a1e9d2a0a36f1cb5b3fd09a3e07335f9987549fca015428369043031e2cc67cc

Analysis

max time kernel
145s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 16:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

A Installer/FileZilla_3.67.0_win64_sponsored2-setup.exe
Size

12.2MB
MD5

e4acf0e303e9f1371f029e013f902262
SHA1

180f686f2afe1ad0ac6f3498e70af910fcbce620
SHA256

9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202
SHA512

fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc
SSDEEP

393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

FileZilla_3.67.0_win64_sponsored2-setup.exe

description	ioc	process
File created	C:\Program Files\FileZilla FTP Client\locales\fa_IR\libfilezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\th_TH\libfilezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\vi_VN\libfilezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\classic\16x16\server.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\classic\16x16\speedlimits.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\sitemanager.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\24x24\help.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\16x16\binary.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\16x16\cancel.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\16x16\lock.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\32x32\auto.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\queueview.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\ku\filezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\close.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\remotetreeview.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\treeitem_expanded_dark.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\reconnect.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\compare.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\48x48\refresh.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\sun\48x48\localtreeview.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\queueview.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\16x16\uploadadd.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\cancel.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\32x32\processqueue.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\32x32\folder.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\nb_NO\filezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\folder.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\48x48\file.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\pt_BR\libfilezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\cyril\16x16\logview.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\16x16\disconnect.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\48x48\help.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\16x16\localtreeview.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\libgnutls-30.dll	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\cancel.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\16x16\upload.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\32x32\bookmark.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\lo_LA\libfilezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\sitemanager.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\ja_JP\filezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\fi_FI\libfilezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\compare.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\24x24\filter.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\32x32\processqueue.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\20x20\server.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\km_KH\filezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\tr\filezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\logview.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\default\480x480\localtreeview.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\cancel.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\24x24\processqueue.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\minimal\16x16\ascii.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\sun\48x48\queueview.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\48x48\logview.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\16x16\processqueue.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\file.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\blukis\48x48\filter.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\24x24\reconnect.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\flatzilla\32x32\uploadadd.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\lone\32x32\uploadadd.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\opencrystal\32x32\sitemanager.png	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\locales\zh_TW\libfilezilla.mo	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\libstdc++-6.dll	FileZilla_3.67.0_win64_sponsored2-setup.exe
File created	C:\Program Files\FileZilla FTP Client\resources\tango\theme.xml	FileZilla_3.67.0_win64_sponsored2-setup.exe

Executes dropped EXE 1 IoCs

Processes:

filezilla.exe

pid process

2848 filezilla.exe

pid	process
2848	filezilla.exe

Loads dropped DLL 33 IoCs

Processes:

FileZilla_3.67.0_win64_sponsored2-setup.exeregsvr32.exefilezilla.exe

pid	process
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
2912	regsvr32.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
2848	filezilla.exe
1208
1208
1208

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ = "C:\\Program Files\\FileZilla FTP Client\\fzshellext_64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 8 IoCs

Processes:

regsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\directory\shellex\CopyHookHandlers\FileZilla3CopyHook	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook\ = "{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\ = "FileZilla 3 Shell Extension"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}\InProcServer32\ = "C:\\Program Files\\FileZilla FTP Client\\fzshellext_64.dll"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

FileZilla_3.67.0_win64_sponsored2-setup.exe

pid	process
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe
1984	FileZilla_3.67.0_win64_sponsored2-setup.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

filezilla.exe

pid process

2848 filezilla.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

filezilla.exe

pid process

2848 filezilla.exe
2848 filezilla.exe

pid	process
2848	filezilla.exe

pid	process
2848	filezilla.exe
2848	filezilla.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

