Malware Analysis Report

2025-08-05 17:09

Sample ID 230331-tns44abe25
Target Thunderbird Setup 78.4.0.exe
SHA256 4c42d6fa65207f407244acfd7318d19f14be609ae6f92f6e335cfe90045660ae
Tags
discovery ransomware upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4c42d6fa65207f407244acfd7318d19f14be609ae6f92f6e335cfe90045660ae

Threat Level: Known bad

The file Thunderbird Setup 78.4.0.exe was found to be: Known bad.

Malicious Activity Summary

discovery ransomware upx

UPX packed file

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Drops file in Program Files directory

Enumerates physical storage devices

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-03-31 16:12

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-31 16:12

Reported

2023-03-31 16:17

Platform

win10v2004-20230220-en

Max time kernel

154s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Thunderbird Setup 78.4.0.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Windows\SysWOW64\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Mozilla Thunderbird\crashreporter.ini C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\plugin-hang-ui.exe C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-runtime-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\libEGL.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice.exe C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\MapiProxy.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\msvcp140.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\qipcap.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\addressbookWindow.ico C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\AccessibleHandler.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\updater.ini C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-localization-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\xul.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\isp\SpamPal.sfd C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\features\[email protected] C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-multibyte-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\dependentlibs.list C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\isp\POPFile.sfd C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\libgcrypt-20.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\omni.ja C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-stdio-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\isp\Bogofilter.sfd C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Thunderbird\uninstall\shortcuts_log.ini C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-heap-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\libotr-5.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\nssckbi.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-synch-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\lgpllibs.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\libssp-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\minidump-analyzer.exe C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.VisualElementsManifest.xml C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\calendar-task-dialog.ico C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Thunderbird\nsi3FF4.tmp C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Thunderbird\Accessible.tlb C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-timezone-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\VisualElements\VisualElements_150.png C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\precomplete C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\prldap60.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\uninstall\uninstall.log C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\AccessibleMarshal.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\ucrtbase.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\install.log C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-file-l2-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-math-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\nss3.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\updater.exe C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Thunderbird\nsy4005.tmp\ C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-time-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\mozMapi32.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\vcruntime140.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\META-INF\mozilla.sf C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\calendar-event-dialog.ico C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\META-INF\cose.sig C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Thunderbird\nsy4005.tmp C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-filesystem-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-process-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\IA2Marshal.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\META-INF\cose.manifest C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-file-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32\ThreadingModel = "Both" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\ThunderbirdEML\shell\open\command C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ThunderbirdEML\DefaultIcon C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}\InProcServer32\ThreadingModel = "Both" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MozillaMapi\CLSID C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B32983FF-EF84-4945-8F86-FB7491B4F57B}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Thunderbird.Url.mailto\shell C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Thunderbird.Url.news\FriendlyTypeName = "Thunderbird (News) URL" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCA8D857-1A63-4045-8F36-8809EB093D04} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCA8D857-1A63-4045-8F36-8809EB093D04}\SynchronousInterface\ = "{CE30F77E-8847-44F0-A648-A9656BD89C0D}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Thunderbird.Url.news\shell\open\command C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MozillaMapi.1 C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\ThunderbirdEML\shell C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\mailto\DefaultIcon C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\mailto\DefaultIcon\ = "C:\\Program Files (x86)\\Mozilla Thunderbird\\thunderbird.exe,0" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ = "ISimpleDOMNode" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1BAA303D-B4B9-45E5-9CCB-E3FCA3E274B6} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Thunderbird.Url.mailto\DefaultIcon\ = "C:\\Program Files (x86)\\Mozilla Thunderbird\\thunderbird.exe,0" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MozillaMapi.1\CLSID C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\ThunderbirdEML\shell\open C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Thunderbird.Url.mailto\shell\open\command\ = "\"C:\\Program Files (x86)\\Mozilla Thunderbird\\thunderbird.exe\" -osint -compose \"%1\"" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ = "ISimpleDOMDocument" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\ThunderbirdEML\FriendlyTypeName = "Thunderbird Document" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\NumMethods\ = "9" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\WOW6432Node\Interface C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Thunderbird.Url.mailto\shell\open\command\ = "\"C:\\Program Files (x86)\\Mozilla Thunderbird\\thunderbird.exe\" -osint -compose \"%1\"" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}\ = "nsIMapi" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ = "PSFactoryBuffer" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CE30F77E-8847-44F0-A648-A9656BD89C0D}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MozillaMapi\CLSID\ = "{29F458BE-8866-11D5-A3DD-00B0D0F3BAA7}" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Thunderbird.Url.mailto C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Thunderbird.Url.news\shell C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CE30F77E-8847-44F0-A648-A9656BD89C0D}\ = "IHandlerControl" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCA8D857-1A63-4045-8F36-8809EB093D04}\ = "AsyncIHandlerControl" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DCA8D857-1A63-4045-8F36-8809EB093D04}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Thunderbird.Url.mailto\ = "Thunderbird URL" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Thunderbird.Url.mailto\FriendlyTypeName = "Thunderbird URL" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Thunderbird.Url.mailto\EditFlags = "2" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}\NumMethods C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{29F458BE-8866-11D5-A3DD-00B0D0F3BAA7}\ProgID C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MozillaMapi\CurVer\ = "MozillaMapi.1" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MozillaMapi.1\ = "Mozilla MAPI" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\mailto\shell\open\command\ = "\"C:\\Program Files (x86)\\Mozilla Thunderbird\\thunderbird.exe\" -osint -compose \"%1\"" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\*\shell C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1BAA303D-B4B9-45E5-9CCB-E3FCA3E274B6}\InprocHandler32\ThreadingModel = "Apartment" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ThunderbirdEML\ = "Thunderbird Document" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Thunderbird.Url.news\ = "Thunderbird (News) URL" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Thunderbird.Url.news\EditFlags = "2" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\WOW6432Node\Interface C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MozillaMapi.1\CLSID\ = "{29F458BE-8866-11D5-A3DD-00B0D0F3BAA7}" C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}\InProcServer32 C:\Windows\SysWOW64\regsvr32.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3080 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\Thunderbird Setup 78.4.0.exe C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe
PID 3080 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\Thunderbird Setup 78.4.0.exe C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe
PID 3080 wrote to memory of 2892 N/A C:\Users\Admin\AppData\Local\Temp\Thunderbird Setup 78.4.0.exe C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe
PID 2892 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Windows\system32\regsvr32.exe
PID 2892 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Windows\system32\regsvr32.exe
PID 4404 wrote to memory of 1608 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4404 wrote to memory of 1608 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4404 wrote to memory of 1608 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2892 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Windows\system32\regsvr32.exe
PID 2892 wrote to memory of 2252 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Windows\system32\regsvr32.exe
PID 2252 wrote to memory of 1888 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2252 wrote to memory of 1888 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2252 wrote to memory of 1888 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2892 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Windows\system32\regsvr32.exe
PID 2892 wrote to memory of 4336 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Windows\system32\regsvr32.exe
PID 4336 wrote to memory of 2280 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4336 wrote to memory of 2280 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 4336 wrote to memory of 2280 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2892 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Windows\system32\regsvr32.exe
PID 2892 wrote to memory of 3616 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Windows\system32\regsvr32.exe
PID 3616 wrote to memory of 368 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3616 wrote to memory of 368 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 3616 wrote to memory of 368 N/A C:\Windows\system32\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe
PID 2892 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe
PID 2892 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe
PID 2892 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe
PID 396 wrote to memory of 4032 N/A C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
PID 396 wrote to memory of 4032 N/A C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
PID 396 wrote to memory of 4032 N/A C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Thunderbird Setup 78.4.0.exe

"C:\Users\Admin\AppData\Local\Temp\Thunderbird Setup 78.4.0.exe"

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe

.\setup.exe

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Mozilla Thunderbird\AccessibleMarshal.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files (x86)\Mozilla Thunderbird\AccessibleMarshal.dll"

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Mozilla Thunderbird\AccessibleHandler.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files (x86)\Mozilla Thunderbird\AccessibleHandler.dll"

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Mozilla Thunderbird\MapiProxy_InUse.dll"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files (x86)\Mozilla Thunderbird\MapiProxy_InUse.dll"

C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe

"C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe"

C:\Windows\SysWOW64\regsvr32.exe

/s "C:\Program Files (x86)\Mozilla Thunderbird\MapiProxy_InUse.dll"

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Mozilla Thunderbird\MapiProxy_InUse.dll"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" install

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 204.79.197.200:443 tcp
IE 20.54.89.15:443 tcp
US 204.79.197.200:443 tcp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
NL 88.221.25.155:80 tcp
US 8.8.8.8:53 63.13.109.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 2.36.159.162.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 176.122.125.40.in-addr.arpa udp
US 8.8.8.8:53 11.175.53.84.in-addr.arpa udp
US 8.8.8.8:53 assets.msn.com udp
GB 184.28.198.74:443 assets.msn.com tcp
US 8.8.8.8:53 203.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 74.198.28.184.in-addr.arpa udp

Files

memory/3080-201-0x0000000000400000-0x0000000000440000-memory.dmp

memory/3080-330-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe

MD5 3f8c16335ca21b6f1a9984e53e35f955
SHA1 17e9010937456f70ab403775fa56ae7ad8d34115
SHA256 44e77cf480b8fbeabbd60dd414679ee8dccbdccf0c4a5f0b3a83f0c51adca49d
SHA512 adf4410bc322e77306b128d50a0d865590b0fb7f837b7189d7df4a8b6a5241752fcb4f775e086f20b588557c0dcc0963cc3a390002828c059596c9f160821bf5

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\setup.exe

MD5 3f8c16335ca21b6f1a9984e53e35f955
SHA1 17e9010937456f70ab403775fa56ae7ad8d34115
SHA256 44e77cf480b8fbeabbd60dd414679ee8dccbdccf0c4a5f0b3a83f0c51adca49d
SHA512 adf4410bc322e77306b128d50a0d865590b0fb7f837b7189d7df4a8b6a5241752fcb4f775e086f20b588557c0dcc0963cc3a390002828c059596c9f160821bf5

memory/3080-335-0x0000000000400000-0x0000000000440000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\System.dll

MD5 17ed1c86bd67e78ade4712be48a7d2bd
SHA1 1cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256 bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA512 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\UAC.dll

MD5 113c5f02686d865bc9e8332350274fd1
SHA1 4fa4414666f8091e327adb4d81a98a0d6e2e254a
SHA256 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d
SHA512 e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\UAC.dll

MD5 113c5f02686d865bc9e8332350274fd1
SHA1 4fa4414666f8091e327adb4d81a98a0d6e2e254a
SHA256 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d
SHA512 e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\UAC.dll

MD5 113c5f02686d865bc9e8332350274fd1
SHA1 4fa4414666f8091e327adb4d81a98a0d6e2e254a
SHA256 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d
SHA512 e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\summary.ini

MD5 c9b5d86a9a0f014293b24a0922837564
SHA1 3cc73b4a30a1a0bfdc6812bbd17994f53eb5db2a
SHA256 775c85f3552754ad3794b88c0cb6d6fc43d412cd9a87a4b9e847386a5bd0a9c4
SHA512 790f365afbe4c5a37dbb56443d38f0c439eadca002e4001d373d6db8c1d80c4adacf3749e9d210cd0316381682fbbc46616a3fa36581c7ea6f5ce69119944b62

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\options.ini

MD5 7f8b0abb1f47d8c67b14e6520f56ac5b
SHA1 9b7c6b255086cca6e2f2bf18823864b7889f1542
SHA256 b5b71e9d760087c70ff87924308572e08c1d3a5fcd011de71ff3d3168a5fa649
SHA512 71bb33e12a88e42c4ad242807c592a9e09fd13f37d2131b84b7a6bd67f9960e29d9a8cd346925ad56cd55377755fd7b04508d6deb31fde4dd79bfd178c4bf92e

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\components.ini

MD5 6bbdc0e67745e87b8d4ec804e8133f64
SHA1 301d61ebdf6438324c602ee550232462d865a66e
SHA256 f04d32b7729d4a1be1207a219cd305334c0cfb654509b7faccfeebc999257cf9
SHA512 4e4a27dbb73085b6c02206d865315c6af798981945deb4b3f15658b1d39ab3b0891a19dae29b8d526f031beb445ab0b7ca89a397d46a2f77b37c714ed703089e

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\Accessible.tlb

MD5 e49aeb412aab7c49a27e6feaa0ca40ce
SHA1 6a2f6ea9facc48a3f736e03fda2c1ce44b744af3
SHA256 754fd922f8c93b66f723c30d39083a6a1fe33fa4b6439d55ad2459be40c3151e
SHA512 8c3f957d032fa8edb523cd3f473a57e2cc020c9e6e33aea183cad8b435777660f4c7e87ba62c67bbb1aef726d109f0f34b2d86c159ca9bd98bfad43c89af7ad2

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\AccessibleMarshal.dll

MD5 593e62c81b82768e852accf8a22ecef2
SHA1 5cfcac2dd89ff8ff68af9c652a49316941ef9aaf
SHA256 e24fd8e6edf686ca54eb15a4eebcf401cab7bd6b8f05646bd88532aa0edfea13
SHA512 3def9eeca3be3b5b08fb720a9d2171f22037b35b148df760056e8902200730b81be0c26ee93b696528e0dcb054c022d3069709dc07331428c74e392c05fbfe93

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\d3dcompiler_47.dll

MD5 587a415cd5ac2069813adef5f7685021
SHA1 ca0e2fe1922b3cdc9e96e636a73e5c85a838e863
SHA256 2ad0d4987fc4624566b190e747c9d95038443956ed816abfd1e2d389b5ec0851
SHA512 0fa0e89ea1c1cb27ac7f621feb484438e378a8f5675eca7a91f24e0569174bd848d470d6b3e237fe6ab27ca1eb1ecc09b5f044e53a6d98bf908e77ac511183e2

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\ldap60.dll

MD5 4a1c85a11e06d9846bcfc6cd725e39d6
SHA1 c364833c36d9e88e18e98ad809c2b05604817be7
SHA256 f5f81641c9b2d1413c3fbb3e0677692aaf7ee787396f736f987ea81b86ab66b7
SHA512 eb4485e335f4ecbc6fac0e8384398a352a2d6ff897f76c15cb5b5074922383b637fd53be2634b1ff7d06dbc9a9938c0528f53460b1549b05a23896ea1a2bf42c

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\qipcap.dll

MD5 a30cf9c1ac037f2046409f328039cbe6
SHA1 dcca2fddc64778d55258eabb78c43f26e9422242
SHA256 b8437b1ee884a9765bcb9bb7b32e93dbf18b356f81d15641a12cd775309aaa15
SHA512 afbfb3f9703636fa30c346571de83cafa8d5088f58b5145821836770517d1e359fcf0999ac90972d2ba33c2af557adbe381af95d4b114c99003673a6d8d8bd14

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\prldap60.dll

MD5 ffd54214ffc521f66c44c541547fb851
SHA1 923dd727042db128bc21209fa45541e2c81534ab
SHA256 b9ee561cdd615c5e8c3b9c700b413e6c18259983cb9c0fa37285a0329247c316
SHA512 84f09017c4ed161b65b25ed927419dc926f1c6b791ccca9e68f2b61fc2c26fed1eb1ba83e1c98eb9b3ad81030cd2e96321a064923cb666ce52f44a140f0dd09d

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\precomplete

MD5 dfda092b29696dcee4e59097ef43ba81
SHA1 89925e09ad876a598d695194937db282ff5731fa
SHA256 6ce73040455a7e81cab39b9838ff1004723103c1e40a1b7e53031b3b4bc45158
SHA512 6547a8f66e018d3f9d83f86a83c50c205e5b8b9d7cef504337cda9fb8ef4f943257cdc409f0ca5b4e015aae4cd6cf4be95c998afe94939b41cfd58a957156c2a

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\plugin-hang-ui.exe

MD5 c14a4daf4f72437d55d472f1797b888b
SHA1 669db657f64b208f939fa20ab118f848d7fc1b60
SHA256 f157ad1f6b57f0416043359f0986f7b5cf6388750b05e0ebcd3d3ee803f631df
SHA512 ac41546bdadfbed1e88076e9a1fd4395ed25265b1745f9e543e020535b71001dfafb375ad951c330d92ced33dd10e536aeeaa3cefeebc9fd7786ba92a506d66f

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\plugin-container.exe

MD5 86231ee3c91ef975ef647950f6c21681
SHA1 bea5ca062ae5722f914190e01f2ab3d4a23c917a
SHA256 4e3e8c9ce250c17cb2a9c46138141c35cf9ce78b6e09f6b2a99376b1552f7523
SHA512 166c36854ad6e1cabe01d62a782ca20d50e08fd68f0c01ea38e3919c7cbccd1c9c742b4411d53a2212fab574b5a2d552158049853b5a6a22f20d083176338623

