11ea964a30ea62a4bd2d0253ba3e8ffa53716de4534af58006339a7505601ae3

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/hosts.exe
Size

3.6MB
MD5

359aa7efe76799ca9618a123c6326220
SHA1

9dc371a888cf55f14a16ae823f743aee13c92bb5
SHA256

db565b3a99dc62cc00641f677767ff27414cce5aa9ea944ed2ad41738b70e881
SHA512

5ccb2b952386eadde3bde6ec89d5de01bb8b2b285d05d697719e32aebe1ac3d529747096b61c8ea15dde49db3c3dd7ea893c9a5e018319317ac899fa02a0bcd9
SSDEEP

98304:6fIUL/jkm6ns3yGl1uuchFXRczPLIf2kIkK/8/TtjZsNEn:6tkm6s331uZZgpsM8Ps+

Score

7^/10

adware discovery persistence spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral9/files/0x0006000000018ae2-233.dat	acprotect
behavioral9/memory/2576-235-0x00000000003F0000-0x00000000003F9000-memory.dmp	acprotect

Executes dropped EXE 13 IoCs

pid	Process
2576	Gulfx.exe
1136	scs.exe
1376	scs.exe
2228	scs.exe
1680	scs.exe
3056	scs.exe
2728	scs.exe
2940	scs.exe
1640	scs.exe
1352	hosts-codedownloader.exe
2256	hosts-helper.exe
1728	hosts-bg.exe
1792	Updater35382.exe

Loads dropped DLL 64 IoCs

pid	Process
1760	hosts.exe
1760	hosts.exe
1760	hosts.exe
1760	hosts.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}\InprocServer32\ = "C:\\Program Files (x86)\\hosts\\hosts-bho64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\InprocServer32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\InprocServer32\ = "C:\\Program Files (x86)\\hosts\\hosts-bho64.dll"	regsvr32.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral9/files/0x0006000000018ae2-233.dat	upx
behavioral9/memory/2576-235-0x00000000003F0000-0x00000000003F9000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.24.70_0\manifest.json	Gulfx.exe

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}\ = "CrossriderApp0035382"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}\NoExplorer = "1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531182}\ = "CrossriderApp0035382"	regsvr32.exe

Drops file in Program Files directory 13 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\hosts\hosts-buttonutil64.dll	Gulfx.exe
File created	C:\Program Files (x86)\hosts\hosts-bho.dll	Gulfx.exe
File created	C:\Program Files (x86)\hosts\hosts-buttonutil.exe	Gulfx.exe
File created	C:\Program Files (x86)\hosts\hosts-buttonutil64.exe	Gulfx.exe
File created	C:\Program Files (x86)\hosts\hosts-buttonutil.dll	Gulfx.exe
File created	C:\Program Files (x86)\hosts\Installer.log	Gulfx.exe
File created	C:\Program Files (x86)\hosts\Uninstall.exe	Gulfx.exe
File created	C:\Program Files (x86)\hosts\hosts.ico	Gulfx.exe
File created	C:\Program Files (x86)\hosts\hosts-bho64.dll	Gulfx.exe
File created	C:\Program Files (x86)\hosts\background.html	Gulfx.exe
File created	C:\Program Files (x86)\hosts\hosts-bg.exe	Gulfx.exe
File created	C:\Program Files (x86)\hosts\hosts-codedownloader.exe	Gulfx.exe
File created	C:\Program Files (x86)\hosts\hosts-helper.exe	Gulfx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 1 IoCs

installer

resource	yara_rule
behavioral9/files/0x0006000000016d4f-22.dat	nsis_installer_2

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
1752	schtasks.exe

Modifies Internet Explorer settings 1 TTPs 22 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\hosts-bg.exe = "8000"	Gulfx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e85aa5c3-3dec-4c87-8410-085c62486ebe}\AppName = "hosts-bg.exe"	Gulfx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e85aa5c3-3dec-4c87-8410-085c62486ebe}\AppPath = "C:\\Program Files (x86)\\hosts"	Gulfx.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0f30205f-cd11-4f44-ab54-3dea70b1661f}\Policy = "3"	Gulfx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c0425618-68d2-407f-b52c-809d92ff8118}\AppName = "hosts-helper.exe"	Gulfx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ce4ca272-db99-4ba0-b9a2-26d7f64a0223}\AppPath = "C:\\Program Files (x86)\\hosts"	Gulfx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8bfbf8dc-95e1-4fa1-9511-c312716210d3}\AppName = "hosts-buttonutil64.exe"	Gulfx.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Gulfx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0f30205f-cd11-4f44-ab54-3dea70b1661f}\AppName = "hosts-codedownloader.exe"	Gulfx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ce4ca272-db99-4ba0-b9a2-26d7f64a0223}\AppName = "hosts-buttonutil.exe"	Gulfx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8bfbf8dc-95e1-4fa1-9511-c312716210d3}\AppPath = "C:\\Program Files (x86)\\hosts"	Gulfx.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8bfbf8dc-95e1-4fa1-9511-c312716210d3}\Policy = "3"	Gulfx.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e85aa5c3-3dec-4c87-8410-085c62486ebe}\Policy = "1"	Gulfx.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0f30205f-cd11-4f44-ab54-3dea70b1661f}	Gulfx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0f30205f-cd11-4f44-ab54-3dea70b1661f}\AppPath = "C:\\Program Files (x86)\\hosts"	Gulfx.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c0425618-68d2-407f-b52c-809d92ff8118}	Gulfx.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ce4ca272-db99-4ba0-b9a2-26d7f64a0223}	Gulfx.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ce4ca272-db99-4ba0-b9a2-26d7f64a0223}\Policy = "3"	Gulfx.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c0425618-68d2-407f-b52c-809d92ff8118}\AppPath = "C:\\Program Files (x86)\\hosts"	Gulfx.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c0425618-68d2-407f-b52c-809d92ff8118}\Policy = "3"	Gulfx.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8bfbf8dc-95e1-4fa1-9511-c312716210d3}	Gulfx.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e85aa5c3-3dec-4c87-8410-085c62486ebe}	Gulfx.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.Sandbox\CurVer\ = "CrossriderApp0035382.Sandbox"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355535582}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.BHO\CurVer\ = "CrossriderApp0035382"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\VersionIndependentProgID\ = "CrossriderApp0035382"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322532282}\TypeLib	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322532282}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355535582}\ = "ICrossriderBHO"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\ = "hosts"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322532282}\ProgID\ = "CrossriderApp0035382.Sandbox.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322532282}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.BHO\ = "CrossriderApp0035382"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\ProgID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182}\InprocServer32\ = "C:\\Program Files (x86)\\hosts\\hosts-bho.dll"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322532282}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}\TypeLib\ = "{44444444-4444-4444-4444-440344534482}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.BHO\CLSID\ = "{11111111-1111-1111-1111-110311531182}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}\ProgID\ = "CrossriderApp0035382.Sandbox.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.BHO	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182}\TypeLib\ = "{44444444-4444-4444-4444-440344534482}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182}\Implemented Categories\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322532282}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344534482}\1.0\0\win32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\Implemented Categories	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322532282}\ = "CrossriderApp0035382.Sandbox"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344534482}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\hosts"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366536682}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.BHO\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322532282}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.Sandbox.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.Sandbox\ = "CrossriderApp0035382.Sandbox"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182}\ = "hosts"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344534482}\1.0\0\win32\ = "C:\\Program Files (x86)\\hosts\\hosts-bho.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366536682}\ = "ISandBox"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322532282}\TypeLib	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182}\Implemented Categories	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311531182}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355535582}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.Sandbox.1\CLSID\ = "{22222222-2222-2222-2222-220322532282}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.Sandbox.1\CLSID\ = "{22222222-2222-2222-2222-220322532282}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CrossriderApp0035382.BHO.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355535582}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366536682}\TypeLib\ = "{44444444-4444-4444-4444-440344534482}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\InprocServer32\ = "C:\\Program Files (x86)\\hosts\\hosts-bho64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\TypeLib\ = "{44444444-4444-4444-4444-440344534482}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311531182}\Implemented Categories\	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe
2576	Gulfx.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2576	1760	hosts.exe	28
PID 1760 wrote to memory of 2576	1760	hosts.exe	28
PID 1760 wrote to memory of 2576	1760	hosts.exe	28
PID 1760 wrote to memory of 2576	1760	hosts.exe	28
PID 1760 wrote to memory of 2576	1760	hosts.exe	28
PID 1760 wrote to memory of 2576	1760	hosts.exe	28
PID 1760 wrote to memory of 2576	1760	hosts.exe	28
PID 2576 wrote to memory of 2884	2576	Gulfx.exe	30
PID 2576 wrote to memory of 2884	2576	Gulfx.exe	30
PID 2576 wrote to memory of 2884	2576	Gulfx.exe	30
PID 2576 wrote to memory of 2884	2576	Gulfx.exe	30
PID 2884 wrote to memory of 1136	2884	cmd.exe	32
PID 2884 wrote to memory of 1136	2884	cmd.exe	32
PID 2884 wrote to memory of 1136	2884	cmd.exe	32
PID 2884 wrote to memory of 1136	2884	cmd.exe	32
PID 2576 wrote to memory of 1376	2576	Gulfx.exe	33
PID 2576 wrote to memory of 1376	2576	Gulfx.exe	33
PID 2576 wrote to memory of 1376	2576	Gulfx.exe	33
PID 2576 wrote to memory of 1376	2576	Gulfx.exe	33
PID 2576 wrote to memory of 2208	2576	Gulfx.exe	35
PID 2576 wrote to memory of 2208	2576	Gulfx.exe	35
PID 2576 wrote to memory of 2208	2576	Gulfx.exe	35
PID 2576 wrote to memory of 2208	2576	Gulfx.exe	35
PID 2208 wrote to memory of 2228	2208	cmd.exe	37
PID 2208 wrote to memory of 2228	2208	cmd.exe	37
PID 2208 wrote to memory of 2228	2208	cmd.exe	37
PID 2208 wrote to memory of 2228	2208	cmd.exe	37
PID 2576 wrote to memory of 1680	2576	Gulfx.exe	38
PID 2576 wrote to memory of 1680	2576	Gulfx.exe	38
PID 2576 wrote to memory of 1680	2576	Gulfx.exe	38
PID 2576 wrote to memory of 1680	2576	Gulfx.exe	38
PID 2576 wrote to memory of 3056	2576	Gulfx.exe	40
PID 2576 wrote to memory of 3056	2576	Gulfx.exe	40
PID 2576 wrote to memory of 3056	2576	Gulfx.exe	40
PID 2576 wrote to memory of 3056	2576	Gulfx.exe	40
PID 2576 wrote to memory of 2728	2576	Gulfx.exe	42
PID 2576 wrote to memory of 2728	2576	Gulfx.exe	42
PID 2576 wrote to memory of 2728	2576	Gulfx.exe	42
PID 2576 wrote to memory of 2728	2576	Gulfx.exe	42
PID 2576 wrote to memory of 2940	2576	Gulfx.exe	44
PID 2576 wrote to memory of 2940	2576	Gulfx.exe	44
PID 2576 wrote to memory of 2940	2576	Gulfx.exe	44
PID 2576 wrote to memory of 2940	2576	Gulfx.exe	44
PID 2576 wrote to memory of 1640	2576	Gulfx.exe	46
PID 2576 wrote to memory of 1640	2576	Gulfx.exe	46
PID 2576 wrote to memory of 1640	2576	Gulfx.exe	46
PID 2576 wrote to memory of 1640	2576	Gulfx.exe	46
PID 2576 wrote to memory of 1352	2576	Gulfx.exe	48
PID 2576 wrote to memory of 1352	2576	Gulfx.exe	48
PID 2576 wrote to memory of 1352	2576	Gulfx.exe	48
PID 2576 wrote to memory of 1352	2576	Gulfx.exe	48
PID 2576 wrote to memory of 2256	2576	Gulfx.exe	49
PID 2576 wrote to memory of 2256	2576	Gulfx.exe	49
PID 2576 wrote to memory of 2256	2576	Gulfx.exe	49
PID 2576 wrote to memory of 2256	2576	Gulfx.exe	49
PID 2576 wrote to memory of 2980	2576	Gulfx.exe	50
PID 2576 wrote to memory of 2980	2576	Gulfx.exe	50
PID 2576 wrote to memory of 2980	2576	Gulfx.exe	50
PID 2576 wrote to memory of 2980	2576	Gulfx.exe	50
PID 2576 wrote to memory of 2980	2576	Gulfx.exe	50
PID 2576 wrote to memory of 2980	2576	Gulfx.exe	50
PID 2576 wrote to memory of 2980	2576	Gulfx.exe	50
PID 2576 wrote to memory of 2440	2576	Gulfx.exe	51
PID 2576 wrote to memory of 2440	2576	Gulfx.exe	51

