fickerstealer | 9bfa463e61d2d739ecfcdc9400fc9f9dfaf49aaca42a0b4d2ac185131e0629ef

Analysis

max time kernel
81s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
03-03-2023 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

743.9MB
MD5

ae56df057a76438211d5f67b2bebb60f
SHA1

d534eb46073c9f427e86e8d246d972ae9785ff05
SHA256

9bfa463e61d2d739ecfcdc9400fc9f9dfaf49aaca42a0b4d2ac185131e0629ef
SHA512

3d3bc206e6a4aa3c55faddc7f7e98c5a072fe176697d459280ec9222695cff0d674e627a4f371d03642e0fd908212335e5b9db25daa78d41640cec484b295b09
SSDEEP

49152:EWMn2d/BRoXdCtEnSVw0cwonfMOY7REYr4nN:EWQcefSROYNJr4

Score

10^/10

fickerstealer infostealer spyware stealer

Malware Config

Signatures

Fickerstealer
Ficker is an infostealer written in Rust and ASM.
infostealer fickerstealer
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2204	2904	WerFault.exe	86
4312	2904	WerFault.exe	86
2080	2904	WerFault.exe	86
4184	2904	WerFault.exe	86
1744	2904	WerFault.exe	86
2164	2904	WerFault.exe	86

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3384	firefox.exe
Token: SeDebugPrivilege	3384	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3384	firefox.exe
3384	firefox.exe
3384	firefox.exe
3384	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3384	firefox.exe
3384	firefox.exe
3384	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3384	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 5076 wrote to memory of 3384	5076	firefox.exe	98
PID 3384 wrote to memory of 2880	3384	firefox.exe	99
PID 3384 wrote to memory of 2880	3384	firefox.exe	99
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 3036	3384	firefox.exe	100
PID 3384 wrote to memory of 5080	3384	firefox.exe	101
PID 3384 wrote to memory of 5080	3384	firefox.exe	101
PID 3384 wrote to memory of 5080	3384	firefox.exe	101