FileZilla_3.67.0_win64_sponsored2-setup.exe

description	pid	process	target process
PID 1984 wrote to memory of 2912	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	regsvr32.exe
PID 1984 wrote to memory of 2912	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	regsvr32.exe
PID 1984 wrote to memory of 2912	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	regsvr32.exe
PID 1984 wrote to memory of 2912	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	regsvr32.exe
PID 1984 wrote to memory of 2912	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	regsvr32.exe
PID 1984 wrote to memory of 2912	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	regsvr32.exe
PID 1984 wrote to memory of 2912	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	regsvr32.exe
PID 1984 wrote to memory of 2848	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	filezilla.exe
PID 1984 wrote to memory of 2848	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	filezilla.exe
PID 1984 wrote to memory of 2848	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	filezilla.exe
PID 1984 wrote to memory of 2848	1984	FileZilla_3.67.0_win64_sponsored2-setup.exe	filezilla.exe

C:\Users\Admin\AppData\Local\Temp\A Installer\FileZilla_3.67.0_win64_sponsored2-setup.exe
"C:\Users\Admin\AppData\Local\Temp\A Installer\FileZilla_3.67.0_win64_sponsored2-setup.exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1984

C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\FileZilla FTP Client\fzshellext_64.dll"
2⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2912

C:\Program Files\FileZilla FTP Client\filezilla.exe
"C:\Program Files\FileZilla FTP Client\filezilla.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2848

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\FileZilla FTP Client\libfilezilla-43.dll
Filesize
937KB

MD5
85bd74a17c53eec4cd39fc4fadadc3c6

SHA1
1f5e48cada5a99b1a0d4364e4091489d4504c606

SHA256
bdc1ea011a343b36b19411cbab592936432ecec8f0d91ec6f74e10f4f10ddb09

SHA512
27b4668cad4a30a25f22ac57d35e91609ccf1558a499292ea7637a4829228a9f2a01f918e082a50680a5d4d158e25deb3eca7b1dbc20d1ca6dfeddd418bc14b5

Download Submit
C:\Program Files\FileZilla FTP Client\libfzclient-commonui-private-3-67-0.dll
Filesize
611KB

MD5
bcb38d316fbaea52928113c15d34e4f9

SHA1
aa9acb9b154e9e9bc9142fd72f395b2c5ec6c645

SHA256
204f83f6bbdb707ddad08949403512035f30c10dea6f034b2d41c065f0255f3e

SHA512
d962d466ab4af8d9434d4ed1888331effaf6a1a0dc5d091c01a054c50283c7a739bfb615b762e1e806a9a70f8451d08e5ffdaba3393fabf6f2a6c878fa4e19f0

Download Submit
C:\Program Files\FileZilla FTP Client\libfzclient-private-3-67-0.dll
Filesize
1.4MB

MD5
492f5c5d895b5c6df72cce4a3cffd081

SHA1
e3bcdf4c1c4d383f0aab7a6f362e91edbd1eb072

SHA256
b563c8e74a44ee3303f45f5fe4c992d82dc259653636f49ca681bf34fb7e794f

SHA512
d23d831b9745d15b9db9d22bbdd010c4e4b6ef655e2d4b681f367e62f285a83f57d3ebd58d165ab8d53ff42bd38ea95d07b8ff95572e747f8e3ddaacbff1f297

Download Submit
C:\Program Files\FileZilla FTP Client\libgmp-10.dll
Filesize
635KB

MD5
8c379d5323f086363f0d0f85410e029c

SHA1
63a390ec2046a8dfe6fc10366690f08df95c2d97

SHA256
dcfe75f06ff67b0e94035831f8a7f5e23757535235ffea2350b64783841a8f27

SHA512
a922242f45acb0640ededde1d4991a564c75ab742310a48b77f8366d3c299674c61108d1befbe1d90b97dd7cb6a52673b5d5bf29eaba39594fc13ab4076bbcfc

Download Submit
C:\Program Files\FileZilla FTP Client\libgnutls-30.dll
Filesize
2.0MB

