bf2ca3f940fe084a409d7889de8b32b29842106b5112684e0c98facf9300bb9d

Analysis

max time kernel
106s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2024 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IDA Pro 7.7.220118 WIN x64 + Plugins and Tools [2022, ENG].7z
Size

318.2MB
MD5

84714cca45c8f9528177aa415111c900
SHA1

a436c77412cf9928b9c538f49fb0fde0c1d0e36b
SHA256

bf2ca3f940fe084a409d7889de8b32b29842106b5112684e0c98facf9300bb9d
SHA512

4737ffd56162adedd3c82e2cc50e55d9a8e88be770080e6e80ef7dc85031ae1ba7623688d484d3511adea9d42a9d640b81c125d1c2b059d856699d4843f3d89a
SSDEEP

6291456:buKSTGZuO5bXhl+KsKd3L6VqMC3ias6wNt1jSyJ40u4EaFzFBzx3gJtnUHIE:butGoO5bx0XKJsC3iVX40zXzI05

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Control Panel\International\Geo\Nation	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zFM.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1796	7zFM.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	1796	7zFM.exe
Token: 35	1796	7zFM.exe
Token: SeSecurityPrivilege	1796	7zFM.exe
Token: SeRestorePrivilege	4688	7zG.exe
Token: 35	4688	7zG.exe
Token: SeSecurityPrivilege	4688	7zG.exe
Token: SeSecurityPrivilege	4688	7zG.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1796	7zFM.exe
1796	7zFM.exe
4688	7zG.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 1796	4568	cmd.exe	91
PID 4568 wrote to memory of 1796	4568	cmd.exe	91

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\IDA Pro 7.7.220118 WIN x64 + Plugins and Tools [2022, ENG].7z"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\IDA Pro 7.7.220118 WIN x64 + Plugins and Tools [2022, ENG].7z"
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:1796

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3580

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\" -spe -an -ai#7zMap21829:148:7zEvent15324
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4688

C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\ida.exe
"C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\ida.exe"
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64).7z

Filesize
10.6MB

MD5
bd6ab6188d79ff1de6b6d96d23196745

SHA1
866e782d7dcb9c63f24159a8669310f03eef7741

SHA256
865846806ba6c7554a1e92a0d5538c1878dc6f9ea205e5098210d8134269bf20

SHA512
d676d26a01efb624b6f97dff3950ef6d08005183948dbd9ae0d36ab7b3209924240e914ee89a96e5db6e8896bfabcff177db12bb56ca6e384690691ddb84ca51

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\CLP64.DLL

Filesize
161KB

MD5
7c539004dac241b7051d54835a3387e1

SHA1
a948006265ef83ec568014a7b4d00fef6b3c7955

SHA256
ed7e40cbaf50627afdb0f24608537e6b65b4f37587ae743b1bf7aa59cca710ae

SHA512
f67cced9da808b627ca48ec5a813718fc71fb70f33f2bef99f2f34df05f4a101e54286ad3610e3b3a3dbeffb7ff928454c791b56a9a41445ff2fe6e35dc01263

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\Qt5Core.dll

Filesize
168KB

MD5
a590f92c6dc173f736c11cfa427c7909

SHA1
f219149013d81a1120ccd53dc2293ebc86ec0555

SHA256
d3554a092feeab81e3f99110f7d3c643d4af7a5ea8891ae2b61d2549cd7d737d

SHA512
f1bd95e71c2af9a1f496a3261292f03959f6b49c98fa7d2c43c40a86a0147ee980d0f61ad1937e18f2ae8c68ba1bb02e57252c48b686836e7a7daa9cb4b72a08

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\Qt5Core.dll

Filesize
159KB

MD5
961b5253c20b2776d2705e03aa321c35

SHA1
2ec2f7c95b8dcafdb626f471d68a6ae36c907eed

SHA256
f0589e7c0e252bd29bb62deb87589dccdc1e63caa5a9d9aa5a27d7ba8da1cb30

SHA512
44d3d76321b890dfb0338f4c788bb851fd0cf63af0090a3f7ec184411a70430cddd7761c464cbf24fc89b7ae6f708516218e86e7e6d959195eef7620b78b8414