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
PID:2904
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 1172
  2⤵
  - Program crash
  PID:2204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 1344
  2⤵
  - Program crash
  PID:4312
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 1408
  2⤵
  - Program crash
  PID:2080
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 1236
  2⤵
  - Program crash
  PID:4184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 1268
  2⤵
  - Program crash
  PID:1744
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 140
  2⤵
  - Program crash
  PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2904 -ip 2904
1⤵
PID:212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.0.1872217257\467485516" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1752 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c30768e-9d54-4cfe-944b-cccc1b96e479} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 1916 21d55617e58 gpu
    3⤵
    PID:2880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.1.2074222955\1942587063" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a747b88-bf4d-406c-b5d7-bd13928cd8d9} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2316 21d47670d58 socket
    3⤵
    PID:3036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.2.669129533\2057997658" -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 3168 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c9e6635-661b-4310-b103-484650ce8daf} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 3156 21d54592158 tab
    3⤵
    PID:5080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.3.1380937183\1260559148" -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3388 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08147231-6cbf-4b14-81cc-a1af33859e01} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 3428 21d56cac458 tab
    3⤵
    PID:5088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.4.477291302\1076465372" -childID 3 -isForBrowser -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f02ba9a1-9cef-4bcb-8b20-acef4eba8bdb} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4204 21d59482b58 tab
    3⤵
    PID:3664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.5.1809667720\1823884059" -childID 4 -isForBrowser -prefsHandle 4596 -prefMapHandle 4592 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f69ead7f-8358-4fe9-9dbb-0f1dfb3009be} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 4612 21d55618a58 tab
    3⤵
    PID:4608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.6.2100411001\1529349291" -childID 5 -isForBrowser -prefsHandle 3312 -prefMapHandle 5088 -prefsLen 27003 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {730ab50b-dea7-4bc5-a2f4-6e8c77e2cc10} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5112 21d56cadf58 tab
    3⤵
    PID:4712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.7.543686596\1780363128" -childID 6 -isForBrowser -prefsHandle 5236 -prefMapHandle 5232 -prefsLen 27003 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aefe86a7-3202-4008-ae1f-45219d602089} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 2980 21d5a660c58 tab
    3⤵
    PID:4876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.8.1770313455\913968327" -childID 7 -isForBrowser -prefsHandle 5116 -prefMapHandle 3492 -prefsLen 27003 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dabb63c0-9dc8-4360-bb18-c3b5d233bcdc} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5268 21d5a82b258 tab
    3⤵
    PID:3928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.9.2804914\247516325" -childID 8 -isForBrowser -prefsHandle 5280 -prefMapHandle 2976 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b662834e-8764-4de2-8b15-ca9da59c041d} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 3672 21d5a82a058 tab
    3⤵
    PID:4120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.10.1544856532\721186015" -parentBuildID 20221007134813 -prefsHandle 5836 -prefMapHandle 5840 -prefsLen 27331 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dac22a9e-f3d3-46a6-9380-c9faebb1b501} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5848 21d5bd0cb58 rdd
    3⤵
    PID:2796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.11.1611302452\279297785" -childID 9 -isForBrowser -prefsHandle 6000 -prefMapHandle 6004 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8537e9fb-aff6-4e75-84bb-de4285bea70e} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5788 21d56c64d58 tab
    3⤵
    PID:3936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.12.1423960397\1781124526" -childID 10 -isForBrowser -prefsHandle 3424 -prefMapHandle 4608 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56ed8e70-1311-483d-bfdb-f89020db2fb1} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 1584 21d5b86f658 tab
    3⤵
    PID:736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.13.939375766\1548632766" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4704 -prefMapHandle 4688 -prefsLen 27331 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4760bd8e-2f27-4008-90a5-1b1e4bdc5c6d} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5984 21d5b9d1d58 utility
    3⤵
    PID:2832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.14.1153519424\1826265292" -childID 11 -isForBrowser -prefsHandle 10100 -prefMapHandle 10104 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f1793a2-ce74-4c65-bbd7-5b0235fe4424} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 10092 21d5bd0f558 tab
    3⤵
    PID:3832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.15.1073424788\1857093955" -childID 12 -isForBrowser -prefsHandle 3656 -prefMapHandle 2980 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbae52d3-5464-48f8-982e-92a8cc01d711} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 3552 21d55ef7458 tab
    3⤵
    PID:1996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.16.878749839\1012886748" -childID 13 -isForBrowser -prefsHandle 6168 -prefMapHandle 6284 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61ce800b-d2aa-4bd5-900c-954f03fe2c24} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5056 21d47630e58 tab
    3⤵
    PID:4576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.17.2084399464\1151776483" -childID 14 -isForBrowser -prefsHandle 9752 -prefMapHandle 9756 -prefsLen 27380 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {284cb1e6-9451-4fb3-9083-2eeedbc810e2} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9740 21d5bed3b58 tab
    3⤵
    PID:3652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.18.1696709600\923132790" -childID 15 -isForBrowser -prefsHandle 3612 -prefMapHandle 9796 -prefsLen 27380 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cab4ff2a-96d7-4cea-9920-f2c288f6e485} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 9532 21d5bc2a858 tab
    3⤵
    PID:2996
- - C:\Users\Admin\Downloads\vcredist_x64.exe
    "C:\Users\Admin\Downloads\vcredist_x64.exe"
    3⤵
    PID:5144
  - - \??\c:\e719d6b17d5cc001272d7b2d04ad928b\Setup.exe
      c:\e719d6b17d5cc001272d7b2d04ad928b\Setup.exe
      4⤵
      PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.19.1129840784\230492009" -childID 16 -isForBrowser -prefsHandle 9924 -prefMapHandle 9844 -prefsLen 27380 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43d4db22-7927-44c6-9630-26a31e3318c5} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 3748 21d54541f58 tab
    3⤵
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3384.20.1762526617\1643422434" -childID 17 -isForBrowser -prefsHandle 5976 -prefMapHandle 5484 -prefsLen 27380 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b93a577-c5b3-4820-8388-9dfa4e1512e1} 3384 "\\.\pipe\gecko-crash-server-pipe.3384" 5744 21d55ef8c58 tab
    3⤵
    PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2904 -ip 2904
1⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2904 -ip 2904
1⤵
PID:3680