MD5
a88c50c2ec280701c1b391fb0e251b57

SHA1
09b4546ef9e50fd67789efc2b35bd11b4aeb097f

SHA256
3b3ac6b039cbf6013dae1dac0d4d8394535994bd4b97cc2ee3de546f0891df92

SHA512
af5fa49f913145a54f84f7196938ee59a75330bce3bfa6e6a1f344fe2c14a9fd21dd995bc24c1879a4d0031004f29d260a1258444ea1478ff869cdafc63d609d

Download Submit
C:\Program Files\FileZilla FTP Client\libhogweed-6.dll
Filesize
268KB

MD5
81ff0445ef95824de5e2667bee1bc664

SHA1
208b25b576b4db478a50dd701b392d46380cf94f

SHA256
3dcef7e1f8a7d6b89d32f5d7ee79d085c1a51a2b9adbe9862cc2bc88a72a3b36

SHA512
ec572e73aa61d43b15d8c4a8d0582d2aa8e52f663adf3e5f515532ddf66badcab63fb2dc79e73a47b37a81fbef83280b7c97d8144d68e64b55d703dcf607d63c

Download Submit
C:\Program Files\FileZilla FTP Client\libsqlite3-0.dll
Filesize
1.2MB

MD5
f027b75ee14492d9cd45002ac949615b

SHA1
be10480065d7bf0461940f618393528ec0b51092

SHA256
10562c70d79f84541a10158b22ba2d0be587551235a27ae7c1028f58e6d8f521

SHA512
c0fdb6a09614d3189b727869c20198d3a88be542b2555302d65e18e2b185d7bfa135fb93a93df0786902dee75d67d16c2f7c27ff62038566a3753d170932334c

Download Submit
C:\Program Files\FileZilla FTP Client\locales\en\filezilla.mo
Filesize
275B

MD5
807d27e041dd3ed1cd2c872c283a6e52

SHA1
c94a40db0cbe1efa783a463526c423dea89f500f

SHA256
dd0b523740c89630994264359e1eccef53c6848928efc7c034f993c1b3e4b22f

SHA512
21657b5b353a53bbda7370d863cdc0003e21761add65737d3c6de49294b44e28c9c35b61be3c9a06e5e78b5a65f6c11546865d778509863f266092c7b72ea2ca

Download Submit
C:\Program Files\FileZilla FTP Client\locales\uk_UA\filezilla.mo
Filesize
230KB

MD5
dde0ddcd21a6288977a493dd98fde867

SHA1
d56e3a0b42ccdedceebf9058c3ad10c27d057641

SHA256
e472b782d83fb60cf1bfe30e6d8faa8a122e5e7fa4c8188cc4caf55fe82be9f1

SHA512
1f9c1deabc249ffad3628b7e6c62cae6abcfae4aa5db88c37a4688727000543c1265732f73f0ca15d69e80cce44c4d61374a5e5807abbafdd78b96f1f7ae8c90

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\cancel.png
Filesize
7KB

MD5
4c2c126f11ce45b698336b49b24f8afe

SHA1
7cd96f7e9a6fd3ca36336764ecdfe8a317590d1d

SHA256
314d5ec0dbea36c3b37d48438e7bdd50178811b7ba04e46f438873de3a5c1fe0

SHA512
5ab9e12dba7eca3d9bf63c7def45427040dc39938606555f8d3d47a06750cf8e3808099581c99c3a059f6874028a646e18b3f56dc179533fc7c3f6ed0557aead

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\disconnect.png
Filesize
4KB

MD5
e7a7e89f12dd8d49f9afb73eb52e0466

SHA1
c4b57e0f2b6d286309e4a962c504abd1a602d971

SHA256
bf0f361801f7dd78c748d611daeb2180d50dbd9e3a284758bc4a5e6f773758d5

SHA512
139df2a8fc3e6331ec5e8a0b3daec852a484ff5e59c54a6f72eb0a257432146e56d73ac86c4bc222b5daf16270a0a910fd3e9b9796485394282151ae93c62eb4

