5EFC09A9}\.cr\vc_redist.x64.exe

Filesize
635KB

MD5
848da6b57cb8acc151a8d64d15ba383d

SHA1
8f4d4a1afa9fd985c67642213b3e7ccf415591da

SHA256
5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12

SHA512
ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6

Download Submit
C:\Windows\Temp\{2BB57FD8-8E88-4454-943A-3F8A5EFC09A9}\.cr\vc_redist.x64.exe

Filesize
635KB

MD5
848da6b57cb8acc151a8d64d15ba383d

SHA1
8f4d4a1afa9fd985c67642213b3e7ccf415591da

SHA256
5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12

SHA512
ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6

Download Submit
C:\Windows\Temp\{E2517516-92F9-45CD-A88F-498BD038BC46}\.be\VC_redist.x64.exe

Filesize
635KB

MD5
848da6b57cb8acc151a8d64d15ba383d

SHA1
8f4d4a1afa9fd985c67642213b3e7ccf415591da

SHA256
5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12

SHA512
ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6

Download Submit
C:\Windows\Temp\{E2517516-92F9-45CD-A88F-498BD038BC46}\.be\VC_redist.x64.exe

Filesize
635KB

MD5
848da6b57cb8acc151a8d64d15ba383d

SHA1
8f4d4a1afa9fd985c67642213b3e7ccf415591da

SHA256
5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12

SHA512
ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6

Download Submit
C:\Windows\Temp\{E2517516-92F9-45CD-A88F-498BD038BC46}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

Filesize
5.4MB

MD5
62bc0f466e65d9219281cf75c8f91380

SHA1
0826a1591b81acf0fe30d58e19b0a87df2a49a3e

SHA256
534dd81be6b7a23a745c36eda87e6387c5d146c3a96c84793d0edc7eb85b40f3

SHA512
17713f4228c0c2793c622bbb0a90bd5688d98a6576a695cb956fa233238c4c6e5b0cb43510be4f072613ad575d0b44e7c847f48b785a161cc337a9e6fdca3bb5

Download Submit
C:\Windows\Temp\{E2517516-92F9-45CD-A88F-498BD038BC46}\cab5046A8AB272BF37297BB7928664C9503

Filesize
914KB

MD5
45c9c674c0ba87f57168d6ab852e9641

SHA1
73ace24362f14dc58d4099dae6e4e62902e9e950

SHA256
d14f231d1ab0d928e309b067622b5389e0dc6c4f0d3671632066f6586c442c76

SHA512
5bb06ca9c966c9edd30944523a84efd3c13b8eb9f6a5c6cfd961a0c82a1cb193e7b58baf888dede7b740ed42ce76ab20c3e41a684c4dd9d818ff8b0d9e52e684

Download Submit
C:\Windows\Temp\{E2517516-92F9-45CD-A88F-498BD038BC46}\vcRuntimeAdditional_x64

Filesize
180KB

MD5
c214a9e931bbdd960bb48ac1a2b91945

SHA1
a640c55dd522e01d0be4307a5eee9a40f779a6cc

SHA256
1dbd3e4e71c6678e640c289c1c64bbb12c70f65f52b27191680a9e4141d64b11

SHA512
d25fef3bdd3cd18035892618602e27621e9fb3a913e7972ec7bb624d593ae4b766e718fd2e2c7342c589e9a97beb03d2fedef22e824c6b539b83f199cb967933

Download Submit
C:\Windows\Temp\{E2517516-92F9-45CD-A88F-498BD038BC46}\vcRuntimeMinimum_x64

Filesize
180KB

MD5
df77fc41aa2f85ca423919e397084137

SHA1
5b87cd2dfb661df49f9557e2fc3b95c7833c9b0b

SHA256
51b6a928f7becbf525cbeff180442b05533f8ea8f8494cc97a491e29bdd4b7c2

SHA512
a36b093011b9534db0881eb72de4638e39be67a9844b14fcd3e40539aafd9aa9ce7b14d3968aedb092ecf9bca9ac0918a65f65632643782edafefa36fc12c3e2