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\hosts.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\hosts.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Users\Admin\AppData\Local\Temp\nso846E.tmp\Gulfx.exe
  "C:\Users\Admin\AppData\Local\Temp\nso846E.tmp\Gulfx.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\CookieDbIndex.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe
      C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db" "SELECT id FROM Databases WHERE name = 'crossrider_cookies_35382' LIMIT 1"
      4⤵
      Executes dropped EXE
      PID:1136
- - C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe
    C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db" "INSERT INTO Databases (origin, name, description, estimated_size) VALUES('chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0','crossrider_cookies_35382','Crossrider Cookies Store',50 * 1024 * 1024);"
    3⤵
    - Executes dropped EXE
    PID:1376
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\CookieDbIndex.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe
      C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db" "SELECT id FROM Databases WHERE name = 'crossrider_cookies_35382' LIMIT 1"
      4⤵
      Executes dropped EXE
      PID:2228
- - C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe
    C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0\3" "REPLACE INTO cookies (name,value,expires) values('InstallerParams','{\"value\" : { \"source_id\" : \"0\", \"sub_id\" : \"0\", \"uzid\" : \"0\" } }','2111-09-11 21:16:31');"
    3⤵
    - Executes dropped EXE
    PID:1680
- - C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe
    C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0\3" "REPLACE INTO cookies (name,value,expires) values('InstallationTime','{\"value\" : 1716919999}','2111-09-11 21:16:31');"
    3⤵
    - Executes dropped EXE
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe
    C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0\3" "REPLACE INTO cookies (name,value,expires) values('InstallationThankYouPage','{\"value\" : false}','2111-09-11 21:16:31');"
    3⤵
    - Executes dropped EXE
    PID:2728
- - C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe
    C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0\3" "REPLACE INTO internaldb (name,value,expires) values('InstallerIdentifiers','{\"value\" : { \"installer_bic\" : \"39DF1EA2890742A78755D688305BA7B9IE\", \"installer_verifier\" : \"eaa55fb5b46d726d6702999ac26730ea\" } }','2111-09-11 21:16:31');"
    3⤵
    - Executes dropped EXE
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe
    C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\scs.exe "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_nnlomafmkpiclmaaekkhpoecnclldmaa_0\3" "REPLACE INTO internaldb (name,value,expires) values('chrome_enabled','{\"value\" : true}','2111-09-11 21:16:31');"
    3⤵
    - Executes dropped EXE
    PID:1640
- - C:\Program Files (x86)\hosts\hosts-codedownloader.exe
    "C:\Program Files (x86)\hosts\hosts-codedownloader.exe" /installapp /agentregpath='hosts' /appid=35382 /srcid='0' /subid='0' /zdata='0' /bic=39DF1EA2890742A78755D688305BA7B9IE /verifier=eaa55fb5b46d726d6702999ac26730ea /installerversion=1_28_153 /installerfullversion=1.28.153.3 /installationtime=1716919999 /statsdomain=http://stats.ourdatasrv.com /errorsdomain=http://errors.ourdatasrv.com /codedownloaddomain=http://app-static.crossrider.com /externallog='C:\Users\Admin\AppData\Local\Temp\hostsInstaller_1716919999.log'
    3⤵
    - Executes dropped EXE
    PID:1352
- - C:\Program Files (x86)\hosts\hosts-helper.exe
    "C:\Program Files (x86)\hosts\hosts-helper.exe" /externallog='C:\Users\Admin\AppData\Local\Temp\hostsInstaller_1716919999.log'
    3⤵
    - Executes dropped EXE
    PID:2256
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\Program Files (x86)\hosts\hosts-bho.dll"
    3⤵
    - Installs/modifies Browser Helper Object
    - Modifies registry class
    PID:2980
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\Program Files (x86)\hosts\hosts-bho64.dll"
    3⤵
    PID:2440
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\hosts\hosts-bho64.dll"
      4⤵
      Registers COM server for autorun
      Installs/modifies Browser Helper Object
      Modifies registry class
      PID:2620
- - C:\Program Files (x86)\hosts\hosts-bg.exe
    "C:\Program Files (x86)\hosts\hosts-bg.exe" /executebg /externallog='C:\Users\Admin\AppData\Local\Temp\hostsInstaller_1716919999.log'
    3⤵
    - Executes dropped EXE
    PID:1728
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\system32\schtasks.exe" /create /sc minute /mo 360 /tn "Updater35382.exe" /tr "C:\Users\Admin\AppData\Local\Updater35382\Updater35382.exe /extensionid=35382 /extensionname='hosts' /chromeid=nnlomafmkpiclmaaekkhpoecnclldmaa" /rl highest
    3⤵
    - Creates scheduled task(s)
    PID:1752
- - C:\Users\Admin\AppData\Local\Updater35382\Updater35382.exe
    C:\Users\Admin\AppData\Local\Updater35382\Updater35382.exe /extensionid=35382 /extensionname='hosts' /chromeid=nnlomafmkpiclmaaekkhpoecnclldmaa /delay=300
    3⤵
    - Executes dropped EXE
    PID:1792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\hosts\hosts-buttonutil.dll

