783badae152e52b2190f6dfc66195cb16d35957a29e3e24ccf40241205d0a7c3

Analysis

max time kernel
283s
max time network
284s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-04-09-21-29.exe
Size

13.1MB
MD5

fa3f9b62aa8a7ed48d7168b3b8c386e9
SHA1

10eccadbcd480ac35e383e38d855977bbd6ade90
SHA256

783badae152e52b2190f6dfc66195cb16d35957a29e3e24ccf40241205d0a7c3
SHA512

49f791bea73e55ea8d7eccf74a5aa5e657842a064bdb9515c21c51c35df4a73b0ab269c7ae84d3f53bc9c4ad361c2f412266aec5529479d047022c3e2eb06891
SSDEEP

393216:PvemIpcbropa6p4SGB2s/jrBbFYc3L3KC4DKySSO:PvQv8X13/j1bFYc73Khn6

Score

9^/10

evasion trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2024-04-09-21-29.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2024-04-09-21-29.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2024-04-09-21-29.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2024-04-09-21-31.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2024-04-09-21-29.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2024-04-09-21-29.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2024-04-09-21-29.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2024-04-09-21-29.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2024-04-09-21-29.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2024-04-09-21-31.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2024-04-09-21-31.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2024-04-09-21-29.exe

Executes dropped EXE 3 IoCs

pid	Process
4564	m46asp.exe
5308	m46asp.exe
5580	2024-04-09-21-31.exe

Loads dropped DLL 62 IoCs

pid	Process
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
4564	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe

Checks whether UAC is enabled 1 TTPs 4 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-04-09-21-29.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-04-09-21-29.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-04-09-21-29.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-04-09-21-31.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WSTPage64.ax	2024-04-09-21-31.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
3992	2024-04-09-21-29.exe
3196	2024-04-09-21-29.exe
5580	2024-04-09-21-31.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 1064	5308	m46asp.exe	124
PID 5308 set thread context of 3196	5308	m46asp.exe	125
PID 5308 set thread context of 3196	5308	m46asp.exe	125
PID 5308 set thread context of 3196	5308	m46asp.exe	125
PID 5308 set thread context of 3196	5308	m46asp.exe	125
PID 5308 set thread context of 3196	5308	m46asp.exe	125
PID 5308 set thread context of 3196	5308	m46asp.exe	125
PID 5308 set thread context of 3196	5308	m46asp.exe	125
PID 5308 set thread context of 3196	5308	m46asp.exe	125

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0\0 = 4a003100000000008a587425300078363400380009000400efbe8a5867258a5874252e000000d1320200000006000000000000000000000000000000d117e400780036003400000012000000	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\MRUListEx = 0100000000000000ffffffff	m46asp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\SniffedFolderType = "Generic"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0\MRUListEx = 00000000ffffffff	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	m46asp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = 14001f44471a0359723fa74489c55595fe6b30ee0000	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0 = 56003100000000003357819b100072656c6561736500400009000400efbe8a5867258a5867252e000000b6d8010000000d00000000000000000000000000000008e00000720065006c006500610073006500000016000000	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0\0\MRUListEx = ffffffff	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 0100000000000000ffffffff	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\1\NodeSlot = "7"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	m46asp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0\1 = 4e003100000000008a586725100054656d7000003a0009000400efbe8f576d598a586e252e00000092e10100000001000000000000000000000000000000a9237b00540065006d007000000014000000	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	m46asp.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0\0\NodeSlot = "8"	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0\0	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0 = 56003100000000003357829b102072656c6561736500400009000400efbe8a5867258a5867252e00000034da010000000500000000000000000000000000000058a9fa00720065006c006500610073006500000016000000	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	m46asp.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\NodeSlot = "9"	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\0\0	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0	m46asp.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	m46asp.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	m46asp.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\release.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\2024-04-09-21-31.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4564	m46asp.exe
5308	m46asp.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe
3992	2024-04-09-21-29.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4940	7zFM.exe
4564	m46asp.exe
5308	m46asp.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeDebugPrivilege	1356	firefox.exe
Token: SeDebugPrivilege	1356	firefox.exe
Token: SeDebugPrivilege	1356	firefox.exe
Token: SeRestorePrivilege	4940	7zFM.exe
Token: 35	4940	7zFM.exe
Token: SeSecurityPrivilege	4940	7zFM.exe
Token: SeDebugPrivilege	4564	m46asp.exe
Token: SeDebugPrivilege	5308	m46asp.exe
Token: SeDebugPrivilege	5308	m46asp.exe
Token: SeDebugPrivilege	5308	m46asp.exe
Token: 33	3948	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3948	AUDIODG.EXE
Token: SeDebugPrivilege	2776	firefox.exe
Token: SeDebugPrivilege	2776	firefox.exe
Token: SeShutdownPrivilege	5580	2024-04-09-21-31.exe

Suspicious use of FindShellTrayWindow 13 IoCs

pid	Process
1356	firefox.exe
1356	firefox.exe
1356	firefox.exe
1356	firefox.exe
4940	7zFM.exe
4940	7zFM.exe
5308	m46asp.exe
1064	2024-04-09-21-29.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
1356	firefox.exe
1356	firefox.exe
1356	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
1356	firefox.exe
1356	firefox.exe
1356	firefox.exe
1356	firefox.exe
4564	m46asp.exe
4564	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
5308	m46asp.exe
3196	2024-04-09-21-29.exe
5308	m46asp.exe
5308	m46asp.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
5580	2024-04-09-21-31.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 316	3992	2024-04-09-21-29.exe	86
PID 3992 wrote to memory of 316	3992	2024-04-09-21-29.exe	86
PID 316 wrote to memory of 2560	316	cmd.exe	88
PID 316 wrote to memory of 2560	316	cmd.exe	88
PID 316 wrote to memory of 1828	316	cmd.exe	89
PID 316 wrote to memory of 1828	316	cmd.exe	89
PID 316 wrote to memory of 1832	316	cmd.exe	90
PID 316 wrote to memory of 1832	316	cmd.exe	90
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1920 wrote to memory of 1356	1920	firefox.exe	98
PID 1356 wrote to memory of 3008	1356	firefox.exe	99
PID 1356 wrote to memory of 3008	1356	firefox.exe	99
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100
PID 1356 wrote to memory of 2900	1356	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2024-04-09-21-29.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-09-21-29.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\2024-04-09-21-29.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:316
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\2024-04-09-21-29.exe" MD5
    3⤵
    PID:2560
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:1828
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:1832