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\leds.png
Filesize
69KB

MD5
87363ed4937b5b1633e6c756268a46a6

SHA1
c4bf71f9307a897fc9b44ed740dbf2797750e90a

SHA256
1d6c546397e8ebf71503279d0d8da8a9343908fec4b9b1d97926ec5532efb365

SHA512
3bf66caca161d6ac8ed60236ddb6618b910a485e4dd69797ced2f057792b2757f634606e94c7dfff28ea26c261e23b3cad9ea063eb056e648ab9b2cb83c173f9

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\localtreeview.png
Filesize
3KB

MD5
e21443d7cad7e6927fd6d798a4232bb4

SHA1
0c4b2f6e709822c59f884f960471009408782d09

SHA256
a67af84c06743847ffc0edbc79ffc4a3ce93c89ff57c03c0f18c3782b5347988

SHA512
052428edcc9d026eda6ccb32ea2e7104b68d9d346f016b82aeade8b7fb191d704e21cec084721dd35aaeb51bedb06babd4097f7f7623e58834805de2bc3cc47a

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\logview.png
Filesize
4KB

MD5
a5c2e72f7c61158a6e17aea666de99fd

SHA1
83f0e6816c8735ac340335209d6c02916f4c019c

SHA256
9bf88f5a0f4deb7035cfd2930225596b4e0767010d34f01c3ee093c17164033f

SHA512
712a0e1a5d098be686f2a897a12f8a41d8b2254d30f2539094a6fc8e334238aaeba16562e2bc8dab81cbb31fc8858b936e134d5ef6479170fd2ecf10af75f61c

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\processqueue.png
Filesize
7KB

MD5
dc267d9678aff17e9a8a557f0c9e690f

SHA1
a6aee93ab4c750b297b1b3995924b383b9be7875

SHA256
930281b5e99bcf3c891b48a2830f5bcfd19d2ab03f9a2cffc2594016233ccd14

SHA512
b918863336196eb55584655d44ac328cfbcb08bd8c8e3b8896567a91791f746329b7832cdac81a996eebfc81c35208d408cb126d518c766d15aaaac1384af503

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\queueview.png
Filesize
2KB

MD5
247cc463ec1c836c2388317b8c5fd91b

SHA1
28e00529f0a265ce1ee9cf0d346bde59a8ac695c

SHA256
444b408a816c39e965a7c960c44c8976ed99b1ef3263088b41b6a170f3747d9c

SHA512
8bb9472a75b0f9671cee6de747f346a7f56d497c9cb42ccd60f61724bb8ffc8ba733e395a79e0af2984291a9e2f92fbd3bd23a49e6db4130220dd90efaf2cfca

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\reconnect.png
Filesize
3KB

MD5
c19505c35182fbc2d2c81ed60e62926b

SHA1
d415f48879875f94cbe9dd7fdb7a7dade6603eb1

SHA256
981892d7fd00d58c2ed41e33bfe1cc35fda8f66d3ea1a533063cba3058331683

SHA512
8125bc3c108bf846be6aa38fbac89e0683fd784a239858fa23e71e533944521410ef925525cc3fe32bffc28d2de47353555fd727d69e7408eb7ce10d65a664d1

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\refresh.png
Filesize
8KB

MD5
f95d73543381834fd6aad987df30f157

SHA1
29b81a5613c3a7b73260f2579b23b1cdaffe4fc9

SHA256
e72e2057afe1c9c449c2f43a83129dc24d4349e34f40ce957b56f7f87aba927a

SHA512
095924c202a73ff4d91668ad9ff6efec9d5f12d410487669ac2518d7caeb12651284d051ba8afd692bf0e0cb059c70bbc590d265b38fa1243242385e50262b0d

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\remotetreeview.png
Filesize
2KB