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\platform.ini

MD5 7bb14ac814837a79f4f35ddf8350017c
SHA1 a38ed8a92dad8f8b5df9d051ebef64afac3c6d1f
SHA256 79b9c3459d9fd20af5f21304a4a7e7b71cbe187d50d5359a5464772dfdb3ab59
SHA512 1a2adf7dd7c9fbf7bc04473c16a8d321fb3e9836d952cd03c63ce64145c64a1e08fb7563abd42ac6d216cfdf94b17fecfc0bb067a761327e7a98c18096d4baca

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\pingsender.exe

MD5 7882b4331b7326cc7aa01a9c4ce09a49
SHA1 3e8d9471663bf73cf306ed6beb165e40e597d258
SHA256 6e26ccf896359dc820d813e3b0bf1b69b6e2d2e3ad4afb01ea68607599f11fdf
SHA512 a5919507724b14f4c3a5208568671a05292975b0cb720630fccdd0e3cc0b8c3eaf4e51b1b62908ee17c927aedf767ce1dd025f56598083901221b5722024f059

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\osclientcerts.dll

MD5 21630d7412cdfcdbcb0acfe9baea78c4
SHA1 48ec63a05d9f1ca158847b618d399464112c21b1
SHA256 5c66f8ef6fa503493f51cdadfe56724d75384232c73b754f85bf6f14fd08f67d
SHA512 c45ec6fce65853df88ea47a74332bba393ae2c8d3b93611dafdd29166953c2848db5160244becd2006ac01334316bc1486bceb911724b7a84accab691c33f39b

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\omni.ja

MD5 46c749ad8dc4232a66fb9518ed39ad54
SHA1 abf462dd78368b990be61846b26e6306f54a5886
SHA256 7d3e7e9fc02a97d33f98475d33269b6faccaf9730b3c6489a05559e2d8bbf2ff
SHA512 76626485031dd5b05509897af9b3f4be57ddfe6250da1e38d760708ef91e76a33fccb0b53a426362f1990a34319a3ed5e40bb4284f29c4a3d8a5854dc1672b77

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\nssckbi.dll

MD5 99416f91e8170766d9002036b4b71cb8
SHA1 1f8163d0493b8b46e5c6512905f425f6f789e1d0
SHA256 3e72534660da2bca1fd8a88201fc06aff79d6515bd39e6952e7bf26b11997d70
SHA512 43a0237cdeb9a88457fbf6f68c7955546a2b3b8f1cae74e5c7ca93420f9835568e4a447e558de926ec1e51062fdb858c8d9c55eff72b773fac356a82e84849c5

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\nss3.dll

MD5 feb690509e504799340cee53d557168f
SHA1 7d9c04c2194f28f20ac11b83cde4f5b062ef9ca1
SHA256 93fd25ca24b50a44e3e64e17eb0e603fab05a56b8a37d9b8f338d63a5bf62201
SHA512 856dfa3950d08ae38d5cbf94143901bb18d67c436df4f51bef14d4d6b2707229684cdaedb883d421f30565cd8da2b60c806e3e42ceae9d17490bdf28b57abb7d

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\ioSpecial.ini

MD5 463c54b0d20592305c11244ed47914fa
SHA1 adcfced165b5b27ebb9f1a90df54a1bd144bf3d6
SHA256 49406da8a10e93b4b885572f215c5c8bcc8fe6b66bbb3c66abcea517c8606221
SHA512 1b5a47ea0417b7867a649880a2bf5af5e98263883f9b4474be978032ff367edee99dfde9481a733cd19d965c19ac1c2c141de7fa357961d0558d79f061fc5005

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\InstallOptions.dll

MD5 720304c57dcfa17751ed455b3bb9c10a
SHA1 59a1c3a746de10b8875229ff29006f1fd36b1e41
SHA256 6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9
SHA512 c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\msvcp140.dll

MD5 9dda681b0406c3575e666f52cbde4f80
SHA1 1951c5b2c689534cdc2fbfbc14abbf9600a66086
SHA256 1ecd899f18b58a7915069e17582b8bf9f491a907c3fdf22b1ba1cbb2727b69b3
SHA512 753d0af201d5c91b50e7d1ed54f44ee3c336f8124ba7a5e86b53836df520eb2733b725b877f83fda6a9a7768379b5f6fafa0bd3890766b4188ebd337272e9512

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\mozMapi32.dll

MD5 34dfca3c89446b65f5447c3913a2b8cd
SHA1 88d45e0d81cd6d49c93ec562593080dabb0cfe74
SHA256 25d2151b6b7f7c607a7d27a835b66cfa019d52bd7c9950735ddd3920a18fa415
SHA512 391425f0940d97a9dfd09d40d492eb70b699fdd8c3afb00556556d871cea96ff593540033b771cb73a7b14707bf871298e6a2ce011e2d249fdf2ddc9c30c7593

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\mozglue.dll

MD5 462af8b1b8fd8f953997ed0e8aa06ccd
SHA1 4649f6b9e21d2026a67ab803d7468d217bdf7f5c
SHA256 b46856e7117b701e69b7602ea02a0a6827142f3da1e3baef9e266d4e00c2e41f
SHA512 4d8cf3e4e243c74bb90998bc4ce3afa791c0cd12591a4cdfd034a287c810196f55905063bb8f3104ef50d4683cb79f7c166582cda7c284a88f5765b2ebf75223

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\minidump-analyzer.exe

MD5 9f047d81791724bff99ecce3198424d0
SHA1 1f509ef9dd4bc4b9c713729c909a7cb364a4cd68
SHA256 68a23a0a16b4303449bea11d6b0224c3826a62083fc03706d4b8278e03fa0038
SHA512 b6eb9aee203e32748b0e09a48edb58e00beb35119698a6ff57d18511c377425d1207c31089c55e1e2056b32c66786e1f57afc2e40dd9b0ba2b59093073c9ca89

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\MapiProxy.dll

MD5 ae15d26ba4dc3bc645bc7529f6182913
SHA1 c8466c0de5f4c497f856ae20d202a5327054fd00
SHA256 0e086d0302834a144d7d68104cfc245b6d8d8af5c7016c7109c485ec97613298
SHA512 bfdc2b77e6aa197cb9af64780a686452cbcaef077c9a2d740d072d84f31335b79fc07c9fa72b98df4fcb78810503fd083f5c4ad620be4cf83872fd93217ecf8d

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\maintenanceservice_installer.exe

MD5 76cf7c92d543bc03a9f0d8f735c67e50
SHA1 e2436909c176e62372ede88b9eac8ca97cb2215c
SHA256 399b4707ac81bcb1d356a9e0ed8199152928b79efdfad3a21dfb6f5bbc0880d6
SHA512 a1276eabf35a37b3ac7c6dbe015f720a9df4f243d44fcf776907c5fe868e683eafc07d53097d2609b696bbba6e73a0b9efc827a65b384a353bed1d039a0718e3

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\libssp-0.dll

MD5 116095ff6face2bb1a8b3bef70f8cc79
SHA1 c4013495c0c3ae61ba10c3bee3a57281042863bb
SHA256 362789df92aaf0416944a6281f9f1ef656db69597d740bad2abac797c425bf52
SHA512 eea1807b80743e9312dfd951ee02748a6d3e848f64d624db29e5fa48278f89ab7391f55ac1fbfebb346d0111716fb0ecf838fac32888867fe9620b69bc75bad1

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\libotr-5.dll

MD5 9227885bae7ff8f5726a605f20d29b1a
SHA1 907d21a475a0a7cc64a935c0e2e8b9817ead4948
SHA256 24c12e54494f7e9cfd6da08f8875a821e654b3520a7036477d213a42d9650123
SHA512 f34aa6f0610728ff717519b0af33b27a6b56ee2b971cfc1f2c52dc03738b36d5efd1111e9410187cd2e7efe93ea028814e9b0231fb53a9a8e91f14462402651f

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\libgpg-error-0.dll

MD5 fda4b549ed1d9f8dd8c90ff21d9eb356
SHA1 defbf16694dbdeddffeb8494dc2c9bb8258d41dc
SHA256 b765ebd0803fb1209977b4463eb8c80c9006dfba77f6ae28a440331ca3b547b9
SHA512 50bf1628f1bcb2ca7c196f4636916aec5cf874295234d9ea2a227d3182a74d9b7e5ec66a3aa6f3bc76c3069cfed5e1a84f9433a545b1e9dc0adeebc3bc1903a2

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\libGLESv2.dll

MD5 aba2fef262edfbf5225c50c14bce9a3e
SHA1 9a73a9903a94d05e501c72b22dc3d0a75d44ae8d
SHA256 456b20a293e212569e87edabb443791cddbb4d815bb3b38fd8b8154a77119103
SHA512 8f0b69c420ae03803517f3367e74f7ad8dbece131c71dffc9cd47a39e249e466a1e98e131b3053989439d4f2e24b12e317e184276e6aca77c2095dbf4c5c0e7f

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\libgcrypt-20.dll

MD5 c1f3bfd298857a0d6126963c563d0c6a
SHA1 f220ab8a7861b34548b3cf448a010c48f62aeaed
SHA256 5156212a9f3bcccc6dcb7480d842bfc7330953f5866511497033d9daac941202
SHA512 198ca8632304d753c5ffbe5bfe1f8ed8656df8a6e35b2850cf25e6ce9fb2adbe7f3255c4e24a0ec5be7a5a05e2529a61a2b0bd553883bc954515bd76121b7003

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\libEGL.dll

MD5 32c958ad0f71549a35c7552778a4cbc0
SHA1 5b8a3cfa452ac7c04e3278172c0d79cffa85af94
SHA256 6e4adf24888b346e43ffa834a31ac0333bbbd3d15c0f892ddf88b00475b8542e
SHA512 87730cf4fb0e86bbe183eb99cc13a8e7e1f755bf3971854c0d28222939ea682735720730538b64fcd2511bb3c1758a2e3b673779afbcc2d2eaa2953961f7b41f

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\lgpllibs.dll

MD5 331fedd943660dc31bd188a1c77cdd8d
SHA1 fc086979ee1b2246cd7aceb042d9bcb330ba928a
SHA256 5bcc6af85b85bc4c993e038a46aa45e516831f43e01a5d9efce7ade9aeb1c608
SHA512 59aa264e4b6f6e654a31fa3949c9ce6b18e00f243427e0b47fd02c7bad4b1e34ef58ac7d431d965c69fab0693530995744ba795e30e50b37bb766d09bdd36f38

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\ldif60.dll

MD5 fcc0b884f31b1822e182634ae795da70
SHA1 db9b62ff413ca18d5440a70a9f928feb7705c837
SHA256 4736f397b6c011a0415c57872ae0827327540e7b162933c0b0c742d8e6a379b7
SHA512 6597a58d7be90cd7646cc4181084f705b2d2f65150b71a7daddb67f3d70ffaa048b1477f197dc228442241acb04174126fc7a15b28cdee569dc2aabfe20ab026

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\IA2Marshal.dll

MD5 36daa7fec3c5377bdaa8a89bcb4ef3a8
SHA1 ce052056a951237f5bea8b4febd0643663396656
SHA256 bbb07998d52acc1dfd54be06fb946ed8507c735c853a42fb7d74690e5ef1d581
SHA512 8bc9a62da2a583becf12429e7c2c573b09aa1b80db98a06f3b481cb463e3c4f8514c9852d4c60c54e5bd084879445bc82120cb5231e7a15d60364d35c071f9d3

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\dependentlibs.list

MD5 1cc4c3aaf44ad24e79150444808372f0
SHA1 896cdbf0bca1662994ee485928d6b048994c75dd
SHA256 820b9eaf5177ebf7ecd00b4bf025a63c1db3d46be2198216337b723720af2a98
SHA512 589245bf09907d5cd6614563367036f6423949a122e44dc7b869ce62f7c7aa027986f3f26d2908a7486820e2349fc15b0079fc73d2fed09fc67a58354448e407

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\freebl3.dll

MD5 c74c969b7eee371689d96a890433f641
SHA1 0ec6c85a968bd697d4cd7bf4a18808a63ced3cf2
SHA256 d3a1f094389a0ee810cb8112c1a95e43193f12c0521feaa753785a00e0c6520f
SHA512 a4919ac4fca0b4c3c8c4383ce1b832c794777cc3bdb2f0dfd5987646ecde95008f722fde40390e5cd024a8ff09f13c6ed75ec4103cdece4c066022f402bd7c2e

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\maintenanceservice.exe

MD5 3353ca24c4a721bccb6c070f9d7599af
SHA1 4a6edc571c685cf60b0ca022e30e102e913226d0
SHA256 8e1ed0fabbd038d62dbcb96adf5a950a1ebcdbc8de5aeb9b0c4e85292ccfade1
SHA512 02a8f6be57222f6dd10a5d9c0d214f6102c0ac40b961e801ee9daf2a9cbe74b5c13b5a56157086a4b6479382592a2f5b1c8671f67efff4d263f773d8930098e5

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\crashreporter.ini

MD5 d978dfe794f8a91ed58193e88721fbd2
SHA1 ec17d4e5d016cc8e1909b9413ab97ece59f50fec
SHA256 149c7e58a70a5446c4b42f3946f558a4897f2e4fea86791c664892d60d028b1e
SHA512 5acaed4276e936a1046aa9d202709f9a1c5a2e084e4ca7f1ef58a938d704a98afeceb6573c8e2b8a82edcde47f0a279cc928c8e60a0417eb50e0de75e06eb5de

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\crashreporter.exe

MD5 61b7c8f1e1cc4252727f6c9c2c3e869b
SHA1 cb6fb9a570f013c3ea2bd8b4fbaf99e42aea129e
SHA256 3183fe859c86383dcc55ea97f6dd72ad06bad2c32131f5edd338d39b4f4f719b
SHA512 de9457f518fd7ea21dbf7d76a6f0444621b3916f7f20b4b547999d16f25709a8a8aac7e5a94eaa807d0def7114ec71f6bcc2219f3fa7cfcfda8d0c145bbac405

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\breakpadinjector.dll

MD5 2954a6a363cf52a264d8fde8886d96b7
SHA1 1df08347b29cb96cf26b8e4bb13b48a57e2b073a
SHA256 532673d7c6fd711c1525903758f842aaa24a98c042dbaf3d07cc2844a475179c
SHA512 baec899ac90732bf1d432ff50b0c77c3666bedeb77ca0d57db628b64cf0f538a6054e81568924cbe0fbb08162f0743b1d33db555c7a2ba2298852ea265644149

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\application.ini

MD5 2b35c983971be1d2dd77fbe390e7ffd7
SHA1 15bb0e0a784fbc2762980bef821dfaf807bc59df
SHA256 f0634fd94d445f944d8846867e84f57030acc7a46513e7cd9ac14eae81fb3e96
SHA512 2818e7b8dafa369d0582a02d3d0fd7367888d3787e2637428e6c92a850ba3e684a67c146b328a71406566bc6ec7723d042c9c862766d70f0c74c6f6f50bd7516

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-utility-l1-1-0.dll

MD5 70e9104e743069b573ca12a3cd87ec33
SHA1 4290755b6a49212b2e969200e7a088d1713b84a2
SHA256 7e6b33a4c0c84f18f2be294ec63212245af4fd8354636804ffe5ee9a0d526d95
SHA512 e979f28451d271f405b780fc2025707c8a29dcb4c28980ca42e33d4033666de0e4a4644defec6c1d5d4bdd3c73d405fafcffe3320c60134681f62805c965bfd9

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-time-l1-1-0.dll

MD5 9b79fda359a269c63dcac69b2c81caa4
SHA1 a38c81b7a2ec158dfcfeb72cb7c04b3eb3ccc0fb
SHA256 4d0f0ea6e8478132892f9e674e27e2bc346622fc8989c704e5b2299a18c1d138
SHA512 e69d275c5ec5eae5c95b0596f0cc681b7d287b3e2f9c78a9b5e658949e6244f754f96ad7d40214d22ed28d64e4e8bd507363cdf99999fea93cfe319078c1f541

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-string-l1-1-0.dll

MD5 ad99c2362f64cde7756b16f9a016a60f
SHA1 07c9a78ee658bfa81db61dab039cffc9145cc6cb
SHA256 73ab2161a7700835b2a15b7487045a695706cc18bcee283b114042570bb9c0aa
SHA512 9c72f239adda1de11b4ad7028f3c897c93859ef277658aeaa141f09b7ddfe788d657b9cb1e2648971ecd5d27b99166283110ccba437d461003dbb9f6885451f7

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-stdio-l1-1-0.dll

MD5 d5166ab3034f0e1aa679bfa1907e5844
SHA1 851dd640cb34177c43b5f47b218a686c09fa6b4c
SHA256 7bcab4ca00fb1f85fea29dd3375f709317b984a6f3b9ba12b8cf1952f97beee5
SHA512 8f2d7442191de22457c1b8402faad594af2fe0c38280aaafc876c797ca79f7f4b6860e557e37c3dbe084fe7262a85c358e3eeaf91e16855a91b7535cb0ac832e