Filesize
391KB

MD5
984460f842fd725b06f433476d3413b1

SHA1
c375149dd32a9a7aa6a73a52cd72cfdf0cc3c41c

SHA256
7c5bb9b83827b674063702c5732c8840afa2e41002e9e940e9ebcb434322b7e3

SHA512
9be3a73bf7e2d298b2ecb31d48bc0d3665bef376006b453ddf98478d6b7297e9a0d7156ff0397713101b09948a851d6355f523d22a57f5b87fac6fd9cc1a4633

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnlomafmkpiclmaaekkhpoecnclldmaa\1.24.70_0\icons\icon16.png

Filesize
1KB

MD5
5fabc6d76523647c4b48b51fbd517408

SHA1
4d009569658443968cbca3516949c9632cbd25ae

SHA256
e17f7fa24d6ecd81bc2abb172a0c1eeceff830867ea45728eb93918eeb4c607a

SHA512
a6720e4ff1a68074e76d3d744bd45584f76c4b209a6b3badc82361dbb30b19ff1c5aeb30276b9ff991f3069e37716134400ae2fd85b209590db5a2e0ef3f2bde

Download Submit
C:\Users\Admin\AppData\Local\Temp\hostsInstaller_1716919999.log

Filesize
2KB

MD5
6ef5a1cfbe99b0dee896ecffeb387abc

SHA1
d6d3ea6bb4ba0fd47d9d76b5ba911dae1ed4a02c

SHA256
881331abb0028057f8976879edd303b3895cf89a8f19dd9432e3b214ffa37bbe

SHA512
161099c59fbe0f277d0fef081cd9826fa01eb89be96dad6a196c7ae9d16b31ec64357dbd0af3ee1c244d1943b6b612f53457b1a0105bc1be42a9129c9defb5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\hostsInstaller_1716919999.log

Filesize
4KB

MD5
08a5f2f6da054ea9aadfae2a51a49a32

SHA1
ffdcdfae3861eef1d2bfed69d9efa466d79ff0a7

SHA256
887d9635b3d94d9538c40de86cb9912c4418e1936650430bae72beda410867d5

SHA512
7539847afd1dd0f66419b75c8e77ec546db73d46397de3d0bf77c19b485a3ce01d9e89419557454885af96c2f6355270f3f89a69180b19b4a43c9c4bb0b70943

Download Submit
C:\Users\Admin\AppData\Local\Temp\hostsInstaller_1716919999.log

Filesize
633B

MD5
16a837fc8a854aabcc6e07f8e429cc29

SHA1
5cda354fab3cc3b9d0e29de96d3f6a4d0244e1df

SHA256
13fa21df332f54663761bd1b5ce1764992d73be677e1acf7ad374a72cb9f7f37

SHA512
bcc4b6b73c02187e0193a64054f93373d9e242d7abc9f90a65a66672c28a3b92207491758154222ac96fb6398ccf32b9f0aa9d1e2755e43235a008cd18f06d9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso846E.tmp\Gulfx.exe

Filesize
3.5MB

MD5
d803175958a9c786a109cfcde95ac1e2

SHA1
21f744ea99d0328ac7ec72c75f74374dfe6e1ea4

SHA256
2a8b4a5866f6f840777a2fbf1ffb739bc6b2e889876084e966d39c7325ddce3f

SHA512
ed341762c6848a03b4877564b51b1e1bb61e702574394945b7c612c6225e3768a3e5244ce0f401f2985ba6b2290c8bd9d1c0f4b31e69060ec28f6b3d23012355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\CRNSISPlugins.dll

Filesize
202KB

MD5
e95a1945663079496ac8f6374bf08d44

SHA1
b4b35eae891b2e06b1f559b12587b6ca54c3e82c

SHA256
d22c4dba24a3fe2fee0e5e22bb1744b8b11e8e3dd4190267a9086c9efb514537

SHA512
e4140888236bc2759e09941c51f8f97be2a73ab996c60e4dc6e25a61d8e59f613f90fc9bb8c073ed0d463c0f91951fd04f20d272ec5383fd0ad2d5450abbc972

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\CookieDbIndex.bat

Filesize
282B

MD5
4f30f2266dd149641100de25fe615d8a

SHA1
88a20e32600e8e4783d4d5d436f99f5a7916b694

SHA256
498e5e20c2c2e328a46b1c6e3a6b03a4e8d3cf1644c61a11d5575f6bcc829fac

SHA512
bb6954bddfd0fe45c2dc094509a2f904272f3fbd43ec273ca66a111c625a8635147730837f04948e1837795b36f008ec692c584e1d36a9601072028a8f0ed540

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\ExecDos.dll

Filesize
5KB

MD5
ebcf9f71d804abab3c2e5ce4c17dc22e

SHA1
17d13084e75cbfa5fbfdd0025e9a0ee5772ae765

SHA256
d387b725afbd2a6f9b44999278d21025fae55b391e45f7751b88dfb13511a993

SHA512
5576396c2d885c039668d7f401eeee583eb4de39e8497c3aaec32d47f4417a522fe6786c111d50a5fba7570f50e84144ef3a8aea42677d170e79114343c3a4a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\ZipDLL.dll

Filesize
163KB

MD5
2dc35ddcabcb2b24919b9afae4ec3091

SHA1
9eeed33c3abc656353a7ebd1c66af38cccadd939

SHA256
6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1

SHA512
0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\temp_file_after.tmp

Filesize
476KB

MD5
533e65cb34a7327033e68cc4a15b744f

SHA1
04076be368d8ad1575e6cec539fc18bb1f1d798c

SHA256
fd0d806c663f3c6609c50f4882cef11ae78b30ddd2f01adb3458a9c525eac5bb

SHA512
c8892b007e60d0d42aedf0ace13a9804f02c124579b6f6acd9a02e3c085f32df0d7c6191b8d3cd9996c4f8443c4751dc24cd499d6a8bbf9eeba86738335114c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\temp_file_after.tmp

Filesize
304KB

MD5
375f6e5a2f13bd4fbf7e47f572050203

SHA1
87bb6719a9d5b8f9b9a6992dead4ab8f315e30a7

SHA256
8a718f96b36cf85a577d31d36130084cded2b0b31eb0a08bc88dc87b734bdf3e

SHA512
8dcfa6a58dde3b338cc4d5a05bd68e7495eb27543b36185abdb70c5c6fb47f05c60602c8b1272377a32d163a7ca5d0f6fb41aab81170c10c270706de36971ca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\temp_file_after.tmp

Filesize
331KB

MD5
a0ecae222666ead91bb883afdd55ed1e

SHA1
8a67bd72c58d6ab22c7441cb3e5af1887b7e5189

SHA256
2c83e373bd55513b96c0c25a5d3aba7602787176010f27949ff8109d2a57cb05

SHA512
aef62282cf5907e6a94a42a8fdd2944de82cb6bb731357362ec853acce00861fa1e5a4f4d62e6a6d7f948718f3eb3137b1ba0b2f4f21e6c81da4899c73957631

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\temp_file_after.tmp

Filesize
475KB

MD5
7a5f6c2858f19f008b5136432fab79ef

SHA1
0d4035e79f089ecef3749b0f0f154843a5adb3d6

SHA256
ac8e0a379c39316c717a9fa69621430a71847c8f9c7afbd7f7c1823eee6b8242

SHA512
996a97c7f456159c44cc54fd09d19532a1f719ef95100798728060a1366fab31e8be881bc285d56a477d6701a5649e27848d761593cc77f54e76b8ab7048c8a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\temp_file_after.tmp

Filesize
584KB

MD5
b37394fcbe121bcec2acd9cbd0c3e047

SHA1
ec75974f9ace9c43aa974fbbb975d02f88dd0bdf

SHA256
5a3338fca3605722c9dcb52e53bd35c762ec189d44ade67faeb34f5a8ee09d4a

SHA512
8344d3801478317698f7e2efbe7d24009f57760587f64218f63860b4bc7499be6363034fc8356d74d2f5760ebc36424297a94e9d1666c2885cbea632687eb47e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\temp_file_after.tmp

Filesize
918KB

MD5
d12d2f2bbd7b35a5113fbc4895bf5034

SHA1
cf59e8174bbd4d78634e4948b45f5c7be0b6ffcf

SHA256
eab8d231ba6147e9fc1763a855342c98411f89a92b01fe0b000ab3664a12b9fb

SHA512
2e0651ba152c1d724d75bca0e3cc178f0bdb11d98c74aa65fe5ebf4ff06f2cfc851ada6df4ac36d759c24f8c0bfd510b77be24aa0b222c59c16eae1419f6359f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\temp_file_after.tmp