MD5
3daed236d7df410ff02684080378572d

SHA1
b7427a30e75c4aad0a8b031bbeeb16e57ba7b8b4

SHA256
75a915c0caf149c46df534577f1fb089fac8cf0efda8fbe6115b5118942391e5

SHA512
2a4c7659795b6c497ae657cf287dc8580769e3d7a91c130f0e559f45c1e55e60324e80c4c2b0c2722e7bd0158d8779151b0a80177eeea5babfe277fe9870b55d

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\sitemanager.png
Filesize
3KB

MD5
810967a850e0f96f44874651f649a952

SHA1
dd51af31b2883dd27f3ba2ea4b8e572e1340261b

SHA256
66d6c15dd8e819e7b62d277aa237ff77c8c595f65582a368cbbc15427f82bfd2

SHA512
48595fb92e30ad7ffee8237a37cb6c2f6a1603de8eae73da8529d828888759da3f74b0cc56d8e6a787f25749e5af74ea07de698e6178a6175b25b530d9f5d0f3

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\480x480\speedlimits.png
Filesize
12KB

MD5
b5aa21c3f5d77d5d55982fed0f46e12e

SHA1
d0540523e377726b1a936980a2ee968d8fd63de2

SHA256
d42aad945404d1a5f66a168f6af3a89d34be856fca13911ee0a5d3da8ab7b084

SHA512
39641960860c6628b0cbe68fb66c1a2294f66f19d019d37b3385bd95190d1a636e39848fd0b1394a671cb04f5ced1a1d4f16f76a0dd0e40cc8948d521e7170c7

Download Submit
C:\Program Files\FileZilla FTP Client\resources\default\theme.xml
Filesize
212B

MD5
75a54b0f2673d762239bc479579af93d

SHA1
13bb8fea1c2e296ad1516df1d565e2ceaf2d9484

SHA256
209f8abd4d06ba609d1d92943ccd2b7ef8918e88ca3f159ab8d1d6fa82ebcda1

SHA512
8f4ad697b0073307a9dd5559c702f30bb52aadf48f875707691a2480a9baed48eec34089ed1be784358ff7ea213b68c62b972cc24278e6c32b0ffd397c2a0e0a

Download Submit
C:\Program Files\FileZilla FTP Client\resources\defaultfilters.xml
Filesize
2KB

MD5
9994a10e6ee72a5afd26cbb582e946e8

SHA1
c4b507e64a476a260974c17f2e13e6c41ef19cb9

SHA256
27b4c87e3f1a75ce58cce51086d8445e3c33590111a258be8344b842f74c05d0

SHA512
776ef79c8e72695d3a142438f441a85bb5043d584f6dd5216d4d8e7357dfe19871f775059212d3c7dd2d8679463056222224a27ee7d544beadb1a2a921a27ec5

Download Submit
C:\Program Files\FileZilla FTP Client\wxbase32u_xml_gcc_custom.dll
Filesize
235KB

MD5
8bd725973fb63685557cb0a90addf0a9

SHA1
124b6eba99e87a77ce7ebd349e05ac7423166f3c

SHA256
85f7a0df6b7ebaa46f6a255de0db92f939441fd509c5dbd605d01b6c1bc98115

SHA512
37799a8e7366b55cbe8689a4b560421b4adbb731de893705c71367c54f4848de1351fa4d93b531cb134cc155ffb4a16117dc619687a96f6d6df3f50d2e0bec3d

Download Submit
C:\Program Files\FileZilla FTP Client\wxmsw32u_core_gcc_custom.dll
Filesize
5.0MB

MD5
90a9eb91e52116843329b5a75c93c08e

SHA1
874534a834d59a1955a467860fc66c908627f039

SHA256
5a8d63246000f4e53a60612ee34613d7f54e5ac9e8bace7d0c71737ace30f653

SHA512
defd32468af25905e7cbf35ebe14db25dc1cb886793afeb0faeb867716f65f8b9ee321d06001e2c1af19a07b83d5c9b325d4b6ca5f864e1aa3050077b6787d37