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\Qt5Core.dll

Filesize
130KB

MD5
50f2e0ca844712ca9e35d262581ff925

SHA1
464be88c582dc3a13ae043525e91459aac25c3fe

SHA256
b14ed89a4d398ea461c28a24173fb7e482fb93077f1f8b15478a350a85d644e1

SHA512
c346297c5fd67e989412258822d05998504f765fc86c978d3abd202fab40f0a14e3ac79640b9b12adf8cd6c23e38e6c8e40afcc5031e8286141029e5b88e672f

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\Qt5Gui.dll

Filesize
206KB

MD5
75e33e5919861077da4586f3d945107f

SHA1
45b417ceff311cdf8de085ff4516b91886376d0a

SHA256
4094cab0a00c5f73ad4687718603981caa08fee5a9f1b034e9c92fdc9d1f8477

SHA512
0dcdb5ead157cbb9dbfa9a5243a539bb4eb24f4f3a5456e00e089a82b5a741337e8297417a31ffe4ec1d85cfd9f94d3e506f7d15874158135ef14ecdd52614a7

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\Qt5Gui.dll

Filesize
182KB

MD5
8079c2e0a233531dbe2880cf6d23ae63

SHA1
625d7bc1a900d11f78861c43ac1ad8e7f0cf81e3

SHA256
a200e19bd42773b40e1c58b98cdf54c6ab154ba20ab7b0f2e7430bfb4f52d7ef

SHA512
a3a129da3496a7c1e8e1f083bf08aa5138282690400617e921cbbb25e1a0f979b63e450ea3692f2274d8c3c0d18e990dd8983fd607d2f204369bc970c4320e18

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\Qt5PrintSupport.dll

Filesize
145KB

MD5
e153fd1896b257fe0f8a94463f512036

SHA1
c1091cf0292919dc47001ba2062d40f24362a55c

SHA256
d439a2ae03553576464bedd181e69e830f18e5ada78fd64fceda9ace2fa242b2

SHA512
f3340d372cca2aa7b6c1a86f326bc5fca248ab208ef397e1a94fcd0efe4431aab28fdea560315a31c706c3f6f1dca681942264033407da583d1e190319e60038

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\Qt5PrintSupport.dll

Filesize
192KB

MD5
91e02005cbf7207d7cbbea1fda589e52

SHA1
7b604dd38e3d1a11eff1fa382b32921fd7d3129c

SHA256
caa973320d786812268e1652b7e032d6ebf9e3e0c3d0c5b478a4f29e7a8c89bb

SHA512
f348abdf39b0e669428a993e566a2b87be1245b35caa889e09a347e1edc9b8aad69b692b0ec737f24fde5a7102be98161562586e468ed6819daf22d9fbceb188

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\Qt5Widgets.dll

Filesize
160KB

MD5
10759397591f81ac229a637ba6180f2a

SHA1
4b64c9539862e580f73d7f5bb1da330222a973b7

SHA256
8b4cefd73cafd2c5fe9b672f48163b901e9de59cc3f392b7a7f826c903494210

SHA512
2962f850aa259c634d1d147add5c3360547df8dc9acb33a66bd77cd33bca6951476da0f62bbc7876802f3ee673e9d30ec800ca198db3d74970bf6dc78466f674

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\Qt5Widgets.dll

Filesize
209KB

MD5
fd7c5120e70ccf489a46ef89af1e8202

SHA1
59e70cf863b5e4f4bd3f5239340df07936f1ae4a

SHA256
a5042ee2eca5f26cc926b72bd6797e06ff91663241aa2e11edad46b6c3585774

SHA512
c97e49245d9a21a37a5c58cfd40936de2f1f8ca5e28d175750a6fff5c3730278f4c6d2db47e60f42af03ad05a3812276f2d843276072f7ee683617cadc1e1875

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\Qt5Widgets.dll

Filesize
194KB

MD5
514e0184a1933ef19e153e2fcb2ec926

SHA1
9dd3f49106630a73346b71ad4b5cbe9afa3c70ed

SHA256
b694c5a3e008e5dccb7cee3980b4fe0723ec6fa095cda45c44f628ec4380404c

SHA512
7fdc59fbd83059dfd08b402913cc46ada04ae56aa9288ac84d5af4a9abbc53702c92a7e89f84b75699826c556ebe97b09dd6a7d8cbd429c8197638cecf903c39