Filesize
721KB

MD5
2d4db75bda4557835e8a0ee940af5f31

SHA1
da7c95fc2e756f0062b3f954883341355844aa0c

SHA256
5385927efccfd2fd518086acaf66e82d2da9280bfa57b8bcc151dbd3489834b6

SHA512
bbf6cb2612ac1c9b72eec5f7100325f132001839daae22e87e5aaff8b99af8280b6fb6474ff7b22906beab6018ae706e72b17d2d48f9f3a65c0101e47c1ab974

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\temp_file_after.tmp

Filesize
209KB

MD5
1eae78b4920b8f032949e73becebe3e9

SHA1
1a67938da6e18e3c39e51a19d0e5b13d28f16968

SHA256
f8d3ffa89565927dcd5012716d00f61cb40f2624df3ce0c022927e1314674498

SHA512
db9977338598f6aad0822b4e87238fcb30143b72845a8490f0c82d7a3b19034dee62fda7cd117fdf5c629619b73e9d8c0c4e3f07f70b7703665d0de39d7f45c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\temp_file_after.tmp

Filesize
139KB

MD5
af3889792d4b12d123f3da3c7369a1e7

SHA1
18c058c952a9cbae3971c30b0cd8c930cb7f5948

SHA256
6ce9f9b48cd33fbd61b5c50c56f275700e27b6c0b125dcd17db42848df3a1d02

SHA512
d25bbecc82b7ca17e943518770546a87d7c1b70ca593c4b71676d1d19bcbf08b1e86a097bf7de71d3c3b6b9f51331dfc924abc2dba9d10a60fbe41b0809f019e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\temp_file_after.tmp

Filesize
169KB

MD5
a8e05dc04a180db85db0e1e9b6766feb

SHA1
25856fb13e463f1ae5b69728cf4ecb7fc01a5f92

SHA256
199de2041f20c44553c79e2234290e84616c6af81f7732af015a6ec9f09ce044

SHA512
697422c26a126fca2b3765ce3ae936198a7bfa92fd3de6afbda350bdfc27644b8dcf7999e35ba5023c2a20c0c88f3d9eb7ec717972e418b2c256e72d432b8e46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\13_CrossriderAppUtils.js

Filesize
5KB

MD5
a15314f10fa928b5c242eddc4b91f503

SHA1
b048236f146cc8bf9a94613a9dbd7163c23a8527

SHA256
d7b4737392053f240a6458335e2851bfbfbf4d4548cda3b6149f67ae1a65ffd3

SHA512
5ad43b80e47eb279d1a7a2d1972cc8d846ecb2e3f997bdb284f9af09a7558206de99488b11afb183282bffbe43922332318d0e18b2a010ebc0a293ed723ed180

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\14_CrossriderUtils.js

Filesize
12KB

MD5
56e07db48844b5eb4dd57f053d87a38d

SHA1
f2b6c01b0c8e3fddc1d1ff717405839af5e87c45

SHA256
d133d13a00af5f4180d6f1868b2adfc21c833d96b515f9df79da71012e0d9e6c

SHA512
277aaca9373e38368f9c0c3f1342542fadebab3fa9bed35f9fc3f2d0308b1651677a402839869991f974d6ba3bfcaca7d1be8dfbf708b91531f1358bf6de7ba4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\17_jQuery.js

Filesize
78KB

MD5
2e178b56166c048bca44c0fa91b9a8bb

SHA1
9b1325d123dddc1e72f8b4f3e516fdc329a70255

SHA256
a1668164048548587a76dedd8f65cb23e31f0c788ff4504bb9268ca22452a22d

SHA512
18acf1b70a17897a1c09feb3e984f11cc4a6114a0f1009dd2ad390b1fa292a6710e69c12e2ec75fcbc8d2c96fec6e7eac1f9fd0b923f419f1886136a61fb7dc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\1_base.js

Filesize
6KB

MD5
50c3bb877214c8b2b4f56a4fb8f46026

SHA1
0e4b648166fa2bf54f82cd743f3e9b8c3db9db85

SHA256
c6a512f5f2d8beedbb3481235c248e24e5165dd68c004194cc6c0d3f10eeba71

SHA512
1e5427d20c39cb38f77aa45911fdcbfef6d67198bb61b7218fc540381a5bbcb1cc60b6587f250f122010967519e75c9815a974b7048362f65fcf501e62dcdb69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\21_debug.js

Filesize
3KB

MD5
9aa9d49d26b9e04cc4f74b5b75461a19

SHA1
5902fc10054355a5b8b9cc41620445baa0f1d0ab

SHA256
4efeda330ae9854f4ad14dfcad07ef3946ae510d440dc09b36735842f4d6420c

SHA512
edaf778e10084219b63dddf4bc7d7e4e6bf728a7367c0f83752eba93bb1dcfddb9b3a363c34a935b14399d2423d6aeba78104ee1304de5909d49c46ef8babf74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\22_resources.js

Filesize
8KB

MD5
de9409dfe830d119e0153cff436eec21

SHA1
9968e7101a0c09d5340ee60d45b074ab1c8302c2

SHA256
25e5d82f890e9e439c361a8d29075e1645d77df24725cc4891f7f3811ebeb0ee

SHA512
912abe8bec5182b1e406dafba8afa1a1e8f83d795ab7d678ccf506fe28a14972e64bc31e04e018b731172fe20d95441129113c9a24188a44c99867ffbb415fbd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\28_initializer.js

Filesize
664B

MD5
037af70a1be5a7b3d0d1b8f649a58ac5

SHA1
57f2136cd86b69e88017e3346cf16be0c2a51a2b

SHA256
c6de44c3970812285c8f713ef6cccbc3f289316c5c73ae645ef4db7b84a1f437

SHA512
d18c4896e5bed6c625ee82f2d6a42443be1282d0033f453c60a33426ca42682044d22c09e3697cae787e820682a0a627ca1a00ce609d7e51bf50667c403188d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\47_resources_background.js

Filesize
7KB

MD5
1c37276b64bb4f654154c8e219a4054f

SHA1
2ebc101982648313ffe20510a6c6754410f9d89b

SHA256
e6113d332ee931944c4b486211749e3ff8f17b785fa9db9f9d52953662150365

SHA512
07ef18a6c78a32bdd53d526f81443148a45c938fb8dcbeb916b5604085ee4d6f8a4cea8fce8dee611d3147a39c2b66dfd77ad54abd603e339ddd8ae2b08c616a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\4_jquery_1_7_1.js

Filesize
91KB

MD5
270f3fdcf705d335372f152689e20bec

SHA1
97262ad8cd715fb4301a9c744d86c7e620e01fa5

SHA256
2ce9253b60a64446367254b656e3b32a18f504eb58ac65cdfb197f1238531b95

SHA512
0be722508ad507c35dec2a4bd5840a7760b5aaf6b3dd99f2d1f019ad42d56262cc2c6f051e7380cbff6e8f8a228e9033ec23b7a0ae7bc3f6881d28dc4d6b814b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\64_appApiMessage.js

Filesize
2KB

MD5
443bd4a62cfc40cbb36e796698c90a56

SHA1
148ca44d7c0a3e2f5e2a3d38efc5d999d2701a84

SHA256
5a3d4d45cdd0e833141c65a426f49096ad156703e9bcf8465fd06c7d5dd52297

SHA512
48dae8169ef813a0e9ed27d70635283a964d9dd8001546729f3c5c4d7fc16c3063938f193dac0bffdb1ea1347e69ad4529ca53039160e340b90354349cd8123e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\72_appApiValidation.js

Filesize
22KB

MD5
255b05dbd558ec118591a92b2f69c38a

SHA1
37142bef051c4b5c7b2d4742adf8bfcbc2fd4da0

SHA256
69b8b959f1fff9b008340b864dbbc638ca4d29903283bef5eacb880f4dc59cad

SHA512
f13d708c0fe208b28b37bf2fbc10283d3825b54ae67ffad53d1c72f4120adfadc445f49b48894081b0e80f126056ab1ba2c420b2c1c10249899aa921f2f51dcd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\78_CrossriderInfo.js

Filesize
2KB

MD5
ec3226e86137f361eeef8f1244a0225a

SHA1
cd7f9dc491736cd9e148909a99952b767e7d913e

SHA256
6ec15c91a0fe041004a56bbd3b276b58319dad0f1bc55a6c9c6a0604ae2df061

SHA512
2386b8f0b952e1cca976a58c5f8df0357a0e260e240b7e7b92e3c8ba78c135568b2993f5e5d769eb14cdaf117bc5e317209b0df44b9d54ec9ba932292726747d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\userCode\background.js