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.0.1313950559\1112502598" -parentBuildID 20221007134813 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c45e9aad-599a-4919-bf24-5060f1669a87} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 2012 2ec4efce458 gpu
    3⤵
    PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.1.1357467746\782605277" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2368 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4ca6a5f-c9ef-4e5b-9d48-98d9621de820} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 2408 2ec4eefc058 socket
    3⤵
    - Checks processor information in registry
    PID:2900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.2.757692408\621782551" -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 2976 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70d26c9b-2006-4e07-8ed5-d6a9f490890b} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 3296 2ec52f9bf58 tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.3.1441035091\99043720" -childID 2 -isForBrowser -prefsHandle 3168 -prefMapHandle 2928 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86985472-4fe2-4857-a72b-c99a0ea39327} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 3160 2ec42661358 tab
    3⤵
    PID:4212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.4.1226945654\1811685870" -childID 3 -isForBrowser -prefsHandle 4416 -prefMapHandle 4452 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6670efaf-9a89-4e3b-a0cb-92ea93760d2c} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 4576 2ec549ce558 tab
    3⤵
    PID:2816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.5.1905263385\1771133772" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5112 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be27d7f7-1b87-4bc7-ba46-ee12f9589684} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 5132 2ec42664a58 tab
    3⤵
    PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.6.571305470\1080568599" -childID 5 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34614d39-e661-4d19-9f0b-3e3a19da220b} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 5260 2ec55b08f58 tab
    3⤵
    PID:2576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.7.1085864825\735173281" -childID 6 -isForBrowser -prefsHandle 5460 -prefMapHandle 5464 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d50d1633-ee4c-40f7-9f34-0a883711274b} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 5452 2ec55b06258 tab
    3⤵
    PID:2280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1356.8.1372627574\67303225" -childID 7 -isForBrowser -prefsHandle 5960 -prefMapHandle 5956 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4da7450-1af9-4d6b-9e60-b951c76e133a} 1356 "\\.\pipe\gecko-crash-server-pipe.1356" 5968 2ec5756f258 tab
    3⤵
    PID:5672

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\release.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1820

C:\Users\Admin\Desktop\release\release\x64\m46asp.exe
"C:\Users\Admin\Desktop\release\release\x64\m46asp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4564

C:\Users\Admin\Desktop\release\release\x64\m46asp.exe
"C:\Users\Admin\Desktop\release\release\x64\m46asp.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5308
- C:\Users\Admin\AppData\Local\Temp\2024-04-09-21-29.exe
  "C:\Users\Admin\AppData\Local\Temp\2024-04-09-21-29.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Checks whether UAC is enabled
  - Suspicious use of FindShellTrayWindow
  PID:1064

C:\Users\Admin\AppData\Local\Temp\2024-04-09-21-29.exe
"C:\Users\Admin\AppData\Local\Temp\2024-04-09-21-29.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:3196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\2024-04-09-21-29.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  PID:3288
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\2024-04-09-21-29.exe" MD5
    3⤵
    PID:1908
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:4392
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:1892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3948

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1684
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.0.1714114973\163264748" -parentBuildID 20221007134813 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 21553 -prefMapSize 233863 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00d59992-a821-41b8-a295-7c4dbc967bf5} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 1824 1e5221fd358 gpu
    3⤵
    PID:4648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.1.1325210186\509283907" -parentBuildID 20221007134813 -prefsHandle 2176 -prefMapHandle 2172 -prefsLen 21553 -prefMapSize 233863 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2edf517-917c-4d2c-880c-bc8d00c03a8d} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 2188 1e5222d9e58 socket
    3⤵
    - Checks processor information in registry
    PID:2372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.2.1186127837\253823366" -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 2976 -prefsLen 22014 -prefMapSize 233863 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f5f9ca7-a44b-4511-ab12-c7446b7f5ce2} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 3124 1e525da7f58 tab
    3⤵
    PID:2400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.3.1747085905\1917253462" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3632 -prefsLen 27192 -prefMapSize 233863 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2e7f822-0fbb-47db-baf5-84c457434734} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 2928 1e5270b2858 tab
    3⤵
    PID:2808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.4.229742881\1127198230" -childID 3 -isForBrowser -prefsHandle 4120 -prefMapHandle 4116 -prefsLen 27251 -prefMapSize 233863 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db75753d-f29c-4008-80be-5aadbea042d0} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 4128 1e515a6c458 tab
    3⤵
    PID:1736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.5.1769734874\285885530" -childID 4 -isForBrowser -prefsHandle 5136 -prefMapHandle 5148 -prefsLen 27251 -prefMapSize 233863 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98001369-8c95-4213-b2fa-d42fd65b9fa9} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 4736 1e529630558 tab
    3⤵
    PID:5976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.6.457654065\896606664" -childID 5 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 27251 -prefMapSize 233863 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f3fe410-c422-4ff9-9280-0cedbc90fcc3} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 5312 1e529630858 tab
    3⤵
    PID:3448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.7.1130158467\2006358105" -childID 6 -isForBrowser -prefsHandle 5580 -prefMapHandle 5576 -prefsLen 27251 -prefMapSize 233863 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73727b27-14cc-4cca-8690-16cff4091c9a} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 5588 1e528a37058 tab
    3⤵
    PID:3776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.8.800101794\1466620998" -childID 7 -isForBrowser -prefsHandle 5732 -prefMapHandle 5736 -prefsLen 27251 -prefMapSize 233863 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01bdffa7-db41-4b22-8bfe-8b284da331bc} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 5724 1e529630e58 tab
    3⤵
    PID:2780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2776.9.870626782\1067614888" -childID 8 -isForBrowser -prefsHandle 5220 -prefMapHandle 5232 -prefsLen 27251 -prefMapSize 233863 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d090577-6033-4785-97ed-1efca7599937} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" 5160 1e52ada2658 tab
    3⤵
    PID:5064

C:\Users\Admin\Downloads\2024-04-09-21-31.exe
"C:\Users\Admin\Downloads\2024-04-09-21-31.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\2024-04-09-21-31.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  PID:4200
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\Downloads\2024-04-09-21-31.exe" MD5
    3⤵
    PID:1976
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:3472
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:5636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\0FF8FC3BC06CEDE68A24001DE0FEC55C57BE02AF