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2904 -ip 2904
1⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2904 -ip 2904
1⤵
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2904 -ip 2904
1⤵
PID:4152

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
155KB

MD5
1b72d626a462d1150905f03f34c1ebdb

SHA1
124cea5f2597d3378f3c87a0f564c0f4a820f546

SHA256
d89554bcef15bfbc25f8cb53ee23667381a383d4f8b6e8f0d4bc41fc866fe23e

SHA512
d21f7e9816ed457d8cbc621279e10dbffaa18f9397c6a0b866bad216412e08a7fc7cff9de190f1bbee500d48ff5838e0e9e08bb1aafcfd1a81e3026164505aad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\doomed\32513

Filesize
87KB

MD5
9e685407d987582b11736e921c0b976b

SHA1
5c03417bb3714dc2ece23808f94f75d7c890dee4

SHA256
8cdf300b66f32c9671b435c80405ae7258c9cb0a0d7943898a74313e1568897d

SHA512
f672bef9062fe043de4640ebf9f165517cf3fa8e15e8be1ba2897a0614437eeaa95ca2d88d817075892f3b3ea38c5ef5bcb864102031a28b7702d3b3dc86115f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\1A316598CA3835F12365B18CB326DB6A56C261FA

Filesize
123KB

MD5
90590ea270152ffa47bcf386a5faa528

SHA1
43345289c35796e03c954ff374bfbe85f2653f31

SHA256
1ead076f6231199ecb0c814b9437eff5df1ce75f3b3836f72c7c161650ac9f77

SHA512
23b82cd4449110a2f6c7322c4770cb661f5401406bd5239d2ba4c081ae906b25f25ffd816dffe37ae29831621e94dcfd582cbe276f0900c018d7accd038aafb0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\678A57B25F4702CF8083AC96E492FD6BA2360B76

Filesize
15KB

MD5
e8e26fea58ef22ef214d22f9c27f7f90

SHA1
76a8025dd4eda5f68e7525891fea71c1f768c683

SHA256
ef8a150b2bab1b31b7541b0bb3e653f465871d9720d4b68bc0953b7cc8e24393

SHA512
0d1ce621bdd3826d49e73c6c9cad6c847855e509a968f21f31f778384e3060be44ff89b6c7222ae1d5b60519f6e3efdf00b6c255babb02d0a9d578c98438d044

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFIE2B6.tmp.html

Filesize
17KB

MD5
93333621aac9e01e07aaad3e60619f33

SHA1
d42b8717275e75baaec058773d43760f02044181

SHA256
09abbb4979ce203ecdf8ac9a20d5d4219b6dc63f19856b49504818355ff9a44b

SHA512
7be32cf70739acccc1ba7a3ec2191d4ca348df959b4e60c1568fb03f6dd29681f61d02b3aeec2c7208ae01336c35a8513317f76a42c62d56831b0477f259e9fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
59ec9870c9c471eba36d04baa842cbe9

SHA1
38b048966a5c90b3a1a34119f30e4e4690e441d4

SHA256
1c4e7e0e31cf2e8fb5b8c784785492e7079a9fa0ba461f1e2f5b46f343e3aac4

SHA512
d49b4f06dfbb840ff1b9977ed88595185cdbbebfc4f954dc443cbd2d025047c69b36e5fcbc687404efcc59afb6320a1dc7ded6ecde45e33968907b254267486e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
3231aad4f3cb3c097a8f1848080bdf02

SHA1
29620a02a3a6d40ae6176cc6043a0fc28bee3c76

SHA256
ba8b82011bb3ad0da67119c1cda6164d0fd55497f9fd2919a3f13b83db4596b2

SHA512
92a39d595db089595c3b5f8d7911071223e6f994aadcdd0c2b41679585f8eadb8f762fe9cff4457e3441b172a042c3e787682c128b2fe1e7c1cf5d9f06df799d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
4ba471d2396648c4f519db252ccbbb6e

