9f0ffcd4852f9af353558f104dd8edf13e67971076341e87da304b8e6d8c5414

Resubmissions

25-06-2024 20:58

240625-zr56qavgnn 7

25-06-2024 20:52

240625-znv7casdpc 8

Analysis

max time kernel
1722s
max time network
1715s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
25-06-2024 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-Installer-1.4.7.exe
Size

24.1MB
MD5

86fc2557f00baf9698715dc99a8cec41
SHA1

75f8f54eabd25749af37d21316f02d7d5868c398
SHA256

9f0ffcd4852f9af353558f104dd8edf13e67971076341e87da304b8e6d8c5414
SHA512

521e19cc02c996fc478fead4239cd3ab24b70a441df138ed955d349eb46e7a03ccc10a3d58d8dc726292f494d6bd6efd2a92f62d3f179cb2751fc725ea7d449e
SSDEEP

786432:lKxabBbJyM9irrKJBH5lFRqH0fYk/pUJ8a:lKcSMQPKJBZlCUfYSpUJ8

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1824	irsetup.exe

Loads dropped DLL 3 IoCs

pid	Process
1824	irsetup.exe
1824	irsetup.exe
1824	irsetup.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000800000001ac13-4.dat	upx
behavioral1/memory/1824-6-0x0000000000310000-0x00000000006F9000-memory.dmp	upx
behavioral1/memory/1824-696-0x0000000000310000-0x00000000006F9000-memory.dmp	upx

Checks for any installed AV software in registry 1 TTPs 2 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	irsetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	irsetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\1847152663\4105898438.pri	CredentialUIBroker.exe
File created	C:\Windows\rescache\_merged\1847152663\4105898438.pri	CredentialUIBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey	svchost.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
624	Process not Found

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	204	firefox.exe
Token: SeDebugPrivilege	204	firefox.exe
Token: SeDebugPrivilege	204	firefox.exe
Token: SeDebugPrivilege	204	firefox.exe
Token: SeDebugPrivilege	204	firefox.exe
Token: SeDebugPrivilege	204	firefox.exe
Token: SeDebugPrivilege	204	firefox.exe
Token: SeDebugPrivilege	204	firefox.exe
Token: SeDebugPrivilege	204	firefox.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe
204	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1824	irsetup.exe
1824	irsetup.exe
1824	irsetup.exe
1824	irsetup.exe
1824	irsetup.exe
4540	CredentialUIBroker.exe
4196	CredentialUIBroker.exe
204	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 1824	4920	TLauncher-Installer-1.4.7.exe	72
PID 4920 wrote to memory of 1824	4920	TLauncher-Installer-1.4.7.exe	72
PID 4920 wrote to memory of 1824	4920	TLauncher-Installer-1.4.7.exe	72
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 4732 wrote to memory of 204	4732	firefox.exe	88
PID 204 wrote to memory of 1840	204	firefox.exe	89
PID 204 wrote to memory of 1840	204	firefox.exe	89
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90
PID 204 wrote to memory of 1288	204	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.7.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1773458 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-Installer-1.4.7.exe" "__IRCT:3" "__IRTSS:25232362" "__IRSID:S-1-5-21-4106386276-4127174233-3637007343-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Suspicious use of SetWindowsHookEx
  PID:1824

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NgcSvc
1⤵
PID:3588

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:2912

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s NgcCtnrSvc
1⤵
- Modifies data under HKEY_USERS
PID:4680

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4540

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4196

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\c549cbd5e6124befa1cc9465f7b84966 /t 3692 /p 1824
1⤵
PID:1172