Filesize
1.1MB

MD5
bc5d038932b79a38df846aced8be40fe

SHA1
19e61f653378083f434b4e63bae0f867c43f07c4

SHA256
ce20657256452e5495bca8c183d61836dcba151c314dcee32abc6e0e9260fa62

SHA512
bad7b9adc3b74aa7a7134f7068cd32d9856093387b8740017472d5d7c9e6acaf959b2aa56f763493e4b63fa194eb89defaf3e345a706bc6ccc4dbcf41d32adde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\1B86EF56230A3A7858C1EEDA1E6F49640ABE1ABC

Filesize
479KB

MD5
f41629db4e5397f2b68eb31193eb7672

SHA1
def511143ea5040beb1a2f45f4f0ee640f6d805b

SHA256
4c4188462eb0e344b60ac1c6e71350c24842d43973a2ad73c3581de503bf922b

SHA512
97e2280be32973311b3aee8b22d5157e81408115aeda6b7e1b1e17412e6d1effff49216609255958ff35f30a049c2366750272246b39cda0757be35b8373acaa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\52A0B958C0F86D4B40B9F1F1ADB28D2BD6B39C4D

Filesize
247KB

MD5
b2a354f6744d71f4e41a9fb65f221ddc

SHA1
d82aedd42ded27aeebeb855d7aeafece579fe784

SHA256
ca0d5f5b87e882f8d5b805ad211b31d85958720dd33f5b56660cad87f09a4581

SHA512
bea41e19bd442e41733461e93c3d7f966ac20d9ade39abb46505b3e8a89dc81ab6201fec3e4671b028d22f558ca425eb32805e40bdbfa9843575c7666db2653b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\55464F29CD64007CCD01CA47932F37D9F4D32B76

Filesize
1.1MB

MD5
a7bbf9704d8ece2e8ca0c8e98b422c94

SHA1
40b1abb6549a8aa29129b12d86d162f04fed26ed

SHA256
fa58ae35fd54f5fc8c4ef6dc24e827f325f73a47c8cde1c4ad1a6779b72956ae

SHA512
88ad6b62a68b33e9cfe049fb72aec7cffc1aee7016527a0c22cb84c23c02dcaac035af81df60a7535ca262ab2c114c73080472286116face5383d7e3f3cabe15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\FD2514DF5D25BAB6BC97D94FFD7B6BCEC8DF3C07

Filesize
330KB

MD5
195ef3b791e4f58cdf12ae0ece4188d0

SHA1
3a26af8d99a0c5825cf0fa77b9c1ea506a98dae1

SHA256
c8d19530b4f0eec54fc0116fa5d57aefe88860a96101828cc10d2a5a01a029b6

SHA512
cdabee6682f4a33858d82c22a57f5f80639d9021501999f263e463b5e3be6b4541b8d99303860ef562b5fb2dbcab0e38f6e19c40da8a3bb3001649f7c67045e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC4344A68\release\release\x64\x64dbg.ini

Filesize
47KB

MD5
480225fcb932fd80127660d10abf5c2b

SHA1
04ddce4f2cee7f62629e8c7d6ea4a01655d6c58c

SHA256
b2b2ed407a3f27e1d9d54c17e6514ff4799c512bae8eeae7be2c7a804f086e1b

SHA512
43ee632efd2e766eee72d8461e568b1fbe9c2fd3398ad775700b795758c1ce55c2e70f21cf4df7dbf865e6c47902673ecbf5c13d445e52f12702d9fadb71c9bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

Filesize
14KB

MD5
363ca6e9c0f25faea7a14ef46069d434

SHA1
ea55acc13e250ae4021d4dfa469de83bfdbaf721

SHA256
da2e774e6abda6e97dbddf744f46a60eaa7a40d7e5898f30046c920a363c83e6

SHA512
930b50271668072063c8c3022973303ee0c808a158893453fb8d9de29aefda60f5d9dde3995843a989c958abbcb7c2985f8b2b34cc9e6d70288b835601701379

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
07c44f8085b3c6938d3644a1b8278117

SHA1
a9fc1370d95afb3fdd09869d24e7fcce1569cf45

SHA256
6674b7d7798be8953d13e4ce26344b92bd7824aaf9f85e5b36772ca3823a6af3

SHA512
71a46ac8cea91f9a802efc871f916fd43a08dbe2256b583993178b943b6ac662a5999524057d4c0f6191cf25202182d5564bbd8d117401ecb4a9ea21b14924e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\27e11ed1-5295-488a-8659-c0b655f7040d

Filesize
11KB

MD5
d26f5cec418f7dbe70c12a96a0528b6e

SHA1
b992414e97f2adf4231e413c1dd3402dfd7ac734

SHA256
2352cde7c7cdb064f8fb0373b008a3edda9e4dd8416731a38d883ca79ba56bcc

SHA512
bfcf14bbf901dfae8ba6432afc86f3c1f762e14782572ffaed919d4f649fa0eb652b0761421588ece1696d638e961361adcd8e1c56e87a7ed0ea5be0dcc95aa0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\52bf3ffc-fdb1-466f-b51c-e43265536d9e

Filesize
933B

MD5
f30a4c19d63bb2d2cca6019104ee5b21

SHA1
eb44f769d4161b9ae8f53bd0bf470bc9e07417c6

SHA256
b217f7b82831e37f7e10fe0e6fab25c14b2fc41e20dfbe90130653534a89f7a6

SHA512
c4460952f95f4f789db45eea9c0f3598184d871d449c1ce6ea68c53094b5cba03899d60bc431efbdbf1e003bad7930f4824172df6588b177f946ceadcb791693

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\997c2d72-8e00-4069-83fe-4fd28153ba20

Filesize
790B

MD5
325801ec1509bd49d3c5b0e39f39ccb3

SHA1
999465638fa6ac752747f06af591cd98d4cd6144

SHA256
872e822c1385340abf970906ed4de470d701003c168ef9e0e7ff1a56296a808f

SHA512
ec98f2c70a21c9e683bff90fa374e8d73ea9cb12bea19576002e9b67367121a9dc856ffef9cb5b47415256381b89ddeb441c0cec21a0ec7bcd6394a36c602f33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\e4ebf5b4-634e-42b8-a9bd-d4fe15708cca

Filesize
746B

MD5
edd83104dfe40e947ca47170e59c286e

SHA1
25cac760121ff64045b7e04d82e9ccda424b7cd9

SHA256
35796059e9c2b9912eea61964f8120c586535c5a83dda9ec0d64ae21ce958f36

SHA512
e82a8ca47c39e1d621e9f2120f885c8b5599824f06e06445ea296908ec39334d02f65b2d26280c3bd758e1d8be5905a6e01f97c026e106b83132215d9b5cf36e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\places.sqlite