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\cfg\idagui.cfg

Filesize
70KB

MD5
96b5f53dc6aba0e5b8d466a096ad9169

SHA1
72ced5134c33c899a09afb481cd491857b3cc5e7

SHA256
aab42c3ca18075c75e314d9eb2242b37194bd8331199ae3f38a630ab7086213e

SHA512
349dd4380f658ca44ff155a5712e3a827707f4baf3c7d3a23fb4bac8956ac5bd90c56e2b15421260ec0236a52978cc396c508da348bf9cb15e6481fdc8b34e53

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\clp64.dll

Filesize
184KB

MD5
402204089d02fbc46b1d461e0ec8145a

SHA1
83c142c2767a8f49c395a568ab37a0bca517e2fd

SHA256
c93d35c4a1baef610a3ff872cf523d32c219668213fdf1c86f78b3d2ad71a776

SHA512
17b3883c0025327661e4013f5c687049abb8b4d5e2310b9f63d47d9601cce319b58c1b1bc2c83697050913c71f88215ac4fe223053c21f9b40315af3b1c71ae6

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\ida.dll

Filesize
188KB

MD5
86cd3c9382cd0c626f04ad5a96710a59

SHA1
7b72be8f9681fe5f34196b87b4799b11a477b8c2

SHA256
47c96e999c72d1c1c4b2059a49d353cfda2128ac2b838ff319673e456540f3f1

SHA512
8f2902e7b628e99677cd2bd41e1f816b45b8e3f21bc40105317c1cdd0d7e7d610299d962a6ee43420b3c774e1858e0ff890c82fd349bebda03fbca7489fd82a1

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\ida.dll

Filesize
151KB

MD5
546e238694f49e9a61ea0a49289fe9d5

SHA1
22e57d73eda046b51526defb1087d3e0dd53dead

SHA256
0d169d494d27e6541521ce561c61365522d7fb2e53f78e44956456dedc28bb97

SHA512
e04bb3aecd54b04f4f86d02121dd38905daf851f91fc075111de4172add43a04353febf80075ea044146db76d3b91216114773a0ca6a2cd95ebfc10bf2e40c50

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\ida.exe

Filesize
150KB

MD5
dd8e5aa1bb5d93dfb85f8219c230d2a7

SHA1
64702ef30596a2796ac4168b66e58d0fab341b0d

SHA256
ab4ff4851c00308c48389b745d9c211132932c49c5efed24abed14e19977f569

SHA512
29e86f27e36e942e27ce4a129d7d70bc84b326f8805dd797593a74c5c50ada7145cc2f5289a3adaf3e6ea4a9f11267333297d9d6b18e2de0d4d426f02e0f4aea

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\ida.exe

Filesize
256KB

MD5
398f30f41457d204308810b843ed0e2a

SHA1
cc38336db76131ef2c79c2d5229240b7ebaf50ec

SHA256
8511d88cd462de0190d70bc2130481bbd6a5c5dc798fd7c1e69cec78cd5ec244

SHA512
08ba700b6548c8f01f6de3014903b7b9a5da5f5694e6815a8b534837e16f3cf5a94e10c9cc66bed1e1cd378dfb36854160ce8e0cdb9e8952f41ff5d4a6b517d3

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\ida.hlp

Filesize
230KB

MD5
2237e51c64ddeed507d8948ace62bcc4

SHA1
9b6ef864cc36a34ae25c3a5595ebcd3e86f73fd2

SHA256
dd808c783893021d40755bf2c2218277d767d8474727294ecb9792187b18be58

SHA512
58891bcedc47a9dccfc01ad8ffdf61083483477fc13cf016e29262a5f8e5063d4e558bb8dfc7b460e34f063594d743be6be0b99ecfc7d5d260ad6a10ea93dd02

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\ida.key

Filesize
3KB

MD5
6e9ddf274ec40421635214bf2b687f36

SHA1
346be99e97e234b318d9bea179e21cd01160bbe5

SHA256
f43cafb2edcd47dea2b0d4295e1fcd8cb879226caf9954f2233d16cea0cc3c79

SHA512
b188cfef7dedcf4bef6e911ac76487e9873649dd1f513e8fbf8e3aef1330d12c6d1e78e449098141db06e4a5234ae83b4d266878a9722a6de63d2d07d9ed6bef