Download Submit
C:\Windows\WindowsUpdate.log

Filesize
16KB

MD5
81cc7ed35af175beacffc61c2171d728

SHA1
b8f81cf1f16c5994acfc049a760ee85c7b109684

SHA256
a8b33348a9bbd3bb3cb15fbed9db1a6f1257a70447422cc69cbd32353d98e5d4

SHA512
44ef27616e50d37c27fec15c0d67c8d7025a78e6821047ad5e0d0c73e97420e508486b1679b2d9ff241f7612ee6fd9fda8ccb71601b8311c2b461bf7716ad4fc

Download Submit
C:\Windows\system32\MSVCP140.dll

Filesize
566KB

MD5
0929e46b1020b372956f204f85e48ed6

SHA1
9dc01cf3892406727c8dc7d12ad8855871c9ef09

SHA256
cb3c74d6fcc091f4eb7c67ee5eb5f76c1c973dea8b1c6b851fcca62c2a9d8aa8

SHA512
dd28fca139d316e2cc4d13a6adffb7af6f1a9dc1fc7297976a4d5103fae44de555a951b99f7601590b331f6dbb9bfc592d31980135e3858e265064117012c8d5

Download Submit
C:\Windows\system32\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Windows\system32\VCRUNTIME140_1.dll

Filesize
48KB

MD5
bba9680bc310d8d25e97b12463196c92

SHA1
9a480c0cf9d377a4caedd4ea60e90fa79001f03a

SHA256
e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

SHA512
1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

Download Submit
\Program Files\LibreWolf\lgpllibs.dll

Filesize
35KB

MD5
f5b9286424d8e7a0f5ed94b7a48bad3f

SHA1
35257b0cfd9826a31a9353096cabf2c912a2f74e

SHA256
929f7b3a5acbd239ca39b91e9ee927fb4496737fdfb61b3a906f99d563188d41

SHA512
3a9c3425817acb9013dea4d00ad56afaf1f091a62c24883d09c1cd7d79724e67fe1cea9d780208459c8e328648c4d6baec495dda93b9a45d6f5c464de39342a8

Download Submit
\Program Files\LibreWolf\lgpllibs.dll

Filesize
35KB

MD5
f5b9286424d8e7a0f5ed94b7a48bad3f

SHA1
35257b0cfd9826a31a9353096cabf2c912a2f74e

SHA256
929f7b3a5acbd239ca39b91e9ee927fb4496737fdfb61b3a906f99d563188d41

SHA512
3a9c3425817acb9013dea4d00ad56afaf1f091a62c24883d09c1cd7d79724e67fe1cea9d780208459c8e328648c4d6baec495dda93b9a45d6f5c464de39342a8

Download Submit
\Program Files\LibreWolf\librewolf.exe

Filesize
640KB

MD5
3ad9a5bd9e2e51e4bbc8d8c56f47bf26

SHA1
b3a0f2112800517c16a5b47a6834761b73185878

SHA256
42a301df9506c8bd098e9a7c80b56554bd4f28352cbd9df68aa9b6f5ebfdd8b1

SHA512
bb874721781ed8075a62e33f6c78c8ff3ade411318564204abc39f0f32653473c4c6ce973cf416bc645003d334d5fd78f8d08347d158102d868b47b06dc7ca41

Download Submit
\Program Files\LibreWolf\librewolf.exe

Filesize
640KB

MD5
3ad9a5bd9e2e51e4bbc8d8c56f47bf26

SHA1
b3a0f2112800517c16a5b47a6834761b73185878

SHA256
42a301df9506c8bd098e9a7c80b56554bd4f28352cbd9df68aa9b6f5ebfdd8b1

SHA512
bb874721781ed8075a62e33f6c78c8ff3ade411318564204abc39f0f32653473c4c6ce973cf416bc645003d334d5fd78f8d08347d158102d868b47b06dc7ca41

