6ed4b5a88db2deedef72614a2578597ad288de89f382f30c7574f84213b7e45f

Analysis

max time kernel
96s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f4f6e3cc522348a9000abccd2516d6a_JaffaCakes118.exe
Size

8.0MB
MD5

3f4f6e3cc522348a9000abccd2516d6a
SHA1

75e48f4e388a9ddc71bbd9be2829256eb1a4f68f
SHA256

6ed4b5a88db2deedef72614a2578597ad288de89f382f30c7574f84213b7e45f
SHA512

92eed2ecc4d2267274a333f12b3ee8fda89ada52e220efbf7602207532a445952848f8949d6432e6c5bc57be868043c2e2340613a6fba715c470183f2a1d4425
SSDEEP

196608:S0A5pwK32PNm39JckMPNUs9maHixRWGmwwN3zl:S1XV32PeTelsRRWG/wb

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
4244	setup.exe
4812	CometBird.exe
4484	stats.exe
3596	CometBird.exe

Loads dropped DLL 64 IoCs

pid	Process
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4244	setup.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4812	CometBird.exe
4244	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2500-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral2/memory/2500-970-0x0000000000400000-0x0000000000429000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\skin\translator_error_replace.png	setup.exe
File created	C:\Program Files (x86)\CometBird\chrome\en-US.manifest	setup.exe
File created	C:\Program Files (x86)\CometBird\install.log	setup.exe
File created	C:\Program Files (x86)\CometBird\res\entityTables\htmlEntityVersions.properties	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\locale\zh-CN\cometbird_statistics.properties	setup.exe
File created	C:\Program Files (x86)\CometBird\components\nsURLFormatter.js	setup.exe
File created	C:\Program Files (x86)\CometBird\res\broken-image.png	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\install.rdf	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\locale\en-US\cometbird_undoclose.dtd	setup.exe
File created	C:\Program Files (x86)\CometBird\components\nsFormAutoComplete.js	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\content\cometbird_tabgroup.js	setup.exe
File created	C:\Program Files (x86)\CometBird\components\nsBrowserGlue.js	setup.exe
File created	C:\Program Files (x86)\CometBird\mozcrt19.dll	setup.exe
File created	C:\Program Files (x86)\CometBird\nss3.dll	setup.exe
File created	C:\Program Files (x86)\CometBird\plugins\npBitCometAgent.dll	setup.exe
File created	C:\Program Files (x86)\CometBird\modules\distribution.js	setup.exe
File created	C:\Program Files (x86)\CometBird\uninstall\shortcuts_log.ini	setup.exe
File created	C:\Program Files (x86)\CometBird\res\mathml.css	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\[email protected]\defaults\preferences\defaults.js	setup.exe
File created	C:\Program Files (x86)\CometBird\components\nsExtensionManager.js	setup.exe
File created	C:\Program Files (x86)\CometBird\components\nsSearchSuggestions.js	setup.exe
File opened for modification	C:\Program Files (x86)\CometBird\nsxCCD9.tmp\	setup.exe
File created	C:\Program Files (x86)\CometBird\modules\DownloadLastDir.jsm	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}\chrome\locale\zh-CN\menu_checker.properties	setup.exe
File created	C:\Program Files (x86)\CometBird\searchplugins\eBay.xml	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\skin\cometbird_tabgroup.css	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\locale\zh-TW\cometbird_undoclose.dtd	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\locale\en-US\cometbird_translate.dtd	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\content\cometbird_file.js	setup.exe
File created	C:\Program Files (x86)\CometBird\res\table-add-row-before-active.gif	setup.exe
File created	C:\Program Files (x86)\CometBird\res\entityTables\transliterate.properties	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}\chrome\skin\icon.png	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\META-INF\zigbert.rsa	setup.exe
File created	C:\Program Files (x86)\CometBird\components\components.list	setup.exe
File created	C:\Program Files (x86)\CometBird\chrome\pippki.manifest	setup.exe
File created	C:\Program Files (x86)\CometBird\modules\PluralForm.jsm	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{F5CEF9AD-F6AF-4b69-AB6D-936BF6BCB6D7}\chrome\locale\en-US\menu_checker.dtd	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\content\cometbird_options.js	setup.exe
File created	C:\Program Files (x86)\CometBird\components\nsTaggingService.js	setup.exe
File created	C:\Program Files (x86)\CometBird\res\designmode.css	setup.exe
File created	C:\Program Files (x86)\CometBird\res\forms.css	setup.exe
File created	C:\Program Files (x86)\CometBird\plugins\npnul32.dll	setup.exe
File created	C:\Program Files (x86)\CometBird\modules\openLocationLastURL.jsm	setup.exe
File created	C:\Program Files (x86)\CometBird\chrome\toolkit.jar	setup.exe
File created	C:\Program Files (x86)\CometBird\components\fuelApplication.js	setup.exe
File created	C:\Program Files (x86)\CometBird\components\nsHelperAppDlg.js	setup.exe
File created	C:\Program Files (x86)\CometBird\updater.ini	setup.exe
File created	C:\Program Files (x86)\CometBird\defaults\pref\firefox-l10n.js	setup.exe
File created	C:\Program Files (x86)\CometBird\modules\LightweightThemeManager.jsm	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\skin\icon.png	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\install.rdf	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\[email protected]\chrome\skin\texture.png	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\locale\en-US\cometbird_statistics.properties	setup.exe
File created	C:\Program Files (x86)\CometBird\components\nsBlocklistService.js	setup.exe
File created	C:\Program Files (x86)\CometBird\chrome\toolkit.manifest	setup.exe
File created	C:\Program Files (x86)\CometBird\freebl3.dll	setup.exe
File created	C:\Program Files (x86)\CometBird\res\viewsource.css	setup.exe
File created	C:\Program Files (x86)\CometBird\modules\FileUtils.jsm	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\content\unknownContentTypeSaveAs.xul	setup.exe
File created	C:\Program Files (x86)\CometBird\chrome\comm.jar	setup.exe
File created	C:\Program Files (x86)\CometBird\res\grabber.gif	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale\zh-CN\bc_media_capture.properties	setup.exe
File created	C:\Program Files (x86)\CometBird\extensions\{567F62D2-2162-43fe-A573-E5620D0934B2}\chrome\content\cometbird.xul	setup.exe
File created	C:\Program Files (x86)\CometBird\defaults\pref\firefox.js	setup.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\nsreg.dat	CometBird.exe