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\idc\idc.idc

Filesize
15KB

MD5
e5871be8527ab4f6c42be30409b05eb8

SHA1
d0c82add73d9dbf4ff6a63e5f7c419eea6bb95fd

SHA256
ee68972b36df4b3433ffb4f8b99da14301c1134ef1695276886e1b5e6f3aab19

SHA512
af0879882da308a125a53ff8f0e7ff8fb49a15abbeb5a87cf062e2f27ff7d9c332dc3edb1183d947523fd73511e64b7b7b47c2400415364b337680838c953cc8

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\platforms\qwindows.dll

Filesize
116KB

MD5
bcac19246d143f69903b57089a89845f

SHA1
39cf98c1b6d3fec836cb2911c582ff98220a6d14

SHA256
9d4bf8937e017c4e3ad794c67a1bc5db9f31b5229594b05f3de86281add06170

SHA512
b205687de0aebd4f2d9c9cb90d6d5a9a8f9b9d33d341d4efd24a19dd023f7177f23a22a395520359aa51c99355cb2e7a5fb2704a5e288ddb00cd24a919cd39a8

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\platforms\qwindows.dll

Filesize
124KB

MD5
1b671742879c63d08d56a9cde78ac811

SHA1
0087d9bcc547824164e419b9a4cf7a465f349674

SHA256
5c92374bc86864869bcf45f358aa9866128d90f7e9822336dabde3526d63e84e

SHA512
7a66e9e204bf8bebcc2ce0f0d7bd2de9d4829b79ec27e56a66406b8442d4b877899ae7a38d4c09d786ab161f8e02b89b44d1891faf2304f80f2ab682a83745bd

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\armlinux_stub.dll

Filesize
129KB

MD5
51d6df64c298b5ee032e68852cfb3d6d

SHA1
7abe31a9e1a0dcc946a3f7c8378d5a6a52afc19c

SHA256
ff4eb62e7d24421cd2da4468cc58297120c6966e83a92bd4b96464428c8d4cb4

SHA512
294d367e382de9b5457417eacc1b74a3fa3b15eadddb7f180a5523a5b9e81d6aae3c804426ff1686633b07331d254f84377dc3267aaabd6c91bfe7c56889b455

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\bdescr.dll

Filesize
20KB

MD5
96c8e948858a11da85a205b7908da63f

SHA1
b5140224a7b608b41e5dbbcab258df964ce65744

SHA256
42d9c65b39fef84f1efe1b9552ef11dbe63fef12a44d74f3c574a09e78a89095

SHA512
54a21944d3053366df9a0c1ffca6046773173846ca7e4e218a194e7780b0becdf24e8f6420f2bb6955c27238e4d0007e4729c0da037af2c4ecd22927a47c14dc

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\bochs_user.dll

Filesize
109KB

MD5
02fe5c02f218dbf89c6c4de186c3489d

SHA1
007e8af58d038cd291abbfad9e9d57ea93761cf5

SHA256
f2ec4d8439493de5af17e359dd1f72f3d06a2bdf1a1a4894df14c4a84c6c8680

SHA512
80fc8894e3b746c1bd496b4203b5566b3aa4377e981a3788b83c996e8d194a6fbe731ab18d86a04c0339fe0a4359a1aaf0a45ebb0794ff23403b7f7c41845b2c

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\bochs_user.dll

Filesize
49KB

MD5
fec8cdb9f6e3660a21b93649cab06843

SHA1
54b130004639a939dc5c71d1b296ba09a5f9a7eb

SHA256
235e4f53272286c1afea3509692afb308916d6eafeaf9f82b5fd4e9997e722a7

SHA512
88f1d4fcf8145d49fc0ebe446d3a25fc770d31681d3c0f91ff8436699434ce7cee23e7da627e45e963ef2bfd360b2c5ae5348feaac037fc4bf5ee21475527a9d

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\callee.dll

Filesize
12KB

MD5
7ded4d865012ea01df6abe40f9760ddd

SHA1
6ed9b7f4bf719ff0d6cad36ba484bbb922c45b18

SHA256
e04abef8482cd71754097b3847fa049ea8e122a41c7d4f3848a71df866b3fc38

SHA512
54050edb477caa8f13ee23d74ded3b57d20962ce5daef04eaf25b3debff85bdafb0b2c917e536adb4830afafe7918434aaf90329b180803e0f18891c8c663971