SHA1
8f250a77e9f9d1d19842e054e1aa2c84b901333e

SHA256
a8e760187bb7ac33b61663af91b68a12de50ef632e56911ac933288b46c038ff

SHA512
116aa131e3db1520ebbae6dfd9fa05b4a8759314027cbe9094f24e83b54017b329d8c276c06b458229040a2ac3bffaa81d09103f5944a776d70c2a550cc035df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
8052825d4772c9dd6715116718d0db9d

SHA1
9936588c3d35425be5cc5d7281949995bafe97b2

SHA256
5418b69066fde0ab05ba313a322d2a3b3f5ad1716783cde03b707dab21ae8271

SHA512
cc7f74ff410be40f0bcad830ccf7a176bf6ed012802ed22c6486bcd9660ebd9e571f7040052db4a9c5694ee50cc77bfa0635d22b1aeef4c374f8d7eda0ff1862

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
491e1eab010e7c22d46c072853679c9d

SHA1
6cc9404a17c41372d1d7e585588d1944d041fe5c

SHA256
be64a36023acc0c027b4a0fada2df2ae8118e16cce3358ac7516278120af37f9

SHA512
85cc24f58b90f7de1de66cd52783b47997c3f8aaa39bf4c8cf5f03b34e566e5af31fdafd955cee10c4e02194d896b277a251d396750f190fe695b6fbfec450db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
31deeac332cf82960189b2c66b0d4b93

SHA1
564af325c09935809171aa543c8d59bd0d74563a

SHA256
3399010a40d5bcd2ad78df91eba5f813024453425c725756960fc6cfc8306340

SHA512
955ea33aa76028b996bc3396addd2011dc54d90e5d372d27f7ecad276d475028bb06d61a5218bfbdbe8ed290ca59c854e61e597eed181fd94ea912f2e5ef5851

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
f75ec70dff8d87c38c6a7330b5bb6928

SHA1
7017041b38da75941be45cbb9a24fe7197de38af

SHA256
5fd0e679f956c5f5ab275d751a7291840d4e07eb35fe21163839b9f30f76f568

SHA512
85563eb876cae89413d7d69caa9f646bddaca3c06200f91de2e34bdcfd4d4cefd080db6939830403d7995eeca5eb4de971bb98788c0a55beef45dfe9f6163bca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
7KB

MD5
185edeaa97ae7ec75796bab8448db7bc

SHA1
8e5c9e214ec4befe71426b35262aaad419a84fa7

SHA256
b5109c6fcc25923359a15aa9f4f7343f81554ad04a5fa4d793bc950dc94e7bb0

SHA512
dc6ce09bf74068e3aa47ce89cf013d618e4f522281b2195e7ff2d2ba618711eda688b9386c1062364401da99ae481b79022c78b25664ebdd33a1e1fa14f7ca0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5a1b78e94790e5596e5c713a41762e4b

SHA1
f6209ac93c457915c7885d79e39970f24adb98a7

SHA256
ff12417db3cbd51b707e4976631c652562eeb38c4a93a0b29f16778e7ab4538c

SHA512
988584fcf7920cfe6afff2cb68dd86249060d77078112207676f7066f6d7b1ff85481adfe335d6d5fc613759ab4e08db6181a0c92e71118d79175e0e9ffe6edd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c588464d59424d6722a410dabde8ff84

SHA1
93b702713fed391f86cf4a3df0f385b92ef4281a

SHA256
5105d745d8dff16168e88a50a61f8be3208cabc5f86e9cf4bb548eb24e467856

SHA512
b3316a728dd2bfb268c2a5bf7419b086f033ebfbb4cf9d338d2c5a84240a1d7183d7f3cb9e6d5f0dee7f42b9c039d7b109dd2535eea6d2b2bbeb44dd4ff4e0db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\3174270303LCo7g%sCD7a%t1afbda3s.sqlite

Filesize
48KB

MD5
839fb13e451507738ac9afb9ef32935c

SHA1
2c873bd5f75328739fe068e84c4e0e77985ecb2e

SHA256
e8b4c695d3715000e9125805e41f446580cada8bbbf3c05362c1cbc2e8ac6351

SHA512
7e16dee4df0398b81053e9d99845fa9edc73ca449e12f525f7699c3ae1656b9960c473da77cbc5a02edee97c314f1aa54e5def742a4c1a9642dca70f703ad374

