00490e7012d6bde58cab3917eb99311998aca96d0e20ad7c59d7b105bbf0d7dc

Analysis

max time kernel
45s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2023, 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FileZilla_3.34.0_win64-setup_bundled.exe
Size

8.5MB
MD5

5bed324d68ab49f86590bcfb1b1ba69d
SHA1

7f356de06621b96795efe03be0569cf0475baa74
SHA256

3129fd5421c1a71c0673f4cae5349b4a98d4e93da9c41ace1bcacdc9ebf9c0ff
SHA512

a45473a16f271755fe53110108d6ac67c5f22a07c9e74e15344ed6926c1cf83131d975ff90d46d68b407dc16a396f48411cc077cb7ab57bf3589c7cfcb9f959e
SSDEEP

196608:4XBTE6e9APaebTAQ/KTKQCtSIetELdlvWDmhd7zFgq9fTJ6ih:4XBTEX95cT1/EStcGnvWYFg+Ph

Score

7^/10

discovery evasion persistence spyware stealer trojan upx

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	FileZilla_3.34.0_win64-setup_bundled.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	FileZilla_3.34.0_win64-setup_bundled.exe

Executes dropped EXE 1 IoCs

pid	Process
3680	filezilla.exe

Loads dropped DLL 18 IoCs

pid	Process
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
4852	regsvr32.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ = "C:\\Program Files\\FileZilla FTP Client\\fzshellext_64.dll"	regsvr32.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2192-174-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-177-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-178-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-179-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-181-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-419-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-423-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-424-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-430-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-431-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-440-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-441-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-446-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-448-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-449-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-450-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-451-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-452-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-453-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-454-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-1257-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-1258-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-1262-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-1267-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-1357-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx
behavioral1/memory/2192-1367-0x0000000005FB0000-0x0000000006156000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	FileZilla_3.34.0_win64-setup_bundled.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\FileZilla FTP Client\resources\lone\16x16\ascii.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\showhidden.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\sun\48x48\filter.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\theme.xml	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\locales\it\filezilla.mo	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\folder.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\synchronize.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\24x24\speedlimits.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\16x16\sort_up_light.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\speedlimits.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\16x16\disconnect.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\32x32\download.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\32x32\disconnect.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\32x32\folder.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\locales\eu\filezilla.mo	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\20x20\unknown.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\ascii.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\24x24\download.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\folderup.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\24x24\disconnect.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\48x48\filter.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\32x32\sitemanager.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\16x16\unknown.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\download.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\bookmarks.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\reconnect.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\24x24\folderclosed.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\downloadadd.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\uploadadd.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\docs\fzdefaults.xml.example	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\processqueue.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\32x32\downloadadd.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\48x48\showhidden.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\locales\hy\filezilla.mo	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\locales\nl\filezilla.mo	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\binary.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\queueview.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\download.png	FileZilla_3.34.0_win64-setup_bundled.exe
File opened for modification	C:\Program Files\FileZilla FTP Client\fzshellext.dll	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\reconnect.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\sun\48x48\lock.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\48x48\remotetreeview.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\16x16\binary.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\32x32\processqueue.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\16x16\reconnect.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\16x16\processqueue.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\disconnect.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\folderclosed.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\48x48\synchronize.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\48x48\upload.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\find.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\folderup.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\classic\16x16\localtreeview.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\16x16\compare.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\32x32\logview.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\showhidden.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\speedlimits.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\32x32\lock.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\48x48\filter.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\lock.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\48x48\processqueue.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\16x16\server.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\32x32\cancel.png	FileZilla_3.34.0_win64-setup_bundled.exe
File created	C:\Program Files\FileZilla FTP Client\resources\24x24\unknown.png	FileZilla_3.34.0_win64-setup_bundled.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	FileZilla_3.34.0_win64-setup_bundled.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	FileZilla_3.34.0_win64-setup_bundled.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	FileZilla_3.34.0_win64-setup_bundled.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	FileZilla_3.34.0_win64-setup_bundled.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	FileZilla_3.34.0_win64-setup_bundled.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	FileZilla_3.34.0_win64-setup_bundled.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	FileZilla_3.34.0_win64-setup_bundled.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	FileZilla_3.34.0_win64-setup_bundled.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\ = "FileZilla 3 Shell Extension"	FileZilla_3.34.0_win64-setup_bundled.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\directory\shellex\CopyHookHandlers\FileZilla3CopyHook	FileZilla_3.34.0_win64-setup_bundled.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}	FileZilla_3.34.0_win64-setup_bundled.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32	FileZilla_3.34.0_win64-setup_bundled.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ThreadingModel = "Apartment"	FileZilla_3.34.0_win64-setup_bundled.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ = "C:\\Program Files\\FileZilla FTP Client\\fzshellext_64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\directory\shellex\CopyHookHandlers\FileZilla3CopyHook	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\ = "FileZilla 3 Shell Extension"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ = "C:\\Program Files\\FileZilla FTP Client\\fzshellext.dll"	FileZilla_3.34.0_win64-setup_bundled.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook\ = "{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}"	FileZilla_3.34.0_win64-setup_bundled.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook\ = "{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3680	filezilla.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2192	FileZilla_3.34.0_win64-setup_bundled.exe
Token: SeCreatePagefilePrivilege	2192	FileZilla_3.34.0_win64-setup_bundled.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2192	FileZilla_3.34.0_win64-setup_bundled.exe
2192	FileZilla_3.34.0_win64-setup_bundled.exe
3680	filezilla.exe
3680	filezilla.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 4852	2192	FileZilla_3.34.0_win64-setup_bundled.exe	91
PID 2192 wrote to memory of 4852	2192	FileZilla_3.34.0_win64-setup_bundled.exe	91
PID 2192 wrote to memory of 3680	2192	FileZilla_3.34.0_win64-setup_bundled.exe	94
PID 2192 wrote to memory of 3680	2192	FileZilla_3.34.0_win64-setup_bundled.exe	94