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.0.1240323513\1487490640" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9d02e83-b42e-4f01-9f87-6d7decad4a4b} 204 "\\.\pipe\gecko-crash-server-pipe.204" 1796 23bb82d5e58 gpu
    3⤵
    PID:1840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.1.2022043444\721034264" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c2f9b62-c30c-4b88-87c0-e5bdd62aaaf8} 204 "\\.\pipe\gecko-crash-server-pipe.204" 2152 23bad170458 socket
    3⤵
    PID:1288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.2.1544857233\1415977849" -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 2856 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c794d785-bbd9-43e1-8aa8-f08c4188047a} 204 "\\.\pipe\gecko-crash-server-pipe.204" 2832 23bbc0ae158 tab
    3⤵
    PID:1400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.3.546269120\1742709271" -childID 2 -isForBrowser -prefsHandle 1044 -prefMapHandle 1052 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {546c4270-f865-415c-beba-5be4e642f98f} 204 "\\.\pipe\gecko-crash-server-pipe.204" 3520 23bad162e58 tab
    3⤵
    PID:3620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.4.1351895969\1838837865" -childID 3 -isForBrowser -prefsHandle 4064 -prefMapHandle 4060 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ce273b9-b121-4c46-b658-e1967e52efad} 204 "\\.\pipe\gecko-crash-server-pipe.204" 3936 23bbe06b558 tab
    3⤵
    PID:1792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.5.1406949573\1301869742" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f9d298b-54f6-4c05-ac18-8fac9e592b19} 204 "\\.\pipe\gecko-crash-server-pipe.204" 4772 23bbe7a2658 tab
    3⤵
    PID:980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.6.1202234538\1525375568" -childID 5 -isForBrowser -prefsHandle 4992 -prefMapHandle 4996 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be93a777-f4d8-4670-890c-74880bbadf4a} 204 "\\.\pipe\gecko-crash-server-pipe.204" 5076 23bbf717558 tab
    3⤵
    PID:1504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.7.894905919\101961935" -childID 6 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0b44c73-768e-4523-9a80-e10d5298dee9} 204 "\\.\pipe\gecko-crash-server-pipe.204" 5184 23bbf717b58 tab
    3⤵
    PID:2860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="204.8.1726498137\572313087" -childID 7 -isForBrowser -prefsHandle 5592 -prefMapHandle 4568 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a372213-c084-493a-acee-d1f2a77835b0} 204 "\\.\pipe\gecko-crash-server-pipe.204" 2592 23bbfce6458 tab
    3⤵
    PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin

Filesize
403KB

MD5
b4d3016a1cccde90a62b685149c832f9

SHA1
5d6c4ba3474e6544bd24343da564e90bba89f6f7

SHA256
df6afa046a72bb55e8984cf9e2870dc62112e4b81d4fef5a94c98e1c4386e373

SHA512
abf5e15b40fa03eb9390854199b9feaf0132aac756c5f07d45c81f58c8b4d909833a996a19ccfef7abb905ddb9206591b1eda49a4674bc75a7c5a9c6372590e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1847152663\4105898438.pri

Filesize
5KB

MD5
934380fa9b92e7874d0d503cb42c2f27

SHA1
3d21720d344b51017519224e11a83bec4b755fa0

SHA256
4c579bb427ffd025ea6d5822f4fe1e05b58494ec9b52c2bb9d1b689048656b17

SHA512
a79fd39007ac2eed47e2c804624b4001f06fbfba7bbd7e60364596a457a132040381cbde1c98b909f1fccde03bfb843b4e78cff9b8f8c52e20c363531914996a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\15948

Filesize
11KB

MD5
c98ac6e05820f4c6fa7927c52d0fa360

SHA1
91a5e2d64a950e6f885751f37a3d09c136a6a5bb

SHA256
9680fa2611823c3e137485ba7f32e146582fb42325e859e371edcdbfaaf846a4

SHA512
56f9a815c6a50c33710e701f601f1f5df916ffcc8a96d7fff52ca9e99c4957493466d755ab9a53840d87d866af3bbd2c22fbad946d6452386ed7f7083f49699b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\19366

Filesize
11KB

MD5
5753919ea50f5fca4d8d281d8f5bc7f3

SHA1
cb156529a1acf474cc4d5ba3e5d93d383cb3bedb

SHA256
71085b630eb69e7c5a4a3b1c6eac3c3e8d413032ba37c2e0a84d25da9f759cdb

SHA512
c0569a6c914620dfd06d96850bece4084a24945337493dbd820b5adbbb5206575b3a76393197a76d808e301675b4f56f88a76a5605aeb80a05c8a2286eacc826

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C6A6389A9162CEB2E1F41436B370871FECA58F75

Filesize
60KB

MD5
d4b5b577dd3f9f7c7f261324a256aaa3

SHA1
87b26420891449f14d3e8dbaae53ba8f79adad5d

SHA256
808e837b80bef25e5395462e7a9493113872007aa11451848cb0dbeaed572df4

SHA512
5bced2830e68c97ed81712755c4041c87a6a9aca92bef2875724d0754e2ac3bfbfe055bb3ee070ff0469164012201dafc67335339530251d51c09418fd0dfd68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