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-runtime-l1-1-0.dll

MD5 fb0ca6cbfff46be87ad729a1c4fde138
SHA1 2c302d1c535d5c40f31c3a75393118b40e1b2af9
SHA256 1ee8e99190cc31b104fb75e66928b8c73138902fefedbcfb54c409df50a364df
SHA512 99144c67c33e89b8283c5b39b8bf68d55638daa6acc2715a2ac8c5dba4170dd12299d3a2dffb39ae38ef0872c2c68a64d7cdc6ceba5e660a53942761cb9eca83

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-process-l1-1-0.dll

MD5 9d3d6f938c8672a12aea03f85d5330de
SHA1 6a7d6e84527eaf54d6f78dd1a5f20503e766a66c
SHA256 707c9a384440d0b2d067fc0335273f8851b02c3114842e17df9c54127910d7fb
SHA512 0e1681b16cd9af116bcc5c6b4284c1203b33febb197d1d4ab8a649962c0e807af9258bde91c86727910624196948e976741411843dd841616337ea93a27de7cb

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-private-l1-1-0.dll

MD5 3d139f57ed79d2c788e422ca26950446
SHA1 788e4fb5d1f46b0f1802761d0ae3addb8611c238
SHA256 dc25a882ac454a0071e4815b0e939dc161ba73b5c207b84afd96203c343b99c7
SHA512 12ed9216f44aa5f245c707fe39aed08dc18ea675f5a707098f1a1da42b348a649846bc919fd318de7954ea9097c01f22be76a5d85d664ef030381e7759840765

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 19d7f2d6424c98c45702489a375d9e17
SHA1 310bc4ed49492383e7c669ac9145bda2956c7564
SHA256 a6b83b764555d517216e0e34c4945f7a7501c1b7a25308d8f85551fe353f9c15
SHA512 01c09edef90c60c9e6cdabff918f15afc9b728d6671947898ce8848e3d102f300f3fb4246af0ac9c6f57b3b85b24832d7b40452358636125b61eb89567d3b17e

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-math-l1-1-0.dll

MD5 8da414c3524a869e5679c0678d1640c1
SHA1 60cf28792c68e9894878c31b323e68feb4676865
SHA256 39723e61c98703034b264b97ee0fe12e696c6560483d799020f9847d8a952672
SHA512 6ef3f81206e7d4dca5b3c1fafc9aa2328b717e61ee0acce30dfb15ad0fe3cb59b2bd61f92bf6046c0aae01445896dcb1485ad8be86629d22c3301a1b5f4f2cfa

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-locale-l1-1-0.dll

MD5 034379bcea45eb99db8cdfeacbc5e281
SHA1 bbf93d82e7e306e827efeb9612e8eab2b760e2b7
SHA256 8b543b1bb241f5b773eb76f652dad7b12e3e4a09230f2e804cd6b0622e8baf65
SHA512 7ea6efb75b0c59d3120d5b13da139042726a06d105c924095ed252f39ac19e11e8a5c6bb1c45fa7519c0163716745d03fb9daaaca50139a115235ab2815cc256

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-heap-l1-1-0.dll

MD5 1776a2b85378b27825cf5e5a3a132d9a
SHA1 626f0e7f2f18f31ec304fe7a7af1a87cbbebb1df
SHA256 675b1b82dd485cc8c8a099272db9241d0d2a7f45424901f35231b79186ec47ee
SHA512 541a5dd997fc5fec31c17b4f95f03c3a52e106d6fb590cb46bdf5adad23ed4a895853768229f3fbb9049f614d9bae031e6c43cec43fb38c89f13163721bb8348

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 228c6bbe1bce84315e4927392a3baee5
SHA1 ba274aa567ad1ec663a2f9284af2e3cb232698fb
SHA256 ac0cec8644340125507dd0bc9a90b1853a2d194eb60a049237fb5e752d349065
SHA512 37a60cce69e81f68ef62c58bba8f2843e99e8ba1b87df9a5b561d358309e672ae5e3434a10a3dde01ae624d1638da226d42c64316f72f3d63b08015b43c56cab

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-environment-l1-1-0.dll

MD5 39325e5f023eb564c87d30f7e06dff23
SHA1 03dd79a7fbe3de1a29359b94ba2d554776bdd3fe
SHA256 56d8b7ee7619579a3c648eb130c9354ba1ba5b33a07a4f350370ee7b3653749a
SHA512 087b9dcb744ad7d330bacb9bda9c1a1df28ebb9327de0c5dc618e79929fd33d1b1ff0e1ef4c08f8b3ea8118b968a89f44fe651c66cba4ecbb3216cd4bcce3085

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-convert-l1-1-0.dll

MD5 9ddea3cc96e0fdd3443cc60d649931b3
SHA1 af3cb7036318a8427f20b8561079e279119dca0e
SHA256 b7c3ebc36c84630a52d23d1c0e79d61012dfa44cdebdf039af31ec9e322845a5
SHA512 1427193b31b64715f5712db9c431593bdc56ef512fe353147ddb7544c1c39ded4371cd72055d82818e965aff0441b7cbe0b811d828efb0ece28471716659e162

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-crt-conio-l1-1-0.dll

MD5 a668c5ee307457729203ae00edebb6b3
SHA1 2114d84cf3ec576785ebbe6b2184b0d634b86d71
SHA256 a95b1af74623d6d5d892760166b9bfac8926929571301921f1e62458e6d1a503
SHA512 73dc1a1c2ceb98ca6d9ddc7611fc44753184be00cfba07c4947d675f0b154a09e6013e1ef54ac7576e661fc51b4bc54fdd96a0c046ab4ee58282e711b1854730

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-core-timezone-l1-1-0.dll

MD5 c9a55de62e53d747c5a7fddedef874f9
SHA1 c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad
SHA256 b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b
SHA512 adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-core-synch-l1-2-0.dll

MD5 6e704280d632c2f8f2cadefcae25ad85
SHA1 699c5a1c553d64d7ff3cf4fe57da72bb151caede
SHA256 758a2f9ef6908b51745db50d89610fe1de921d93b2dbea919bfdba813d5d8893
SHA512 ade85a6cd05128536996705fd60c73f04bab808dafb5d8a93c45b2ee6237b6b4ddb087f1a009a9d289c868c98e61be49259157f5161feccf9f572fd306b460e6

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-core-processthreads-l1-1-1.dll

MD5 95c5b49af7f2c7d3cd0bc14b1e9efacb
SHA1 c400205c81140e60dffa8811c1906ce87c58971e
SHA256 ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1
SHA512 f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-core-localization-l1-2-0.dll

MD5 23bd405a6cfd1e38c74c5150eec28d0a
SHA1 1d3be98e7dfe565e297e837a7085731ecd368c7b
SHA256 a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41
SHA512 c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-core-file-l2-1-0.dll

MD5 3f224766fe9b090333fdb43d5a22f9ea
SHA1 548d1bb707ae7a3dfccc0c2d99908561a305f57b
SHA256 ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357
SHA512 c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\api-ms-win-core-file-l1-2-0.dll

MD5 79ee4a2fcbe24e9a65106de834ccda4a
SHA1 fd1ba674371af7116ea06ad42886185f98ba137b
SHA256 9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613
SHA512 6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

C:\Users\Admin\AppData\Local\Temp\7zS80C2F3F6\core\AccessibleHandler.dll

MD5 8c54f8846beb3bf1544ac3768769b0cc
SHA1 4f83b8f9bce02a122780a1fbc1456596f29501cb
SHA256 6e9c187ae7f91c57e2a1c1e597c47ad5e558d1a6859ecd5758c6cb8f0d3242ab
SHA512 14b90d708ab21f89deafdccd8aedeefb67d719b0c13151710d9710f39cecdeac2ad8db6100f440fdd571d51cae69c67832b40fe919820d717611f538df8dec05

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\options.ini

MD5 30ff25b7ed8c989bc38d6b22f84dba80
SHA1 90419aaaca544758340ac0130555c85f9bd63e62
SHA256 c5bfc555f5755d4fb463d1d17a3f7d1e34478eac6f4081443b9dc66ab50d6b5f
SHA512 fdbd6be77802063d379e2f68d88cb8c80658fd1174316be355daccb32617cd680239296dd628faf6d5442161a50e083649a8c121b443928d748fd50cca33461e

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\ServicesHelper.dll

MD5 d0b5c37ca029913314dfc21924423c6f
SHA1 864d2de00539e6a3230febddeecda121d0e27051
SHA256 6d2f1df00e70097a667f6020205bbfea67a4fd5e0c244f0400752b4671c0a3f3
SHA512 674133a7cf776dfc9b623d2585ee1b29b92ab0a3f448e8e8406f8dee47a4a58f6d78c628434eed692d29a190e1547a1d09795d4044d021583cf83d9496210000

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\summary.ini

MD5 e42cbc4c3c67c87ca32906a677ab59d8
SHA1 a1faeb2b2b8c846458537d88043a7134725b428d
SHA256 56bc5e6c92805ff5aaf58e5c8b522679ca5ac9ff607395c7d17c5db7f050bece
SHA512 f87353ae44307e8bb5398c44e10a627d9aa28e3c2be5fc293bb933c9f57af853bc032a22a28cd7ec33877d4aac9463891345759039475189a603d43af092cace

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\summary.ini

MD5 9d83c300e8e3832e3e86a952215bb4d9
SHA1 a5f668aeab583315b951c0734d3a3e66b283a655
SHA256 35a9d136bd1994eb14b34e07d534881228064de4e6b8834ab6a2c4622311d927
SHA512 0a070d4caec04962a98870b4b36016ed0026c4b71ad43f8fa452cd9589a32d4d468990aa196711b5f19b20fab6fa0d06370d570fe3a011bc526bd4b026979357

memory/2892-799-0x0000000000590000-0x000000000059F000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\CityHash.dll

MD5 737379945745bb94f8a0dadcc18cad8d
SHA1 6a1f497b4dc007f5935b66ec83b00e5a394332c6
SHA256 d3d7b3d7a7941d66c7f75257be90b12ac76f787af42cd58f019ce0280972598a
SHA512 c4a43b3ca42483cbd117758791d4333ddf38fa45eb3377f7b71ce74ec6e4d8b5ef2bfbe48c249d4eaf57ab929f4301138e53c79e0fa4be94dcbcd69c8046bc22

C:\Program Files (x86)\Mozilla Thunderbird\META-INF\cose.manifest

MD5 fb1ddebe3963d9c3647db3e3b789b369
SHA1 ff2818ffdc8b3fdcbc991a7c3e454e6efd76a724
SHA256 2a1ca7f04430aa3bc9b80494bedc4c4c78cd9facaa7bc8a6d0bd8ffcc507126f
SHA512 47e4fa6df743ec77feb0349b81589891f764b1fb2b68be78acdc5add67d0ddf511fc6dc9a589fd1ecedd7315bfdc508126ea85b3f9e5400fb87229a9c5f7a466

C:\Program Files (x86)\Mozilla Thunderbird\MapiProxy_InUse.dll

MD5 ae15d26ba4dc3bc645bc7529f6182913
SHA1 c8466c0de5f4c497f856ae20d202a5327054fd00
SHA256 0e086d0302834a144d7d68104cfc245b6d8d8af5c7016c7109c485ec97613298
SHA512 bfdc2b77e6aa197cb9af64780a686452cbcaef077c9a2d740d072d84f31335b79fc07c9fa72b98df4fcb78810503fd083f5c4ad620be4cf83872fd93217ecf8d

C:\Program Files (x86)\Mozilla Thunderbird\mozMapi32_InUse.dll

MD5 34dfca3c89446b65f5447c3913a2b8cd
SHA1 88d45e0d81cd6d49c93ec562593080dabb0cfe74
SHA256 25d2151b6b7f7c607a7d27a835b66cfa019d52bd7c9950735ddd3920a18fa415
SHA512 391425f0940d97a9dfd09d40d492eb70b699fdd8c3afb00556556d871cea96ff593540033b771cb73a7b14707bf871298e6a2ce011e2d249fdf2ddc9c30c7593

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\AccessControl.dll

MD5 c65ca3d8f5ba6ccd4a8aed940418cb6b
SHA1 320d7dcc679bc010f4b57adfe64ac4f414a3ab2a
SHA256 efa1551cd9e8f470c680671d2a3c45060b95c28570efa8bee05c28aff2920525
SHA512 2693504a6fe792a8495e8b67f8c6692e25b0f6e482523d44042f96ec8ef4b989ef6fbdd4c77cdae427ad02e77bc910e57698984efa1ff9298b127f7baa17389f

C:\Program Files (x86)\Mozilla Thunderbird\Accessible.tlb

MD5 e49aeb412aab7c49a27e6feaa0ca40ce
SHA1 6a2f6ea9facc48a3f736e03fda2c1ce44b744af3
SHA256 754fd922f8c93b66f723c30d39083a6a1fe33fa4b6439d55ad2459be40c3151e
SHA512 8c3f957d032fa8edb523cd3f473a57e2cc020c9e6e33aea183cad8b435777660f4c7e87ba62c67bbb1aef726d109f0f34b2d86c159ca9bd98bfad43c89af7ad2

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-file-l1-2-0.dll

MD5 79ee4a2fcbe24e9a65106de834ccda4a
SHA1 fd1ba674371af7116ea06ad42886185f98ba137b
SHA256 9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613
SHA512 6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-file-l2-1-0.dll

MD5 3f224766fe9b090333fdb43d5a22f9ea
SHA1 548d1bb707ae7a3dfccc0c2d99908561a305f57b
SHA256 ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357
SHA512 c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice.exe

MD5 3353ca24c4a721bccb6c070f9d7599af
SHA1 4a6edc571c685cf60b0ca022e30e102e913226d0
SHA256 8e1ed0fabbd038d62dbcb96adf5a950a1ebcdbc8de5aeb9b0c4e85292ccfade1
SHA512 02a8f6be57222f6dd10a5d9c0d214f6102c0ac40b961e801ee9daf2a9cbe74b5c13b5a56157086a4b6479382592a2f5b1c8671f67efff4d263f773d8930098e5

C:\Program Files (x86)\Mozilla Thunderbird\xul.dll

MD5 2bc7d3bb5089aefd12248b9cfe0f225c
SHA1 378c158e17ee3f4139fc54bb29dc1f7dec2848d7
SHA256 de5c388541ae1e3afac5aaf622d5d956bbb199b425470c2582b5c57f8cbf6b9d
SHA512 9bfd6b58c86896e87c3e7bd11a332ca8cf78ee9933958dfcb0a39fd03dfdec54e0a386bafe51295ac1c1401a8cd8517b52b116212baa539167ec8e353af8f4a9

C:\Program Files (x86)\Mozilla Thunderbird\VisualElements\VisualElements_70.png

MD5 68316322059ea5caa384ccd06f31cff7
SHA1 c56a909c97d8ec33de88cc51a48fe10547187302
SHA256 738839ba65f3fa742d77bb9f3f8202ba59814c6b2fda3f42f61e28846c89fff7
SHA512 1b6c6cda5a0ef00f420212b632fe61a701ab06b97f07a6bd1473629a5882824a5b432057529d76274d5a708172ea3e10256ca2d88483c351ffb8e3b251fa82ae

C:\Program Files (x86)\Mozilla Thunderbird\META-INF\cose.sig

MD5 f16e0522c1c41e638875e2a9afa13471
SHA1 b70f3be7eae42c1eb6f03eed04cdd2699e362942
SHA256 d86cdd8d6ed8917a5deed32eb459346348f8e381363e4725affda03a8ac023dc
SHA512 0d6e2847c196399f3ddd50d4b3b70c22e5293d392133bace99f0128b8f19f19d72e3fe99717afb36d70e3a017e8efa94be98376141bac0ba474846c45a02fda3

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\nsExec.dll

MD5 b55f7f1b17c39018910c23108f929082
SHA1 1601f1cc0d0d6bcf35799b7cd15550cd01556172
SHA256 c4c6fe032f3cd8b31528d7b99661f85ee22cb78746aee98ec568431d4f5043f7
SHA512 d652f2b09396ef7b9181996c4700b25840ceaa6c1c10080a55ce3db4c25d8d85f00a21e747f9d14a3374be4cdd4ea829a18d7de9b27b13b5e304447f3e9268fa

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\UserInfo.dll

MD5 1b446b36f5b4022d50ffdc0cf567b24a
SHA1 d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9
SHA256 2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922
SHA512 04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

C:\Users\Admin\AppData\Local\Temp\nsd8038.tmp\System.dll

MD5 17ed1c86bd67e78ade4712be48a7d2bd
SHA1 1cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256 bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA512 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\msgcomposeWindow.ico