Download Submit
\Program Files\LibreWolf\mozglue.dll

Filesize
664KB

MD5
9af719e9fbf3d4ef9285f90b01f2434f

SHA1
fa18086855e1648af62d3369853486745fd0bc0d

SHA256
ed453d61336245e978c9db13e4e0eeae752912cf22592e2651464ac7b7d62790

SHA512
9522d908b9b1fa1bbedf9ca8c96f510f1b417bf913a019f06c5e03c09fdd67ecb99d1ae12beb20546f32ace69e89d588b6abb7298a986d4bd9e4f615e6091397

Download Submit
\Program Files\LibreWolf\mozglue.dll

Filesize
664KB

MD5
9af719e9fbf3d4ef9285f90b01f2434f

SHA1
fa18086855e1648af62d3369853486745fd0bc0d

SHA256
ed453d61336245e978c9db13e4e0eeae752912cf22592e2651464ac7b7d62790

SHA512
9522d908b9b1fa1bbedf9ca8c96f510f1b417bf913a019f06c5e03c09fdd67ecb99d1ae12beb20546f32ace69e89d588b6abb7298a986d4bd9e4f615e6091397

Download Submit
\Program Files\LibreWolf\mozglue.dll

Filesize
664KB

MD5
9af719e9fbf3d4ef9285f90b01f2434f

SHA1
fa18086855e1648af62d3369853486745fd0bc0d

SHA256
ed453d61336245e978c9db13e4e0eeae752912cf22592e2651464ac7b7d62790

SHA512
9522d908b9b1fa1bbedf9ca8c96f510f1b417bf913a019f06c5e03c09fdd67ecb99d1ae12beb20546f32ace69e89d588b6abb7298a986d4bd9e4f615e6091397

Download Submit
\Program Files\LibreWolf\mozglue.dll

Filesize
664KB

MD5
9af719e9fbf3d4ef9285f90b01f2434f

SHA1
fa18086855e1648af62d3369853486745fd0bc0d

SHA256
ed453d61336245e978c9db13e4e0eeae752912cf22592e2651464ac7b7d62790

SHA512
9522d908b9b1fa1bbedf9ca8c96f510f1b417bf913a019f06c5e03c09fdd67ecb99d1ae12beb20546f32ace69e89d588b6abb7298a986d4bd9e4f615e6091397

Download Submit
\Program Files\LibreWolf\mozglue.dll

Filesize
664KB

MD5
9af719e9fbf3d4ef9285f90b01f2434f

SHA1
fa18086855e1648af62d3369853486745fd0bc0d

SHA256
ed453d61336245e978c9db13e4e0eeae752912cf22592e2651464ac7b7d62790

SHA512
9522d908b9b1fa1bbedf9ca8c96f510f1b417bf913a019f06c5e03c09fdd67ecb99d1ae12beb20546f32ace69e89d588b6abb7298a986d4bd9e4f615e6091397

Download Submit
\Program Files\LibreWolf\nss3.dll

Filesize
2.3MB

MD5
c4a85ce9efbd423f5f74b5d1ce495e4d

SHA1
a74c4bdb27303cf8183c43ca6f4d4e1b521c5b9d

SHA256
4aec1a41a3d0f1c8ddb6193572794cee995f89ee09e9c31dadf81f84a8f27e66

SHA512
b4d36ae192f9d4e35f075501b45c02672a2b04d56da3c3c56f3fa0c23fb3bc2d2806a021ae4b0bf2ac9b5f57808cea84685c2578361f878697da6e6431cd902d