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk
Filesize
991B

MD5
d0affa4a1d9c8952496369fb8874462d

SHA1
ea4931abc31b07d9fcb4fe6ff77e3ddffa96008d

SHA256
8382e14798683d7aaff5eaa33e02ae1cd14e5c4071eac3a76c0e4a601386ad9e

SHA512
f2ca8b5697fa6a1bb4b8d3279d39ba19ad228206bc8ef9d32a5ac5782673998646a911432582cc34d090e9e7aae6f11bc4ad95a45c90ff0c7eddfaa444ba798a

Download Submit
\Program Files\FileZilla FTP Client\filezilla.exe
Filesize
4.0MB

MD5
79cef3c9de232d1f58f0e26292376584

SHA1
2dd2ab98e8fcf5c720bf3618a3a0b84666ca191d

SHA256
26d717e65101b0ccd5d491c406f76a216381410890508d3d154d5aa073698887

SHA512
2378c3ea857cbf0ff8b14c7984a0237613533c7f6451bed1ba8e09aeb71ab4c35b7f37f7298259a67467d40925cad4a4e8baf556444215ab84ec9ea4856246c4

Download Submit
\Program Files\FileZilla FTP Client\fzshellext.dll
Filesize
33KB

MD5
c0280971a69869d7a1f3b35793c839f3

SHA1
946356173bdd7d575db1d1b3fb04ed81353e098a

SHA256
c085caea2677b0eeaeecb9afe7e0bad83c2a94fc78d5c3f7819bc7314e54ec69

SHA512
cdd1530aec393c9c07574e9a32214af8fb5eef85a5be02db68e24e05c5e1d88449f064e280d2bcd21aa6921c7545f30965a6724ce810960001964a3c558370ba

Download Submit
\Program Files\FileZilla FTP Client\fzshellext_64.dll
Filesize
31KB

MD5
d29ae3155432dedc8b5002133e22ab71

SHA1
f25b6f9ee1ea454e3c00a22d5d000234f3afaf95

SHA256
44ca9c321f266b39b170da0218372b0a0716b9516c36255f600321e7778bc673

SHA512
65adb747cf96b20d63b45f15b00d8d1ea60187a9af6604bee47d9679670edc93cc79009426a92493f2e12b13943298e90df9bb085a0febf9c076d90e01e8396e

Download Submit
\Program Files\FileZilla FTP Client\libgcc_s_seh-1.dll
Filesize
115KB

MD5
3fed2de912b37afefa8288cf6d287570

SHA1
3e215b74b3fee54771301dedf7e118af9e67b2ec

SHA256
7b108e6a2ac50fb4599940058be5c6eed8b74691cdfe4c082aa6d47b341ade67

SHA512
edf83e3485235a4f7655b8c8f1e15e3382fdd34e1241a84a8d555d16fe339fb55c12cad5b87b0884ff55c4cc6b1920d57c5a74972296740a7beb48efe1471e19

Download Submit
\Program Files\FileZilla FTP Client\libnettle-8.dll
Filesize
321KB

MD5
a93be40ca4bef4f6295ce732a0547739

SHA1
e020157060b2040c67b5c074307f1ec003eabdc8

SHA256
173ddb2a966a153d9e21cba1b222d3ba3e461ea4793bbd6f8bbbc9447a59cc81

SHA512
73efee1e08a0848d7e4cc3585aaca065aff7af8741a2280481af332ad48bf6ce2800e8925ed266872e7851b3fd3b855d7bb4f5165708236d79be7321bd935970

Download Submit
\Program Files\FileZilla FTP Client\libpng16-16.dll
Filesize
235KB

MD5
0ff719ab13a1cf91cde12b50b6cc0d49

SHA1
47f9e148f4b754d68d0ab7050da1e74cd1ae54f9

SHA256
66141f686a865780e8e6e240ccba68b4442b5fb50faa0a9297f1e42dda20f752

SHA512
d43f4f7cabf47462869bdc637f8dc5df1b8257ceb29d81192898e36b231beb04fba5bd2704ee36a9b830c13dbe547373bde67dbffb903846f5396cde798378d0