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.RFJh0aZs.exe.part

Filesize
207KB

MD5
bc21eaafda90bc40e6afd26947503603

SHA1
cf1c07d3675b50829ff6a33b73b917bc6539e280

SHA256
e69c9e82fbb41c9ea154b8a99a9bb1659d621d27d27b3e16ac97691546a32bda

SHA512
d4767708e0360cf349adc6d291c73750906166dd4552d17ff392f99d8fbb53c57e68cca9f35070ca4c4fde8512a6d1c62eade2fe4e60626eefa2dc8947315c13

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.1MB

MD5
aa531631a7ecdd4aafe9dcab9a541b3a

SHA1
0d98b996852c6014fab26e55e1934d69a578e963

SHA256
00c5cff0de2c25add948ba11fc01e6e73040a446791159b52f9b6d517cad1f3a

SHA512
98e39dc6852469f91b85fda05342e9b95163a73fff42741b29aadf3f061447e6f3d431461b13e238d347fd3af71b63776de9ab1b83230632bd5bb1b19cf79941

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.exe

Filesize
6.1MB

MD5
aa531631a7ecdd4aafe9dcab9a541b3a

SHA1
0d98b996852c6014fab26e55e1934d69a578e963

SHA256
00c5cff0de2c25add948ba11fc01e6e73040a446791159b52f9b6d517cad1f3a

SHA512
98e39dc6852469f91b85fda05342e9b95163a73fff42741b29aadf3f061447e6f3d431461b13e238d347fd3af71b63776de9ab1b83230632bd5bb1b19cf79941

Download Submit
C:\e719d6b17d5cc001272d7b2d04ad928b\3082\SetupResources.dll

Filesize
17KB

MD5
994cccf4287c01153066cc3986769dbb

SHA1
7a480e89e507d0e2863e9699ccb668c9c64da497

SHA256
d79e2747aa300747a4073883b7baae3214196b982199b08243ad5bf73dce18d9

SHA512
18bf42c30ec6bfa15aca4b535c4a23335cbb51bd232d00b83a716c4c7b514c4f152b413556d58e7bfa16cb32900ad195c68542b26beecfe8c356f3bc272d8379

Download Submit
C:\e719d6b17d5cc001272d7b2d04ad928b\3082\SetupResources.dll

Filesize
17KB

MD5
994cccf4287c01153066cc3986769dbb

SHA1
7a480e89e507d0e2863e9699ccb668c9c64da497

SHA256
d79e2747aa300747a4073883b7baae3214196b982199b08243ad5bf73dce18d9

SHA512
18bf42c30ec6bfa15aca4b535c4a23335cbb51bd232d00b83a716c4c7b514c4f152b413556d58e7bfa16cb32900ad195c68542b26beecfe8c356f3bc272d8379

Download Submit
C:\e719d6b17d5cc001272d7b2d04ad928b\Setup.exe

Filesize
76KB

MD5
2af2c1a78542975b12282aca4300d515

SHA1
3216c853ed82e41dfbeb6ca48855fdcd41478507

SHA256
531eb45798728cb741043b28b8c1a4f75536dc75f92d100f55f9109d2d63f0d7

SHA512
4a70bd4b542f6001e46f827f341676c34af1ea216c50ad981dd04f547cd67f73aaa420fcbed379dc05dab199bf5ba00d899c49ff75da577613209f96226227eb

Download Submit
C:\e719d6b17d5cc001272d7b2d04ad928b\SetupEngine.dll

Filesize
789KB

MD5
63e7901d4fa7ac7766076720272060d0

SHA1
72dec0e4e12255d98ccd49937923c7b5590bbfac

SHA256
a5116ccb17b242713e5645c2374abf5827c0d2752b31553e3540c9123812e952

SHA512
de2e63bc090121484191cbf23194361d761b01c0fd332f35f0dfdfd0b11431b529e5c7f542031a0e7e26f31497d94b8baacfbf1c84c6493e66ac2ab76c11d0a0