C:\Users\Admin\AppData\Local\Temp\FileZilla_3.34.0_win64-setup_bundled.exe
"C:\Users\Admin\AppData\Local\Temp\FileZilla_3.34.0_win64-setup_bundled.exe"
1⤵
- Checks BIOS information in registry
- Checks computer location settings
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\system32\regsvr32.exe
  "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\FileZilla FTP Client\fzshellext_64.dll"
  2⤵
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:4852
- C:\Program Files\FileZilla FTP Client\filezilla.exe
  "C:\Program Files\FileZilla FTP Client\filezilla.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3680

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\FileZilla FTP Client\filezilla.exe

Filesize
12.7MB

MD5
6465fcd9ad090f82ffedcf1992b237a2

SHA1
a3d1842568b35bf762cc00449660d8757de9fff6

SHA256
25c3812305e06d795846763319722ab3311ad3f763a5d5eed8ad0cc42dfeb455

SHA512
d330095f386ebec7c6494c1c80b74d570a71f777c8644cd598814569d19c86adda4d4ec87cbc98a78574718a671f9652539ed798b3430c5e677a0906a886796f

Download Submit
C:\Program Files\FileZilla FTP Client\filezilla.exe

Filesize
12.7MB

MD5
6465fcd9ad090f82ffedcf1992b237a2

SHA1
a3d1842568b35bf762cc00449660d8757de9fff6

SHA256
25c3812305e06d795846763319722ab3311ad3f763a5d5eed8ad0cc42dfeb455

SHA512
d330095f386ebec7c6494c1c80b74d570a71f777c8644cd598814569d19c86adda4d4ec87cbc98a78574718a671f9652539ed798b3430c5e677a0906a886796f

Download Submit
C:\Program Files\FileZilla FTP Client\fzshellext.dll

Filesize
48KB

MD5
129f71fdfb1b427011aec3f089fe0327

SHA1
2ea4c83defce4606f365a15797b382716dbe02ee

SHA256
243bb6cacdf8e2933134389c1126626a9e28acc7ae9a87bd3892644030039816

SHA512
2dc21c572057a29884a7c5e23708d7d75606ebd98a78d3a427059070b63d53bad84d39f505c9bef0ef6595c91e5c579ded606b0c3e9159163840bbf0b8790c67

Download Submit
C:\Program Files\FileZilla FTP Client\fzshellext_64.dll

Filesize
53KB

MD5
6a947f0630f1934f23b0f207df4f25e3

SHA1
70bf84a97276ad0a2296c99301990a320c88a44c

SHA256
8aedb2b297d36e2351f1e9a4b14b6462a9c6281272c4cf1974691f9062c1f3f4

SHA512
4a21f24605baccb469be96384226e96ee1885c384eee689f29c4ef763eb99d6169a8ebb71ae4606c9d01553061fff35ad64e3e847f4f2f77764120d8eb409ab8

Download Submit
C:\Program Files\FileZilla FTP Client\fzshellext_64.dll

Filesize
53KB

MD5
6a947f0630f1934f23b0f207df4f25e3

SHA1
70bf84a97276ad0a2296c99301990a320c88a44c

SHA256
8aedb2b297d36e2351f1e9a4b14b6462a9c6281272c4cf1974691f9062c1f3f4

SHA512
4a21f24605baccb469be96384226e96ee1885c384eee689f29c4ef763eb99d6169a8ebb71ae4606c9d01553061fff35ad64e3e847f4f2f77764120d8eb409ab8