Filesize
1.6MB

MD5
199e6e6533c509fb9c02a6971bd8abda

SHA1
b95e5ef6c4c5a15781e1046c9a86d7035f1df26d

SHA256
4257d06e14dd5851e8ac75cd4cbafe85db8baec17eaebd8f8a983b576cd889f8

SHA512
34d90fa78bd5c26782d16421e634caec852ca74b85154b2a3499bc85879fc183402a7743dd64f2532b27c791df6e9dd8113cc652dcb0cdf3beae656efe79c579

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG49.BMP

Filesize
1.8MB

MD5
5c9fb63e5ba2c15c3755ebbef52cabd2

SHA1
79ce7b10a602140b89eafdec4f944accd92e3660

SHA256
54ee86cd55a42cfe3b00866cd08defee9a288da18baf824e3728f0d4a6f580e7

SHA512
262c50e018fd2053afb101b153511f89a77fbcfd280541d088bbfad19a9f3e54471508da8b56c90fe4c1f489b40f9a8f4de66eac7f6181b954102c6b50bdc584

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.2MB

MD5
af9bb57e1893112a57a47df0908bc3d1

SHA1
39f31da08004741fd4b9fb31b04e29368f1e317e

SHA256
1cf4f5e5d5bed48b7c989e34bb80507ca623cb1ac1fc1596f07cfd1dc7aec60e

SHA512
3a8cd6660a0147101f4898c20a6fec1192b4196ae8e46cd3e730dc43c8bd7feed9c576590b6aa79c7763e5942466ac9118d44177edbc2ff1ddf1af3da5234040

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
325KB

MD5
c333af59fa9f0b12d1cd9f6bba111e3a

SHA1
66ae1d42b2de0d620fe0b7cc6e1c718c6c579ed0

SHA256
fad540071986c59ec40102c9ca9518a0ddce80cf39eb2fd476bb1a7a03d6eb34

SHA512
2f7e2e53ba1cb9ff38e580da20d6004900494ff7b7ae0ced73c330fae95320cf0ab79278e7434272e469cb4ea2cbbd5198d2cd305dc4b75935e1ca686c6c7ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
6ad5089892820cd6f1573c50992e97a8

SHA1
771b810122462b612c74c8d6ed8d20490470af0c

SHA256
b4387721738dc7d46c8942f2b88a3f81f8226b6fe8755e42732136336c583d56

SHA512
b408b57141919fe2d9d3346717c104d5975f9d4a56ec66c6a9298d3ebb85f1f452f9014c41c79746638666772302b8d0b1a09295a5d88be4785699d53e3f806e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

Filesize
455B

MD5
7e2fae934797886c89bc721d28efe0ca

SHA1
39baee9d9d43bd5c5f15678b6722a491ce3d55f0

SHA256
d2076103a92b62c68b6ea47747bfcbd8d8f6f118c457bf760dd9fac01f6a7708

SHA512
fcc251495e61875285f3d4eb5dcb971f187db0170ec1078ab54987c7af14cfe885ed864fcc693b4608e5b8328d6c6c3eca9a6e4dbb9f0a149715be879af5396e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-06-25_11_+ftwiIQfjYtrlniJNZ3V4g==.jsonlz4

Filesize
945B

MD5
5454384ec38638981ce5e67157b8f07d

SHA1
20da940d1b48d7c555b5f7d050fcc26b9fcaa217

SHA256
faa28431b2b70bce1f1552ef63266622ee731b9a30a3b314c9b6d6e0bdc07e11

SHA512
5526c70002b23f106dbb494742fce905cba27979f8bf8f2a92832232fb34b6bf873043f0b54f88567250f358e5fdd93438f5211318ee303ad71615ea85d1f2f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
378e0e042962a0231d67bcf20f49a94d

SHA1
d2e65b8ea9f8bd6386949d09d3b4c9a9809d04ba

SHA256
fd32696559255345a847685f26faa565be4d5c3d9a8c26b34933e8e9162874cd

SHA512
6afef02b2e706cf93d3aff0a666d0766f8416080a0519664ca701a6a4b106ebf8d587c505b7718bf81731a3bf0ec0a68057d2841c572aab160c9ca94c6f133d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\2dddf390-945f-4744-91a6-af8988c4c57d