Filesize
5.0MB

MD5
84054efbe2e9bb3e73e30d731adecd20

SHA1
7be0e0eb63b52e44634906eff36ff9b088519a1f

SHA256
2548e1039b768b7a1dd162aa5f021c02a41c50ff7295950e5c2e52e251f499e9

SHA512
d8bb747f4d46ab04ab168218786b78ff669a79d67633c18e901b7d5ba4888b4f27b8c47d071d6ecbc4d8844aa03dd319984f8f54dc74769f8fb69beba1f907cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
7KB

MD5
0832cbd0c34b303e28d91cb39b5dcddb

SHA1
c387d739006029078d690614f989fd2489771e44

SHA256
5901d49f7dc0c6aff7cc5eaf7036c214040aafae48f376cad32e23f2b7972767

SHA512
c7d3ea16cb18ebe3672f94dca50d6cf56e85e5243fafcb5281b3f69027517f2e5a1f462e6902b2930d777773d6c5031f22574ff8e134200fa179e16e8dc48ccc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
babe94545174a7af515a0210cdb62962

SHA1
0ef504a5d52cdab172392e1300203315610169c6

SHA256
679a3db5b708ff87aabfaf34e1a3c4f263581dce36be0335cc043e792ebfe320

SHA512
00fd4beedfd045e59641b1414463058ef8328c20cfc3d789f69789401bfc545fea2ba6cf2b11e1d7b86faec30405a3b8dff7233483dbe56145bd7338870bd1b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
7KB

MD5
6d80eb20a84eaeab975b6456af4f57c6

SHA1
77f750d0c5b3fe9b070a4c27bc8bd153f89c6a71

SHA256
5cc916c27352619d31aeb8f968fdc34baf0147f6857aeb20dfbd4d42b769b07f

SHA512
465283917c8a4d0b6775861bb42434ef8e0dc0579e616c0941932f3a63d79428914190da5b3cc57b06a1aa268d0da87a291b378675b8e38bd902aef5ec7bf148

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
f9d7bf37a1e2063d48c8ebea911a8df5

SHA1
6e4b69868f523eb42e163e3e856d62a7ba0a44c0

SHA256
ddf5bdb11ad6448e95ce58ee375ca6b51dbf8f191ebc80d82c6254522308d163

SHA512
21e278e8f63fe33d5f48a1a2313864d76d2440ca48f48c405dc03b1a57a6de855d53c7a661df938c62a01f658a6ffb45c85778d2a0ca2214fed001e219061270

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
7KB

MD5
437878d99a61f53ef2db89f29c215cdf

SHA1
6f7ecf8e5f0ac6dcef6323e391ccb6cf2e493221

SHA256
1f55e28f3baaf90ac5d4020095b31705996a3e3a53b9fb12f6ccd132604ea523

SHA512
1f082991628c9525f8aa90c880000ba13cdf62b7741880f9e9278e32daf5c81ea3adbd47c3b5cbb4aa653282cf2c9e58423ec3cc7d3677610e787871c77cc73b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionCheckpoints.json.tmp

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
c274d2b4e1e210f10d51ee377c70b65b

SHA1
968a9f2a4554f78265a599aefbaf7c1df8a32fec

SHA256
3026fa572c1f21c123dab51dc9a0ffeee809977797367af164e0c84839096420

SHA512
2bca5e6431e911c407be39a15a3e8fc74ab608f8ae4dd86c032b8a2224aeac41801524fd337b4ce4d1b7b2fe380d67c0131e13743f6a86030bfdfadb215d24b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
93ed45f66901e194fc28a50cc7d1c0ec

SHA1
6d0df475c179923b5795c3ee65db3e8e19dc215f

SHA256
f41ca93ec36974143c3ae2b2ecee8a219aa7f9863e3205b8834e8a14c5bec999

SHA512
03461a109910fac8f931f5a8b51aa9408391747ab05d326a1ec6161e6935aa32f7928261877dc415bc0e7f52b9a9de3c30f91dc525f832c4df32aaf6f44022a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1f894c858d1c672ee4152fc173c93a7d

SHA1
ad670559d6702f4783d45dcc87debbb9b1973166

SHA256
caafe3d1a95d4841f46655e04230a6ce2a37bbd1cc3618277345f3895037611e

SHA512
aaafe1ae1f674daa24b9e3d096aa4032de3a9a626dfb24c94055d363e85c7ae7f629446c810b7f5943e554f6bc655921a13602af1645670dad5098af36f75312

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
842bcf193128a58f17cbd6e468420b4e

SHA1
3570322e64eed6fb77de8bb01529bc8e244cd731

SHA256
823520f43d7333c6330cba852fe77b6ecb7d3cd787045d922904c39e0b9e30a6

SHA512
9bdbd30f49996f19eec232e7d4830965b0e00362609b64f379b487921a2b3e21cda3b6b20a0e57a996eb28293f92e23412fd091b571fa05b49d382896d3076cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8f5dba23821f1e23790ff7ceb44a7a50

SHA1
379bc0cb8732fc66e5a112f8d03866204198bbc9

SHA256
cc4ad734bcc1ed5b7be958032dea9798eeaa3f342a0ac3b363ab3ad7bbfbdb4c

SHA512
8eca889617207379357e13700fa0f8dcf450c5ddc77f5f89eb89e6131dd04866020ea5964a783b49f586e442120c0d7ccb4504b5715474f55132a2684c29a693

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
6d90f7e75d18ba3b70293d9815da1683

SHA1
c65a7cd023b0a85422dde1a49411707bdcdbc528

SHA256
d2c1c4749281132bd25a9da517da27fb2df6ab55fe33d846718498457d071c3f

SHA512
6db8d6805d7f98271c8800cfa391f40a6732ca346ec3855ac865ac8dd69b1d10be4f790113a38d745fb895833f4c51558c69db1afeb2daf29825faae6e1c0362

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
6c82bbc10c6d9ce291a0f59d7ef60026