Filesize
2KB

MD5
452af2430382c8d4ab3e907f47315c11

SHA1
526858bb1f1ff2102b40d9ec5285978bc98c9dc8

SHA256
e158394c52591c8de9a41fb50072f8d180894e5f8820e7e8301d299ad205c156

SHA512
a20b10e5f45d8c48d57bd60821fd72b568950e3c0b72b156364275a5778d5e367629a7fe2ad5f6a3e52cb5297cc7f005bf2f27258e917575318a5cc44bc0ef06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\userCode\extension.js

Filesize
3KB

MD5
ab48907a9be6281de663c4849a594dc9

SHA1
27d3a4482f947e964590182dab99ebce5475e095

SHA256
cc76f9443a08e16667f1f2a274c1d9b5f0330d3df7f46f97d40b79562b47e1c2

SHA512
e079fc71a7fd53a9e0b855be99e7a4f54cd1fea472a7c190e3ea5d6d8ab722e0f148798e19bbb846cddcbb3e8cc50764024bab0a4a14026ce6d89b12bb09c361

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\skin\button5.png

Filesize
1KB

MD5
8b1eb9cb80417ec0022d278a44ab1dc7

SHA1
c49eb73f79e70b8ed96d91ef62f0bc344e41219a

SHA256
e358d97ba4c51b987fe73ea0ac0f14f9b2375e299f3e859fc37c21ab8b051ee6

SHA512
0324f2785d09f04c5be9ee77f1cb80a7afe06d66672baa862f63ec8ac59a2ae58199db91bb28e18409e918b222dcf09269013a270284213473ffa974d842c7d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\skin\icon128.png

Filesize
3KB

MD5
68447a995095517de966faaaa441320d

SHA1
4229b0c045b7bfd1546cdc1f4e38c68135326fba

SHA256
f4223da0667e669eedaf4878678dae1637dec401ff7bde29dd56b8d1fc4e8d3c

SHA512
f52164a45b182c10bd36dd9fe34e5c047e8d55b6e86eaf4726efa40ef159ef6f586066b1660f45b2c6bd987f8ca90d0039e857e066db209837d9aaa1e8defe65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.Admin\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\skin\icon48.png

Filesize
3KB

MD5
12e783f1b55f54b719444e958d0f654e

SHA1
b147828f4af4fb86da89b0219ea7ff2da1d84a1c

SHA256
8b1bc99525aaa27b37216beda75ae7b457e0d8792b91506a736e7415f67788f1

SHA512
c44bb389bda5dba024c57cd4601c3dd5fe35a992c973eabd63aba4e8fb1e221e31ae06ad6e459b6c808f469fa14163722a11acc0624f43d797e5377e5e4486f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome.manifest

Filesize
732B

MD5
ba60b7b3decd2b1e30e55e4301e20de4

SHA1
61ee703b552a8826fe1086ecc5abee4d45bd92c8

SHA256
05c4744db6cacb64b25a23eff0c748ac24e6fb74e2791341cb26e154861e598b

SHA512
8893279ca4f4dc3ac4f4c91da402a759663b2aa3a5e2ac779be03fb3a242054d80c951c4d103faaa02abf103bf58d173fc50c417b0505cc918190fd718280fbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api.js

Filesize
16KB

MD5
1b0e6ef4d0fc3ff4f1053b8212a66e6b

SHA1
4eaa508db5db96c71eda86b70e4407c5fbcc1cf1

SHA256
5a992494b9ffa51c2f833beb994665565f53db19c3e5ede6314c004e19df79fd

SHA512
1e657bd982fcaccfbbbc5ed57799d62bdca807c401ab8bc9c9cddfa2d23cf2ecbe0fe7fe645e39ca282009077830c83937974b79e7e9744b1f0cab17a782d579

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\asyncDB.js

Filesize
4KB

MD5
e377ef2d419e60d15b422da1295201fe

SHA1
92a1fea50dbb2853c5ebd95a039a5fe9ffae8c02

SHA256
3277002ef6bf5cce6c956dc6e0638c6091351b723023bb63416e60a034c1fe17

SHA512
cdca13250f0658cb17d217d8b898ed41ef256b8829c1e572ea2b966e6d5c23ef122274c192147e3387b4503a4230543eed4dc34a30fd14dbdb6d93b745b88626

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\background.js

Filesize
1KB

MD5
7ffe768c2ee2122086138f06feb7bf91

SHA1
d8477968fe77153e91d05ef3f1aa3b8ee9463f53

SHA256
12addd2f2f90940a8d7b9ef9b3c4ea64f07745b1eb87dfb34f888efa382fe8e5

SHA512
504f978555f7752f83cf1cd6e4ca9d97c4c82667ec73637fc2ef203ba5b91beb5aee0eb0981171af8fb565f123075038fc15e5b8445c1a0fe4407e736d31fc51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\browserAction.js

Filesize
8KB

MD5
2e7ebadc5aa0f8f17a4ade86d84dc175

SHA1
6b6c74ea8f349a7d608187a88c8668440a2c6888

SHA256
8278f1f90ae2c452d102aa44389f25dfc50bf2ab4368e95887c08272891a6d14

SHA512
63ce1815c7d66c257864e90d94b25371c81ed6b11fbe6733a436d050d7c35f8fb1c65e788e7ea0b595126a32e291a16f02a0a66bb0ff494557d08cd07c65c9b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\contextMenu.js

Filesize
5KB

MD5
bd2752eb9f4622d39fdef6a51cbe2b20

SHA1
6a1d2cd4035f937edd84a3ce5ad6ed2893ea9725

SHA256
0f49b2485c81d32476d60cb4bae53f6f6bbdee2e98a7dd8ae54b33522bf30405

SHA512
7a5165fa483fd04e28a996ff400739e0347eaf50b3c641132b7055e4686c2e6377fcaa07544089b386b8729620252e0712e20db0cea9df8dcb99571f6d518ea9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\dbManager.js

Filesize
4KB

MD5
780b66c8196bd869af8eac63d695d9c9

SHA1
c02d465ce06fdc40e8adba0e463fa3b609fdf56a

SHA256
aa61b53209da3e4ac51c69326d7d31168cd14e34808d8c71784e804aa970e486

SHA512
54b8e3adff18652cdcd84a5759125d061e50a0f074ceac89a31085bb31096308244824e24980330b5c9d0f68c52a95eb85b3bb2ac36e3e5645bf2e3fcce71b70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\dom_bg.js

Filesize
1KB

MD5
de002d9604f09b376b85159f289b75a3

SHA1
5c6c4ad17b914118f387863ee5982aa52ac34c09

SHA256
0e095eb0e16c343ac812721b182bea66498fca55ecd899ab5eabf9e0afb792ce

SHA512
a29071d597111b9e7335e5dacbaa19715950fe03072eebdbc15bcdd2021958d30522e4af00fa711059d0337f4af4c4913664ecf266177607228138c4cc2157dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\fileManager.js

Filesize
848B

MD5
81b4df8409320d739e70e9d4cc4c62f7

SHA1
7f5e03ed6d5d66fb9a0d052761731d302df21eca

SHA256
7817b095e2386aa2aeafd5a7c3b0b974efaab2c71f0b3833ad344ff6c80d1e08

SHA512
c0839504db12cc2dafcc127cb0d25e29f1393c3d7b7ef6a74d0e5ea9656b9894cb7e7cd8c244eca2fa00b1df414bfd0638c22d37cb1049ed51e905a966417720

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\firefox.js

Filesize
258B

MD5
a1cd4406d7577807a698aa3995046192

SHA1
7dc6d8b6718d8e3042f9b959939eb6d1caaa4b57

SHA256
5609ed9fa249166c8dafe7eda048c86486574445244d2dc509fb617b87b5d7f7

SHA512
9421c2310562ad6f9026d7f710ebcfc4957022219e972db3424b5f926a7a5d5e85b8cc5d0ba47c0214d2514f90f31b32ed77f887b8279fd5e90b74ffc341768c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\firefoxNotifications.js

Filesize
1021B

MD5
2cbb07727f1ad5480752694ba113854a

SHA1
19c82a1dfcd0e7a8bc442ce22ef268d699b9e674

SHA256
db1a27b86d4a1848cc0e8c5f1887ece15ebab250bcb025d1e0aa2d3c029d9b40

SHA512
9ad1b14c3febc6c74474680c7b6c02d8294f7f996940d4ca0d448cabcf2fe7f15249aae5fc67184c49d4a82bc236690f85403746932ca6df4e93197f209f1291

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\firefoxOmnibox.js

Filesize
1KB

MD5
6a8f7ce7af69467e591e52779773ea78

SHA1
b54a34b7802553189251e108a86fe229472803c0

SHA256
956c1268e6952de66c640de033b1f63629c66b96568e84c4072dc0786f34b6d9

SHA512
cfe1606c7e590f5a4e5c2df80c539ff766add1b944e023f332a9c0b5f7b1dada8e4ee2012ef1ca396369bf8a69a8a49e4695633d80518261acb54c0799885eac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\message.js