MD5 ee6ec0d1d7e1af12ad5452a2df1e94eb
SHA1 f99820f7bd51820d359d2d7bdb01db7c8c84701b
SHA256 217fb96c3950656d0068b88dd0edabbb6d0875e9ba8324c020dc14f0f5530c4e
SHA512 06267f68b0f86983622d3e009bd7743e61e3f9423136b521290a159cae56b9e0b365f09fb6f33d80d2d53f25ea88e91117ac2200bddbe1c49ed74016a1eef39f

C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\messengerWindow.ico

MD5 e594f47d5f59ae345b976f2372f375b2
SHA1 ea80facef279bf3a342f84428b1bcea7b9b96f9a
SHA256 cba012a2d14628d6ab6309b63ac1d797d6d39d81c5cf84238c5aedd0e775ba7d
SHA512 302c8b110ba3596853a4f81dd30a2c9333e08643d8170524b4ec0e59d15fe67dd73cd37c505093e063874e98c054328bb3918014fa2991a06a0f2da246e5e202

C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\calendar-task-summary-dialog.ico

MD5 5c299b229f4a43bb4f8e04e9d641f547
SHA1 f03a261b4351d7a41a6c96ead3c31ea0d33736b2
SHA256 1e02a15f64abf707fc9b907909aac2965547f4ee3334542353cc8164f206f22c
SHA512 4bf95a0defcba679897cae47d21eadb5982714849a830e2300fff72932d184b2e341881e5ad26b7798baea91af5b26410123a81cd42fb43e89e92c62de2744e7

C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\calendar-task-dialog.ico

MD5 c23c38970fca45acbfb6cbd51b6db833
SHA1 50d17d4c0d371d0aa3c6950094effd9602ce0a00
SHA256 45db2ab7464583847a5754d4821b45e7eaaf70f4a6e27dc92e8a3dad2a962faa
SHA512 47dd4eaa106536e775981b724ee6fc35800221ab9476bcff2495186caf236c5c601dbae88ed25e63dea7987e1b0fb300ba2507416704e5a5dcc4f074b27bd85e

C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\calendar-event-summary-dialog.ico

MD5 2437e9d55c605ce9557536a84ec02d5d
SHA1 ec0486bb289538b64f94c3739109c1a34e99854b
SHA256 8c6d31dd7e724926b67bb092cd850f1a2eb715ef405b67f1d5af767caaaf1e41
SHA512 a11e50e65c18c22600dbba4bcb3a9ab6a968f12aae7e0d0da77b350da6f31343bd650390771a7bcb0743e5abec12c36e6266d29c142bd98451f17c5bb9b2fc23

C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\calendar-event-dialog.ico

MD5 fe5c8abce03d08a18bc0b580c2036ed4
SHA1 92b2f6633a6e276050fbd1b12bf8caef2c12a916
SHA256 e9dd762686e50d1184d2f2938561f59e92ce3db7460b287162e9a3f930d4c804
SHA512 c5b9bbbde4385dc018990c85a1e38e8e25acaae5ced385bbb5a0dd18472e97fd13711474b04bef0291ed05c07030d92debe67362e5ee838cf4b4ceb799d637e5

C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\calendar-alarm-dialog.ico

MD5 435925035f7c7cf9d68d4e59afee5447
SHA1 0e83edf7f59f8dc77a7a91c687dd11a99052f930
SHA256 bf799ba121fb55aac000ec8bcecfb220d2110ef87e04f9fe674999e0e0adbeda
SHA512 df895c56a2495ca4dd558ebf65b8045d925280518b54859def5f67b296cdbd0a6e08ea42893a5b5cbbf05dd8ee21a0d63d48f1c23f432780d17632f36a32a652

C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\addressbookWindow.ico

MD5 9f7573dfec87deae9d354b9969f9512b
SHA1 3cb338ad9d6346c0410d9a0bef0c163656ecc046
SHA256 84c0daf6438823738ee4c0adfe9302c93decdb9caeb5fa16025556e398a20d72
SHA512 dfafb49d1dc1067391db962f2b5be74b2a0c4aff2405b81d3c4b170bb78909d04705f096184bf50fb5ea01beb39a0eaf67cde387b73b04709bfaacf9cf38459e

C:\Program Files (x86)\Mozilla Thunderbird\chrome\icons\default\abcardWindow.ico

MD5 b41adc3dbdc37a531eb9b8ed04819d06
SHA1 6f203e132f3e147378ce586e2abc5cac6fa3f306
SHA256 6b6d01535492a7bc2c8fc5ed9661bda1ff83903395756835c67ec97c4fa68c10
SHA512 acdae2d68ff6f987c000bb77037ff500856ab0973d5e67e3453073954086b0442657c982c8c812175440c66f7ca90f1789e93ce7150b2a2b61ce16b92731abac

C:\Program Files (x86)\Mozilla Thunderbird\defaults\messenger\mailViews.dat

MD5 79fc655e9dd95c30ae52cc230c5aaa30
SHA1 ed362ea0f1165c52e957abe3fbdb856437a4fba7
SHA256 3b938b5f0466e454f60245286ebc78237cb050af69eb0ca43421f8b8264573e1
SHA512 aa574c558722c04fbe051a30d76e8f4afd4a98d96ced169f604ca0909d8fad1fb69fa5cc27cf038fe5f703976109fdab332360473884ba414cbc61cc6cb86d97

C:\Program Files (x86)\Mozilla Thunderbird\defaults\pref\channel-prefs.js

MD5 c13b7ffae99396fdbcba2f8eb6c90826
SHA1 26cddfcf6ee1d7231749df6d86f3d82ce49cdd21
SHA256 f2d608eafcddee87986419d5f987490efcfbe83f53cb300a67ba28085f625e08
SHA512 a6ce770b66e08ac417c550a062aacec9f195d6347ed56a7686096a3f819f0eac31e59c61005233357cfb9ad82b038699c3426635a7c9c431604e43c5fe0b2a21

C:\Program Files (x86)\Mozilla Thunderbird\features\[email protected]

MD5 2dee723f5d305945e57f21369b28e80f
SHA1 a2d379848f316ec08446b3c8ede93b42917bc6d1
SHA256 751553e9a8cdbe8a46bdf0a2fc2794ceb83c1d9d55ba38e700b8eac93118e2d1
SHA512 ac9e748fae6e9d9668990bf31247c26999eb96e6da43aeda840118d9675655e94fd01ce903569309d540274dba2c5162b654cfff4b9e42db948b77655b89076c

C:\Program Files (x86)\Mozilla Thunderbird\fonts\TwemojiMozilla.ttf

MD5 84f66d1842d3187d6803242430d4f9f3
SHA1 4bf59e07298f03d90bbcd6257c9810c2c4d7b72e
SHA256 860b69e096e5805015cf5b5d64e4ece06c5b987dc05da1f97835c79d9cc79b10
SHA512 5524850540279ae84139e973dfb2e5e64f50a20e146ee16a735c2d43e36cae2f36bd96e8ed807362bf47f8b237c866e215f6b33ede35df1b1914714ec746fc3b

C:\Program Files (x86)\Mozilla Thunderbird\isp\SpamPal.sfd

MD5 4cd97ba7fb432a8a6583fd259faa69fc
SHA1 25220e8832c12c5f67e53ce3bf7544045946dd9b
SHA256 7c6428ec5dc902248af764d91a14d19de1853aaba33a57351bbdee888942a7b5
SHA512 a4d9708a820f8bc2eac797ec0c1636459ff1736d547a949e034258fb154ba6491e795b72ab357f7d9cf046ecf1e0c718c3335536459144a397d942a64de1b76c

C:\Program Files (x86)\Mozilla Thunderbird\isp\SpamAssassin.sfd

MD5 d702f739503ea83c2792559cb8cea457
SHA1 97cc1985fdff4c7e029b0744622bacf194deac9b
SHA256 9c1b5f8e46a9075bf72ba5118eaf8c1951eb7fcd5ea87dbbe2f9851a52fee11e
SHA512 f7e23cd32876d66fb31982b3dea63ba58873d7c0245c70bc3ee87a99f05886a2c9b02563daf6da851812232c717d432fad4ca75df8104d1adb305874a69590d2

C:\Program Files (x86)\Mozilla Thunderbird\isp\POPFile.sfd

MD5 64efed37eaa1ac3d3eb12c0819eb7011
SHA1 4a6164a01ba2a2fe20ab1f3eaa2804463e98250a
SHA256 6998ff81663dae5c04a0d4ff8405d3147173413c4ea3cf2b3dc7e64c2be178f9
SHA512 22bc653debfafb751adb5550103aac0e5be4d12309fc0269948ddd598276db9926c5fe1adcc14b1b3d77b94652721ab5d05407614ae2c5e5b057e2a995fd08c3

C:\Program Files (x86)\Mozilla Thunderbird\isp\DSPAM.sfd

MD5 fa1272eabbb39c80fe8cd572925b8081
SHA1 7bf36ed101b58dd4387863fe9bf2615dafa68822
SHA256 4e451da538b546d2dcfc10733146ae4146b642b4032eb95bb8981b25ee0aa787
SHA512 4f4c2197bc46634dfe88ab72fcb97d3990c03bafeb32576ee85635e8a52033dc413ebcc56c92e779577de45a0cbd5d9aa2b7f4dad932b91d105edee4204f201d

C:\Program Files (x86)\Mozilla Thunderbird\isp\Bogofilter.sfd

MD5 dc606c4d92118f592fd3b2f2946d84b1
SHA1 2fc501f643613b54278aaf434249936fd9eefe6f
SHA256 77b87415f0203270cda81ea8d65fe8a2c0fd17e6c2f8ddbdfac6c1ff06045984
SHA512 f797ecdc04d3c45ca165c643e503477af5c0b2ff1bf55ce35d989005730b1280f4117377a3f987eba52836c41d13603c64a526020ce3c061d958c75cb908d9ca

C:\Program Files (x86)\Mozilla Thunderbird\META-INF\mozilla.sf

MD5 68a09adee83e90cec8e8e1962154ced6
SHA1 33f1e26b7701eed6f6b9de597d2b86d66578063c
SHA256 730a53cd1179e144638e12ea0d16fd77c751714590bc5196d5f9c2d4c7047a7f
SHA512 cc37cfcfdefb151db4433a44c21b17d7ed9fe7096cd1e909eec809ca6e424f679819ff6a90eca56616c25f33151655da627d5f8e5f8311f766b8386071fc1e2d

C:\Program Files (x86)\Mozilla Thunderbird\META-INF\mozilla.rsa

MD5 986c8fb63a6e599b5906ccf472c0ecec
SHA1 6eeb955963449ba698cd69935418683d72e2e0d5
SHA256 d7d2a37887e259afd1db92dc69a37814d8c1e0d7ab8efe21a07e7a177f537a64
SHA512 fb5aaa247a6450b03444ba86845e088da4d003c5ed8d5b0beffc8d9cbe784048c502ca1addaaa9463a240f65461bff248dc6d2ab5952675a91aadbdb0b04c783

C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe

MD5 d0c385389e3fda72188705f402d4d72e
SHA1 3d1814244755dd78a76572d5cc545e51a418b8bb
SHA256 c46cf2c745ea8b34fc0d19eedac3d450885af9edbef0a95ed118a25422a67495
SHA512 0e2d5d665bb0c3c2d085ad4d03679f8d3f82929d6202282afc4c63d7f13e46cf13992b6364c17625db610bb1d6ebaa28bc86d4da74bd3205b95d39e8812fbe10

C:\Program Files (x86)\Mozilla Thunderbird\VisualElements\VisualElements_150.png

MD5 4a3fce64866418ba5eb3c9d3cf2a8668
SHA1 1c697c652542ff09870aa80820e694fdc64598ff
SHA256 e0133aaa6b7db93c4130ead740291ba46858b6d91236c61d0f4956e265b933f3
SHA512 75bde8512d4f46f56c9aa15f55d4e05f5c07f3221403ad6136aca003481a949f30c91f58ea485b70f6bbe535adfb8cde7264f070052b27a6e2738386224036c5

C:\Program Files (x86)\Mozilla Thunderbird\WSEnable.exe

MD5 57c977aabaee19e2a288328fc4067864
SHA1 412c7151ae4323f6d1edb6d6052c9f4cea440f06
SHA256 e8800f4b0ea225aaf9912fb8e8e5bcccbc1e38d7cb36eb165f16f391e421222b
SHA512 80ff3beac5ba96a3e87c730494a35ee7d1608623398f1b1450bb1a65df8d579d2744525212a3b1b014b371bf6aec125ef24de3c18aacc534a3289b71ebcdb095

C:\Program Files (x86)\Mozilla Thunderbird\updater.ini

MD5 d1c3b07800b0cbac6253eed6e5e04dc5
SHA1 e6ecccf462a13d59cce5ef69cd28fc60e0edf4ea
SHA256 d8c6841386acd08b7b795eddb6050716762856d3f3374c2149d07870fead43ea
SHA512 02d743e9d4f9ee848e7dc32da3ebdb2667d1511b453602ee993145c056144e7a55a991cf6b78280153789af08c74ea7fc9dd625e1638da159b601263d9024583

C:\Program Files (x86)\Mozilla Thunderbird\updater.exe

MD5 4d7a4760fbc7988b002d48609699d547
SHA1 2e6995a2a7dab2a4ca320b7cbada350d8aa64e2a
SHA256 4afd698d162f57a92b544f2ce44196bb58cfcee98530c355b99f6bc087511547
SHA512 745bac3f46a39bf3971e73274934a28f982db50c12498e3c5823013d116ff3f31171934ee86e8232c9c691aaedf2dbcaad852ef741d671d02789592e3a6990b5

C:\Program Files (x86)\Mozilla Thunderbird\update-settings.ini

MD5 f792f87b62ca28cb5e81049b66583f97
SHA1 d4bfe85e8353149e981d517e970a75845c470bad
SHA256 99e82ee4b089ac404e9dfe1c2e521153b2622a50dc6e2cdd668606c1a7c3243e
SHA512 292054c0a794037efff9b52d1965f5103ec4b7bcbf28a85701d9d7981a1d57f8ea9a04b7ffe374f14207728b7243a888fec8ae6b984f02db376316eea15679c9

C:\Program Files (x86)\Mozilla Thunderbird\ucrtbase.dll

MD5 6343ff7874ba03f78bb0dfe20b45f817
SHA1 82221a9ac1c1b8006f3f5e8539e74e3308f10bcb
SHA256 6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3
SHA512 63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.VisualElementsManifest.xml

MD5 4d5f1879f229d9c0c0f1907f513ab02c
SHA1 ec58f4ccf2aa21cc7a075b720773861882186c0b
SHA256 9eefc90d6525f476810ad24ef09b05c200c552b6010619c80180052570870061
SHA512 5cb6696efde58153d8e2a90b1540b86dc7150284907f79beab4ca8afecd3f8e413be2394b13feea9f2ce7237c0d29154ffbe6d139d4acfa114afdf60ec5b9027

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

MD5 d1329ca97efa67bb754c5c10285255a9
SHA1 8b5a2599758c639257243393b0ba3b792935a481
SHA256 d613baaa566a3a031490f703b82501aa053502de647de0c6e530360da0d6e85e
SHA512 db9da07ebca9eb8d983929be1cb7998f7179e94d8d003ba61fb2331bb5a3c4a41c504b65ae47fcf55daa25e81ce64fd61ec7dbf22478d2db568ca3cd7e048169

C:\Program Files (x86)\Mozilla Thunderbird\softokn3.dll

MD5 9bfb42ca8171f502960d23374be2076c
SHA1 50f86a94e570a570148f9436201c0c97242c9cd6
SHA256 6fa04b6fdf0e98accc97fc5c4e61169a8e469214364401f639caa61edc53add7
SHA512 44c699b8e45b53cae87dcf1f048e90fca8f827b5cc534f1ba37f3723afad438753a6fe69c54903b8edbe9add8b6e917f7291670213d6c991cea45eda45acfae1

C:\Program Files (x86)\Mozilla Thunderbird\rnp.dll

MD5 d3373c0659801960a3a3866d2682bcad
SHA1 020fc32cd275d0eb1751c71cb1ad90ac28520b54
SHA256 c0293cbfbb0a9008f6d39774d0750d27f9f298e00d8fa8dc0ef5005fa185568d
SHA512 4535120cbe60c4724db9382bd1e480e630aff71e34ef3f5d13ef23c1b5aad54fc8e3dfb7756fea6910608581e45eb9397cfd80dbdfbf557c2279d30a7b19aac3