SHA1
23538a43bd0c07a9a50bdb36c5317c60aa07f22d

SHA256
76c571949a4cc8da7ee2126a5e57a0e1b42cfac5aac22cea0316a2ac15ab7c15

SHA512
ae18521302e109c9f548ae2678af8588a5019e823c52dd1159b15869939aefc6146afbde7642bb1c5695894913cacc953071512f1cc3fdd20b6f08ea3b783dae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
feacfeaa6370d0dd460a0609e1e1435e

SHA1
1463da69f34d0efa56e61d9dd55ac1f435237b5b

SHA256
d57b87db93a487d521c52be8e0d599fcfb17e8012f6066c303f4e48e92c3f439

SHA512
61097d4419f67e7b364a5f0f3a248d801e0bbff2283ffce8cb89a5d43309145288c20ce1a6620217c81256db7da81de7d184a0c7eb769ea237902a5abbe5782b

Download Submit
C:\Users\Admin\Desktop\release\release\x64\DeviceNameResolver.dll

Filesize
70KB

MD5
4a493025fc04b42ad6fe094d6171e8cd

SHA1
10fce3f7c7858f51070285a0c112a2601336913a

SHA256
b63354cf2bc3b7ffb5b679f78af7993d094561fd307f6ebc2a30c4db69f5b79d

SHA512
2e692ab41bdc813f9fb19b4ab335a5233f0881f9ba779a2056481e6e6fc9f5a31697ae3dabd599997c4f8a3553c5b7bf66f017abd03e1f7b93708a580fc6056d

Download Submit
C:\Users\Admin\Desktop\release\release\x64\LLVMDemangle.dll

Filesize
593KB

MD5
1228e59df447f4e6476546ae24638071

SHA1
7ec87e01e60f8f571684cc929fec414c224156e9

SHA256
8de391f11ceeafa007badf71b62560368f8c71623486ff1c2e4c5373fe482834

SHA512
acccedd27f10123e9f572d868fe11cd5d600b4f1a45a9e38fc263dd4d75cde022eb0d3c74fc3700148b4cfba7146c45d4591cda5fcbef8814427980658975c60

Download Submit
C:\Users\Admin\Desktop\release\release\x64\Qt5Core.dll

Filesize
5.3MB

MD5
2f997eb6ba34065496cb088f1489aebb

SHA1
29fd1c8a3e71cfbc49c9f160dce2749cecaf0cb6

SHA256
7a4cb4ced60598ed0a4f31dfdc01a8019df5cca6cbbfd3ec7f629edd99db6007

SHA512
4b1fd309cae1205bd3eff3b48b21893a20211356779b29c9f7739bbe6eabfa3e83e256e8406aa0af0b223b1376ec139e9605a0451359c0cccd21d3360477c233

Download Submit
C:\Users\Admin\Desktop\release\release\x64\Qt5Gui.dll

Filesize
5.7MB

MD5
0097fe1fdf80e2b515ab5ab2f6bad47c

SHA1
fce79b37dfc8b142dfd32c233c9ac9eec248bd6d

SHA256
3506bd2e291fe85a675d268e705f46dd0da7c274ec43dcb2330b8cee2b8c1d24

SHA512
cddb67a0d4bc60d7c26dfb4f03fbccc7d82ace7605b9d8fa20b46a970ffca134d5904303b91caa1e19b9c153a4b61ece3bde27095075dce344835e2cdbc531fc

Download Submit
C:\Users\Admin\Desktop\release\release\x64\Qt5Network.dll

Filesize
1.0MB

MD5
911b28d088a35d3f56a23a63ee837dca

SHA1
c110efd1c33bd8ffc2062f92a95c8f915a8db6f7

SHA256
4708ed9604e731f3b7b9b1fd774f3962a80bdf36a1845a3bb7684e8507eb0be0

SHA512
f645cfee2c5a348f01b1aa0ff3b7a039dd47117c86390b7d5fedf253ffaac1894edc36949b29776a0ab24680d022ad468d9468fe9e470d05f7178a5e9ac8df6a

Download Submit
C:\Users\Admin\Desktop\release\release\x64\Qt5Svg.dll

Filesize
312KB

MD5
b2c941e7a8b23664b36c70a655acd958

SHA1
3fb796251fec2ed2b2bc9c87008361992616e945

SHA256
78a031f1a8254e20c3e63357a2a87f8f6f2ba807e8edd74df6c2539b019ec309

SHA512
bfea52e55261f1fbfc9b6c8c5bde587dc0fcc29dbda5a4cb05bd30fb3ebc8ad024cf75cb9bffb04b5f8228c17adb1fa1cc1023178297f6a3efbfaf3a86a37edc

Download Submit
C:\Users\Admin\Desktop\release\release\x64\Qt5Widgets.dll

Filesize
5.3MB

MD5
82a8cd1f9b519d1aa8e6ad779c9e5c4f

SHA1
536da03f5389ea83009436a3197ec860ac6f0448

SHA256
6fbc262e506dc957dfdf72852cfc3b2c8b7850ec5eef4dc30f9fc9e066a8b911

SHA512
a7f178291f65edc4d4de2dddba624dc1b0c51c1b45ed92c0c35d5b3ecb496a0b8308fc1244b8846991d7580a684a9dadda1aab6f04bf4cac13ddc0cd2be31429

Download Submit
C:\Users\Admin\Desktop\release\release\x64\Qt5WinExtras.dll

Filesize
284KB

MD5
de7154814975f02e171f637f8222f8b1

SHA1
33198b358078341748ce5ea01ed8caf85501e0ce

SHA256
8dc1c6ad37a164639ef75093d8a0179f6f8efdf1a22877c59bac745968738e6d

SHA512
dde3c8e0fa96627dfe9ffe1067a9afacde3a69fc7ddc43d5823d091e4c449182b4c90a3fe7823f8480d889da2ae72a835b088ead54e135a197e5ad63efd4f4cf

Download Submit
C:\Users\Admin\Desktop\release\release\x64\TitanEngine.dll

Filesize
626KB

MD5
c151c851289a78d87f1032387ec6348a

SHA1
94f05d9f8ccc8cd33f3c37b72ca7825d707cd8a9

SHA256
6a82dc49f8bd5c30fd368c2c9616588ca68cfd6f0dd8bba526c927bfbd4ded90

SHA512
8f518fa03af48214c65f7a256657a29f2edac25be0e25c47b14ca557e52746e6dcb5fa80be94c8dd5e0691b66e76381adffd748229820485e340bfdbeb7ad48f