Download Submit
\Program Files\LibreWolf\nss3.dll

Filesize
2.3MB

MD5
c4a85ce9efbd423f5f74b5d1ce495e4d

SHA1
a74c4bdb27303cf8183c43ca6f4d4e1b521c5b9d

SHA256
4aec1a41a3d0f1c8ddb6193572794cee995f89ee09e9c31dadf81f84a8f27e66

SHA512
b4d36ae192f9d4e35f075501b45c02672a2b04d56da3c3c56f3fa0c23fb3bc2d2806a021ae4b0bf2ac9b5f57808cea84685c2578361f878697da6e6431cd902d

Download Submit
\Program Files\LibreWolf\xul.dll

Filesize
119.5MB

MD5
274c24364433701be646644c8505d115

SHA1
f841e34d33750b665e1b63de819fe30bb4a0c50f

SHA256
e7aee69b5a816e490d731141f1127cd5225a633263b27491b76b80f24c30f9de

SHA512
996ef8f299ef43bb5afd3ddd0a3fbd07127f44d431072a7787d26b250c9ea4f39c7cf3873f1e433d6847556a51ed946adaaa954a7c365283d5734db50f0fa05a

Download Submit
\Program Files\LibreWolf\xul.dll

Filesize
119.5MB

MD5
274c24364433701be646644c8505d115

SHA1
f841e34d33750b665e1b63de819fe30bb4a0c50f

SHA256
e7aee69b5a816e490d731141f1127cd5225a633263b27491b76b80f24c30f9de

SHA512
996ef8f299ef43bb5afd3ddd0a3fbd07127f44d431072a7787d26b250c9ea4f39c7cf3873f1e433d6847556a51ed946adaaa954a7c365283d5734db50f0fa05a

Download Submit
\Users\Admin\AppData\Local\Temp\nst8680.tmp\System.dll

Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
\Users\Admin\AppData\Local\Temp\nst8680.tmp\nsDialogs.dll

Filesize
19KB

MD5
2f2cd6e22e761b0d4e768b23bef637b2

SHA1
415ed80a3d4d2559bedfcb68d4d104b0d282618f

SHA256
55316f619c56fbb91ae0519e242ff4ae018d12ae03cba200d98533117a72ef3c

SHA512
18d7c0db90e551c1688ec2f53158929cfde43f8b8775e422ced39ddabd03dafca3e957305e7a2d3ad8e727591013c13273e1fd81f63a7b22590c4c72b02aceb8

Download Submit
\Users\Admin\AppData\Local\Temp\nst8680.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
\Users\Admin\AppData\Local\Temp\nst8680.tmp\vc_redist.x64.exe

Filesize
24.3MB

MD5
703bd677778f2a1ba1eb4338bac3b868

SHA1
a176f140e942920b777f80de89e16ea57ee32be8

SHA256
2257b3fbe3c7559de8b31170155a433faf5b83829e67c589d5674ff086b868b9

SHA512
a66ea382d8bdd31491627fd698242d2eda38b1d9df762c402923ef40bbca6aa2f43f22fa811c5fc894b529f9e77fcdd5ced9cd8af4a19f53845fce3780e8c041

Download Submit
\Windows\System32\msvcp140.dll

Filesize
566KB

MD5
0929e46b1020b372956f204f85e48ed6

SHA1
9dc01cf3892406727c8dc7d12ad8855871c9ef09

SHA256
cb3c74d6fcc091f4eb7c67ee5eb5f76c1c973dea8b1c6b851fcca62c2a9d8aa8

SHA512
dd28fca139d316e2cc4d13a6adffb7af6f1a9dc1fc7297976a4d5103fae44de555a951b99f7601590b331f6dbb9bfc592d31980135e3858e265064117012c8d5

Download Submit
\Windows\System32\msvcp140.dll

Filesize
566KB

MD5
0929e46b1020b372956f204f85e48ed6

SHA1
9dc01cf3892406727c8dc7d12ad8855871c9ef09

SHA256
cb3c74d6fcc091f4eb7c67ee5eb5f76c1c973dea8b1c6b851fcca62c2a9d8aa8

SHA512
dd28fca139d316e2cc4d13a6adffb7af6f1a9dc1fc7297976a4d5103fae44de555a951b99f7601590b331f6dbb9bfc592d31980135e3858e265064117012c8d5