C:\Program Files (x86)\Mozilla Thunderbird\removed-files

MD5 95c5af7af5cce4af76f94a5a339deb34
SHA1 7b549d6f769d23d9dc73e3bceee6e0209e561363
SHA256 9c928f3eb41faa3465a2a672af976432f7b0e65aff527c1747a346b5a514f572
SHA512 14c2dc57a4cea69c3f4be44ff7e11196ca35513bc3afa95838bf0e04e0ae047abb6da720aecaa938c9b800dea5a84cf63e434c8870f27dcc12b9803842f46eec

C:\Program Files (x86)\Mozilla Thunderbird\qipcap.dll

MD5 a30cf9c1ac037f2046409f328039cbe6
SHA1 dcca2fddc64778d55258eabb78c43f26e9422242
SHA256 b8437b1ee884a9765bcb9bb7b32e93dbf18b356f81d15641a12cd775309aaa15
SHA512 afbfb3f9703636fa30c346571de83cafa8d5088f58b5145821836770517d1e359fcf0999ac90972d2ba33c2af557adbe381af95d4b114c99003673a6d8d8bd14

C:\Program Files (x86)\Mozilla Thunderbird\prldap60.dll

MD5 ffd54214ffc521f66c44c541547fb851
SHA1 923dd727042db128bc21209fa45541e2c81534ab
SHA256 b9ee561cdd615c5e8c3b9c700b413e6c18259983cb9c0fa37285a0329247c316
SHA512 84f09017c4ed161b65b25ed927419dc926f1c6b791ccca9e68f2b61fc2c26fed1eb1ba83e1c98eb9b3ad81030cd2e96321a064923cb666ce52f44a140f0dd09d

C:\Program Files (x86)\Mozilla Thunderbird\precomplete

MD5 dfda092b29696dcee4e59097ef43ba81
SHA1 89925e09ad876a598d695194937db282ff5731fa
SHA256 6ce73040455a7e81cab39b9838ff1004723103c1e40a1b7e53031b3b4bc45158
SHA512 6547a8f66e018d3f9d83f86a83c50c205e5b8b9d7cef504337cda9fb8ef4f943257cdc409f0ca5b4e015aae4cd6cf4be95c998afe94939b41cfd58a957156c2a

C:\Program Files (x86)\Mozilla Thunderbird\plugin-hang-ui.exe

MD5 c14a4daf4f72437d55d472f1797b888b
SHA1 669db657f64b208f939fa20ab118f848d7fc1b60
SHA256 f157ad1f6b57f0416043359f0986f7b5cf6388750b05e0ebcd3d3ee803f631df
SHA512 ac41546bdadfbed1e88076e9a1fd4395ed25265b1745f9e543e020535b71001dfafb375ad951c330d92ced33dd10e536aeeaa3cefeebc9fd7786ba92a506d66f

C:\Program Files (x86)\Mozilla Thunderbird\plugin-container.exe

MD5 86231ee3c91ef975ef647950f6c21681
SHA1 bea5ca062ae5722f914190e01f2ab3d4a23c917a
SHA256 4e3e8c9ce250c17cb2a9c46138141c35cf9ce78b6e09f6b2a99376b1552f7523
SHA512 166c36854ad6e1cabe01d62a782ca20d50e08fd68f0c01ea38e3919c7cbccd1c9c742b4411d53a2212fab574b5a2d552158049853b5a6a22f20d083176338623

C:\Program Files (x86)\Mozilla Thunderbird\platform.ini

MD5 7bb14ac814837a79f4f35ddf8350017c
SHA1 a38ed8a92dad8f8b5df9d051ebef64afac3c6d1f
SHA256 79b9c3459d9fd20af5f21304a4a7e7b71cbe187d50d5359a5464772dfdb3ab59
SHA512 1a2adf7dd7c9fbf7bc04473c16a8d321fb3e9836d952cd03c63ce64145c64a1e08fb7563abd42ac6d216cfdf94b17fecfc0bb067a761327e7a98c18096d4baca

C:\Program Files (x86)\Mozilla Thunderbird\pingsender.exe

MD5 7882b4331b7326cc7aa01a9c4ce09a49
SHA1 3e8d9471663bf73cf306ed6beb165e40e597d258
SHA256 6e26ccf896359dc820d813e3b0bf1b69b6e2d2e3ad4afb01ea68607599f11fdf
SHA512 a5919507724b14f4c3a5208568671a05292975b0cb720630fccdd0e3cc0b8c3eaf4e51b1b62908ee17c927aedf767ce1dd025f56598083901221b5722024f059

C:\Program Files (x86)\Mozilla Thunderbird\osclientcerts.dll

MD5 21630d7412cdfcdbcb0acfe9baea78c4
SHA1 48ec63a05d9f1ca158847b618d399464112c21b1
SHA256 5c66f8ef6fa503493f51cdadfe56724d75384232c73b754f85bf6f14fd08f67d
SHA512 c45ec6fce65853df88ea47a74332bba393ae2c8d3b93611dafdd29166953c2848db5160244becd2006ac01334316bc1486bceb911724b7a84accab691c33f39b

C:\Program Files (x86)\Mozilla Thunderbird\omni.ja

MD5 46c749ad8dc4232a66fb9518ed39ad54
SHA1 abf462dd78368b990be61846b26e6306f54a5886
SHA256 7d3e7e9fc02a97d33f98475d33269b6faccaf9730b3c6489a05559e2d8bbf2ff
SHA512 76626485031dd5b05509897af9b3f4be57ddfe6250da1e38d760708ef91e76a33fccb0b53a426362f1990a34319a3ed5e40bb4284f29c4a3d8a5854dc1672b77

C:\Program Files (x86)\Mozilla Thunderbird\nssckbi.dll

MD5 99416f91e8170766d9002036b4b71cb8
SHA1 1f8163d0493b8b46e5c6512905f425f6f789e1d0
SHA256 3e72534660da2bca1fd8a88201fc06aff79d6515bd39e6952e7bf26b11997d70
SHA512 43a0237cdeb9a88457fbf6f68c7955546a2b3b8f1cae74e5c7ca93420f9835568e4a447e558de926ec1e51062fdb858c8d9c55eff72b773fac356a82e84849c5

C:\Program Files (x86)\Mozilla Thunderbird\nss3.dll

MD5 feb690509e504799340cee53d557168f
SHA1 7d9c04c2194f28f20ac11b83cde4f5b062ef9ca1
SHA256 93fd25ca24b50a44e3e64e17eb0e603fab05a56b8a37d9b8f338d63a5bf62201
SHA512 856dfa3950d08ae38d5cbf94143901bb18d67c436df4f51bef14d4d6b2707229684cdaedb883d421f30565cd8da2b60c806e3e42ceae9d17490bdf28b57abb7d

C:\Program Files (x86)\Mozilla Thunderbird\msvcp140.dll

MD5 9dda681b0406c3575e666f52cbde4f80
SHA1 1951c5b2c689534cdc2fbfbc14abbf9600a66086
SHA256 1ecd899f18b58a7915069e17582b8bf9f491a907c3fdf22b1ba1cbb2727b69b3
SHA512 753d0af201d5c91b50e7d1ed54f44ee3c336f8124ba7a5e86b53836df520eb2733b725b877f83fda6a9a7768379b5f6fafa0bd3890766b4188ebd337272e9512

C:\Program Files (x86)\Mozilla Thunderbird\mozglue.dll

MD5 462af8b1b8fd8f953997ed0e8aa06ccd
SHA1 4649f6b9e21d2026a67ab803d7468d217bdf7f5c
SHA256 b46856e7117b701e69b7602ea02a0a6827142f3da1e3baef9e266d4e00c2e41f
SHA512 4d8cf3e4e243c74bb90998bc4ce3afa791c0cd12591a4cdfd034a287c810196f55905063bb8f3104ef50d4683cb79f7c166582cda7c284a88f5765b2ebf75223

C:\Program Files (x86)\Mozilla Thunderbird\minidump-analyzer.exe

MD5 9f047d81791724bff99ecce3198424d0
SHA1 1f509ef9dd4bc4b9c713729c909a7cb364a4cd68
SHA256 68a23a0a16b4303449bea11d6b0224c3826a62083fc03706d4b8278e03fa0038
SHA512 b6eb9aee203e32748b0e09a48edb58e00beb35119698a6ff57d18511c377425d1207c31089c55e1e2056b32c66786e1f57afc2e40dd9b0ba2b59093073c9ca89

C:\Program Files (x86)\Mozilla Thunderbird\maintenanceservice_installer.exe

MD5 76cf7c92d543bc03a9f0d8f735c67e50
SHA1 e2436909c176e62372ede88b9eac8ca97cb2215c
SHA256 399b4707ac81bcb1d356a9e0ed8199152928b79efdfad3a21dfb6f5bbc0880d6
SHA512 a1276eabf35a37b3ac7c6dbe015f720a9df4f243d44fcf776907c5fe868e683eafc07d53097d2609b696bbba6e73a0b9efc827a65b384a353bed1d039a0718e3

C:\Program Files (x86)\Mozilla Thunderbird\libgpg-error-0.dll

MD5 fda4b549ed1d9f8dd8c90ff21d9eb356
SHA1 defbf16694dbdeddffeb8494dc2c9bb8258d41dc
SHA256 b765ebd0803fb1209977b4463eb8c80c9006dfba77f6ae28a440331ca3b547b9
SHA512 50bf1628f1bcb2ca7c196f4636916aec5cf874295234d9ea2a227d3182a74d9b7e5ec66a3aa6f3bc76c3069cfed5e1a84f9433a545b1e9dc0adeebc3bc1903a2

C:\Program Files (x86)\Mozilla Thunderbird\libGLESv2.dll

MD5 aba2fef262edfbf5225c50c14bce9a3e
SHA1 9a73a9903a94d05e501c72b22dc3d0a75d44ae8d
SHA256 456b20a293e212569e87edabb443791cddbb4d815bb3b38fd8b8154a77119103
SHA512 8f0b69c420ae03803517f3367e74f7ad8dbece131c71dffc9cd47a39e249e466a1e98e131b3053989439d4f2e24b12e317e184276e6aca77c2095dbf4c5c0e7f

C:\Program Files (x86)\Mozilla Thunderbird\libgcrypt-20.dll

MD5 c1f3bfd298857a0d6126963c563d0c6a
SHA1 f220ab8a7861b34548b3cf448a010c48f62aeaed
SHA256 5156212a9f3bcccc6dcb7480d842bfc7330953f5866511497033d9daac941202
SHA512 198ca8632304d753c5ffbe5bfe1f8ed8656df8a6e35b2850cf25e6ce9fb2adbe7f3255c4e24a0ec5be7a5a05e2529a61a2b0bd553883bc954515bd76121b7003

C:\Program Files (x86)\Mozilla Thunderbird\lgpllibs.dll

MD5 331fedd943660dc31bd188a1c77cdd8d
SHA1 fc086979ee1b2246cd7aceb042d9bcb330ba928a
SHA256 5bcc6af85b85bc4c993e038a46aa45e516831f43e01a5d9efce7ade9aeb1c608
SHA512 59aa264e4b6f6e654a31fa3949c9ce6b18e00f243427e0b47fd02c7bad4b1e34ef58ac7d431d965c69fab0693530995744ba795e30e50b37bb766d09bdd36f38

C:\Program Files (x86)\Mozilla Thunderbird\ldif60.dll

MD5 fcc0b884f31b1822e182634ae795da70
SHA1 db9b62ff413ca18d5440a70a9f928feb7705c837
SHA256 4736f397b6c011a0415c57872ae0827327540e7b162933c0b0c742d8e6a379b7
SHA512 6597a58d7be90cd7646cc4181084f705b2d2f65150b71a7daddb67f3d70ffaa048b1477f197dc228442241acb04174126fc7a15b28cdee569dc2aabfe20ab026

C:\Program Files (x86)\Mozilla Thunderbird\ldap60.dll

MD5 4a1c85a11e06d9846bcfc6cd725e39d6
SHA1 c364833c36d9e88e18e98ad809c2b05604817be7
SHA256 f5f81641c9b2d1413c3fbb3e0677692aaf7ee787396f736f987ea81b86ab66b7
SHA512 eb4485e335f4ecbc6fac0e8384398a352a2d6ff897f76c15cb5b5074922383b637fd53be2634b1ff7d06dbc9a9938c0528f53460b1549b05a23896ea1a2bf42c

C:\Program Files (x86)\Mozilla Thunderbird\freebl3.dll

MD5 c74c969b7eee371689d96a890433f641
SHA1 0ec6c85a968bd697d4cd7bf4a18808a63ced3cf2
SHA256 d3a1f094389a0ee810cb8112c1a95e43193f12c0521feaa753785a00e0c6520f
SHA512 a4919ac4fca0b4c3c8c4383ce1b832c794777cc3bdb2f0dfd5987646ecde95008f722fde40390e5cd024a8ff09f13c6ed75ec4103cdece4c066022f402bd7c2e

C:\Program Files (x86)\Mozilla Thunderbird\dependentlibs.list

MD5 1cc4c3aaf44ad24e79150444808372f0
SHA1 896cdbf0bca1662994ee485928d6b048994c75dd
SHA256 820b9eaf5177ebf7ecd00b4bf025a63c1db3d46be2198216337b723720af2a98
SHA512 589245bf09907d5cd6614563367036f6423949a122e44dc7b869ce62f7c7aa027986f3f26d2908a7486820e2349fc15b0079fc73d2fed09fc67a58354448e407

C:\Program Files (x86)\Mozilla Thunderbird\d3dcompiler_47.dll

MD5 587a415cd5ac2069813adef5f7685021
SHA1 ca0e2fe1922b3cdc9e96e636a73e5c85a838e863
SHA256 2ad0d4987fc4624566b190e747c9d95038443956ed816abfd1e2d389b5ec0851
SHA512 0fa0e89ea1c1cb27ac7f621feb484438e378a8f5675eca7a91f24e0569174bd848d470d6b3e237fe6ab27ca1eb1ecc09b5f044e53a6d98bf908e77ac511183e2

C:\Program Files (x86)\Mozilla Thunderbird\crashreporter.exe

MD5 61b7c8f1e1cc4252727f6c9c2c3e869b
SHA1 cb6fb9a570f013c3ea2bd8b4fbaf99e42aea129e
SHA256 3183fe859c86383dcc55ea97f6dd72ad06bad2c32131f5edd338d39b4f4f719b
SHA512 de9457f518fd7ea21dbf7d76a6f0444621b3916f7f20b4b547999d16f25709a8a8aac7e5a94eaa807d0def7114ec71f6bcc2219f3fa7cfcfda8d0c145bbac405

C:\Program Files (x86)\Mozilla Thunderbird\breakpadinjector.dll

MD5 2954a6a363cf52a264d8fde8886d96b7
SHA1 1df08347b29cb96cf26b8e4bb13b48a57e2b073a
SHA256 532673d7c6fd711c1525903758f842aaa24a98c042dbaf3d07cc2844a475179c
SHA512 baec899ac90732bf1d432ff50b0c77c3666bedeb77ca0d57db628b64cf0f538a6054e81568924cbe0fbb08162f0743b1d33db555c7a2ba2298852ea265644149

C:\Program Files (x86)\Mozilla Thunderbird\application.ini

MD5 2b35c983971be1d2dd77fbe390e7ffd7
SHA1 15bb0e0a784fbc2762980bef821dfaf807bc59df
SHA256 f0634fd94d445f944d8846867e84f57030acc7a46513e7cd9ac14eae81fb3e96
SHA512 2818e7b8dafa369d0582a02d3d0fd7367888d3787e2637428e6c92a850ba3e684a67c146b328a71406566bc6ec7723d042c9c862766d70f0c74c6f6f50bd7516

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-utility-l1-1-0.dll

MD5 70e9104e743069b573ca12a3cd87ec33
SHA1 4290755b6a49212b2e969200e7a088d1713b84a2
SHA256 7e6b33a4c0c84f18f2be294ec63212245af4fd8354636804ffe5ee9a0d526d95
SHA512 e979f28451d271f405b780fc2025707c8a29dcb4c28980ca42e33d4033666de0e4a4644defec6c1d5d4bdd3c73d405fafcffe3320c60134681f62805c965bfd9

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-time-l1-1-0.dll

MD5 9b79fda359a269c63dcac69b2c81caa4
SHA1 a38c81b7a2ec158dfcfeb72cb7c04b3eb3ccc0fb
SHA256 4d0f0ea6e8478132892f9e674e27e2bc346622fc8989c704e5b2299a18c1d138
SHA512 e69d275c5ec5eae5c95b0596f0cc681b7d287b3e2f9c78a9b5e658949e6244f754f96ad7d40214d22ed28d64e4e8bd507363cdf99999fea93cfe319078c1f541

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-string-l1-1-0.dll

MD5 ad99c2362f64cde7756b16f9a016a60f
SHA1 07c9a78ee658bfa81db61dab039cffc9145cc6cb
SHA256 73ab2161a7700835b2a15b7487045a695706cc18bcee283b114042570bb9c0aa
SHA512 9c72f239adda1de11b4ad7028f3c897c93859ef277658aeaa141f09b7ddfe788d657b9cb1e2648971ecd5d27b99166283110ccba437d461003dbb9f6885451f7