Download Submit
C:\Users\Admin\Desktop\release\release\x64\XEDParse.dll

Filesize
1.4MB

MD5
e82079a897fd57748fc81e77b5756e65

SHA1
6204f217f4986be91d48552bcd4aa1b772b1832c

SHA256
1d339e41ca9d5337b410feec1ca808a7ad8b0af2cb6827cfe581cacbe04ba376

SHA512
8a0268858459d149148a0941866a90bc7fb2a8e4761f35f3fbca3a4d90a438f89bfcd71c3d35bfb62c95d1e1391b23ab32421e88573815c81293e166cdcfd956

Download Submit
C:\Users\Admin\Desktop\release\release\x64\dbghelp.dll

Filesize
1.4MB

MD5
e9f0405aa557d9db4352c3473122905f

SHA1
b87740872aba806e4c3030e3baad9e5909ec33dd

SHA256
507262cb88b8ebc64a79451c49cd3b59eab97f4b81d265b51d6ccba487ba8301

SHA512
df38fb203b2f30a95d97f0b74321e04eb7f5eaa8d27428d3fe33fb40537902538758e6a04cc592c3d76ee2bfba54736457e493b60caa9285e115b5d732a77919

Download Submit
C:\Users\Admin\Desktop\release\release\x64\iconengines\qsvgicon.dll

Filesize
45KB

MD5
24043267d4395f646055c422d8ff1ce8

SHA1
4827a8b2b51dd7c0c52a0248740d22cd688b71d8

SHA256
b84e5e02ef6e91848a0d8033965325a988981077ca18edf9abaacc391a128a84

SHA512
a9e0c2d611d670a4fbba145753a77f1ff8aac3c1e6c9ad829117b2472c9197f57ff0e0e0a80f29e5eaf77ebf416196a55ce834a14895f02725f216270f2fa63c

Download Submit
C:\Users\Admin\Desktop\release\release\x64\imageformats\qgif.dll

Filesize
38KB

MD5
506a7c157ca05b5478b513b6b52f7b71

SHA1
54d5d132a7aaa857d33c0e118a56283a862be84a

SHA256
c2fce71c35bd6e22e2ea3a7e0554fe9a726f55d7027bcdbe587fab8983c3e421

SHA512
d4207de7eb2fff4f305209a3f4e51190eb6d2168a333dfaafe5cf00ffd838a0f6d324d3db50a35e696cd1dec4bce593201155ce231270679a15f0deaaaa1a42e

Download Submit
C:\Users\Admin\Desktop\release\release\x64\imageformats\qicns.dll

Filesize
45KB

MD5
f33b24d2e545afe46385879a57f8dbc7

SHA1
0ae0880f9ac8f5c2c2c1064479b20f88e280101d

SHA256
0a0f36c046fff544e335a0d0d80a2c36ac6064f474793426172899fe85d3e91d

SHA512
069ff4d9acd3adf9eed58bc210d758b5c35d8e34bdf2305cb8514593be3c3b41ece216895dbed3f986bebaf3839b7c5efb5f4f02e8b4999c75e6d4595d910ad8

Download Submit
C:\Users\Admin\Desktop\release\release\x64\imageformats\qico.dll

Filesize
39KB

MD5
e16542376c59af7240393f39ee36781a

SHA1
cf35dd7d08bc091d8a48cfd46f1b0eb9f14ff5fb

SHA256
98aa16bc5192ec26ba1ba6b290acd984d50732a91e563eaa1016bcf923643f7e

SHA512
96482eef825dada740e5cbf67d69125f7f038a93b75f76027a8f7af71156b0b9f0b5fd83c9138c1b40a5ecfdc2719c1349a29cd5a9240189b884d167b8511adb

Download Submit
C:\Users\Admin\Desktop\release\release\x64\imageformats\qjpeg.dll

Filesize
240KB

MD5
e082093ac545273490e3dcd92116b8e1

SHA1
c97a9e505482cd655bcc485ce3230a1649c7df28

SHA256
1a0d4ded8487a727b27dff67ef2f3794d40e1bab2e4d42b8250cc1e8525f5faa

SHA512
cf28e70d29230eb82229db372781429ab1c3cd9f1ed9a577c12641155484c12e6052cc3061ddf3ebd970bd84768b157dcd71ca41113102259d5fa2a0b94fdc60

Download Submit
C:\Users\Admin\Desktop\release\release\x64\imageformats\qsvg.dll

Filesize
32KB

MD5
db0ea846f201e4eb446160d18e80fa3a

SHA1
0f3075f63b70cf02297c9f22ad1896bfc996eac4

SHA256
0548ef18dec7ee2d6d2ff51cd0e78136f9f6002fa389158df2ac841425201ec5

SHA512
81bcccf2d8be8857cdeb524b616175f3c707a7340b1b0753db1fa800b7d01c0e2fd66d32ad48f5935bb6f2c0cdb4eb1c64dc54e18d65391001a9ffd0492dcb38

Download Submit
C:\Users\Admin\Desktop\release\release\x64\imageformats\qtga.dll

Filesize
31KB

MD5
c179cb633c05651ff0cdec84cdd71b5a

SHA1
cd9510003824b3ed2257770a86ad5f2c29f6e676

SHA256
37d36178f5c4e0bc546e05951c4da799ca21fa82690c0fdef1f1761703fd1b66

SHA512
37ee1faaea5297d3a77ce259ec14dc528c901f59f427bb448333f5bd6298eb21958f918d1846f147968c1695fef09886453d6a741886d9e4a8b87bf7053200cb

Download Submit
C:\Users\Admin\Desktop\release\release\x64\imageformats\qtiff.dll

Filesize
355KB

MD5
f860955e157bbc2972d9804486c54bd9

SHA1
40b9340cd934046b944c7ec1abf19a355f082892

SHA256
b9a79722472ffaa7a8e3025254fcd053ee1193ffd59353d8e9f28de99ffe7ed4

SHA512
3e4731196932f93955895b2eccae29b18a6d90eee1f8dbb4a1044cf833afab69ffced1f4f673cefdd7689d4f40ad81acd642944cda01811bbbb892c70e4379b5

Download Submit
C:\Users\Admin\Desktop\release\release\x64\imageformats\qwbmp.dll

Filesize
30KB

MD5
54b60b85caa948565c05a9a72861b83f

SHA1
04e233d466a7ccbd2e6d465600a5fe491bcc5cdf

SHA256
3ffa4adc5b5d9aab693f845f53b99774b7daec78c1aefc525b07bf794ac596c7

SHA512
3f56e60cb00b1725befc00e308c40f2b73b6eb57c34fe5ef6bf85e8a097ba657b3ec10fde8729b65956afca17ff2553e974aaae67888d91b30f3c2fcc2a6d4d1