Download Submit
\Windows\System32\msvcp140.dll

Filesize
566KB

MD5
0929e46b1020b372956f204f85e48ed6

SHA1
9dc01cf3892406727c8dc7d12ad8855871c9ef09

SHA256
cb3c74d6fcc091f4eb7c67ee5eb5f76c1c973dea8b1c6b851fcca62c2a9d8aa8

SHA512
dd28fca139d316e2cc4d13a6adffb7af6f1a9dc1fc7297976a4d5103fae44de555a951b99f7601590b331f6dbb9bfc592d31980135e3858e265064117012c8d5

Download Submit
\Windows\System32\vcruntime140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
\Windows\System32\vcruntime140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
\Windows\System32\vcruntime140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
\Windows\System32\vcruntime140_1.dll

Filesize
48KB

MD5
bba9680bc310d8d25e97b12463196c92

SHA1
9a480c0cf9d377a4caedd4ea60e90fa79001f03a

SHA256
e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

SHA512
1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

Download Submit
\Windows\System32\vcruntime140_1.dll

Filesize
48KB

MD5
bba9680bc310d8d25e97b12463196c92

SHA1
9a480c0cf9d377a4caedd4ea60e90fa79001f03a

SHA256
e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

SHA512
1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

Download Submit
\Windows\System32\vcruntime140_1.dll

Filesize
48KB

MD5
bba9680bc310d8d25e97b12463196c92

SHA1
9a480c0cf9d377a4caedd4ea60e90fa79001f03a

SHA256
e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

SHA512
1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

Download Submit
\Windows\Temp\{07A5EDC2-82AF-4B0A-B60D-1A403338751A}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
\Windows\Temp\{2BB57FD8-8E88-4454-943A-3F8A5EFC09A9}\.cr\vc_redist.x64.exe

Filesize
635KB

MD5
848da6b57cb8acc151a8d64d15ba383d

SHA1
8f4d4a1afa9fd985c67642213b3e7ccf415591da

SHA256
5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12

SHA512
ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6

Download Submit
\Windows\Temp\{E2517516-92F9-45CD-A88F-498BD038BC46}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
\Windows\Temp\{E2517516-92F9-45CD-A88F-498BD038BC46}\.be\VC_redist.x64.exe

Filesize
635KB

MD5
848da6b57cb8acc151a8d64d15ba383d

SHA1
8f4d4a1afa9fd985c67642213b3e7ccf415591da

SHA256
5a61f9775032457db28edd41f98f08c874e759f344ea8475c9ac8abbba68de12

SHA512
ff8b87e7746ecf19a150874dedd6ea4c51c76cfc291c5a80d9e5073a9bbbb2bd6ed7d10425b083578dc8d28d0d905e379fa3f919a60979e5b5c44ebc0ac613e6

Download Submit
memory/948-69-0x0000000073BE1000-0x0000000073BE3000-memory.dmp

Filesize
8KB

Download
memory/964-54-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/1160-79-0x000007FEFB7D1000-0x000007FEFB7D3000-memory.dmp

Filesize
8KB

Download
memory/2012-617-0x000007FF556A0000-0x000007FF556AA000-memory.dmp

Filesize
40KB

Download
memory/2012-629-0x000007FEF50B0000-0x000007FEF51F3000-memory.dmp

Filesize
1.3MB

Download
memory/2912-1121-0x000007FEB0310000-0x000007FEB031A000-memory.dmp

Filesize
40KB

Download
memory/2912-1124-0x000007FEF50B0000-0x000007FEF51F3000-memory.dmp

Filesize
1.3MB

Download