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\comhelper.dll

Filesize
29KB

MD5
77320a8c9a251339b6cc326adeb3d827

SHA1
7b260f1c813f40f08b8d8648b28ae0e0bbdc929d

SHA256
ad1f6a89a035398b742e989bfb9c0cad1f94b19c8244b2b1e6a0830dc163c52e

SHA512
2fad57ea356a093beecc419b323f5010ede319984044c2317085f5dbaa5954d3123e618a9c78403cbf196d39cf5495a0bd9f1ed9af70fcbc724fa186129bd532

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\dalvik_user.dll

Filesize
176KB

MD5
f35759feda8d090ab827b6d55543da56

SHA1
14c777d4d291d81430f3da1da4940dc9e16d7ff4

SHA256
42e39557964788c76e03892792f4b0ceef10f70c84bcc53caaf7e4470e06f224

SHA512
a52bb284a5b2a676925bdc95156c5a7ef60fd4e5b25928caafa34bf64851557fb016b8b2f7f9cb922e4d1e4d74cab2a469cf6f5d6d062e3d51f45c979669db27

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\dalvik_user.dll

Filesize
56KB

MD5
d958f7721274bc0facf19fec7f814973

SHA1
86e36f84363042ee06c1efdf3bb5fb0440b188ba

SHA256
b5d1f06338b044bd856d70415c6801dda1de003029c454479f5e18a3659fc148

SHA512
cb4242227986a7c49751b4cf16601a9b0a775bb30f5d59420b33e1de6f995d34a967a76a3daf0e3f3205fe83e8e6d76077ea2fd5be02cfd2deb7bb93aaa4b1bc

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\dbg.dll

Filesize
64KB

MD5
e134084d3640314e6ca1b6bbe5e5e611

SHA1
9cb52f7a6cbd973f7c0e3d4f996d8f55a78ed0e6

SHA256
0f116834e15ed64bc7203ebcc12b804f98496a3398dd518140624f1424a7132e

SHA512
6aefaa5d7d4251a6ed13a86ff2a24125931f1bbe7590dbbeedd7a203c4d2bd2de2f5d749ba305cf922b4a93f00720b09fc7cf607e31604886a386ab47e61a150

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\dscu.dll

Filesize
74KB

MD5
a4143928d9d221dd979db4fe1972377e

SHA1
bce10e4cf8e534e14b25b6f3560c8d6497b58cb6

SHA256
386437816b8b4a86f1dc97c26b3de42c43ecf300bddd24db32ea6d6b0ee943b9

SHA512
d9c840fba4817911c29b78829ba48636d3d7bae00536af42fbf02c9e8e176af9417277206125dccbff4bc720567985db9fc7bbaff7c032442d208f7cc751924c

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\dscu.dll

Filesize
14KB

MD5
06780e953b5351a66b57eb5fe44241aa

SHA1
448cb8501d3a68deb59b37046bd81c796c740ccb

SHA256
854f5e7089ee831be6204497c1f3a08bf2d33dd4949412ced1b6ef157e0e627a

SHA512
d6278fe291506889fbb1d900bd33432bba6e0ded4f3b07043df0cbdfdd55573bb7b56809eec6715c25c9920446d3cc06d26d69fbc1633ae74087994787b22553

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\dwarf.dll

Filesize
168KB

MD5
aeabe079d7aa04c2348f33200b4e9d6a

SHA1
154dfcc589226c411e87cd91156048717b606850

SHA256
b4710f3f3fc9221b42ab28193624c66aa09f2df2dcc4783be7156baedfe6ba7b

SHA512
b0d699cca71c71cb250704843fc761c4850820b9d47b760f90b9f711715de6bfabefa7104020059c8aaf3e64797fb75d3dc217c1c912f1c38754bb481656e254

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\dwarf.dll

Filesize
386KB

MD5
218df5591d5cced181ee691a6b5da125

SHA1
a642da63ba2a012af583ca36710150a716092972

SHA256
c865028fa60c00de8173099ca81c8e156e2e4bb66f3c8778eafca402222339fb

SHA512
1b9f0b50b2ed8e9796957f63ba8c6fef56de7c3273483f70dd02ed931945d8fd5df55d7da4368fb9da7427466390008f8a69b06250cbf95cb4afe2cb3fb3963b