Filesize
746B

MD5
897903d39f8dfcfd18d797db29f89e50

SHA1
76d37b33d19c3bc6e8ba852004fab5f905e2440d

SHA256
75a541e28c1606ea817151f43500b63ea669f4a69a946829c692a81be5ff2261

SHA512
247b98e677f1cd095d6a2d0fc160322b064e404137106421a0df270b5e65958acf548c71ab8dea7db157526d8aab5ca4a0b00d195fd5a8298b741606097a6869

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\44aec8a9-fd93-4b20-b479-f3f5af456be7

Filesize
10KB

MD5
51ce83f2372b999e7e0eaa96b7e94d9c

SHA1
9f1cc0c5e7ee38ad74e093ec074e567bfc20ed7b

SHA256
522dbd972f3747e90c492d3ab3d79d99c60a4d51a4ac51cb6bcaf802716c2da9

SHA512
5cc8741b53bc0efa6ec23f8b42cb8c7a540be5fa5f5e1b17d5cef1b228944577a1c17e57967368172784a264d4f3b5a4c85043856a9ff26a2758dd0d4897f43b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
22cd1addc75d7c59f03bff202bfc5f6b

SHA1
15bc1868e8a13a6719a523be3f68e3e86ff98729

SHA256
8ef21e997fb324fc662308308a8fb789f73ce92ea99f07875188914a79b8b9ed

SHA512
a3505ed7eed1317b438a514045382dc9c10cdda6eb9872c9341bb4c1e7d0deec8a29565ac30076afba8a010973f7b9bce4f18464b2736c40215e83d89ac3c2d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
08fc1cde6bc3e523dd65c79c0b296df3

SHA1
dff0f2ccedf17dc5957b03f768f8096605496461

SHA256
693ce08264730a42514ecb32292c1c0fcfdebc18d8b0c1608b8e63b5c0d9a5d9

SHA512
1075c1d5f9d3eb4a7c79b6493f19422abfe641b8b5572e51f28f513dbaf3953c43da928f6286941f19db95eabdf0ac166a05e8039e3fbfe67a75d731e702aa85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
846b63303435508650e7ba62915b88da

SHA1
78ee64f416a1be37b06d02e164f2dc8ad64a3ca4

SHA256
80533b7953d33c4f89e30d7e3f38ff1a612e8b60625c6c0d6253155449f317fd

SHA512
c5e7e66168d5cd08514a370432e2d9700822b7eb4b07e6399fd7f1fe968549f888d1f96a5ac2e7ba6e0754e0a0533a57604a6d7e3ff4e27b733ff647fad363f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
b7b0e540164c8072c2e1e6cbc5acf882

SHA1
0203d6520431dd489813b14aaa2ac2c662339e7f

SHA256
6e676ccdf27b3c223c45e46d6f6fe9dde1c77dabfb774a6b0782fe0f246308ae

SHA512
99ff7ffb7711c3778f3f6802d9ee84080067038829e99864bc251276082375009a5faff131045ee1c54c358945047f7eef4ac458d257698ed091fa40ca1f0e62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2f246db12e666a9ffe631311889cd3b0

SHA1
498e68bd4ff40d29eedc2aeede4dfd9578f367c8

SHA256
88cbeaed8729f156a2cb832112eecb72c591683bd92d82b098c8c466f8fd4062

SHA512
ef916a629b6de5fde9a3665ca3913ec60f35fb21d0e8ed02fe489a0c9b8f123b7f85604908b057ba242334fc2b5af9bea27f77211960456c941c5c2ba00d2523

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f5a2969e741c6fe1d0c53076b5c249e1

SHA1
b1ac8506657051f749f56fd0e2bff02dddd7638f

SHA256
5a2fb0a3f60f3de78b9336f54f4e414af739b75c585b1b482f539c52c5cb310b

SHA512
689dd86d3f5626471492f8c35c39642b5287d2398854ac97ebc78ae9fbef97116fa7fb63108922d047845c4da49461bf84c50515d9aeecca162652f03ad88324

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
6c3941f7493b74c3d5848e05895993b3