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-stdio-l1-1-0.dll

MD5 d5166ab3034f0e1aa679bfa1907e5844
SHA1 851dd640cb34177c43b5f47b218a686c09fa6b4c
SHA256 7bcab4ca00fb1f85fea29dd3375f709317b984a6f3b9ba12b8cf1952f97beee5
SHA512 8f2d7442191de22457c1b8402faad594af2fe0c38280aaafc876c797ca79f7f4b6860e557e37c3dbe084fe7262a85c358e3eeaf91e16855a91b7535cb0ac832e

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-runtime-l1-1-0.dll

MD5 fb0ca6cbfff46be87ad729a1c4fde138
SHA1 2c302d1c535d5c40f31c3a75393118b40e1b2af9
SHA256 1ee8e99190cc31b104fb75e66928b8c73138902fefedbcfb54c409df50a364df
SHA512 99144c67c33e89b8283c5b39b8bf68d55638daa6acc2715a2ac8c5dba4170dd12299d3a2dffb39ae38ef0872c2c68a64d7cdc6ceba5e660a53942761cb9eca83

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-process-l1-1-0.dll

MD5 9d3d6f938c8672a12aea03f85d5330de
SHA1 6a7d6e84527eaf54d6f78dd1a5f20503e766a66c
SHA256 707c9a384440d0b2d067fc0335273f8851b02c3114842e17df9c54127910d7fb
SHA512 0e1681b16cd9af116bcc5c6b4284c1203b33febb197d1d4ab8a649962c0e807af9258bde91c86727910624196948e976741411843dd841616337ea93a27de7cb

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-private-l1-1-0.dll

MD5 3d139f57ed79d2c788e422ca26950446
SHA1 788e4fb5d1f46b0f1802761d0ae3addb8611c238
SHA256 dc25a882ac454a0071e4815b0e939dc161ba73b5c207b84afd96203c343b99c7
SHA512 12ed9216f44aa5f245c707fe39aed08dc18ea675f5a707098f1a1da42b348a649846bc919fd318de7954ea9097c01f22be76a5d85d664ef030381e7759840765

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 19d7f2d6424c98c45702489a375d9e17
SHA1 310bc4ed49492383e7c669ac9145bda2956c7564
SHA256 a6b83b764555d517216e0e34c4945f7a7501c1b7a25308d8f85551fe353f9c15
SHA512 01c09edef90c60c9e6cdabff918f15afc9b728d6671947898ce8848e3d102f300f3fb4246af0ac9c6f57b3b85b24832d7b40452358636125b61eb89567d3b17e

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-locale-l1-1-0.dll

MD5 034379bcea45eb99db8cdfeacbc5e281
SHA1 bbf93d82e7e306e827efeb9612e8eab2b760e2b7
SHA256 8b543b1bb241f5b773eb76f652dad7b12e3e4a09230f2e804cd6b0622e8baf65
SHA512 7ea6efb75b0c59d3120d5b13da139042726a06d105c924095ed252f39ac19e11e8a5c6bb1c45fa7519c0163716745d03fb9daaaca50139a115235ab2815cc256

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-heap-l1-1-0.dll

MD5 1776a2b85378b27825cf5e5a3a132d9a
SHA1 626f0e7f2f18f31ec304fe7a7af1a87cbbebb1df
SHA256 675b1b82dd485cc8c8a099272db9241d0d2a7f45424901f35231b79186ec47ee
SHA512 541a5dd997fc5fec31c17b4f95f03c3a52e106d6fb590cb46bdf5adad23ed4a895853768229f3fbb9049f614d9bae031e6c43cec43fb38c89f13163721bb8348

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 228c6bbe1bce84315e4927392a3baee5
SHA1 ba274aa567ad1ec663a2f9284af2e3cb232698fb
SHA256 ac0cec8644340125507dd0bc9a90b1853a2d194eb60a049237fb5e752d349065
SHA512 37a60cce69e81f68ef62c58bba8f2843e99e8ba1b87df9a5b561d358309e672ae5e3434a10a3dde01ae624d1638da226d42c64316f72f3d63b08015b43c56cab

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-environment-l1-1-0.dll

MD5 39325e5f023eb564c87d30f7e06dff23
SHA1 03dd79a7fbe3de1a29359b94ba2d554776bdd3fe
SHA256 56d8b7ee7619579a3c648eb130c9354ba1ba5b33a07a4f350370ee7b3653749a
SHA512 087b9dcb744ad7d330bacb9bda9c1a1df28ebb9327de0c5dc618e79929fd33d1b1ff0e1ef4c08f8b3ea8118b968a89f44fe651c66cba4ecbb3216cd4bcce3085

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-convert-l1-1-0.dll

MD5 9ddea3cc96e0fdd3443cc60d649931b3
SHA1 af3cb7036318a8427f20b8561079e279119dca0e
SHA256 b7c3ebc36c84630a52d23d1c0e79d61012dfa44cdebdf039af31ec9e322845a5
SHA512 1427193b31b64715f5712db9c431593bdc56ef512fe353147ddb7544c1c39ded4371cd72055d82818e965aff0441b7cbe0b811d828efb0ece28471716659e162

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-conio-l1-1-0.dll

MD5 a668c5ee307457729203ae00edebb6b3
SHA1 2114d84cf3ec576785ebbe6b2184b0d634b86d71
SHA256 a95b1af74623d6d5d892760166b9bfac8926929571301921f1e62458e6d1a503
SHA512 73dc1a1c2ceb98ca6d9ddc7611fc44753184be00cfba07c4947d675f0b154a09e6013e1ef54ac7576e661fc51b4bc54fdd96a0c046ab4ee58282e711b1854730

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-timezone-l1-1-0.dll

MD5 c9a55de62e53d747c5a7fddedef874f9
SHA1 c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad
SHA256 b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b
SHA512 adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-synch-l1-2-0.dll

MD5 6e704280d632c2f8f2cadefcae25ad85
SHA1 699c5a1c553d64d7ff3cf4fe57da72bb151caede
SHA256 758a2f9ef6908b51745db50d89610fe1de921d93b2dbea919bfdba813d5d8893
SHA512 ade85a6cd05128536996705fd60c73f04bab808dafb5d8a93c45b2ee6237b6b4ddb087f1a009a9d289c868c98e61be49259157f5161feccf9f572fd306b460e6

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-processthreads-l1-1-1.dll

MD5 95c5b49af7f2c7d3cd0bc14b1e9efacb
SHA1 c400205c81140e60dffa8811c1906ce87c58971e
SHA256 ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1
SHA512 f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-core-localization-l1-2-0.dll

MD5 23bd405a6cfd1e38c74c5150eec28d0a
SHA1 1d3be98e7dfe565e297e837a7085731ecd368c7b
SHA256 a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41
SHA512 c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

C:\Program Files (x86)\Mozilla Thunderbird\libssp-0.dll

MD5 116095ff6face2bb1a8b3bef70f8cc79
SHA1 c4013495c0c3ae61ba10c3bee3a57281042863bb
SHA256 362789df92aaf0416944a6281f9f1ef656db69597d740bad2abac797c425bf52
SHA512 eea1807b80743e9312dfd951ee02748a6d3e848f64d624db29e5fa48278f89ab7391f55ac1fbfebb346d0111716fb0ecf838fac32888867fe9620b69bc75bad1

C:\Program Files (x86)\Mozilla Thunderbird\libotr-5.dll

MD5 9227885bae7ff8f5726a605f20d29b1a
SHA1 907d21a475a0a7cc64a935c0e2e8b9817ead4948
SHA256 24c12e54494f7e9cfd6da08f8875a821e654b3520a7036477d213a42d9650123
SHA512 f34aa6f0610728ff717519b0af33b27a6b56ee2b971cfc1f2c52dc03738b36d5efd1111e9410187cd2e7efe93ea028814e9b0231fb53a9a8e91f14462402651f

C:\Program Files (x86)\Mozilla Thunderbird\libEGL.dll

MD5 32c958ad0f71549a35c7552778a4cbc0
SHA1 5b8a3cfa452ac7c04e3278172c0d79cffa85af94
SHA256 6e4adf24888b346e43ffa834a31ac0333bbbd3d15c0f892ddf88b00475b8542e
SHA512 87730cf4fb0e86bbe183eb99cc13a8e7e1f755bf3971854c0d28222939ea682735720730538b64fcd2511bb3c1758a2e3b673779afbcc2d2eaa2953961f7b41f

C:\Program Files (x86)\Mozilla Thunderbird\IA2Marshal.dll

MD5 36daa7fec3c5377bdaa8a89bcb4ef3a8
SHA1 ce052056a951237f5bea8b4febd0643663396656
SHA256 bbb07998d52acc1dfd54be06fb946ed8507c735c853a42fb7d74690e5ef1d581
SHA512 8bc9a62da2a583becf12429e7c2c573b09aa1b80db98a06f3b481cb463e3c4f8514c9852d4c60c54e5bd084879445bc82120cb5231e7a15d60364d35c071f9d3

C:\Program Files (x86)\Mozilla Thunderbird\crashreporter.ini

MD5 d978dfe794f8a91ed58193e88721fbd2
SHA1 ec17d4e5d016cc8e1909b9413ab97ece59f50fec
SHA256 149c7e58a70a5446c4b42f3946f558a4897f2e4fea86791c664892d60d028b1e
SHA512 5acaed4276e936a1046aa9d202709f9a1c5a2e084e4ca7f1ef58a938d704a98afeceb6573c8e2b8a82edcde47f0a279cc928c8e60a0417eb50e0de75e06eb5de

C:\Program Files (x86)\Mozilla Thunderbird\api-ms-win-crt-math-l1-1-0.dll

MD5 8da414c3524a869e5679c0678d1640c1
SHA1 60cf28792c68e9894878c31b323e68feb4676865
SHA256 39723e61c98703034b264b97ee0fe12e696c6560483d799020f9847d8a952672
SHA512 6ef3f81206e7d4dca5b3c1fafc9aa2328b717e61ee0acce30dfb15ad0fe3cb59b2bd61f92bf6046c0aae01445896dcb1485ad8be86629d22c3301a1b5f4f2cfa

C:\Program Files (x86)\Mozilla Thunderbird\uninstall\shortcuts_log.ini

MD5 dccd1b04b897cda1b26ba5e9d2f89d87
SHA1 ef0ed6c00ee51608036889f36bab01303a1feb00
SHA256 5f32e45b1e9cdd0c1aff27c503470ba7d9e1ad66c5343d7c883c3636e2fe26fc
SHA512 41fa6c67833336e45fd23f34e332a9664e11ead9d19cf148949a9dabed6e209c06b4bd060bc7b4755482dd288d5834bc715b687839981e42a64672a507e9d51c

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\ShellLink.dll

MD5 d62d3e349689811f838dd10fb216eba1
SHA1 edcafd517860cb6b4bd299e20b17ad74a6fa2a5d
SHA256 5d103419245e2a5f124a96cace25d6836b2398edc0aa3919829b0fd6ad8b5d6a
SHA512 fc7d5826cb9f85068ea702f007920bf7ae63758d13c48761e83cc9e8ac06b231f40e17a9f3340d60d874ad2cf6e0991eb98a52cf893ab785489e0cdbbf294f88

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\ApplicationID.dll

MD5 439928666a6baa4f9d2a1b0fb92265ec
SHA1 82807d9b401074ae53f1bc14b002c8f6aec78b95
SHA256 d43896c0c02bec598b7513b9a8815bb301c6b73da0fb2e0aee99146b4bd5e287
SHA512 ed0f69758281ca1e7144d431bfed52734b1b86c6a3d42cb3bd1634c72b9bc57cb7c73d57904cc053be131601867896d4536e7d39d128082bf6d9c91090b548ef

memory/2892-1194-0x0000000002A80000-0x0000000002A8E000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

MD5 e35cb4193dbfa4c65125e1af6245c47f
SHA1 b91a27dfef357bee53b789914f9e7dcc0a2187e2
SHA256 6f747fabeec126dc4d1e985d5d60851ba59514c2b5d96c06b5ccae620fd67a68
SHA512 eb3af44faf1654b613953d18c4630bbe533af4d4a06b62520eab5318e0d523410f2c999f919d2d6193f2ddd39d360033d60e9a7b197f487e315c30aee184717c

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

MD5 4b376f97c1ad28d6c4b0080a05a7c162
SHA1 d663c6d329d1440628d1464630531d6457c1154e
SHA256 552d469ad74a7107a90a515bc4cdd3a523001509f4fd20ca909fdd3744a9c9ba
SHA512 03054c0535c66b1b7e1bf49d924a2d5846e97860c96d6b150a154b73e2fa5f4def1a624b50346fc21e1d10ebf47af9d55f2ae4e1079b0a72fa6252391bc9fcea

C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

MD5 efabf0b701a1a06ecb542aef860c01f0
SHA1 5d12af8e20e1286e4edc2d68871a0033d856769f
SHA256 0c763316f4a9e24e175da5581b436c3d8f01c5c68adadf80f7732fb2bc3f474c
SHA512 f3e6992b55476f5e2c643d729be98a157e0ef761c8271325d670d3274d4460b467b95b83a2cf5269de95354c86e857fe251c5163bd41f182b323116272f44edb

C:\Users\Public\Desktop\Mozilla Thunderbird.lnk

MD5 c10820d30ff2d179a97da829a507e09d
SHA1 169bebfe4bc0096f7c6af7d01fd0810f939ee15d
SHA256 c6e8f76d28a17ced5a5a7b431ec94fcd147323f107d1b2eed6429b6855c28f4e
SHA512 378b33a887a30051a7f17cef9ec4fc0d58506f1ac0f555f5baa7146dc3820d6e9485098bf919f74fc0aab6750b1d27e443f68d5472c831f7e7a1a0ef5adfd672

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\AppAssocReg.dll

MD5 1145a8e66064f36640e62e7ed58472bd
SHA1 e0416facc56fd30581f15bda522216ba586736ba
SHA256 386c19010f04c04a3a0071cce09f7a2c10393392c7ca5877becc437ad9d31d37
SHA512 0c68a0d27dffe3a2a9d3a41ca80418c051b069f70923a0621a341cb9167422d12215114de88c852223ca7dce651233a0d92b426349de41c5ca6988c1a8bb3a45

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\InvokeShellVerb.dll

MD5 987a532a45e7220460f16012b2c66f6f
SHA1 b50b2daf400405a7eefcfdcb549da09feceab043
SHA256 54be6e1d6c74e490da632438e3ad2ff1c261ec0dac625a242718cb23d5da1497
SHA512 3f6c859ef59edc918e7bd8190ab6eb769cbe738c2a5bc0b2f586dfb64020ec0455134788005da69b7349248c248456f6733fdc229ae9d996c08da5d31e6f26ef

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\ioSpecial.ini

MD5 f9d34bd4535832f2b5c7f12582aa4f74
SHA1 cfad0fd8fcfc60c9ff92d8c9fd36feac1980c5c3
SHA256 e4310482b0cbf96261ff87db0d9c7a0281b4d515de60aaade720dc85df5f307a
SHA512 119e86981e5f03f634f08f4319a4ef5527842d695ee094ab35f7f52de7b26f7d5e42b28af23df6c4dec2365601e16b73048394dd413a7f509e1987f267a1ebaf

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\ioSpecial.ini

MD5 b2df02c2936aa087ba3c75828617df70
SHA1 30f8a19c0e3be1e6364280023243322879f1f919
SHA256 00cb86155658bf5092aff770fc72d73ed147d343d38489bac45f6f315e359691
SHA512 1d24cf6fef78b45bf930776366d8553d4572d54c26d81c22b80778269546d4e8c715fd20b3629ac40505cd4afc6bad218d32fe0eff57dcc546455b1f9eda38eb

C:\Users\Admin\AppData\Local\Temp\nsf2ED1.tmp\ioSpecial.ini

MD5 eeabb05d0b366c9f3250187eb3ee5aed
SHA1 a79fda033ee7c6155b8543b2eddc31aa12a63da8
SHA256 ec8eb6abe9517b7e5bc4ae73fbbc4968006d5d28a5e7ddaa8b7259d95ee22de3
SHA512 8b8f3a8d02205ae24e94bc995e8c66d94db603bc5aabb45026b1ea5a3ea9ac215bd50a50241857858e124f42aaf6ce498d777002d2c939f8d76f2f758e1f82f1

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-31 16:12

Reported

2023-03-31 16:17

Platform

win7-20230220-en

Max time kernel

143s

Max time network

34s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Thunderbird Setup 78.4.0.exe"

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\setup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\setup.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Thunderbird Setup 78.4.0.exe

"C:\Users\Admin\AppData\Local\Temp\Thunderbird Setup 78.4.0.exe"