Download Submit
C:\Program Files\FileZilla FTP Client\locales\ja_JP\filezilla.mo

Filesize
208KB

MD5
7b08a407f6ad69599a6678741ef90af2

SHA1
f6d8f5b8ef74b2fa20b83b40b12d3ab6e31fad5f

SHA256
42b47682c5f96f8dbf34b3ccd4e079798ba8c4bb5f14a625f9c54daf8394d5c9

SHA512
afa014c58befcc60a6aba4b0f24e964d025498284b13ff5eef1cd21ba40f276f9257d0f6997ab60be203b0ecfc5f9d3b527abac86175451bcefeed3889bef5b1

Download Submit
C:\Program Files\FileZilla FTP Client\locales\uk_UA\filezilla.mo

Filesize
240KB

MD5
7b3ff582e0dbf737c2525b35164e27d8

SHA1
8c9880c0a89cee42625b17197c423cdff420aff2

SHA256
6f932549ad6829c189ae408e15867f4f8966686283eb7ee82b60e4af68e485be

SHA512
00d5c80c4834854d2eac9aed575490e7c112b4bcbaff119c271853ac908462b325ea45620d41a10c612b77df89c6b4439b9892986f8c42ef070ba8c8cadd4693

Download Submit
C:\Program Files\FileZilla FTP Client\resources\16x16\unknown.png

Filesize
89B

MD5
03198f6783d16be48cea18301f1457db

SHA1
55598904340172041826972f784bea4f3ff9b179

SHA256
640cee2f245a1dd93dbc3cf6cb7d61875431d199dc4ed12c6578de96e3dd4238

SHA512
f59c88c9050554a43640524a100b1e7ff05c2b696fe967bd8ab88b24f67de606d0824e5a0474fda12c02c01bc995a337d62d56b8b02de96adc264c68f0ab4497

Download Submit
C:\Program Files\FileZilla FTP Client\resources\48x48\filezilla.png

Filesize
1KB

MD5
dfaba6d62bcda50eccfb39ef591c207b

SHA1
00d18080a95c7eec55c2a91623895af241917f56

SHA256
adcc02f2d63d265da0254695e90c7af672702df1f274d614f01b358383b3eb8b

SHA512
0716d9be24e022021392814960afa0c89a49444a9d47a9587ef727bdf90c1e796147c710f3214937854ba5198b3b14e81fcf346f88d78cc69153a148e1843dc5

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\cancel.png

Filesize
7KB

MD5
4c2c126f11ce45b698336b49b24f8afe

SHA1
7cd96f7e9a6fd3ca36336764ecdfe8a317590d1d

SHA256
314d5ec0dbea36c3b37d48438e7bdd50178811b7ba04e46f438873de3a5c1fe0

SHA512
5ab9e12dba7eca3d9bf63c7def45427040dc39938606555f8d3d47a06750cf8e3808099581c99c3a059f6874028a646e18b3f56dc179533fc7c3f6ed0557aead

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\close.png

Filesize
4KB

MD5
73953c5f3ad8ee760e2f50acd1ac0ab7

SHA1
2e6154ef43682dd835320e8fe080ce4b1422a326

SHA256
676e43dd7594e4c758e05357f1fb5eb49b649770900a2a9716c7ed7a75899c7d

SHA512
01d40442729c090a20f2fb1aae132f11af82b357b804b32b957c290f22020f8b0fe9e0287e68ad159dee0926001b233f31a29a67ec6cb059ffaeda31d0825832

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\compare.png

Filesize
8KB

MD5
0b07b1ea2bde56e41dcbd50e79bd65e3

SHA1
95cda38e1f49d3b0e7e2a9a307b325a46e63f030

SHA256
7788bebba4f6fa835d285950da618e348642e7479a662c961d9447aaff1464a9

SHA512
89de464b969e12720c1fe51738ef183eba81dfd10992a79755cedb58593834886ede09e7ad4a815bd42b56b0e654c65a9c84367d16e0345c5a8227927b482e10

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\disconnect.png

Filesize
4KB

MD5
e7a7e89f12dd8d49f9afb73eb52e0466

SHA1
c4b57e0f2b6d286309e4a962c504abd1a602d971

SHA256
bf0f361801f7dd78c748d611daeb2180d50dbd9e3a284758bc4a5e6f773758d5

SHA512
139df2a8fc3e6331ec5e8a0b3daec852a484ff5e59c54a6f72eb0a257432146e56d73ac86c4bc222b5daf16270a0a910fd3e9b9796485394282151ae93c62eb4