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\eh_parse.dll

Filesize
127KB

MD5
af30daf1c76c0bf944f4570ec70d06db

SHA1
e5602ebbe12b264a09d3600fbbd0435d60d2e814

SHA256
b33adcec0976519f5d8d68f72c468734029749f60c168f71f31ccfdba32e181b

SHA512
4fcdda0195ccc539e84c7c31b905e4c246ffc8f40f011150a445886ad5bc38f30edac8ab083984831259f52df268a083c5e46e52bb78e8577cca0a4f7cdc5349

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\gdb_user.dll

Filesize
18KB

MD5
2f593a61e15662891f21abcd03ae44c4

SHA1
0b7e979498aeddc1568e0c6ad6b201a0a1fd80b4

SHA256
80d859e5cbeace8ee14eeca0c7e420b80da8ee413cceb1110d797924fd568152

SHA512
3d9cab7572169e2530f32026ab893ef7423f150ae2f3e48a18b4f4ecb125f544babf723dc7ef07fe509df29e099741f11a7d1f8f77b4228008e8df970ce4e011

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\gdb_user.dll

Filesize
20KB

MD5
6625e95cfacc479d794956cbf35f3d41

SHA1
5cffbd3a406784b67a67298b8526ab3519e5cbb3

SHA256
771f3d1e4411746844341a6b5a8b14d063534d16c9ef3076833ef77f20d51582

SHA512
b34f018983e22dc1e090eed8e5511d2fd1b831d97e2103b168502ea7ecb91ca3f37e26c7233032ee47053833f6ac691401be0e1a6fd679c270b2c8851681ad30

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\golang.dll

Filesize
63KB

MD5
460e07f0f6f6ee39cc89ac6f320d04d4

SHA1
266600fae65bc654d72af56418e95c7aeb98fc96

SHA256
09dbbdae38387503fb10ad5fae08c71d0f48636d612791b142e5a3070abac456

SHA512
2ac547510166494dc66eb54178061f4d74d83941e3a269ea9966a5ab14d3233d9d1ea3c5bf7e0f913485d8af549b5f65943b7ff1365d00556929c266611ad42d

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\hexarm.dll

Filesize
169KB

MD5
6dfbc6a4d53050fd3821321fe182218e

SHA1
b28490cb810bd66da3b9f9fffda8d91a0989f1c7

SHA256
0d49eaf29c6834dd2b31e65be0220c780c05c18e4cce8f84b2a48a1bc0cce9ff

SHA512
747708a96ee57144371db7e95f68bcc0d3f346c5cb8c2f64e0381c63dcb1d489923cf3227bdafce17f7b6416d8f10b47c54098622b8a1382861817ac2cfe8bab

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\hexarm.dll

Filesize
233KB

MD5
334eaf76dea7084d82dd6ff1c706d343

SHA1
6acd0a4c38a82fc036eba67156faf0ddd26b0cd8

SHA256
a3ea0954805c965e0ae809e21e6e5a2806df264bef3ae632c208ef23853a003b

SHA512
41e8a2a90729211a8a6db3aae10a232631498633ae962e3b184f432b9c76dc9a894cfbc14abd2d9d00fa76a5c3766ee8e9360d3be8e02439a83ed49e6742f5b6

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\hexmips.dll

Filesize
55KB

MD5
7ec66556fcd15b924b2516ee45e58cee

SHA1
e6e043c21c37d90159a4f35ab1c6df65ff8bff89

SHA256
8ddbb8d6da19a4c1ab0ad797859f312c998bfe190d974e75d085bc5d4c95b839

SHA512
fb625ca115e6feb3da2f43627c6b620bf3c793ff50f18d8a50fe045912e6a66662a76369c96c81242e95ab9768f371680828299f544949af0bf9b69ac32b3a08

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\hexmips.dll

Filesize
129KB

MD5
919896fa59e90035b152534ddc48f939

SHA1
6e8837ba8a79c3893d534ad5100aa82687f12938

SHA256
3e6d9f1f17efefb4ff95e7192d0ff78eab70d6bcff1df26862e2996749a4fbef

SHA512
3b192b8bd0845edff70276371462801e838caaa137ac95da2e939c6b7fb55d19b84f76583bde92a837d3bd5a3991f83290a1e575e02e1aabf6153e7964a4950c