Download Submit
C:\Users\Admin\Desktop\release\release\x64\imageformats\qwebp.dll

Filesize
376KB

MD5
88edbbdcc58a34b91303be7433c94aea

SHA1
c9e6d84b9806812126f723bca3396f6e55cdd3ad

SHA256
5a9beec614fa7195a568d82f3f892092832f15bc3240a7805f33b54b21a68cd2

SHA512
41bf249f22b0bfe29a02629fe42d53a8436fa4cabf7e452bfa1639826ebd7333a80f14c1ab1fa4dc1ff2dd81f775aa23888b77ad98272de93a80638401a6369f

Download Submit
C:\Users\Admin\Desktop\release\release\x64\jansson.dll

Filesize
142KB

MD5
77e483778406136733586ce9c833cf37

SHA1
3f39df0df7cf7e967e30ab7840bc4c7f1ece1d52

SHA256
f8302919d3152b64ae0111b2ddcb4b21e63b674d10e203c05c2a7af015ba6710

SHA512
8c328a77a3b00fa67dac4be86cf301e17f46ee0e9eb4ed81681181035a6948c83e1ea70efdfe6ca39d4963de283a887bc468b9d1232d125e4cbed4afdefb45da

Download Submit
C:\Users\Admin\Desktop\release\release\x64\ldconvert.dll

Filesize
56KB

MD5
5ed39b88a4a05adde32153e5d583e424

SHA1
c139a5761b5e8e2cb06c3229d70ee6eea9bfad9d

SHA256
293539875b478fc2b554104f8c1e0e80a169e75c829a5b882e10b601e6e99744

SHA512
9c9e438abca22502e0430bae7cb3292ff768cb9de0ab06ec1bf261ac2b67750a0172b084b05e7b21f786feac622990edb674619602d118e94e8b0202cc5fd3e0

Download Submit
C:\Users\Admin\Desktop\release\release\x64\lz4.dll

Filesize
91KB

MD5
64849c3b3e38e75782a9ca3ead09e89b

SHA1
645e509d3a6af15ce6a64ec75fc61b8769ef2c14

SHA256
97262ec9688ba204c97fba061bc95b24c2cd67b8839d43217024a542e9d8f124

SHA512
e0e9dfbfdf0f102d6217e69a965c97c210cb4ac8a971022ef5aff1da12ec3f7c0e04ca2272c40ca14c5eac89af49a3e6e5e8557e3db7488c2558edcf08d9d602

Download Submit
C:\Users\Admin\Desktop\release\release\x64\m46asp.exe

Filesize
59KB

MD5
58685abaa92d2dc8d667b9b5d055282a

SHA1
9e766b601c9447a89d73d6f474acb957301fdf1e

SHA256
5c6f441d7b36b0788f33d7fcd95af01c5323c07f1ed77d9c15f465ef0da9ea02

SHA512
6e2a07991f81d2159c0ec7169c0b6520ff32ff179a4f037512d826a5d0e8a3c67a16f75769e2eb6d5fc65d14478f9c42f6cc838e9d194138e9e7a46a7d6f86fd

Download Submit
C:\Users\Admin\Desktop\release\release\x64\m46asp.ini

Filesize
47KB

MD5
787348c22fb9e19f1f3903af45dedc32

SHA1
323459778ce4ce6339e4fa84b5770fc6ca0f9b8c

SHA256
f9804f6e5f9db7dcc084d32b3b7c0bd749d0ce8a47b154d1ee00fa771d0114ac

SHA512
6be4ae0e2dd311ec102128dc32c5c842671fe5650061785f35afb04c14e34d6f81c1dbd2424db1cee68b186b6699b1e0670474d0c51ebfebdd7b1b96441c6dc7

Download Submit
C:\Users\Admin\Desktop\release\release\x64\msvcp120.dll

Filesize
644KB

MD5
edef53778eaafe476ee523be5c2ab67f

SHA1
58c416508913045f99cdf559f31e71f88626f6de

SHA256
92faedd18a29e1bd2dd27a1d805ea5aa3e73b954a625af45a74f49d49506d20f

SHA512
7fc931c69aca6a09924c84f57a4a2bcf506859ab02f622d858e9e13d5917c5d3bdd475ba88f7a7e537bdae84ca3df9c3a7c56b2b0ca3c2d463bd7e9b905e2ef8

Download Submit
C:\Users\Admin\Desktop\release\release\x64\msvcr120.dll

Filesize
940KB

MD5
aeb29ccc27e16c4fd223a00189b44524

SHA1
45a6671c64f353c79c0060bdafea0ceb5ad889be

SHA256
d28c7ab34842b6149609bd4e6b566ddab8b891f0d5062480a253ef20a6a2caaa

SHA512
2ec4d768a07cfa19d7a30cbd1a94d97ba4f296194b9c725cef8e50a2078e9e593a460e4296e033a05b191dc863acf6879d50c2242e82fe00054ca1952628e006

Download Submit
C:\Users\Admin\Desktop\release\release\x64\platforms\qwindows.dll

Filesize
1.2MB

MD5
0cdac0e449902682182f78a552c35de2

SHA1
c370e79c472c4973178a9b666194edceb1c02a62

SHA256
85dbcaf6965fb146cde7825465add3e890e13d2c67390b8b3c6fbcaecd503c68

SHA512
9516091abb61b91dd0c90d2e85f6de1463f075e64451dab48b535a119d5a04e66cfe674ee85c8ac41772c98d22c946f8be85f0d80c2e50c247939fc66aaa7cff

Download Submit
C:\Users\Admin\Desktop\release\release\x64\x64bridge.dll

Filesize
77KB

MD5
992c0dd1a12d220285b6dc3c9c633de9

SHA1
def5a8fff1293cc478e3e63dbd7fcab06201a6b0

SHA256
7a2229ef46b091b0d904284045c58dc165cf64dad8f51bb06d1b1edbb67fe253

SHA512
64d56ac968405cac65b8a9f2e8f76f94e0d3b31dba63ffb2861d32b76cf882b3a776117842c99befa689e19520c9e4ff2e03711553f5f3a086d2f54b1bcb4e2a