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\setup.exe

.\setup.exe

Network

N/A

Files

memory/1068-160-0x0000000000400000-0x0000000000440000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\setup.exe

MD5 3f8c16335ca21b6f1a9984e53e35f955
SHA1 17e9010937456f70ab403775fa56ae7ad8d34115
SHA256 44e77cf480b8fbeabbd60dd414679ee8dccbdccf0c4a5f0b3a83f0c51adca49d
SHA512 adf4410bc322e77306b128d50a0d865590b0fb7f837b7189d7df4a8b6a5241752fcb4f775e086f20b588557c0dcc0963cc3a390002828c059596c9f160821bf5

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\setup.exe

MD5 3f8c16335ca21b6f1a9984e53e35f955
SHA1 17e9010937456f70ab403775fa56ae7ad8d34115
SHA256 44e77cf480b8fbeabbd60dd414679ee8dccbdccf0c4a5f0b3a83f0c51adca49d
SHA512 adf4410bc322e77306b128d50a0d865590b0fb7f837b7189d7df4a8b6a5241752fcb4f775e086f20b588557c0dcc0963cc3a390002828c059596c9f160821bf5

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\setup.exe

MD5 3f8c16335ca21b6f1a9984e53e35f955
SHA1 17e9010937456f70ab403775fa56ae7ad8d34115
SHA256 44e77cf480b8fbeabbd60dd414679ee8dccbdccf0c4a5f0b3a83f0c51adca49d
SHA512 adf4410bc322e77306b128d50a0d865590b0fb7f837b7189d7df4a8b6a5241752fcb4f775e086f20b588557c0dcc0963cc3a390002828c059596c9f160821bf5

\Users\Admin\AppData\Local\Temp\nsj909E.tmp\System.dll

MD5 17ed1c86bd67e78ade4712be48a7d2bd
SHA1 1cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256 bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA512 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

\Users\Admin\AppData\Local\Temp\nsj909E.tmp\UAC.dll

MD5 113c5f02686d865bc9e8332350274fd1
SHA1 4fa4414666f8091e327adb4d81a98a0d6e2e254a
SHA256 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d
SHA512 e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

C:\Users\Admin\AppData\Local\Temp\nsj909E.tmp\components.ini

MD5 6bbdc0e67745e87b8d4ec804e8133f64
SHA1 301d61ebdf6438324c602ee550232462d865a66e
SHA256 f04d32b7729d4a1be1207a219cd305334c0cfb654509b7faccfeebc999257cf9
SHA512 4e4a27dbb73085b6c02206d865315c6af798981945deb4b3f15658b1d39ab3b0891a19dae29b8d526f031beb445ab0b7ca89a397d46a2f77b37c714ed703089e

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 228c6bbe1bce84315e4927392a3baee5
SHA1 ba274aa567ad1ec663a2f9284af2e3cb232698fb
SHA256 ac0cec8644340125507dd0bc9a90b1853a2d194eb60a049237fb5e752d349065
SHA512 37a60cce69e81f68ef62c58bba8f2843e99e8ba1b87df9a5b561d358309e672ae5e3434a10a3dde01ae624d1638da226d42c64316f72f3d63b08015b43c56cab

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\qipcap.dll

MD5 a30cf9c1ac037f2046409f328039cbe6
SHA1 dcca2fddc64778d55258eabb78c43f26e9422242
SHA256 b8437b1ee884a9765bcb9bb7b32e93dbf18b356f81d15641a12cd775309aaa15
SHA512 afbfb3f9703636fa30c346571de83cafa8d5088f58b5145821836770517d1e359fcf0999ac90972d2ba33c2af557adbe381af95d4b114c99003673a6d8d8bd14

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\prldap60.dll

MD5 ffd54214ffc521f66c44c541547fb851
SHA1 923dd727042db128bc21209fa45541e2c81534ab
SHA256 b9ee561cdd615c5e8c3b9c700b413e6c18259983cb9c0fa37285a0329247c316
SHA512 84f09017c4ed161b65b25ed927419dc926f1c6b791ccca9e68f2b61fc2c26fed1eb1ba83e1c98eb9b3ad81030cd2e96321a064923cb666ce52f44a140f0dd09d

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\precomplete

MD5 dfda092b29696dcee4e59097ef43ba81
SHA1 89925e09ad876a598d695194937db282ff5731fa
SHA256 6ce73040455a7e81cab39b9838ff1004723103c1e40a1b7e53031b3b4bc45158
SHA512 6547a8f66e018d3f9d83f86a83c50c205e5b8b9d7cef504337cda9fb8ef4f943257cdc409f0ca5b4e015aae4cd6cf4be95c998afe94939b41cfd58a957156c2a

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\plugin-hang-ui.exe

MD5 c14a4daf4f72437d55d472f1797b888b
SHA1 669db657f64b208f939fa20ab118f848d7fc1b60
SHA256 f157ad1f6b57f0416043359f0986f7b5cf6388750b05e0ebcd3d3ee803f631df
SHA512 ac41546bdadfbed1e88076e9a1fd4395ed25265b1745f9e543e020535b71001dfafb375ad951c330d92ced33dd10e536aeeaa3cefeebc9fd7786ba92a506d66f

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\plugin-container.exe

MD5 86231ee3c91ef975ef647950f6c21681
SHA1 bea5ca062ae5722f914190e01f2ab3d4a23c917a
SHA256 4e3e8c9ce250c17cb2a9c46138141c35cf9ce78b6e09f6b2a99376b1552f7523
SHA512 166c36854ad6e1cabe01d62a782ca20d50e08fd68f0c01ea38e3919c7cbccd1c9c742b4411d53a2212fab574b5a2d552158049853b5a6a22f20d083176338623

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\platform.ini

MD5 7bb14ac814837a79f4f35ddf8350017c
SHA1 a38ed8a92dad8f8b5df9d051ebef64afac3c6d1f
SHA256 79b9c3459d9fd20af5f21304a4a7e7b71cbe187d50d5359a5464772dfdb3ab59
SHA512 1a2adf7dd7c9fbf7bc04473c16a8d321fb3e9836d952cd03c63ce64145c64a1e08fb7563abd42ac6d216cfdf94b17fecfc0bb067a761327e7a98c18096d4baca

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\pingsender.exe

MD5 7882b4331b7326cc7aa01a9c4ce09a49
SHA1 3e8d9471663bf73cf306ed6beb165e40e597d258
SHA256 6e26ccf896359dc820d813e3b0bf1b69b6e2d2e3ad4afb01ea68607599f11fdf
SHA512 a5919507724b14f4c3a5208568671a05292975b0cb720630fccdd0e3cc0b8c3eaf4e51b1b62908ee17c927aedf767ce1dd025f56598083901221b5722024f059

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\osclientcerts.dll

MD5 21630d7412cdfcdbcb0acfe9baea78c4
SHA1 48ec63a05d9f1ca158847b618d399464112c21b1
SHA256 5c66f8ef6fa503493f51cdadfe56724d75384232c73b754f85bf6f14fd08f67d
SHA512 c45ec6fce65853df88ea47a74332bba393ae2c8d3b93611dafdd29166953c2848db5160244becd2006ac01334316bc1486bceb911724b7a84accab691c33f39b

C:\Users\Admin\AppData\Local\Temp\nsj909E.tmp\InstallOptions.dll

MD5 720304c57dcfa17751ed455b3bb9c10a
SHA1 59a1c3a746de10b8875229ff29006f1fd36b1e41
SHA256 6486029d3939231bd9f10457fd9a5ab2e44f30315af443197a3347df4e18c4e9
SHA512 c64c161290f5c21d642ecf16cc6ad3ee4a31bf5bab41c65c74907a5c158eaca429ef99cd8d2b55dc2ecb8478bb0b85c1576402389a07568f36c871b2772ead04

C:\Users\Admin\AppData\Local\Temp\nsj909E.tmp\ioSpecial.ini

MD5 92891fe5071583e7f6265da047c4c594
SHA1 7eb57584c53cfae0d60d4bc1e78df9d8f9752c8b
SHA256 0c0013eba990e799bb7348f628e9a2684531ee894dad06eabaeea2e38085bf95
SHA512 6ab0c8e239cce16bbff7923727e6039624c3b392832359865fdc1a8ce89a549f6352bd3af393f188f8758f321ae02cfc198d21f94e5016dc30293b92836e5334

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\omni.ja

MD5 46c749ad8dc4232a66fb9518ed39ad54
SHA1 abf462dd78368b990be61846b26e6306f54a5886
SHA256 7d3e7e9fc02a97d33f98475d33269b6faccaf9730b3c6489a05559e2d8bbf2ff
SHA512 76626485031dd5b05509897af9b3f4be57ddfe6250da1e38d760708ef91e76a33fccb0b53a426362f1990a34319a3ed5e40bb4284f29c4a3d8a5854dc1672b77

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\nssckbi.dll

MD5 99416f91e8170766d9002036b4b71cb8
SHA1 1f8163d0493b8b46e5c6512905f425f6f789e1d0
SHA256 3e72534660da2bca1fd8a88201fc06aff79d6515bd39e6952e7bf26b11997d70
SHA512 43a0237cdeb9a88457fbf6f68c7955546a2b3b8f1cae74e5c7ca93420f9835568e4a447e558de926ec1e51062fdb858c8d9c55eff72b773fac356a82e84849c5

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\nss3.dll

MD5 feb690509e504799340cee53d557168f
SHA1 7d9c04c2194f28f20ac11b83cde4f5b062ef9ca1
SHA256 93fd25ca24b50a44e3e64e17eb0e603fab05a56b8a37d9b8f338d63a5bf62201
SHA512 856dfa3950d08ae38d5cbf94143901bb18d67c436df4f51bef14d4d6b2707229684cdaedb883d421f30565cd8da2b60c806e3e42ceae9d17490bdf28b57abb7d

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\msvcp140.dll

MD5 9dda681b0406c3575e666f52cbde4f80
SHA1 1951c5b2c689534cdc2fbfbc14abbf9600a66086
SHA256 1ecd899f18b58a7915069e17582b8bf9f491a907c3fdf22b1ba1cbb2727b69b3
SHA512 753d0af201d5c91b50e7d1ed54f44ee3c336f8124ba7a5e86b53836df520eb2733b725b877f83fda6a9a7768379b5f6fafa0bd3890766b4188ebd337272e9512

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\mozMapi32.dll

MD5 34dfca3c89446b65f5447c3913a2b8cd
SHA1 88d45e0d81cd6d49c93ec562593080dabb0cfe74
SHA256 25d2151b6b7f7c607a7d27a835b66cfa019d52bd7c9950735ddd3920a18fa415
SHA512 391425f0940d97a9dfd09d40d492eb70b699fdd8c3afb00556556d871cea96ff593540033b771cb73a7b14707bf871298e6a2ce011e2d249fdf2ddc9c30c7593

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\mozglue.dll

MD5 462af8b1b8fd8f953997ed0e8aa06ccd
SHA1 4649f6b9e21d2026a67ab803d7468d217bdf7f5c
SHA256 b46856e7117b701e69b7602ea02a0a6827142f3da1e3baef9e266d4e00c2e41f
SHA512 4d8cf3e4e243c74bb90998bc4ce3afa791c0cd12591a4cdfd034a287c810196f55905063bb8f3104ef50d4683cb79f7c166582cda7c284a88f5765b2ebf75223

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\AccessibleHandler.dll

MD5 8c54f8846beb3bf1544ac3768769b0cc
SHA1 4f83b8f9bce02a122780a1fbc1456596f29501cb
SHA256 6e9c187ae7f91c57e2a1c1e597c47ad5e558d1a6859ecd5758c6cb8f0d3242ab
SHA512 14b90d708ab21f89deafdccd8aedeefb67d719b0c13151710d9710f39cecdeac2ad8db6100f440fdd571d51cae69c67832b40fe919820d717611f538df8dec05

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\minidump-analyzer.exe

MD5 9f047d81791724bff99ecce3198424d0
SHA1 1f509ef9dd4bc4b9c713729c909a7cb364a4cd68
SHA256 68a23a0a16b4303449bea11d6b0224c3826a62083fc03706d4b8278e03fa0038
SHA512 b6eb9aee203e32748b0e09a48edb58e00beb35119698a6ff57d18511c377425d1207c31089c55e1e2056b32c66786e1f57afc2e40dd9b0ba2b59093073c9ca89

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\MapiProxy.dll

MD5 ae15d26ba4dc3bc645bc7529f6182913
SHA1 c8466c0de5f4c497f856ae20d202a5327054fd00
SHA256 0e086d0302834a144d7d68104cfc245b6d8d8af5c7016c7109c485ec97613298
SHA512 bfdc2b77e6aa197cb9af64780a686452cbcaef077c9a2d740d072d84f31335b79fc07c9fa72b98df4fcb78810503fd083f5c4ad620be4cf83872fd93217ecf8d

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\maintenanceservice_installer.exe

MD5 76cf7c92d543bc03a9f0d8f735c67e50
SHA1 e2436909c176e62372ede88b9eac8ca97cb2215c
SHA256 399b4707ac81bcb1d356a9e0ed8199152928b79efdfad3a21dfb6f5bbc0880d6
SHA512 a1276eabf35a37b3ac7c6dbe015f720a9df4f243d44fcf776907c5fe868e683eafc07d53097d2609b696bbba6e73a0b9efc827a65b384a353bed1d039a0718e3

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\maintenanceservice.exe

MD5 3353ca24c4a721bccb6c070f9d7599af
SHA1 4a6edc571c685cf60b0ca022e30e102e913226d0
SHA256 8e1ed0fabbd038d62dbcb96adf5a950a1ebcdbc8de5aeb9b0c4e85292ccfade1
SHA512 02a8f6be57222f6dd10a5d9c0d214f6102c0ac40b961e801ee9daf2a9cbe74b5c13b5a56157086a4b6479382592a2f5b1c8671f67efff4d263f773d8930098e5

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\libssp-0.dll

MD5 116095ff6face2bb1a8b3bef70f8cc79
SHA1 c4013495c0c3ae61ba10c3bee3a57281042863bb
SHA256 362789df92aaf0416944a6281f9f1ef656db69597d740bad2abac797c425bf52
SHA512 eea1807b80743e9312dfd951ee02748a6d3e848f64d624db29e5fa48278f89ab7391f55ac1fbfebb346d0111716fb0ecf838fac32888867fe9620b69bc75bad1

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\libotr-5.dll

MD5 9227885bae7ff8f5726a605f20d29b1a
SHA1 907d21a475a0a7cc64a935c0e2e8b9817ead4948
SHA256 24c12e54494f7e9cfd6da08f8875a821e654b3520a7036477d213a42d9650123
SHA512 f34aa6f0610728ff717519b0af33b27a6b56ee2b971cfc1f2c52dc03738b36d5efd1111e9410187cd2e7efe93ea028814e9b0231fb53a9a8e91f14462402651f

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\libgpg-error-0.dll

MD5 fda4b549ed1d9f8dd8c90ff21d9eb356
SHA1 defbf16694dbdeddffeb8494dc2c9bb8258d41dc
SHA256 b765ebd0803fb1209977b4463eb8c80c9006dfba77f6ae28a440331ca3b547b9
SHA512 50bf1628f1bcb2ca7c196f4636916aec5cf874295234d9ea2a227d3182a74d9b7e5ec66a3aa6f3bc76c3069cfed5e1a84f9433a545b1e9dc0adeebc3bc1903a2

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\libGLESv2.dll

MD5 aba2fef262edfbf5225c50c14bce9a3e
SHA1 9a73a9903a94d05e501c72b22dc3d0a75d44ae8d
SHA256 456b20a293e212569e87edabb443791cddbb4d815bb3b38fd8b8154a77119103
SHA512 8f0b69c420ae03803517f3367e74f7ad8dbece131c71dffc9cd47a39e249e466a1e98e131b3053989439d4f2e24b12e317e184276e6aca77c2095dbf4c5c0e7f

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\libgcrypt-20.dll

MD5 c1f3bfd298857a0d6126963c563d0c6a
SHA1 f220ab8a7861b34548b3cf448a010c48f62aeaed
SHA256 5156212a9f3bcccc6dcb7480d842bfc7330953f5866511497033d9daac941202
SHA512 198ca8632304d753c5ffbe5bfe1f8ed8656df8a6e35b2850cf25e6ce9fb2adbe7f3255c4e24a0ec5be7a5a05e2529a61a2b0bd553883bc954515bd76121b7003

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\libEGL.dll

MD5 32c958ad0f71549a35c7552778a4cbc0
SHA1 5b8a3cfa452ac7c04e3278172c0d79cffa85af94
SHA256 6e4adf24888b346e43ffa834a31ac0333bbbd3d15c0f892ddf88b00475b8542e
SHA512 87730cf4fb0e86bbe183eb99cc13a8e7e1f755bf3971854c0d28222939ea682735720730538b64fcd2511bb3c1758a2e3b673779afbcc2d2eaa2953961f7b41f