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\hexppc.dll

Filesize
191KB

MD5
3ca66aacf3f999dc7ba67067933b4abb

SHA1
91ec7833e8456ceb9e6454eb347924845a21f39d

SHA256
777f4c0e41f7b8cb0aaf365c45d236f17044e22ac3174ae726c815f88e02d2ff

SHA512
fca9f7f8a94e902851bb4184752a139f0e407617bcaf90b862d03f4fbad7983da451179487759a025600421dc8998eeb5e426086519632e1231981abd0790a53

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\hexrays.dll

Filesize
235KB

MD5
16b61847d1424611dcd7e92df5a6a621

SHA1
bc36b2a7e0d94b18d06e045cfb34836b753a406e

SHA256
c066f1b0c86f4d1952ef3b37edcd8711d48824dfb5e2355264f8206b5b498bd6

SHA512
2a63e3884b7ed37537e64b521a51ec7f5361c3be6db7c91af1b1f017393d8229c4bb57902355fb7eeb8efccd09f381dbfdf79acd571414fe0ef4357a8fc16143

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\hexrays.dll

Filesize
182KB

MD5
6ae6bda4e2a03084804512ed51899c85

SHA1
f5a9b24798b400c9fdc6d5bfc58ae7b32d6fe79d

SHA256
629574f6be99dc8ee24ffc5fcc049c30c1cee115e6461fa3026387cc4d918319

SHA512
9e92d96eb94430e1b7a0a97a252cc3da2c301a35b668d62d53428ae684d3a3dc783a9fd99ca6171ca435fa97124b793ed8b7401e09b32bbf93d745615b58b178

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\idaclang.dll

Filesize
109KB

MD5
27cee7921dbc65f8d4c572b2d5e8ca62

SHA1
eafa9571c934dba13ef4691daa6c322be9dd7dc4

SHA256
c084b719cf3ee09030ffaac4d7c2834f7ba9e504a75d431c4405c24a43881ac7

SHA512
5ac1c2738d2de92e2b35c38554483fea5266fd5a0e76c1b5c819f85fe4d13c2410900c33063d777dfbae6fc93e1e0562f9246c9fef82b5f53510084e499cdeaf

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\idapython3.dll

Filesize
103KB

MD5
f8c90fae3485c1f37e679126d76a1267

SHA1
7853a2e80e40884e231a950c42d8bc5797992a6b

SHA256
c2171355d16b70d8b91ed737f4071f2f530504fea475177ec1219c6bc197a150

SHA512
65ba9e9bb0b6d481049bf60149cb6784e94b9a03b3b48fa09ccd91238e993dfc9078bfddb72f40c546dc6b88da28a3da666ff878f50571506ae09f7736b55722

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\idapython3.dll

Filesize
57KB

MD5
96ce54e6ddccf195877d1f92a1d25d3f

SHA1
b96827fd25879b3c751f75c7000da47ece70f983

SHA256
cdd2846990bdf5f1a84b176ac9e1f176e945f2f8a3ef21a3c33af065c5e0bcb0

SHA512
012e67ad60c7b5b3b613e351b469395612101b85ae65c36624a9cca55ac6477373a751146be75920d38b5cd985462642598f253d49bac0642ef77c3a37a1cdf5

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\plugins.cfg

Filesize
4KB

MD5
29d956afd57cdddc5e8ee8a4f3b9cd80

SHA1
76df8ff178649ef7e32a080acbd1de3fae6f1059

SHA256
59c21a32db68e02c8fcd7bbae59e05052e0eae9debcb9947e66bdbdd07aa648d

SHA512
32e569a90c1cfab11b5b5137e96639ee7925d5a11a2add92be7c43b82c5e591870cfb596e9e1c987b5912c7faffcc863dc93911c4e13ee9cef8f06bfa1e0ace5

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\styles\qwindowsvistastyle.dll