Filesize
4KB

MD5
4bb8c37de070a46d1d92d1ee2963b0fe

SHA1
aed3b5ad9d22156025479c722dcbf5db31010da6

SHA256
35fabbd1f84485f8ca1b0728b73c2f7bfb350400912bf38c108f28fc3164688b

SHA512
9901057f0c3d2601805aa5e9797ee39bf8cf0e10d8f21cb5f18a679fe83b5e531c98b748c8f64beffdf1811a36b6ff1e732c13a1e512bcf283caea453ee5d83a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\pageAction.js

Filesize
10KB

MD5
6ece489d04f5e899afc224ea8687e1a7

SHA1
82263206f8a83b3f917c33cb63e41a80be687ff1

SHA256
73734442bd0e896f1530d5656ce33445d5b63478e339bf96ba68b30cd9a789f9

SHA512
d4bf00c1a76452636e3c47451c500b33008d41e650e6eb37612d112681e9bc341d0e8a0dec906bfb4366fef53f67c3fabdafd16d83cab6cafea6b32bcd642406

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\request.js

Filesize
2KB

MD5
7188f8b638a00a897acf7d6db9381c8b

SHA1
8394559d7791715741cf8f1dadebe7b7ad15132b

SHA256
306b1301a4f737d7a7995168a969bc730f26857a39949fcd4899d1dd0a6a3f9d

SHA512
dd950176cbe599602b660b767c1a85fac866b00d5b025886efc01d3e488e7b4e5392da3ac4b73956d753c102ac297373e0834022ffa06f0bfad07c78c6c833cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\tabs.js

Filesize
2KB

MD5
57012deb7a603386a154ebe9ebf5e21b

SHA1
687a2a341ef1ff3176214adfcb80c25064ab16d3

SHA256
c0861a4b76dc2c471ea848f140d51b78ea689dbc9d9909bf80fee3c539ad3286

SHA512
76f864bf69e964b33c5436568ee409da16964e148053566ee3aa250a3bf76018ccd565eddd0409e2718c9d63c5c96ea6eb502077ddd531a96529ab64cc194086

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\api\webRequest.js

Filesize
1KB

MD5
e8a80e409e40199e3309e5d37dfcfeaf

SHA1
b74ce420ab51a7af5901cc2f17b3ba19ff2b847d

SHA256
8e82ea7cc89b91e80b5bd904ae3efbc34daac4374f1c6089fa25ea9ec2ece2a9

SHA512
4e7ea24f342197675e1d1cebc61c16aa3173bda6e96d616d97f8978b180d601294c1c82f845209b1f5b3ce07dc71c1e75c042fa476415960cbc8b7017e6bb316

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\background.html

Filesize
1KB

MD5
fb162e226ced64d0b4d6e53ed9f82eb9

SHA1
2b1d6ab496785d96ddcfc712a942a0d1de8ef018

SHA256
3f20ea55cdb879a1babf8ac3372e2cba7bd21586017e7e22dd49050cb1d03140

SHA512
864650849cdab6609f2219960e04ba33a1878bda8b76c326d08fb5ad5410b2a54e9c84c5c1a22efaba832e16e549fc2a7f59421b65db9f9566fc7c118f44daf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\baseObject.js

Filesize
19B

MD5
aaba4db5965550fa33599a2888151785

SHA1
fb472dd90e55164f05774d9778e97a644ed2628d

SHA256
b0e6494d211fdfc5b0eb3f6668ccbdfd8f99d065440e4c60776e32e1b574ff44

SHA512
19d805ec4989b4e9eff4c855c4ae871dc81346f801392e06229d0e359f96e16e05108e0ff4c6207f9fb72c40a9e6aa9aef4069c7c730bd02c316b8f4d597914f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\browser.xul

Filesize
4KB

MD5
69100e0359b189c1d3d81f03cbf7f92c

SHA1
acb4bac7d9edcac1e54b8c78fe5b932822530a3b

SHA256
b008bc5f92ffebecc6068595002b543aaf22369dd458974d5eb4a700f1eb6c3a

SHA512
a2c74a4602645a3dfa5946181055d11232aac1bcb031e0b1635944952aaf27251477506fcbe358bc8a67a203349a2f627119cb6c4e54845c5c161469df3e5878

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\IDBWrapper.js

Filesize
3KB

MD5
44bd338a01fc265a1f48feb6109cffd3

SHA1
21a16911d1a82b1ad847b7a9c94f95127eefca60

SHA256
4c2e7321e1db1e55ac0d22934c916467d45767c85a65843b942891f983102da6

SHA512
9039535ed0910662afb0148598e3326bc50641887e4dd8907734cf0d1093655ee3c481c0d2f7a5581e5846cac804e1c10c33b896f78895c858076b2c605569c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\console.js

Filesize
1KB

MD5
57180143e8ce82205f939d92ca0aea9d

SHA1
96e8943dcd2303cf99d3f84e6cd57ee4d413a5f9

SHA256
284be19bdd4752be1bc42bd45357af4d41ad3853302f9e588ced5b6220c64811

SHA512
7b75de96eaef5ceffa293d9fff400c5b8028e47aaf2409fdbcc6c96a9f623270643ec94eb20f9a3ada601dec14477fff0333e63fa3882927cb70885ff33c3a8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\consts.js

Filesize
2KB

MD5
0334d5c63b79017b75d5e65344133791

SHA1
3adf3b7db233b8dbb81a09376a53ac66cb6620ac

SHA256
8613dca838c92eb065bf8153883670c050324937b57db07b89e83fa675517429

SHA512
3e0d9e5349813876581a8dfbb6305885c5ab77666f97006a15ad2b149d66aa4d9e96201350f6bc0da7143f9b9f9409c5feb3bfe4ed48e82f55a84f387d685c75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\delegate.js

Filesize
2KB

MD5
19a1e059792fea26dfbab65b73ceb2db

SHA1
9c2bb657a6558ae9357a3c960abb13a48020d325

SHA256
4a1ad34d78b34113a8f54e157e12575f7f99256a661803e76f2bdb28866dfda6

SHA512
33125d93ecf5bb0dc1f3d32454f08e8e496b4fd6e11c22a203c4b41c656ebe182ab13f7e2442b9ccded8d3a1c6d6591e2b08a25e4ada1aab7ed8b74161f38001

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\extensionDataStore.js

Filesize
7KB

MD5
52c7f9903690fe78d563a1d2f04b0df4

SHA1
87e5025e5af216038ec2c71683dc098ee7d4d933

SHA256
fed43f2b7153a41e082c380f8cfda6c9d12c3e4a56e8a0d3b36553db8ed01630

SHA512
4fac1ccfb7de03cae9b7d0ac19ea30f65e04598d1999468fd8069f19b761f92139ec435b1af5d951fc11617ff690dde52554cc64a5d67e6b05fe97557c6819f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\folderIOWrapper.js

Filesize
3KB

MD5
b6cb61186479ba3e129ce77ed604582a

SHA1
68acfa322beacd6e5d2ac927471435fc97b21b86

SHA256
49ed9c83b860669f862cdd068763c452d48cb718e8b29629cf8a08c6007808e6

SHA512
e517d1ee2b59febc2aa693d99fa1a4c3ad29fdb534d0348d69009aa40801675a08144e6020f3cd9156d7e9b5eec8a737a3c3949098c2575800c317cab8f94599

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\httpObserver.js

Filesize
2KB

MD5
d84f78673765cd850eb1600fa60bfeb1

SHA1
bbf3b8f1a8c03b4733b326b9a36d02bb55902620

SHA256
dcb0ee2e8733c03f33347148eee0c60d910c0bf511c75c959b0e46eb9afcb915

SHA512
8714f8df6b813bc4d6ed78a1cb6697f2aea3525c3c48961b7e4feee2b43a601e137899fe88804b451c3d104a9d9d405a1daf82b7a510cf8bf7f1f38c22e94af6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\installer.js

Filesize
581B

MD5
fd3f295f1c17b33d7a80103564a7f221

SHA1
0d67ce68dd98f31c3c8c2152a23aab11b6a3fe28

SHA256
cb89a5f1f1d1bf601c8e257562287e5011cb982dab2a673658eb9c6f9065a9bb

SHA512
d499507d6b98a7247739d8083048317a133e625d57c650c1993395f753c9ed95c832dc792609b9d632cad007f142021c4ff0c1882b2ccbbcee4b70ad985bad1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\logFile.js

Filesize
1KB

MD5
6b8579cfedf6844e12d26bd643f40b07

SHA1
d564d77aaa86129140a1d41926aff8e3950d9dba

SHA256
ee56895d73597ee0da65066cd24d6fc766be476dd0e61b418491bc0ddb3a2e08

SHA512
8bcb48f0d7982e6f9b944a17dbc94cfe915ac195f7a319816eb1172492038686d6dce8f063a4d107ade2370a4eacf047247dbc0a78b92c7f6c1372bd42690d00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\prefs.js