SHA1
4d678357ce503978641ab153fd04d924f9374aca

SHA256
31a7b415407e099b86b9f903977e38c3041cbe92d9f335e7113a6a2ee7ff0211

SHA512
8139c3a3fa6609e00b8fbc1074a6aaec5fa3fdef37e138a5f6f17f13049f51ba238a53fc103c410c3cbad7c907a6aea3d0f896ced7e5c6cf6004dd861d0515ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
fbb2d2ccc1a07b9256407ebaf9d30191

SHA1
196b406a2d44eac1c747d16d93cf4cedb482ef3e

SHA256
b80d7da0480394c755b581a9582b072b44f31c495c4a1f36b1ee1911939c93c3

SHA512
4a8b6bdab00a0431efbe5a7898cb64a65ce5c4dc3c26bded043fb010b7bc48d0db7bd51ecee9fa7bda803d37ef0ad0989407ca2580f789acc5d28e49d416ddb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
0c97fd0091d11ebe8b49176eab947776

SHA1
56f801e2bbc7dc21f3ea00170ab5ef3170b5aad9

SHA256
fb158d0cc09d60fd5fb1e0ea5941ae18d336034d077331386ac5b4ac94162f02

SHA512
04d7444dc6f05a94a9313f896c45100bd35475f9d629eec3c4977321ad6a2b364906f7694f985d287e98545c158265f055c8b9b3024c7cd3b93a952d3a142ead

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
71fbebece1743d5888d686ebdf7557e5

SHA1
4365d8d164142c455cfac2125047a9fc99ca6850

SHA256
64880b1d6485c2e50ece5293229f3f05ac3a80984a0a62df2e1f4a6e19d41729

SHA512
2b8fb3884113157b40409350b9db4e02df4e0c579114a124e24817980d03a4c2bbb6296c145de9ce60dfa2f6bf83d6554bf9d4b4557fd6f3a7ac3a1ee0cc4fbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
477681235ff5d013696923714cb6f442

SHA1
4ca8b70fb292bdac92453317b00d3aacd9bedfa0

SHA256
56d14822a9cb043ddaa6d2713dd11a63f8b5d005427aba3b11bbbf24f506d4de

SHA512
2cbc21b257732f299f896999cbcbe4884e3a0cc669492bca00e2bb83792ba3a47f296a71a463ae5b2b6236c9c9ba3fe37d0da3c9c87a65584b1092dce373ab81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
abe49f262353e46078216de7ae981613

SHA1
88219d133abe72970302ba9bd43d0d119c78b94e

SHA256
f704702994f7716aa78ab2679f3f35a78f0c5a2ab09a218726a9d01a22799e29

SHA512
3c2755fdce2db632ffb00bee8c06e3e0fd3ce23b2c1aa6e056c439d93bbfba2a02771bef02eaeeb1476ab039b880e72aa0c2c3b8b6616d47fe376f6f396764d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json

Filesize
3KB

MD5
77bf58a9b9a5606b9467d00b8d234604

SHA1
dff9cbcbaf42a7151a54e1e1374b576a2d1f8dd3

SHA256
c743c7b99e259c24c90b0d6037f6813aad64667009890b04105d8c96e5dac218

SHA512
6cdac8d5dde6088d784b1a304ea3c9fd414c9da338d2561c4a7623e35034085a9a6ff55ac260675cc44da22a3676c3a6aa1bc6de7d5bdfd79f4a8776112321ff

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
dabd469bae99f6f2ada08cd2dd3139c3

SHA1
6714e8be7937f7b1be5f7d9bef9cc9c6da0d9e9b

SHA256
89acf7a60e1d3f2bd7804c0cd65f8c90d52606d2a66906c8f31dce2e0ea66606

SHA512
9c5fd1c8f00c78a6f4fd77b75efae892d1cb6baa2e71d89389c659d7c6f8b827b99cecadb0d56c690dd7b26849c6f237af9db3d1a52ae8531d67635b5eff5915

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
memory/1824-697-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1824-675-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1824-696-0x0000000000310000-0x00000000006F9000-memory.dmp

Filesize
3.9MB

Download
memory/1824-721-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1824-676-0x0000000006D90000-0x0000000006D93000-memory.dmp

Filesize
12KB

Download
memory/1824-6-0x0000000000310000-0x00000000006F9000-memory.dmp

Filesize
3.9MB

Download