Filesize
136KB

MD5
cf345ed9ada7f58f5fb7ecf32f0795c4

SHA1
f82f0b7972cf5d0ed5a470a9ae7f096861383f81

SHA256
8117351508ec6dea8326959ca820a72abcd6517f4449d77469596e7f09f7a887

SHA512
848309a447feb636cda455cceaa3b4d5f45953c1be17b33995cc02409fe51690e80df138a87a9df4b0f79fbf52bde64d0b5ad8cae793a8dc524e71a90d768c95

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\plugins\styles\qwindowsvistastyle.dll

Filesize
101KB

MD5
ee3bea950ee8fdc00bc4915e218482ce

SHA1
2949cbad9ad125b52d433b3f5894c4596871480b

SHA256
8e13e258932629398c28a9cceb92bf466b95e0680d27ba5980cb694517ac9578

SHA512
0faab5523a3a905982763864fad739167b6851c9cdd38bcbecd5964324af828d243cc3610f9b0538c475e54207bfcf6ac40cbbe201d8ded2581222dd8359cb5b

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\python\2\PyQt5\uic\port_v2\__init__.py

Filesize
548B

MD5
71014d6369472d3184315f736d945afc

SHA1
375858f197d1403c191670a3151ea51329ee75cd

SHA256
32bd356bf7687853a140d02a5c9df551bce86656ea6cc587161887be57dc0edc

SHA512
be351c9c6ddbfc23dc0bc1791321c066d250ade7ecb393e4b17ea9357810db368065ef601e7d469031cdac710bda8e824d55c7a32403d269084aed93ee4f9e6d

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\python\3\PyQt5\python_3.4\sip.pyi

Filesize
2KB

MD5
6486162cec0f9e05414c4267e207fc4a

SHA1
109873421aa30c51994d01e38630535222189459

SHA256
61bfca5a13eeb20c7f282bdf9d399fa921509b6e23d7f1169ea13c9090d1de35

SHA512
e0e6f9f7a638cc7bf04b995f1db9cad75fdb1a2676bc8c4de1c75cdd83694cd7874763dd309aaec35b948e3bf94a9b21b09bc86e54bfa14fd8d1d369822768b9

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\qt.conf

Filesize
207B

MD5
afe6c730b47e00e3ff5f65b0756363f3

SHA1
bcfbc80905b6e9f597de0cc1d987d9200c446c80

SHA256
2518738eb7865283890de96021a55438468625d23e6b11fd09ae21d90265a83d

SHA512
ba82e4ddae268572b36cc1745fa39e0b468754ae2a8670f9f2ae91cecc4ccfffe7ee07b3db783a5f6a14c0e4fb744a5e89f748025872f2be7faea22d459d4407

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\themes\_base\theme.css

Filesize
11KB

MD5
04f2cc8b6c46ae80fbf9f1c8ff9b3839

SHA1
1c838c0604f66c15bfbcf100b9b9fd9357d86343

SHA256
f08d24a455ccd0a20d51bfae4005a0a9d5758bfe3701c82fa1e30ef224d18960

SHA512
1ee9d97820508e79db475c656f157151da3c54e1962a0348509dba1aec1b31ac537aa6686e5d475cd79732475881f30236a5808a9d6cc554292c5b6bf37c2c02

Download Submit
C:\Users\Admin\Documents\IDA Pro 7.7.220118 (Windows) (x86,x64,ARM64)\themes\default\theme.css

Filesize
9KB

MD5
a17204d9a808905f551fb17bed094c99

SHA1
3d4e2a166242f7544ca089f868beec12c2213ef5

SHA256
fa425da8d82d2943fc3171482a1498f0f975a58dca54c26233aab6b51ed1221a

SHA512
9caed3f1495e1a16f3f224ec5b0421f4b9b6faabf56a6dbadbf0b77b6d3d443bce83e4c71c2a83f0b0c2d46f0940273ab96f5a1e255f8c9703fd4ca9605ab460

Download Submit
memory/4412-2749-0x00007FF713770000-0x00007FF713B6F000-memory.dmp

Filesize
4.0MB

Download
memory/4412-2748-0x00007FFAF4BE0000-0x00007FFAF5136000-memory.dmp

Filesize
5.3MB

Download
memory/4412-2747-0x00007FF713770000-0x00007FF713B6F000-memory.dmp

Filesize
4.0MB

Download
memory/4412-2754-0x000001FB6EDC0000-0x000001FB6EDD0000-memory.dmp

Filesize
64KB

Download