Filesize
1KB

MD5
345a3e8f1a2c36e3f37adb89762bc241

SHA1
b1f44ad945a3e098b12e4ffdec2d55e9d6693ad0

SHA256
dc7e328ee5a74747c5e393960636a3443901d29807a03eb72387a6c13c1cdd6b

SHA512
4354cf66214302c114e436c0a29b22fa78a8ee931c0d84b3b02b14c650ebda2310f0729420b146260e9bba88acb70b4094c09cf74e2d025276cfaeb74b9f1ad7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\progressListenerObserver.js

Filesize
1KB

MD5
a840faec92bdd32534d5f4e5d64550a7

SHA1
ccf071ddcacc6617f031f046ae99f9a50a300f20

SHA256
936f4ca8f81d86989e5d09a68b55b1e22f90f541238eb60a18ddb0519bd899b5

SHA512
18cb67dccc97d509cae563b183df9ff53e1314d032c6a998152945c063ad28994da23e8c7a61d23608d286563b014cb851f7fd427792c3d8adf1043cf63aba18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\registry.js

Filesize
1KB

MD5
769dbc56827458c72b7ad8098c91e7f7

SHA1
e8dbd8c650c6e35e064bee32e93200f713ea94d8

SHA256
2ff6758a857e848cc6d30ddc02d18000cc062048b1df0b9ab59e9b9cd08107c5

SHA512
36fb166d5f74cd17a79338192e67fbc1ae18cb68a9c0422513f1560d6c1b3d357e6a940a1cf5128fe4cf64dd199aa5c4bb7689d70e6887dd7fef01cc7f3d58aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\reloadObserver.js

Filesize
1KB

MD5
8c5ab9d094da507caa58d5cec4524dc9

SHA1
141db1595569a480281e1a400a2c464d6dd3a76e

SHA256
c1b40823b24843c516a08fb83c19c7b3b7642dc45276d5797d17c17642c9386d

SHA512
36a8fe7c42e8303a022c9a598f7dc02e6b475a0e74feb5ea89dc92960111e7a9bbdd74f443bb1ad9bc0eea3f28d8623dd75a6026dd542619d28480a424992d7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\reports.js

Filesize
3KB

MD5
dd27bdd80aa303cdb1d783770e748c3e

SHA1
a24551ceb51721644c728adefcbef46562bfabe4

SHA256
468765f155a1a1b0ffa981023a96822b785ea52109df9850d7afae21b99396d3

SHA512
52068e874fc6e1999191b9988f613513dab247c40ed50b12988d760b36e8c735869c3dd5fac5aa2f03c9d92e58bcd8ada0c634e958e560e7c148f59b5307045a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\requestObject.js

Filesize
1KB

MD5
58bb6d11d1eaf46767cc60de67cd9454

SHA1
d7c575929c2d14b8cc155879069fab443c44eb3a

SHA256
4b5d3e7c0a686c55dfdf2348533a6aa8ac2a768bad01673bbee717a92dce44b1

SHA512
41d1262f1b515f6990ba0ac41d446230d49873ecd90df6d14d6ecbf767a5aa923d2ee9405ef9cf0c96a9c323a1da125d84fb7c26bb1a19a02a8b05a01e725be3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\searchSettings.js

Filesize
3KB

MD5
0b95a218bd8a97483a8105dad7a9201a

SHA1
5542d8be042fd15227e9a491c4d912544d12a0f8

SHA256
8d304a52ed1818c82c1ea905c0f2ce5312bd2e1624f745f82e1ac6063055727c

SHA512
1b980a43350d253b3873128d8eb1b2f266e8e843f05c94e7591dc380dc281ec200cc39a88faf42d430bd981b37100e7d78202322375c9fd1beda40aeddb2d66b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\uninstallObserver.js

Filesize
2KB

MD5
934af70ed5e372995efe167430e91f07

SHA1
66500bcf985abd702cd179e03815f17133cd121b

SHA256
9889621691793a39375c3aefa911f2938f6fa416cb3d8dae60cf3875e0b0fb0e

SHA512
6113765afdfe7247b23f25680f4ae09a79755b5f3ccaf8cb570b9c0ae36d8872b5eeb7caa9940280c4e86e8a371b336cbf0f2da4a41d1a4a8e7ab90f24de7c91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\updateManager.js

Filesize
7KB

MD5
3ab91ee9e07f59498d169b0d15d633dd

SHA1
be887f1ee16be66302b387cb2f053dc79080119f

SHA256
ed1e7b22804f0928e7ac19d1d37635e5bcfc8dd15d33ac312fc0df74a818654a

SHA512
5e20fbe8f6aacdfddfd9d876d99c82347b2b35da41d8b0a1983a6a8c76f5e13159c32dd86fbeddcd73d41e1894c0d46ee97edd3f14f536da05fd4de76bbc21ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\utils.js

Filesize
18KB

MD5
22d9c1cf700fb893a29b32ce27ebd87c

SHA1
9b1484b252ebbe649170c38db9ef45ad86bd4b67

SHA256
27b51b35558c2bd66c6943463fa94dee9689aa784be6dffc3cebcecc1206b327

SHA512
b94390b416a94a99f2268e67f4bca6e7606df98f7de9d8897148d102199859a30ef4ae57813be17c302dea2d920fcc3a910590f23b1cbc68e3fa89d1acc7ed78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\core\xhr.js

Filesize
2KB

MD5
b4a678cc9885730cd03de0d100bdcc25

SHA1
b0771a929a9624c256b45124e6f0c999707380e8

SHA256
9cf418b2562821adfc68368a469d843e7dee0f0d087a45866c0d8279c52fcb29

SHA512
9caa0eaf2eb874d683c41f37265232630168983969e2a64dc666add6a4c3c5e82aa316489f7a3b383da5fc52efa4ea705eeeca39528c1c1c7b9dc01058e3189d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\dialog.js

Filesize
1KB

MD5
deab4dc957c13108352c4f014b242353

SHA1
bc63ae0c5744a1ad67821937873d1829ed64bb06

SHA256
caf871b1b90ce840acddd2cf04237dff5d3a992dce765a3996f630c669bd728c

SHA512
d1c59e171fc40e531e2a70542688d0c6d300e2cb9b68bef7b88d5ad35c985e6b1773c437a746215dc63eae185307441f804ea265ac98ea842cb0caf58056e784

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\main.js

Filesize
15KB

MD5
270d9cba8091b3629aeef018dde5d54e

SHA1
0e89c792fcc4e4c09098d7a50a9bcc3bbee16899

SHA256
99cbc3cd604f6af9a09e958d4d189551f889d547374a4cb3064f7bc6c15fade8

SHA512
9f998dd60e7ac53a50080c12d0b9d272206875c2486c54416507283df1402b52f0911a7e8c0f6236e2accac8335fc17eceb494ee439d2de4d251f866b458afee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\options.js

Filesize
1KB

MD5
80297932a5645e651b2bc05c65cb8cf6

SHA1
dfb36a890b134fc09bb003c583f93c978e717f7c

SHA256
12bdfbb75c0b57ed66756b12d52a8538ca83eae7f5c5c3574af3f24a0d38a78d

SHA512
f5e97c10ce845990601e0d1889bc6173888a971297792cf85d10f6fd77428c445f81fff56af0576bd365abb22583d43dbaad3cf958e01596bd904b72f893a275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\options.xul

Filesize
1KB

MD5
275186e0a6d4ddabbf8bc8d1b00add5e

SHA1
e4b57588e9be7de99e4b057801977f3614bcbf9f

SHA256
9a36a603d325f00e102539ec8a5409b1b65318145fdadf70bdb8a429af471fd2

SHA512
d06d14889c105e5440232ddebc2bddea8061f6e040fd35a46c4a1858d6fd60d4397729160f7de0400c3cb556419fe6b3272b5ec20368a6cb0f68fe1589ea2e39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\chrome\content\search_dialog.xul

Filesize
2KB

MD5
68e04f0a85d4cb05c54f268e5e59fdc9

SHA1
2a465323fb0d697226d481be9c599f94d62fd150

SHA256
d61aae08a32e9987caf41d35bad06f2a2cee4bc094bafca7afec0648a2edd1d6

SHA512
2853de596d4a669fc6e13646524646277a74743c81077f1ae6ed40d1972ee621a1e7522b1a017b55c1cc578831503b864020d26d1d992c1aba33afa4d34d5c9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\defaults\preferences\prefs.js