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\file.png

Filesize
2KB

MD5
33774e40279be08b64bee8c287258678

SHA1
0f6349785ce1f4ab0c8e43646dd04e522a720974

SHA256
9ec4d7dfdcfd51cb756104bdff72a974825bd274069cd6da52c78be89753b377

SHA512
6e31a977c028e472f382c1deb1e0af39337fb65e4c7ccba52bec2fda3d5e2e4164375cf59636ad1d1eac105d2e254b819bb4dad3482c97d5c43569198124f7ef

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\filter.png

Filesize
2KB

MD5
8ba37ba851fad91b76c7c9b5ddac18bf

SHA1
77e44925b19b19247ebcbe16ce0b65bef533d67b

SHA256
5e67131effde188b8c27d92982ecbfe9aaa313d0641243e69de7eb982a97a782

SHA512
a58c01bfe9a4f0b7db826d739d69a5cddc57d8fbb890995d659d4a2f740f2c26bf33c8de84ff1d3b7bc0cc0fabdcab9ba0f586ccbb0941c7f68a1254264475de

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\find.png

Filesize
7KB

MD5
31cb1244f73290719df3c7538b730ad9

SHA1
d3aa9cf378bb4fe8b231487efd0b647bcd3c8a06

SHA256
3e1a1e56e1b1b47fd85d83d0071ea146307f49e591a8a2cb8807e7ebaa6c4a18

SHA512
9d1fdc85c4afe39a51c91159c5a518d81b169d1b786fe14128709a6c573391e16dc449f6653d7ef77e7dedbfad81ee4c63220189c1296691b58db87caaf8d628

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\folder.png

Filesize
3KB

MD5
dac7322eb12099122145d2431caf1ef1

SHA1
30b3ca4f92b659419f544dee49075e30e584f72f

SHA256
4af5b556c71ddf23e8102e34566a89dde088a483cdf4be6a2816a6dcf950bde0

SHA512
0646df92e04cda777a2b62fc03efca1fe905658ff450c01b2dcf70516d4265ff0e9cd2e35c1fac4e4292b359dcf5b74c288a99c5f80cd018b8fcc40fd1e58a21

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\localtreeview.png

Filesize
3KB

MD5
e21443d7cad7e6927fd6d798a4232bb4

SHA1
0c4b2f6e709822c59f884f960471009408782d09

SHA256
a67af84c06743847ffc0edbc79ffc4a3ce93c89ff57c03c0f18c3782b5347988

SHA512
052428edcc9d026eda6ccb32ea2e7104b68d9d346f016b82aeade8b7fb191d704e21cec084721dd35aaeb51bedb06babd4097f7f7623e58834805de2bc3cc47a

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\logview.png

Filesize
4KB

MD5
a5c2e72f7c61158a6e17aea666de99fd

SHA1
83f0e6816c8735ac340335209d6c02916f4c019c

SHA256
9bf88f5a0f4deb7035cfd2930225596b4e0767010d34f01c3ee093c17164033f

SHA512
712a0e1a5d098be686f2a897a12f8a41d8b2254d30f2539094a6fc8e334238aaeba16562e2bc8dab81cbb31fc8858b936e134d5ef6479170fd2ecf10af75f61c

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\processqueue.png

Filesize
7KB

MD5
dc267d9678aff17e9a8a557f0c9e690f

SHA1
a6aee93ab4c750b297b1b3995924b383b9be7875

SHA256
930281b5e99bcf3c891b48a2830f5bcfd19d2ab03f9a2cffc2594016233ccd14

SHA512
b918863336196eb55584655d44ac328cfbcb08bd8c8e3b8896567a91791f746329b7832cdac81a996eebfc81c35208d408cb126d518c766d15aaaac1384af503

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\queueview.png

Filesize
2KB

MD5
247cc463ec1c836c2388317b8c5fd91b

SHA1
28e00529f0a265ce1ee9cf0d346bde59a8ac695c

SHA256
444b408a816c39e965a7c960c44c8976ed99b1ef3263088b41b6a170f3747d9c

SHA512
8bb9472a75b0f9671cee6de747f346a7f56d497c9cb42ccd60f61724bb8ffc8ba733e395a79e0af2984291a9e2f92fbd3bd23a49e6db4130220dd90efaf2cfca