Download Submit
\Program Files\FileZilla FTP Client\libstdc++-6.dll
Filesize
1.9MB

MD5
e6b89548cc7dc9f9dad16e285110a45b

SHA1
189a2bd6672bc7321371f76e6d29a06fe1e885c7

SHA256
d1bc20acf8dffd5d682badf966dd884a3f4373abf509995ebc24f8fb7b15a30d

SHA512
0fdee53763751bd47560a6147b915e95bc629c6f79cd821dd13e48df50899d61822a5a7cd089ef0190b3ab25ff90d5adead488687b2c8093b125daa7b7db695f

Download Submit
\Program Files\FileZilla FTP Client\uninstall.exe
Filesize
99KB

MD5
fc585e374e752867184d0a43476592f3

SHA1
ac2ced4dffa9b72ab730185f54077acb17f46cd5

SHA256
cbfcc3114ac776f613cf6f4330f6517d72637c40eeb3130b2206caf0af4bdb32

SHA512
513dbe226060cf359b736c39548e65f1925cacc06efb21ddf0c923a9f9e7de919b009f2256a54fb27f98c45b3146d168ea04eaff706a490990fa044145b17f4e

Download Submit
\Program Files\FileZilla FTP Client\wxbase32u_gcc_custom.dll
Filesize
1.7MB

MD5
5cc9be3f1890c173c9c63410f356c09a

SHA1
2eeb5a4f53c669cd324254fe7aa2876d1626f695

SHA256
a89efa9a7bd855e2063246ed6d60c3d84330ccdaba98904720587a2c24c9dd31

SHA512
19da61eea609e243490ee3e2aa8bef2d665fd9f028897be7f9e7334becf1efbe2d7d89091d43ae6bc0d5ccd521b5b0fd7d20257e2826aa665ae29d7a8423cc0f

Download Submit
\Program Files\FileZilla FTP Client\wxmsw32u_aui_gcc_custom.dll
Filesize
494KB

MD5
17f252efa82208ac31378e3a4f333ed9

SHA1
d722f47111f8dd81e0891c433a9cfc583ff76589

SHA256
17305a8db2b3d3c65dda7a22e918f13fec041e95feb56715c46d1fa20569fdb2

SHA512
8ea148d881309bd08bf99d8f39f5b01dcd4d779388b40d168576b5cdaed422b0cc5a23e4f4f65ac8820ca7bc8c22ba49590223579da3be17481812f18dd57f11

Download Submit
\Program Files\FileZilla FTP Client\wxmsw32u_xrc_gcc_custom.dll
Filesize
728KB

MD5
923e97f86b22abcb602f6ab16d2b0293

SHA1
b14cd14ce8b2c4cd2fe29395679210ba662cd26e

SHA256
95e36f082ac1bd2ee75c7c3d7371c8332cd5f36b3af0e4146689ee8790e7f244

SHA512
d4ddbaaccb26c2e531437b16162489fa0690ab704d711dc3fb99746835cac12f5289eab1d099582acd2d333f8c1a85f096002f0ea10713311b43c38598fea21e

Download Submit
\Program Files\FileZilla FTP Client\zlib1.dll
Filesize
142KB

MD5
939ae6c45ee1b81e9a734d594137f6c5

SHA1
941abb6e3e0ba4d65fe4315f5624e30ea3604e75

SHA256
c86bae1e3aed5223a591cf555fb441f89151ca1b4fd285535887bef4e25fe0e8

SHA512
7ce19c2e992be4de671fddd732360fe9ba4425e0842a2481cc614a9f51a424b08581d30c1aeaa1116ec61221f158964c2a7c660f77796b072dd19b782f64d948

Download Submit
\Users\Admin\AppData\Local\Temp\nsy29E0.tmp\StartMenu.dll
Filesize
7KB