Download Submit
C:\e719d6b17d5cc001272d7b2d04ad928b\SetupUi.dll

Filesize
288KB

MD5
0d214ced87bf0b55883359160a68dacb

SHA1
a60526505d56d447c6bbde03da980db67062c4c6

SHA256
29cf99d7e67b4c54bafd109577a385387a39301bcdec8ae4ba1a8a0044306713

SHA512
d9004ebd42d4aa7d13343b3746cf454ca1a5144f7b0f437f1a31639cc6bd90c5dd3385612df926bf53c3ef85cfe33756c067cb757fff257d674a10d638fc03c5

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\1028\LocalizedData.xml

Filesize
29KB

MD5
12df3535e4c4ef95a8cb03fd509b5874

SHA1
90b1f87ba02c1c89c159ebf0e1e700892b85dc39

SHA256
1c8132747dc33ccdb02345cbe706e65089a88fe32cf040684ca0d72bb9105119

SHA512
c6c8887e7023c4c1cbf849eebd17b6ad68fc14607d1c32c0d384f951e07bfaf6b61e0639f4e5978c9e3e1d52ef8a383b62622018a26fa4066eb620f584030808

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\1031\LocalizedData.xml

Filesize
40KB

MD5
b13ff959adc5c3e9c4ba4c4a76244464

SHA1
4df793626f41b92a5bc7c54757658ce30fdaeeb1

SHA256
44945bc0ba4be653d07f53e736557c51164224c8ec4e4672dfae1280260ba73b

SHA512
de78542d3bbc4c46871a8afb50fb408a59a76f6ed67e8be3cba8ba41724ea08df36400e233551b329277a7a0fe6168c5556abe9d9a735f41b29a941250bfc4d6

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\1033\LocalizedData.xml

Filesize
38KB

MD5
5486ff60b072102ee3231fd743b290a1

SHA1
d8d8a1d6bf6adf1095158b3c9b0a296a037632d0

SHA256
5ca3ecaa12ca56f955d403ca93c4cb36a7d3dcdea779fc9bdaa0cdd429dab706

SHA512
ae240eaac32edb18fd76982fc01e03bd9c8e40a9ec1b9c42d7ebd225570b7517949e045942dbb9e40e620aa9dcc9fbe0182c6cf207ac0a44d7358ad33ba81472

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\1036\LocalizedData.xml

Filesize
40KB

MD5
30dd04ce53b3f5d9363ade0359e3e0b2

SHA1
56bc3301013a2d0b08ecd38ff0a22b1040ef558e

SHA256
bf03073e0e939f3598aeb9aa19b655a24c4ad31f96065d6dc60f7c4df78653ba

SHA512
9cb1ff9ba0dc018f9e1bd301fbcb9e5c561f6a14c65290ebc0fe67cbdf59d1a09898a2f802c52339c10942c819ebb4bdd8b4c7f5f4f78af95f7c893641e41a34

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\1040\LocalizedData.xml

Filesize
39KB

MD5
fe6b23186c2d77f7612bf7b1018a9b2a

SHA1
1528ec7633e998f040d2d4c37ac8a7dc87f99817

SHA256
03bbe1a39c6716f07703d20ed7539d8bf13b87870c2c83ddda5445c82953a80a

SHA512
40c9c9f3607cab24655593fc4766829516de33f13060be09f5ee65578824ac600cc1c07fe71cdd48bff7f52b447ff37c0d161d755a69ac7db7df118da6db7649

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\1041\LocalizedData.xml

Filesize
33KB

MD5
6f86b79dbf15e810331df2ca77f1043a

SHA1
875ed8498c21f396cc96b638911c23858ece5b88

SHA256
f0f9dd1a9f164f4d2e73b4d23cc5742da2c39549b9c4db692283839c5313e04f

SHA512
ca233a6bf55e253ebf1e8180a326667438e1124f6559054b87021095ef16ffc6b0c87361e0922087be4ca9cabd10828be3b6cc12c4032cb7f2a317fdbd76f818

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\1042\LocalizedData.xml

Filesize
32KB

MD5
e87ad0b3bf73f3e76500f28e195f7dc0

SHA1
716b842f6fbf6c68dc9c4e599c8182bfbb1354dc

SHA256
43b351419b73ac266c4b056a9c3a92f6dfa654328163814d17833a837577c070

SHA512
d3ea8655d42a2b0938c2189ceeab25c29939c302c2e2205e05d6059afc2a9b2039b21c083a7c17da1ce5eebdc934ff327a452034e2e715e497bcd6239395774c