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\reconnect.png

Filesize
3KB

MD5
c19505c35182fbc2d2c81ed60e62926b

SHA1
d415f48879875f94cbe9dd7fdb7a7dade6603eb1

SHA256
981892d7fd00d58c2ed41e33bfe1cc35fda8f66d3ea1a533063cba3058331683

SHA512
8125bc3c108bf846be6aa38fbac89e0683fd784a239858fa23e71e533944521410ef925525cc3fe32bffc28d2de47353555fd727d69e7408eb7ce10d65a664d1

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\refresh.png

Filesize
8KB

MD5
f95d73543381834fd6aad987df30f157

SHA1
29b81a5613c3a7b73260f2579b23b1cdaffe4fc9

SHA256
e72e2057afe1c9c449c2f43a83129dc24d4349e34f40ce957b56f7f87aba927a

SHA512
095924c202a73ff4d91668ad9ff6efec9d5f12d410487669ac2518d7caeb12651284d051ba8afd692bf0e0cb059c70bbc590d265b38fa1243242385e50262b0d

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\remotetreeview.png

Filesize
2KB

MD5
3daed236d7df410ff02684080378572d

SHA1
b7427a30e75c4aad0a8b031bbeeb16e57ba7b8b4

SHA256
75a915c0caf149c46df534577f1fb089fac8cf0efda8fbe6115b5118942391e5

SHA512
2a4c7659795b6c497ae657cf287dc8580769e3d7a91c130f0e559f45c1e55e60324e80c4c2b0c2722e7bd0158d8779151b0a80177eeea5babfe277fe9870b55d

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\server.png

Filesize
2KB

MD5
7560335f2f31bf8300afc5a0bdbfc3ce

SHA1
b80fbf9440699b2b22f27c0368dae86f9d6a770a

SHA256
b4c90cb537691557a35824c335b4a41e1b877a81c748cd0f9e9180a25a8be94f

SHA512
43aa887b9cf2ab4c5b6c4ba5f2940c6048037edcc279bd70eacb582401f9e386af8365712267ef3e0757a07d185c881c135419244862be3cb66e37d6d5b2318b

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\sitemanager.png

Filesize
3KB

MD5
810967a850e0f96f44874651f649a952

SHA1
dd51af31b2883dd27f3ba2ea4b8e572e1340261b

SHA256
66d6c15dd8e819e7b62d277aa237ff77c8c595f65582a368cbbc15427f82bfd2

SHA512
48595fb92e30ad7ffee8237a37cb6c2f6a1603de8eae73da8529d828888759da3f74b0cc56d8e6a787f25749e5af74ea07de698e6178a6175b25b530d9f5d0f3

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\speedlimits.png

Filesize
12KB

MD5
b5aa21c3f5d77d5d55982fed0f46e12e

SHA1
d0540523e377726b1a936980a2ee968d8fd63de2

SHA256
d42aad945404d1a5f66a168f6af3a89d34be856fca13911ee0a5d3da8ab7b084

SHA512
39641960860c6628b0cbe68fb66c1a2294f66f19d019d37b3385bd95190d1a636e39848fd0b1394a671cb04f5ced1a1d4f16f76a0dd0e40cc8948d521e7170c7

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\synchronize.png

Filesize
6KB

MD5
3ce9c623ff201da78ce5462edceeeb57

SHA1
2db3f189cf2cef4538e44feb3e26b5f8f5b16ce6

SHA256
0fffcf51ec568bef40c6eb3a471cc9e63899bb4cfb42b70f40207f819aa826f5

SHA512
d775cf8c77a77d2f74338e74c86bdaf336bff50bb7750925102806987a2c8d59986dd0e74cc23e104e77d62b29d91478756fbb4ff1c882e36b3ed480d88f9748

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\theme.xml

Filesize
212B

MD5
75a54b0f2673d762239bc479579af93d

SHA1
13bb8fea1c2e296ad1516df1d565e2ceaf2d9484

SHA256
209f8abd4d06ba609d1d92943ccd2b7ef8918e88ca3f159ab8d1d6fa82ebcda1

SHA512
8f4ad697b0073307a9dd5559c702f30bb52aadf48f875707691a2480a9baed48eec34089ed1be784358ff7ea213b68c62b972cc24278e6c32b0ffd397c2a0e0a

Download Submit
C:\Program Files\FileZilla FTP Client\resources\defaultfilters.xml

Filesize
2KB

MD5
9994a10e6ee72a5afd26cbb582e946e8

SHA1
c4b507e64a476a260974c17f2e13e6c41ef19cb9

SHA256
27b4c87e3f1a75ce58cce51086d8445e3c33590111a258be8344b842f74c05d0

SHA512
776ef79c8e72695d3a142438f441a85bb5043d584f6dd5216d4d8e7357dfe19871f775059212d3c7dd2d8679463056222224a27ee7d544beadb1a2a921a27ec5