Filesize
3KB

MD5
47aa5b0704727b72f4e9b0607de6cb50

SHA1
baccfbe8d6e8aca492bde3b68a148582bf583bab

SHA256
27d3ae2bb4581c179807278c14c9c204a66c3802b7655c393848d8fad90aed83

SHA512
5379edb61a45e110dd18c16b5db9ef202b29d5461c77bf13785ee5af11e6f5fa641f79cd93c314ae5e12be6ac4655616031d7a95b2309451dc27baca49e5125a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\manifest.xml

Filesize
1KB

MD5
270d862b6806cd7242c39dd43cb2b2a8

SHA1
16554970c4585f55b830cf74f702feb9fbf40348

SHA256
11e4128ae96a91d4b564869c529c2951a1f5d96e016e682ff644441d1aab3552

SHA512
091873bc4ee47332666c39794cfae377415258f770e36d3e179ca4fbe58676879216b0801301589d83e6bda77c101a92fc1690aac1b1ab491d176f9f771a689c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins.json

Filesize
3KB

MD5
1db8c626b657664ac0a41c11820ef745

SHA1
2e1a303da3d18d95972ac7f6858bf4c7cc2c478c

SHA256
737e42696f0f09ac4687adebbf7a9cfe0e342fe075f13ffb6d26f4808c74ff32

SHA512
c8264b246a895d941e24bbbcb60fb98c8197b9fabb94e9732dfbe328e921742f885761d19483a7d17b9a43f769e74945a21de6e920578538a2450bdf81305399

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\16_FFAppAPIWrapper.js

Filesize
12KB

MD5
699dca37c7ce1c37468140449a54de53

SHA1
907f8be96b6b9a5fc067ad1f3b1e1d3e9a53bf7e

SHA256
100087c647070179501a15e44c14380debb7d7bb0b67787f5934dc556c394510

SHA512
fc916461f44bdf9bde9db0e284197a649082d17aa8911b57956ac60ee47cda119beb8caeb1de39f8390eca16b4cd5e74248d95f48d0a220206b68523ca7ff4b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\extensionData\plugins\98_omniCommands.js

Filesize
1KB

MD5
8f35ed81ee0339a57e71bec09a7b3536

SHA1
915dc17adbc4ed08c7ce6ad1a063f7b0204f5323

SHA256
2b8ae8fc3bdd15062f7d25810270566238e3e449ed2d9be0b2bbad67aa79ee98

SHA512
303fe1937ac6c7c281adab3dab9e7abd40a3c9f54649fa225e3cea14b6c34acfb257e889ce249d47cf7786f8cf1e434c2edf2888b56411c1775fb7eaf72d1b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\install.rdf

Filesize
1KB

MD5
f8aa73bee65c19ea36e0328fecf3344a

SHA1
cb6cd4ad401a577e9a658d16718ea3fd728beb2c

SHA256
e4e026ba640491622d1bd12e79191272329231e2923c149dee7e24a15d47d76e

SHA512
6156fe887dcb8c8ff48e392ceb20c17115f1a4fd2fdcb9023d61da79c3a1b0b4eace3ddabfbacfabf6a99ed88595dfce318362bb86a52323702d56855cd81b5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\locale\en-US\translations.dtd

Filesize
425B

MD5
aae23d78c89bb64103e8d668bff80223

SHA1
c0903224a450ec3b506ede665b2fd8624f94aaf6

SHA256
10762cb296f01536427e6592d4c79b08ac48b1c45d12e7b36aabcdd3c1bd299f

SHA512
79101b2fcaf52733b9f29607f15c4679c6ebb9edbe9caa44b3e138333737b5b1302aad9e78a788601b9d8c8e7355fc85e02b2d5f8b00c32cafe0d54a5c7b6d1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\skin\panelarrow-up.png

Filesize
917B

MD5
752c26453dc2fc989ed46f5920328edb

SHA1
a064ccc009ee36c20dd5a8aeeab1a335bf82bda2

SHA256
758210b28ee3298facef83c81272ef4121f337392ef5bdd44e47222ec4966beb

SHA512
b0c3c58ca36e7dfa9988bd68a0432b01db020420e3406653ae8521cded576ebedb9169df93f1a9dc461831a52c0297854fdd23554aca551d246de01d17db80d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\skin\popup.html

Filesize
349B

MD5
cbdf4e688981915b95a3741d0c9d5fe5

SHA1
e4f188d057f04638443eab966002e7feb63bf61a

SHA256
af11066b4ff2a7d851cf85d97b655557240303c89b1615ca0ad753926af3602c

SHA512
9f83da8364e3722ff64c6feda4bd7acea4bebacce479c01e7be7ac59298c0907a3a6041c8724f40e8fdbd1056cb80e1450676eff581b1227b22a4747083ec451

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\skin\skin.css

Filesize
990B

MD5
4bd957ddde2bb2e537060afcf55f1f72

SHA1
d0d4cb8fd259bde8e297fb68326c6a4a1bd6ce4c

SHA256
f3fee308a875a4d7cca4cea16ce548dd652df2f10ea8dd2d1aa11c2ecdef4b0f

SHA512
cd103bb1b7f1ccb2a483d8c974150d5b32676616d325564615da1e09b024e821a0df4a1e815f8b7dc7a6fd0eb1e70156bb186bd452040070036f96958e869d92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\extensions\05dd836e-2cbd-4204-9ff3-2f8a8665967d@a8876730-fb0c-4057-a2fc-f9c09d438e81.com\skin\update.css

Filesize
140B

MD5
36ab40a4b899472d25a3c872a7f9ad4d

SHA1
c29870d67d954de9c5c32783ce28cf7f77d13ec1

SHA256
4f0795bbc78e195bd977cf489c05543ac86bd10f95fbb83a5db11b17c7d7f664

SHA512
9626a7a269acebdbcacd31f4d5e4f70e57873cbd8eb4e835b2d4b52c863fecf6a27f474124b508a0fed8614bc6e3165be38b0930c7a96326afbb23343cca514a

Download Submit
\Users\Admin\AppData\Local\Temp\nso846E.tmp\WrapperUtils.dll

Filesize
69KB

MD5
2cb7f556341e254d282e7ec24a2c6164

SHA1
87053c1dae3d1c8f2a6b5909b30ffeb8ef085b8f

SHA256
def2632242ea5a7b30fd2808545ed81b1545aca18a0a517553db4f2dd1442d0c

SHA512
79cb47e48c09f39958ff944c64aad2a3ef5cdb02975b68b9dcb85712e1a24baf48f856a8859efe77b66c10e487535496c4618482e864819104fda86249b29ce3

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\InstallerUtils.dll

Filesize
117KB

MD5
f82531707dbff737f2052698ab65953e

SHA1
ef011769695010f018c2f9a2b9071bc2bc9a89d4

SHA256
616fc6483570eb2f061b7bc77b9f323d3fc87040bedf4bf5b1c38da73769dda8

SHA512
d951213d5a75042d908e7106a47334f350fef4c9bef67ce6561a50a6ed0e937a16c72e375f6a1b0d7d91914375d7c239870d6b2be3810599ca6c044d71d86186

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\StdUtils.dll

Filesize
14KB

MD5
21010df9bc37daffcc0b5ae190381d85

SHA1
a8ba022aafc1233894db29e40e569dfc8b280eb9

SHA256
0ebd62de633fa108cf18139be6778fa560680f9f8a755e41c6ab544ab8db5c16

SHA512
95d3dbba6eac144260d5fcc7fcd5fb3afcb59ae62bd2eafc5a1d2190e9b44f8e125290d62fef82ad8799d0072997c57b2fa8a643aba554d0a82bbd3f8eb1403e

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\md5dll.dll

Filesize
6KB

MD5
0745ff646f5af1f1cdd784c06f40fce9

SHA1
bf7eba06020d7154ce4e35f696bec6e6c966287f

SHA256
fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

SHA512
8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\nsislog.dll

Filesize
42KB

MD5
e47100b70748fc790ffe6299cdf7ef2d

SHA1
ad2a9cd5f7c39121926b7c131816e7ba85aeead2

SHA256
271d539fe130276189e0a32b8a0bc9f08f2d92f7e17f85d88726735f14ea6144

SHA512
88452a9aeff453e7979df9240ab396cbc0c5d00efecda97df1e46f2ba1e9b5bfd990921e85d503beb4b35a1de7681390ba124eeeaf896f250717892ced133e93

Download Submit
\Users\Admin\AppData\Local\Temp\nsy8CE6.tmp\nsisos.dll

Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit
memory/2576-235-0x00000000003F0000-0x00000000003F9000-memory.dmp

Filesize
36KB

Download
memory/2576-302-0x0000000000710000-0x0000000000720000-memory.dmp

Filesize
64KB

Download
memory/2576-424-0x00000000035D0000-0x00000000035FD000-memory.dmp

Filesize
180KB

Download
memory/2576-37-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2576-589-0x0000000002090000-0x00000000020A0000-memory.dmp

Filesize
64KB

Download