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\1049\LocalizedData.xml

Filesize
39KB

MD5
1290be72ed991a3a800a6b2a124073b2

SHA1
dac09f9f2ccb3b273893b653f822e3dfc556d498

SHA256
6ba9a2e4a6a58f5bb792947990e51babd9d5151a7057e1a051cb007fea2eb41c

SHA512
c0b8b4421fcb2aabe2c8c8773fd03842e3523bf2b75d6262fd8bd952adc12c06541bdae0219e89f9f9f8d79567a4fe4dff99529366c4a7c5bf66c218431f3217

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\2052\LocalizedData.xml

Filesize
30KB

MD5
150b5c3d1b452dccbe8f1313fda1b18c

SHA1
7128b6b9e84d69c415808f1d325dd969b17914cc

SHA256
6d4eb9dca1cbcd3c2b39a993133731750b9fdf5988411f4a6da143b9204c01f2

SHA512
a45a1f4f19a27558e08939c7f63894ff5754e6840db86b8c8c68d400a36fb23179caff164d8b839898321030469b56446b5a8efc5765096dee5e8a746351e949

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\3082\LocalizedData.xml

Filesize
39KB

MD5
05a95593c61c744759e52caf5e13502e

SHA1
0054833d8a7a395a832e4c188c4d012301dd4090

SHA256
1a3e5e49da88393a71ea00d73fee7570e40edb816b72622e39c7fcd09c95ead1

SHA512
00aee4c02f9d6374560f7d2b826503aab332e1c4bc3203f88fe82e905471ec43f92f4af4fc52e46f377e4d297c2be99daf94980df2ce7664c169552800264fd3

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\3082\SetupResources.dll

Filesize
17KB

MD5
994cccf4287c01153066cc3986769dbb

SHA1
7a480e89e507d0e2863e9699ccb668c9c64da497

SHA256
d79e2747aa300747a4073883b7baae3214196b982199b08243ad5bf73dce18d9

SHA512
18bf42c30ec6bfa15aca4b535c4a23335cbb51bd232d00b83a716c4c7b514c4f152b413556d58e7bfa16cb32900ad195c68542b26beecfe8c356f3bc272d8379

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\DHTMLHeader.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\ParameterInfo.xml

Filesize
21KB

MD5
5674d0bc3f4cdf572b9263332b2942c7

SHA1
495c5ba176fe6a6cbd4c0d9b85c2d886de1be968

SHA256
cbe5b9a27b1dde70a9040790eaff798e6534ff1ec2b4702cc4be7221d18d2182

SHA512
22d35950ee4291e42107a8b2d1fd1f305dcde9306480549b639f5c504247cfb73ba287f20e3e5232b3c35294176b0b3dbdc03c948561e90db0f22635efce7685

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\Setup.exe

Filesize
76KB

MD5
2af2c1a78542975b12282aca4300d515

SHA1
3216c853ed82e41dfbeb6ca48855fdcd41478507

SHA256
531eb45798728cb741043b28b8c1a4f75536dc75f92d100f55f9109d2d63f0d7

SHA512
4a70bd4b542f6001e46f827f341676c34af1ea216c50ad981dd04f547cd67f73aaa420fcbed379dc05dab199bf5ba00d899c49ff75da577613209f96226227eb

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\SetupEngine.dll

Filesize
789KB

MD5
63e7901d4fa7ac7766076720272060d0

SHA1
72dec0e4e12255d98ccd49937923c7b5590bbfac

SHA256
a5116ccb17b242713e5645c2374abf5827c0d2752b31553e3540c9123812e952

SHA512
de2e63bc090121484191cbf23194361d761b01c0fd332f35f0dfdfd0b11431b529e5c7f542031a0e7e26f31497d94b8baacfbf1c84c6493e66ac2ab76c11d0a0