MD5
a8c86996c4230c2209f5927f21321377

SHA1
45ce0ab93cb6a3a594e54878cce05df724024393

SHA256
110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855

SHA512
69ee73496b916777936b0dddd2cc4a4f916e393f7d0b167cba77a4a239ee1e3f645d9b90dee1627c42a23eb6c3403e4d086546b9f78b3a2e4999c8f92f6a3bc3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy29E0.tmp\System.dll
Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
\Users\Admin\AppData\Local\Temp\nsy29E0.tmp\UAC.dll
Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
\Users\Admin\AppData\Local\Temp\nsy29E0.tmp\UserInfo.dll
Filesize
4KB

MD5
d458b8251443536e4a334147e0170e95

SHA1
ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

SHA256
4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

SHA512
6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1

Download Submit
\Users\Admin\AppData\Local\Temp\nsy29E0.tmp\nsDialogs.dll
Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
\Users\Admin\AppData\Local\Temp\nsy29E0.tmp\nsis_appid.dll
Filesize
3KB

MD5
19071761e91c43c115a16b52458869b7

SHA1
75ddb807157f1aa31a08f87be0270f60990bcbbc

SHA256
e9e1ba410636698d666b328eea71346b8287248d262e44da07ce8b5fa24c5e5f

SHA512
bc0eab51cf27f657cd3fd62a47894ee13f3f561feaa565f16ba15088be39be73c9839a3cf35b538219ec83a03d48970b89258c5f20c37bcaf76438998437786c

Download Submit
memory/2848-1001-0x0000000074350000-0x0000000074379000-memory.dmp

Filesize
164KB

Download
memory/2848-998-0x000007FEF7170000-0x000007FEF7191000-memory.dmp

Filesize
132KB

Download
memory/2848-1007-0x0000000066380000-0x00000000664BB000-memory.dmp

Filesize
1.2MB

Download
memory/2848-1006-0x000007FEF5F00000-0x000007FEF5F40000-memory.dmp

Filesize
256KB

Download
memory/2848-1005-0x000007FEF4010000-0x000007FEF40CA000-memory.dmp

Filesize
744KB

Download
memory/2848-1003-0x000007FEF4130000-0x000007FEF4631000-memory.dmp

Filesize
5.0MB

Download
memory/2848-990-0x000000011FF10000-0x000000012031E000-memory.dmp

Filesize
4.1MB

Download
memory/2848-1000-0x000007FEF46D0000-0x000007FEF4894000-memory.dmp

Filesize
1.8MB

Download
memory/2848-999-0x000007FEF48A0000-0x000007FEF4A87000-memory.dmp

Filesize
1.9MB

Download
memory/2848-1002-0x000007FEF4640000-0x000007FEF46C2000-memory.dmp

Filesize
520KB

Download
memory/2848-997-0x000007FEF4A90000-0x000007FEF4AE5000-memory.dmp

Filesize
340KB

Download
memory/2848-996-0x000007FEF4AF0000-0x000007FEF4B39000-memory.dmp

Filesize
292KB

Download
memory/2848-995-0x000007FEF4B40000-0x000007FEF4D53000-memory.dmp

Filesize
2.1MB

Download
memory/2848-994-0x000007FEF4D60000-0x000007FEF4E04000-memory.dmp

Filesize
656KB

Download
memory/2848-993-0x000007FEF4E10000-0x000007FEF4EFF000-memory.dmp

Filesize
956KB

Download
memory/2848-992-0x000007FEF4F00000-0x000007FEF505D000-memory.dmp

Filesize
1.4MB

Download
memory/2848-1004-0x0000000074280000-0x00000000742BF000-memory.dmp

Filesize
252KB

Download
memory/2848-991-0x000007FEF5060000-0x000007FEF50FE000-memory.dmp

Filesize
632KB

Download
memory/2848-1019-0x000007FEF46D0000-0x000007FEF4894000-memory.dmp

Filesize
1.8MB

Download