Download Submit
C:\Users\Admin\Desktop\release\release\x64\x64dbg.dll

Filesize
2.0MB

MD5
f8a62e7ca6f11dc39b06d009cbc38e07

SHA1
51298759df5845477511cc1beed8cde45f364454

SHA256
9d95cc016594f69637d0706f32147c7d14b84276f69c80e49db800098aee8fd8

SHA512
32482b7b2f7018171bfe95f4b5d14a8940573c92300c0f8f7a5df300fbdda22f40280b8075ef234c790671d7be9fb5e4da5b6819f171f99e2fe0dd4a007d0b80

Download Submit
C:\Users\Admin\Desktop\release\release\x64\x64gui.dll

Filesize
5.1MB

MD5
5448b9c7f68e93cccf1f0430268b8d77

SHA1
d81874368058459a0a7712d104b90be0a92be203

SHA256
972704bb9f286d5275ad8a188c9457fb4349ee1420a50b5c6d651f54c14edf56

SHA512
8e39b26bd01c9012492aab59af0dcb983f330e375121efc530360aa6750ca172b7cab0f7a2d189ca1067b0ef6deb327f6bd9accaa4b1c4352660756585dc2a5f

Download Submit
C:\Users\Admin\Downloads\2024-04-09-21-31.HGt59bxM.exe.part

Filesize
32KB

MD5
32bfd98021ea87d5fc4abfe21d73690a

SHA1
4a86ed74cb14774b364e4a634d342190831085a7

SHA256
8dba7b117b08be0eef020e4bd3bf2e58954625fc85b6d7ec7a6be02ecbc90b90

SHA512
4f499eed2154e4032a89ade5584ac28615d9cd83a66fe0b13b3344b3ff92bfedf0366776a2e0ae7cf2a8794a2b8f82500dd9bf326c234ea88c74d3c36c5cf68c

Download Submit
C:\Users\Admin\Downloads\release.KgzqbinX.rar.part

Filesize
32KB

MD5
e5e2034773ceb5cf4cdce62920a15d3b

SHA1
74bb91a4b812ee97b69c9523c29f12c8ce2bc07f

SHA256
3052012f3add3ac8e98ed01d5633b087ba1975d7e7a515a92815301a20741570

SHA512
7c7e62875edb57ef01084b960fe27036e1c8cc3198e133b01d5c36504beab518b51db46520de8b61be068b47630ea54fa7f3e630c8fb69b3e65226c9b66e1dd7

Download Submit
C:\Users\Admin\Downloads\release.rar

Filesize
29.4MB

MD5
63648ebea8de67bc6c0226dba9db49a1

SHA1
2bd97fd3abf9a70941e0b8e5a2a447875e925ff9

SHA256
e739609dce2f5ec67c0923bf74f110aad57c78e772910df7a0dbad7f3cce4787

SHA512
c320eaec0c3ed97fb8451fd88a06eabba29f0f6c10f8b6e300ddf0b6e52d1966a182ed05d82a3d6385256a48121f586340ef1367305cb0b6ca0fe2f0f576cbdd

Download Submit
memory/1064-981-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/1064-980-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/1064-1005-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/1064-996-0x00007FFE287D0000-0x00007FFE289C5000-memory.dmp

Filesize
2.0MB

Download
memory/1064-995-0x00000000001E0000-0x00000000001EA000-memory.dmp

Filesize
40KB

Download
memory/1064-989-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/1064-973-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1064-976-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/1064-985-0x00007FFE287D0000-0x00007FFE289C5000-memory.dmp

Filesize
2.0MB

Download
memory/1064-974-0x00000000007D0000-0x00000000007D1000-memory.dmp

Filesize
4KB

Download
memory/1064-977-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/1064-978-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/1064-979-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/1064-984-0x00000000001E0000-0x00000000001EA000-memory.dmp

Filesize
40KB

Download
memory/1064-1006-0x00007FFE287D0000-0x00007FFE289C5000-memory.dmp

Filesize
2.0MB

Download
memory/1064-982-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3196-1012-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3196-1033-0x00007FFE287D0000-0x00007FFE289C5000-memory.dmp

Filesize
2.0MB

Download
memory/3196-1013-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3196-1011-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3196-1023-0x00000000006D0000-0x00000000006DA000-memory.dmp

Filesize
40KB

Download
memory/3196-1010-0x00007FFE287D0000-0x00007FFE289C5000-memory.dmp

Filesize
2.0MB

Download
memory/3196-1037-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3196-1027-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3196-1031-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3196-1009-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3196-1032-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-993-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-0-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-1-0x00007FFE287D0000-0x00007FFE289C5000-memory.dmp

Filesize
2.0MB

Download
memory/3992-988-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-2-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-3-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-1014-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-972-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-1026-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-970-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-1030-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-4-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-968-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-93-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-1036-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-151-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-152-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-155-0x00007FFE287D0000-0x00007FFE289C5000-memory.dmp

Filesize
2.0MB

Download
memory/3992-922-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-999-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-894-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-403-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-167-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-233-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-220-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/3992-204-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/4564-921-0x0000000072B20000-0x000000007306A000-memory.dmp

Filesize
5.3MB

Download
memory/4564-923-0x00007FFE07DB0000-0x00007FFE082DE000-memory.dmp

Filesize
5.2MB

Download
memory/4564-919-0x00007FFE07DB0000-0x00007FFE082DE000-memory.dmp

Filesize
5.2MB

Download
memory/4564-920-0x0000000072B20000-0x000000007306A000-memory.dmp

Filesize
5.3MB

Download
memory/4564-964-0x0000000073240000-0x0000000073255000-memory.dmp

Filesize
84KB

Download
memory/5308-965-0x00007FFE092D0000-0x00007FFE097FE000-memory.dmp

Filesize
5.2MB

Download
memory/5308-966-0x0000000072B20000-0x000000007306A000-memory.dmp

Filesize
5.3MB

Download
memory/5308-969-0x0000000073240000-0x0000000073255000-memory.dmp

Filesize
84KB

Download
memory/5308-975-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/5308-983-0x0000028116BB0000-0x0000028116BC0000-memory.dmp

Filesize
64KB

Download
memory/5308-990-0x0000000140000000-0x0000000141CB2000-memory.dmp

Filesize
28.7MB

Download
memory/5580-1337-0x0000000140000000-0x0000000142427000-memory.dmp

Filesize
36.2MB

Download
memory/5580-1339-0x00007FFE287D0000-0x00007FFE289C5000-memory.dmp

Filesize
2.0MB

Download