Download Submit
C:\Program Files\FileZilla FTP Client\resources\dropdown.png

Filesize
78B

MD5
4e7ad820c4a09c54bc911f331287a96c

SHA1
f245a88b2263225028d431e34faaa62c47f7d256

SHA256
7567af44f8d970ffebef66e8fa9eba34d66911a86295d083c070e0806b1ab198

SHA512
a834c1c756875381ad94e047586bbddfaa55f239d7f1dffc5555247f028e8ed5be0e561522f982b97dc92294da4cdffb8fbcc3728f759f8b0aae9c1fb41250f0

Download Submit
C:\Program Files\FileZilla FTP Client\resources\leds.png

Filesize
1KB

MD5
bfe22e9dc5e9d96e0be3ea3fbbd4975b

SHA1
d777d9abf786385cd9495da69c6dd4363a676427

SHA256
f99d621343251b0e99873834bc09fcef866f078a48f60c362282893b22c8e1da

SHA512
9a42b48e3420167bfc58ddb6e9b8e83f1dd5eb3ab6d3daad0eb94b07d1bccf88d1a8b3fcf4860e735ac4f1003e6092c355190037fab4c37571ef014b77ec1ce8

Download Submit
C:\Program Files\FileZilla FTP Client\resources\xrc\certificate.xrc

Filesize
6KB

MD5
4c1e17a79e787ff0cadf1fb263e8a157

SHA1
52cfee76232e82acb411442db9832154bbf9fb37

SHA256
e49597207209866b9ed9d46c9490319cb5a383a3594116cb22ac7bb4de8c1a1f

SHA512
eb8db703bb1a37cbe82b2b80df0e524ddbc84cb6700230357ba5229480cd9055c3cb5cac4ded74fe6e2280fd86fd22e91e5c6347472b164a27116bb1259ab56f

Download Submit
C:\Program Files\FileZilla FTP Client\resources\xrc\dialogs.xrc

Filesize
96KB

MD5
88141f5c0616388c3dcfccdb1aa89df8

SHA1
65f1f6f3ad287946269f991c5fbb0530bd44528b

SHA256
0ee3f5ffbc5aa65ab340bc9e8a97242097ead064b60a545d2f33d8c1c2f0e5d4

SHA512
e9530d3dbc875ada99b76a25fc9b02f4d14743b59478c802c07e3ffb36a5cd9d535b281dc902d891b986026ca7a127959b140c85ecf8c478d3cd8cf0f541b602

Download Submit
C:\Program Files\FileZilla FTP Client\resources\xrc\inputdialog.xrc

Filesize
1KB

MD5
c5ae11d3d01d6bb95d7810dbe961b773

SHA1
fef467c62ca761e487071cbe1359860e5fdeecdc

SHA256
1c97ae68ccbcf05361b0df8e1d8427d215d02e75163cdf6a43131b23f64099c1

SHA512
d6244816ad71ab03b04f11362f546a854fb798a3b20e695d34aeb21e4496e1f72dab6dfa36bf0dcbac549c9b0d52d2968f8bd09d2a44738530d67a9d544c9d1a

Download Submit
C:\Program Files\FileZilla FTP Client\resources\xrc\menus.xrc

Filesize
13KB

MD5
a6fb81964bb4090afe01ff30f347568d

SHA1
913c0cea100586c8f64e0e9c8ba75854e3ecf6a4

SHA256
4a353c328ba05d3c192ae8725e79bf33b7a0a2999850de4949b016fb075eb8cb

SHA512
1e7b96058b2db422001de9e121d26734809127172faab8c8733da636d4d5a3ef525cb58b1dc721bf04beb1383397f9c51bb2433c03303c829011ba1904b57e79

Download Submit
C:\Program Files\FileZilla FTP Client\resources\xrc\netconfwizard.xrc

Filesize
12KB

MD5
fc67fbcaba06ebce87ce2c6195d995df

SHA1
fd7f29bdb32cc626e32c2977973502dc31f0a8f4

SHA256
c1eb0d03cf4ceff5cf761b2e5b25b9609e1aa37101a8f169a2bc0d3ecba37b57

SHA512
cbf3a69d343a9c077ac5d8fe57d93034511ca457c249f24d4068af27f4de93f6c49350ba18119f1f1e16d34e526248f3e91ab8eaf8823e405f345b800a0f962c