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\lgpllibs.dll

MD5 331fedd943660dc31bd188a1c77cdd8d
SHA1 fc086979ee1b2246cd7aceb042d9bcb330ba928a
SHA256 5bcc6af85b85bc4c993e038a46aa45e516831f43e01a5d9efce7ade9aeb1c608
SHA512 59aa264e4b6f6e654a31fa3949c9ce6b18e00f243427e0b47fd02c7bad4b1e34ef58ac7d431d965c69fab0693530995744ba795e30e50b37bb766d09bdd36f38

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\ldif60.dll

MD5 fcc0b884f31b1822e182634ae795da70
SHA1 db9b62ff413ca18d5440a70a9f928feb7705c837
SHA256 4736f397b6c011a0415c57872ae0827327540e7b162933c0b0c742d8e6a379b7
SHA512 6597a58d7be90cd7646cc4181084f705b2d2f65150b71a7daddb67f3d70ffaa048b1477f197dc228442241acb04174126fc7a15b28cdee569dc2aabfe20ab026

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\ldap60.dll

MD5 4a1c85a11e06d9846bcfc6cd725e39d6
SHA1 c364833c36d9e88e18e98ad809c2b05604817be7
SHA256 f5f81641c9b2d1413c3fbb3e0677692aaf7ee787396f736f987ea81b86ab66b7
SHA512 eb4485e335f4ecbc6fac0e8384398a352a2d6ff897f76c15cb5b5074922383b637fd53be2634b1ff7d06dbc9a9938c0528f53460b1549b05a23896ea1a2bf42c

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\IA2Marshal.dll

MD5 36daa7fec3c5377bdaa8a89bcb4ef3a8
SHA1 ce052056a951237f5bea8b4febd0643663396656
SHA256 bbb07998d52acc1dfd54be06fb946ed8507c735c853a42fb7d74690e5ef1d581
SHA512 8bc9a62da2a583becf12429e7c2c573b09aa1b80db98a06f3b481cb463e3c4f8514c9852d4c60c54e5bd084879445bc82120cb5231e7a15d60364d35c071f9d3

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\freebl3.dll

MD5 c74c969b7eee371689d96a890433f641
SHA1 0ec6c85a968bd697d4cd7bf4a18808a63ced3cf2
SHA256 d3a1f094389a0ee810cb8112c1a95e43193f12c0521feaa753785a00e0c6520f
SHA512 a4919ac4fca0b4c3c8c4383ce1b832c794777cc3bdb2f0dfd5987646ecde95008f722fde40390e5cd024a8ff09f13c6ed75ec4103cdece4c066022f402bd7c2e

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\dependentlibs.list

MD5 1cc4c3aaf44ad24e79150444808372f0
SHA1 896cdbf0bca1662994ee485928d6b048994c75dd
SHA256 820b9eaf5177ebf7ecd00b4bf025a63c1db3d46be2198216337b723720af2a98
SHA512 589245bf09907d5cd6614563367036f6423949a122e44dc7b869ce62f7c7aa027986f3f26d2908a7486820e2349fc15b0079fc73d2fed09fc67a58354448e407

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\d3dcompiler_47.dll

MD5 587a415cd5ac2069813adef5f7685021
SHA1 ca0e2fe1922b3cdc9e96e636a73e5c85a838e863
SHA256 2ad0d4987fc4624566b190e747c9d95038443956ed816abfd1e2d389b5ec0851
SHA512 0fa0e89ea1c1cb27ac7f621feb484438e378a8f5675eca7a91f24e0569174bd848d470d6b3e237fe6ab27ca1eb1ecc09b5f044e53a6d98bf908e77ac511183e2

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\crashreporter.ini

MD5 d978dfe794f8a91ed58193e88721fbd2
SHA1 ec17d4e5d016cc8e1909b9413ab97ece59f50fec
SHA256 149c7e58a70a5446c4b42f3946f558a4897f2e4fea86791c664892d60d028b1e
SHA512 5acaed4276e936a1046aa9d202709f9a1c5a2e084e4ca7f1ef58a938d704a98afeceb6573c8e2b8a82edcde47f0a279cc928c8e60a0417eb50e0de75e06eb5de

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\crashreporter.exe

MD5 61b7c8f1e1cc4252727f6c9c2c3e869b
SHA1 cb6fb9a570f013c3ea2bd8b4fbaf99e42aea129e
SHA256 3183fe859c86383dcc55ea97f6dd72ad06bad2c32131f5edd338d39b4f4f719b
SHA512 de9457f518fd7ea21dbf7d76a6f0444621b3916f7f20b4b547999d16f25709a8a8aac7e5a94eaa807d0def7114ec71f6bcc2219f3fa7cfcfda8d0c145bbac405

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\breakpadinjector.dll

MD5 2954a6a363cf52a264d8fde8886d96b7
SHA1 1df08347b29cb96cf26b8e4bb13b48a57e2b073a
SHA256 532673d7c6fd711c1525903758f842aaa24a98c042dbaf3d07cc2844a475179c
SHA512 baec899ac90732bf1d432ff50b0c77c3666bedeb77ca0d57db628b64cf0f538a6054e81568924cbe0fbb08162f0743b1d33db555c7a2ba2298852ea265644149

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\application.ini

MD5 2b35c983971be1d2dd77fbe390e7ffd7
SHA1 15bb0e0a784fbc2762980bef821dfaf807bc59df
SHA256 f0634fd94d445f944d8846867e84f57030acc7a46513e7cd9ac14eae81fb3e96
SHA512 2818e7b8dafa369d0582a02d3d0fd7367888d3787e2637428e6c92a850ba3e684a67c146b328a71406566bc6ec7723d042c9c862766d70f0c74c6f6f50bd7516

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-utility-l1-1-0.dll

MD5 70e9104e743069b573ca12a3cd87ec33
SHA1 4290755b6a49212b2e969200e7a088d1713b84a2
SHA256 7e6b33a4c0c84f18f2be294ec63212245af4fd8354636804ffe5ee9a0d526d95
SHA512 e979f28451d271f405b780fc2025707c8a29dcb4c28980ca42e33d4033666de0e4a4644defec6c1d5d4bdd3c73d405fafcffe3320c60134681f62805c965bfd9

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-time-l1-1-0.dll

MD5 9b79fda359a269c63dcac69b2c81caa4
SHA1 a38c81b7a2ec158dfcfeb72cb7c04b3eb3ccc0fb
SHA256 4d0f0ea6e8478132892f9e674e27e2bc346622fc8989c704e5b2299a18c1d138
SHA512 e69d275c5ec5eae5c95b0596f0cc681b7d287b3e2f9c78a9b5e658949e6244f754f96ad7d40214d22ed28d64e4e8bd507363cdf99999fea93cfe319078c1f541

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-string-l1-1-0.dll

MD5 ad99c2362f64cde7756b16f9a016a60f
SHA1 07c9a78ee658bfa81db61dab039cffc9145cc6cb
SHA256 73ab2161a7700835b2a15b7487045a695706cc18bcee283b114042570bb9c0aa
SHA512 9c72f239adda1de11b4ad7028f3c897c93859ef277658aeaa141f09b7ddfe788d657b9cb1e2648971ecd5d27b99166283110ccba437d461003dbb9f6885451f7

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-stdio-l1-1-0.dll

MD5 d5166ab3034f0e1aa679bfa1907e5844
SHA1 851dd640cb34177c43b5f47b218a686c09fa6b4c
SHA256 7bcab4ca00fb1f85fea29dd3375f709317b984a6f3b9ba12b8cf1952f97beee5
SHA512 8f2d7442191de22457c1b8402faad594af2fe0c38280aaafc876c797ca79f7f4b6860e557e37c3dbe084fe7262a85c358e3eeaf91e16855a91b7535cb0ac832e

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-runtime-l1-1-0.dll

MD5 fb0ca6cbfff46be87ad729a1c4fde138
SHA1 2c302d1c535d5c40f31c3a75393118b40e1b2af9
SHA256 1ee8e99190cc31b104fb75e66928b8c73138902fefedbcfb54c409df50a364df
SHA512 99144c67c33e89b8283c5b39b8bf68d55638daa6acc2715a2ac8c5dba4170dd12299d3a2dffb39ae38ef0872c2c68a64d7cdc6ceba5e660a53942761cb9eca83

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-process-l1-1-0.dll

MD5 9d3d6f938c8672a12aea03f85d5330de
SHA1 6a7d6e84527eaf54d6f78dd1a5f20503e766a66c
SHA256 707c9a384440d0b2d067fc0335273f8851b02c3114842e17df9c54127910d7fb
SHA512 0e1681b16cd9af116bcc5c6b4284c1203b33febb197d1d4ab8a649962c0e807af9258bde91c86727910624196948e976741411843dd841616337ea93a27de7cb

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-private-l1-1-0.dll

MD5 3d139f57ed79d2c788e422ca26950446
SHA1 788e4fb5d1f46b0f1802761d0ae3addb8611c238
SHA256 dc25a882ac454a0071e4815b0e939dc161ba73b5c207b84afd96203c343b99c7
SHA512 12ed9216f44aa5f245c707fe39aed08dc18ea675f5a707098f1a1da42b348a649846bc919fd318de7954ea9097c01f22be76a5d85d664ef030381e7759840765

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 19d7f2d6424c98c45702489a375d9e17
SHA1 310bc4ed49492383e7c669ac9145bda2956c7564
SHA256 a6b83b764555d517216e0e34c4945f7a7501c1b7a25308d8f85551fe353f9c15
SHA512 01c09edef90c60c9e6cdabff918f15afc9b728d6671947898ce8848e3d102f300f3fb4246af0ac9c6f57b3b85b24832d7b40452358636125b61eb89567d3b17e

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-math-l1-1-0.dll

MD5 8da414c3524a869e5679c0678d1640c1
SHA1 60cf28792c68e9894878c31b323e68feb4676865
SHA256 39723e61c98703034b264b97ee0fe12e696c6560483d799020f9847d8a952672
SHA512 6ef3f81206e7d4dca5b3c1fafc9aa2328b717e61ee0acce30dfb15ad0fe3cb59b2bd61f92bf6046c0aae01445896dcb1485ad8be86629d22c3301a1b5f4f2cfa

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-locale-l1-1-0.dll

MD5 034379bcea45eb99db8cdfeacbc5e281
SHA1 bbf93d82e7e306e827efeb9612e8eab2b760e2b7
SHA256 8b543b1bb241f5b773eb76f652dad7b12e3e4a09230f2e804cd6b0622e8baf65
SHA512 7ea6efb75b0c59d3120d5b13da139042726a06d105c924095ed252f39ac19e11e8a5c6bb1c45fa7519c0163716745d03fb9daaaca50139a115235ab2815cc256

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-heap-l1-1-0.dll

MD5 1776a2b85378b27825cf5e5a3a132d9a
SHA1 626f0e7f2f18f31ec304fe7a7af1a87cbbebb1df
SHA256 675b1b82dd485cc8c8a099272db9241d0d2a7f45424901f35231b79186ec47ee
SHA512 541a5dd997fc5fec31c17b4f95f03c3a52e106d6fb590cb46bdf5adad23ed4a895853768229f3fbb9049f614d9bae031e6c43cec43fb38c89f13163721bb8348

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-environment-l1-1-0.dll

MD5 39325e5f023eb564c87d30f7e06dff23
SHA1 03dd79a7fbe3de1a29359b94ba2d554776bdd3fe
SHA256 56d8b7ee7619579a3c648eb130c9354ba1ba5b33a07a4f350370ee7b3653749a
SHA512 087b9dcb744ad7d330bacb9bda9c1a1df28ebb9327de0c5dc618e79929fd33d1b1ff0e1ef4c08f8b3ea8118b968a89f44fe651c66cba4ecbb3216cd4bcce3085

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-convert-l1-1-0.dll

MD5 9ddea3cc96e0fdd3443cc60d649931b3
SHA1 af3cb7036318a8427f20b8561079e279119dca0e
SHA256 b7c3ebc36c84630a52d23d1c0e79d61012dfa44cdebdf039af31ec9e322845a5
SHA512 1427193b31b64715f5712db9c431593bdc56ef512fe353147ddb7544c1c39ded4371cd72055d82818e965aff0441b7cbe0b811d828efb0ece28471716659e162

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-crt-conio-l1-1-0.dll

MD5 a668c5ee307457729203ae00edebb6b3
SHA1 2114d84cf3ec576785ebbe6b2184b0d634b86d71
SHA256 a95b1af74623d6d5d892760166b9bfac8926929571301921f1e62458e6d1a503
SHA512 73dc1a1c2ceb98ca6d9ddc7611fc44753184be00cfba07c4947d675f0b154a09e6013e1ef54ac7576e661fc51b4bc54fdd96a0c046ab4ee58282e711b1854730

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-core-timezone-l1-1-0.dll

MD5 c9a55de62e53d747c5a7fddedef874f9
SHA1 c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad
SHA256 b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b
SHA512 adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-core-synch-l1-2-0.dll

MD5 6e704280d632c2f8f2cadefcae25ad85
SHA1 699c5a1c553d64d7ff3cf4fe57da72bb151caede
SHA256 758a2f9ef6908b51745db50d89610fe1de921d93b2dbea919bfdba813d5d8893
SHA512 ade85a6cd05128536996705fd60c73f04bab808dafb5d8a93c45b2ee6237b6b4ddb087f1a009a9d289c868c98e61be49259157f5161feccf9f572fd306b460e6

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-core-processthreads-l1-1-1.dll

MD5 95c5b49af7f2c7d3cd0bc14b1e9efacb
SHA1 c400205c81140e60dffa8811c1906ce87c58971e
SHA256 ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1
SHA512 f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-core-localization-l1-2-0.dll

MD5 23bd405a6cfd1e38c74c5150eec28d0a
SHA1 1d3be98e7dfe565e297e837a7085731ecd368c7b
SHA256 a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41
SHA512 c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-core-file-l2-1-0.dll

MD5 3f224766fe9b090333fdb43d5a22f9ea
SHA1 548d1bb707ae7a3dfccc0c2d99908561a305f57b
SHA256 ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357
SHA512 c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\api-ms-win-core-file-l1-2-0.dll

MD5 79ee4a2fcbe24e9a65106de834ccda4a
SHA1 fd1ba674371af7116ea06ad42886185f98ba137b
SHA256 9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613
SHA512 6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\AccessibleMarshal.dll

MD5 593e62c81b82768e852accf8a22ecef2
SHA1 5cfcac2dd89ff8ff68af9c652a49316941ef9aaf
SHA256 e24fd8e6edf686ca54eb15a4eebcf401cab7bd6b8f05646bd88532aa0edfea13
SHA512 3def9eeca3be3b5b08fb720a9d2171f22037b35b148df760056e8902200730b81be0c26ee93b696528e0dcb054c022d3069709dc07331428c74e392c05fbfe93

C:\Users\Admin\AppData\Local\Temp\7zSC24F7C6C\core\Accessible.tlb

MD5 e49aeb412aab7c49a27e6feaa0ca40ce
SHA1 6a2f6ea9facc48a3f736e03fda2c1ce44b744af3
SHA256 754fd922f8c93b66f723c30d39083a6a1fe33fa4b6439d55ad2459be40c3151e
SHA512 8c3f957d032fa8edb523cd3f473a57e2cc020c9e6e33aea183cad8b435777660f4c7e87ba62c67bbb1aef726d109f0f34b2d86c159ca9bd98bfad43c89af7ad2

C:\Users\Admin\AppData\Local\Temp\nsj909E.tmp\shortcuts.ini

MD5 b097c49b73373bf10b310a81c60d9590
SHA1 060846730ca53d984082238d94666cecf447b9c1
SHA256 5a08bbfa47827de1351eb8c81d02f61304e5cc415be08a63cd50e96ab03c1964
SHA512 3b66338a81a547ef32010ba2a1e78e6a6562a268a3dafd40b6b041161432b0675a5da72c2f3f1e732ecb5441d716103ce03163be748f7e8be26644559ff27a8e

C:\Users\Admin\AppData\Local\Temp\nsj909E.tmp\options.ini

MD5 7f8b0abb1f47d8c67b14e6520f56ac5b
SHA1 9b7c6b255086cca6e2f2bf18823864b7889f1542
SHA256 b5b71e9d760087c70ff87924308572e08c1d3a5fcd011de71ff3d3168a5fa649
SHA512 71bb33e12a88e42c4ad242807c592a9e09fd13f37d2131b84b7a6bd67f9960e29d9a8cd346925ad56cd55377755fd7b04508d6deb31fde4dd79bfd178c4bf92e

memory/1068-488-0x0000000000400000-0x0000000000440000-memory.dmp