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\SetupUi.dll

Filesize
288KB

MD5
0d214ced87bf0b55883359160a68dacb

SHA1
a60526505d56d447c6bbde03da980db67062c4c6

SHA256
29cf99d7e67b4c54bafd109577a385387a39301bcdec8ae4ba1a8a0044306713

SHA512
d9004ebd42d4aa7d13343b3746cf454ca1a5144f7b0f437f1a31639cc6bd90c5dd3385612df926bf53c3ef85cfe33756c067cb757fff257d674a10d638fc03c5

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\SetupUi.xsd

Filesize
29KB

MD5
2fadd9e618eff8175f2a6e8b95c0cacc

SHA1
9ab1710a217d15b192188b19467932d947b0a4f8

SHA256
222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

SHA512
a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\Strings.xml

Filesize
13KB

MD5
332adf643747297b9bfa9527eaefe084

SHA1
670f933d778eca39938a515a39106551185205e9

SHA256
e49545feeae22198728ad04236e31e02035af7cc4d68e10cbecffd08669cbeca

SHA512
bea95ce35c4c37b4b2e36cc1e81fc297cc4a8e17b93f10423a02b015ddb593064541b5eb7003560fbeee512ed52869a113a6fb439c1133af01f884a0db0344b0

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\UiInfo.xml

Filesize
35KB

MD5
4f90fcef3836f5fc49426ad9938a1c60

SHA1
89eba3b81982d5d5c457ffa7a7096284a10de64a

SHA256
66a0299ce7ee12dd9fc2cfead3c3211e59bfb54d6c0627d044d44cef6e70367b

SHA512
4ce2731c1d32d7ca3a4f644f4b3111f06223de96c1e241fcc86f5fe665f4db18c8a241dae4e8a7e278d6afbf91b235a2c3517a40d4d22d9866880e19a7221160

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\graphics\print.ico

Filesize
1KB

MD5
7e55ddc6d611176e697d01c90a1212cf

SHA1
e2620da05b8e4e2360da579a7be32c1b225deb1b

SHA256
ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed

SHA512
283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\graphics\save.ico

Filesize
1KB

MD5
7d62e82d960a938c98da02b1d5201bd5

SHA1
194e96b0440bf8631887e5e9d3cc485f8e90fbf5

SHA256
ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5

SHA512
ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\graphics\setup.ico

Filesize
35KB

MD5
3d25d679e0ff0b8c94273dcd8b07049d

SHA1
a517fc5e96bc68a02a44093673ee7e076ad57308

SHA256
288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f

SHA512
3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\header.bmp

Filesize
7KB

MD5
3ad1a8c3b96993bcdf45244be2c00eef

SHA1
308f98e199f74a43d325115a8e7072d5f2c6202d

SHA256
133b86a4f1c67a159167489fdaeab765bfa1050c23a7ae6d5c517188fb45f94a

SHA512
133442c4a65269f817675adf01adcf622e509aa7ec7583bca8cd9a7eb6018d2aab56066054f75657038efb947cd3b3e5dc4fe7f0863c8b3b1770a8fa4fe2e658

Download Submit
\??\c:\e719d6b17d5cc001272d7b2d04ad928b\watermark.bmp

Filesize
301KB

MD5
1a5caafacfc8c7766e404d019249cf67

SHA1
35d4878db63059a0f25899f4be00b41f430389bf

SHA256
2e87d5742413254db10f7bd0762b6cdb98ff9c46ca9acddfd9b1c2e5418638f2

SHA512
202c13ded002d234117f08b18ca80d603246e6a166e18ba422e30d394ada7e47153dd3cce9728affe97128fdd797fe6302c74dc6882317e2ba254c8a6db80f46

Download Submit
memory/2904-133-0x0000000000A20000-0x0000000000A21000-memory.dmp

Filesize
4KB

Download
memory/2904-3498-0x0000000000400000-0x00000000005E4000-memory.dmp

Filesize
1.9MB

Download
memory/2904-135-0x0000000000400000-0x00000000005E4000-memory.dmp

Filesize
1.9MB

Download
memory/2904-134-0x00000000029C0000-0x0000000002B16000-memory.dmp

Filesize
1.3MB

Download
memory/5660-14914-0x0000000002990000-0x0000000002991000-memory.dmp

Filesize
4KB

Download