Download Submit
C:\Program Files\FileZilla FTP Client\resources\xrc\settings.xrc

Filesize
56KB

MD5
c13e153462627962676422a5d8dba331

SHA1
c51454d0e0c984421263b9079c06a2359176abbf

SHA256
06e1e7faf79e8081b781ecef00ce2451ea366494ce17eb27f4339ff301b6f439

SHA512
650f7a849ce8770f247c57eda7f501b7a42e8e0af7473b44fdae33463f4f39f5b6bcfeabc48c6fa25716c5e826fee22895d6db4a085b7b2b66095929f0902812

Download Submit
C:\Program Files\FileZilla FTP Client\resources\xrc\sitemanager.xrc

Filesize
16KB

MD5
6cbb38cd0c36c4834a6d75f55e412f33

SHA1
5e8c1cd930cf74119eee8688c3f6bb9ab5da01ae

SHA256
477037ca11a9b89ffba1109ae204e7646e24b1c40748cae31ed3cc59a08149a3

SHA512
a65ff62021e8d010fa5b5b150679385dd7f67095782c0022fbba4fd9ab8400c343481cae751b432cf3048158a52d1b692210073888b8491214c2fb8a91ca6113

Download Submit
C:\Program Files\FileZilla FTP Client\resources\xrc\storj.xrc

Filesize
1KB

MD5
f4c4a95d8dfb326cdaed1dc4c9895527

SHA1
9f15069c027f0490a36e5ab3b12dc4b5253b2a09

SHA256
11af23b8998accc64dc60bac10e3db6c31cb76de1e731665c79f5c81aa00d46f

SHA512
ab26696b840fcb4c7011834041a27117ed7bd681106173a5f213606136ff542bdf081dc3777c824688c6bafb47079ed93abc14147830777af37de0524e6d9980

Download Submit
C:\Program Files\FileZilla FTP Client\resources\xrc\update.xrc

Filesize
7KB

MD5
b709c1372f460fe22d2fc1245ce86cba

SHA1
5bdd82d225e7bf110fbfcee7b583bc4d725da04b

SHA256
f299bc3758d09cdfd7a96c6dbdf46f79d208e0445ae5fdd4dbae0dee43769b32

SHA512
3868bd54fa0d8c8a14d47e583987c77b15b053202af759593ead3f7f396e457680655641757c353ed37a10a483a3000236afa58c391f2748292418dbe8f48d4c

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk

Filesize
1KB

MD5
1a39af9aa28e62efa883f3c6e770a65b

SHA1
2637d3f9ac88f771e92e2f4865206d59f0c09da3

SHA256
067fe3945bd535ac16ad180d4511133fe281ca5ac186953a31c4d134a0a1be84

SHA512
a9e15ee9be600851dce82a53586619c05550c9cf1dd7821e97ba28faf09eeed60311d7fcc54e17434e2e2bbda7663be5e3736ff4e05a4425bdae7b6d706384d3

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk~RFe56e64e.TMP

Filesize
967B

MD5
00d77099e88c8ee30a31b09be799fe73

SHA1
5fc1788e7f69e378c30a8f0202496c310674b621

SHA256
b68f173f1885d1c061661d1f1d1649dc0a5b9d03066406c85a5a3f2b25747e84

SHA512
6f1017ad902169e78e072071237d55c10f46328937a04242ac48a5e87addec9f50288f92f0144b826339103e8db0d6057d4d07243e27ebea3a70b74dbe84fbfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd24055642156282\bootstrap_51720.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd24055642156282\css\main.css

Filesize
6KB

MD5
9b27e2a266fe15a3aabfe635c29e8923

SHA1
403afe68c7ee99698c0e8873ce1cd424b503c4c8

SHA256
166aa42bc5216c5791388847ae114ec0671a0d97b9952d14f29419b8be3fb23f

SHA512
4b07c11db91ce5750d81959c7b2c278ed41bb64c1d1aa29da87344c5177b8eb82d7d710b426f401b069fd05062395655d985ca031489544cdf9b72fe533afa61

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd24055642156282\images\Loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\Fusion.dll

Filesize
980KB

MD5
a2ad9950e1eb2a6474f62cfc24d34ed6

SHA1
fb2922be85cd1a9e961cf804820f57e1e0983f41

SHA256
30b0e0a2622363ae54321f586b4c363785e4039a56411fb0f6f1234aaf9efe82

SHA512
81d5bc9f590b6474b1b4df8c60bcda03223dc6e155e41137309c20db2295f5fc08e32f1ba4527a973e7fd7b078ce9d0758054835caf0e3d605b9f8489546abf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\Fusion.dll

Filesize
980KB

MD5
a2ad9950e1eb2a6474f62cfc24d34ed6

SHA1
fb2922be85cd1a9e961cf804820f57e1e0983f41

SHA256
30b0e0a2622363ae54321f586b4c363785e4039a56411fb0f6f1234aaf9efe82

SHA512
81d5bc9f590b6474b1b4df8c60bcda03223dc6e155e41137309c20db2295f5fc08e32f1ba4527a973e7fd7b078ce9d0758054835caf0e3d605b9f8489546abf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\INetC.dll

Filesize
24KB

MD5
640bff73a5f8e37b202d911e4749b2e9

SHA1
9588dd7561ab7de3bca392b084bec91f3521c879

SHA256
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

SHA512
39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\StartMenu.dll

Filesize
7KB

MD5
8a8cf094137e9c56386d5cf84f936fd0

SHA1
60a0cc212e5a1ce303a028f8ddafe0989c202b8d

SHA256
2053d459f5ae1213eaba8ecae74671144c1af140660034b5af23c97818e2c789

SHA512
d938cdb8aabeaf22ce573c4817eed2e8c235c5b4d9d3fb7139db6e8d9ebc73957425cfaa0ec119cc506bcf9c3ecc6b6393fff9278b8d873564148557df5cd9ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\StartMenu.dll

Filesize
7KB

MD5
8a8cf094137e9c56386d5cf84f936fd0

SHA1
60a0cc212e5a1ce303a028f8ddafe0989c202b8d

SHA256
2053d459f5ae1213eaba8ecae74671144c1af140660034b5af23c97818e2c789

SHA512
d938cdb8aabeaf22ce573c4817eed2e8c235c5b4d9d3fb7139db6e8d9ebc73957425cfaa0ec119cc506bcf9c3ecc6b6393fff9278b8d873564148557df5cd9ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\StartMenu.dll

Filesize
7KB

MD5
8a8cf094137e9c56386d5cf84f936fd0

SHA1
60a0cc212e5a1ce303a028f8ddafe0989c202b8d

SHA256
2053d459f5ae1213eaba8ecae74671144c1af140660034b5af23c97818e2c789

SHA512
d938cdb8aabeaf22ce573c4817eed2e8c235c5b4d9d3fb7139db6e8d9ebc73957425cfaa0ec119cc506bcf9c3ecc6b6393fff9278b8d873564148557df5cd9ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\nsDialogs.dll

Filesize
9KB

MD5
42b064366f780c1f298fa3cb3aeae260

SHA1
5b0349db73c43f35227b252b9aa6555f5ede9015

SHA256
c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

SHA512
50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\nsDialogs.dll

Filesize
9KB

MD5
42b064366f780c1f298fa3cb3aeae260

SHA1
5b0349db73c43f35227b252b9aa6555f5ede9015

SHA256
c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

SHA512
50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\nsDialogs.dll

Filesize
9KB

MD5
42b064366f780c1f298fa3cb3aeae260

SHA1
5b0349db73c43f35227b252b9aa6555f5ede9015

SHA256
c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

SHA512
50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\nsis_appid.dll

Filesize
3KB

MD5
19071761e91c43c115a16b52458869b7

SHA1
75ddb807157f1aa31a08f87be0270f60990bcbbc

SHA256
e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f

SHA512
bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\nsis_appid.dll

Filesize
3KB

MD5
19071761e91c43c115a16b52458869b7

SHA1
75ddb807157f1aa31a08f87be0270f60990bcbbc

SHA256
e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f

SHA512
bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx82C3.tmp\nsis_appid.dll

Filesize
3KB

MD5
19071761e91c43c115a16b52458869b7

SHA1
75ddb807157f1aa31a08f87be0270f60990bcbbc

SHA256
e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f

SHA512
bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c

Download Submit
memory/2192-449-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-447-0x0000000005330000-0x0000000005429000-memory.dmp

Filesize
996KB

Download
memory/2192-455-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/2192-1357-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-454-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-453-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-174-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-452-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-451-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-172-0x0000000005330000-0x0000000005429000-memory.dmp

Filesize
996KB

Download
memory/2192-178-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-450-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-1262-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-1257-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-448-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-177-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-1267-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-1258-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-446-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-441-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-440-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-431-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-1367-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-430-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-425-0x0000000005440000-0x0000000005441000-memory.dmp

Filesize
4KB

Download
memory/2192-424-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-423-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-419-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-181-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/2192-180-0x0000000005B70000-0x0000000005C3A000-memory.dmp

Filesize
808KB

Download
memory/2192-179-0x0000000005FB0000-0x0000000006156000-memory.dmp

Filesize
1.6MB

Download
memory/3680-1430-0x0000000000400000-0x00000000010F2000-memory.dmp

Filesize
12.9MB

Download