File created	C:\Windows\nsreg.dat	CometBird.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	stats.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CometBird.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3f4f6e3cc522348a9000abccd2516d6a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CometBird.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\ftp\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\http\shell\open\ddeexec\Topic\ = "WWW_OpenURL"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdURL\shell\open\ddeexec\Topic\ = "WWW_OpenURL"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdHTML\shell\open\ddeexec\NoActivateHandler	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdHTML\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\FriendlyTypeName = "CometBird URL"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdHTML\shell\open\ddeexec\Application	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\ = "CometBird URL"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\shell\open\ddeexec\Topic\ = "WWW_OpenURL"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.htm	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdHTML\DefaultIcon\ = "C:\\Program Files (x86)\\CometBird\\CometBird.exe,1"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\WOW6432Node\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods\ = "18"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdHTML\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\shell\open\ddeexec\NoActivateHandler	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\http\shell\open\command	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\https\shell\open\ddeexec\Topic	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ = "PSFactoryBuffer"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\NumMethods\ = "9"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\ftp\shell\open\ddeexec\NoActivateHandler	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdURL\shell\open\ddeexec\ = "\"%1\",,0,0,,,,"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\URL Protocol	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\http\EditFlags = "2"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\https\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\shell\open\command\ = "\"C:\\Program Files (x86)\\CometBird\\CometBird.exe\" -requestPending -osint -url \"%1\""	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\https\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\ftp	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\http\URL Protocol	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\http\shell\open\ddeexec\Application\ = "CometBird"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdHTML\shell\open\ddeexec\Topic\ = "WWW_OpenURL"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdURL\FriendlyTypeName = "CometBird URL"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\ftp\shell\open\command\ = "\"C:\\Program Files (x86)\\CometBird\\CometBird.exe\" -requestPending -osint -url \"%1\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\http\shell\open\ddeexec\NoActivateHandler	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32\ = "{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\ftp\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\shell\open\ddeexec	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\http\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\https\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdHTML\DefaultIcon\ = "C:\\Program Files (x86)\\CometBird\\CometBird.exe,1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdURL\shell\open\command	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdURL\EditFlags = "2"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\ftp\DefaultIcon\ = "C:\\Program Files (x86)\\CometBird\\CometBird.exe,1"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdURL\ = "CometBird URL"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdURL\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdHTML\shell\open\ddeexec\ = "\"%1\",,0,0,,,,"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\http\shell\open\ddeexec\ = "\"%1\",,0,0,,,,"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\NumMethods	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdHTML	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32\ = "{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\DefaultIcon\ = "C:\\Program Files (x86)\\CometBird\\CometBird.exe,1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\shell\open\ddeexec\ = "\"%1\",,0,0,,,,"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdURL\shell\open\ddeexec\Application\ = "CometBird"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\http\shell\open\ddeexec	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\https\shell\open\ddeexec\Application	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\InProcServer32\ = "C:\\Program Files (x86)\\CometBird\\AccessibleMarshal.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdHTML\shell\open	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CometBirdHTML\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\.xhtml\ = "CometBirdHTML"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\CometBirdHTML\shell\open\ddeexec	setup.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4484	stats.exe
4484	stats.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 4244	2500	3f4f6e3cc522348a9000abccd2516d6a_JaffaCakes118.exe	86
PID 2500 wrote to memory of 4244	2500	3f4f6e3cc522348a9000abccd2516d6a_JaffaCakes118.exe	86
PID 2500 wrote to memory of 4244	2500	3f4f6e3cc522348a9000abccd2516d6a_JaffaCakes118.exe	86
PID 4244 wrote to memory of 4812	4244	setup.exe	90
PID 4244 wrote to memory of 4812	4244	setup.exe	90
PID 4244 wrote to memory of 4812	4244	setup.exe	90
PID 4244 wrote to memory of 4484	4244	setup.exe	91
PID 4244 wrote to memory of 4484	4244	setup.exe	91
PID 4244 wrote to memory of 4484	4244	setup.exe	91
PID 4812 wrote to memory of 3596	4812	CometBird.exe	92
PID 4812 wrote to memory of 3596	4812	CometBird.exe	92
PID 4812 wrote to memory of 3596	4812	CometBird.exe	92

C:\Users\Admin\AppData\Local\Temp\3f4f6e3cc522348a9000abccd2516d6a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3f4f6e3cc522348a9000abccd2516d6a_JaffaCakes118.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\setup.exe
  .\setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4244
- - C:\Program Files (x86)\CometBird\CometBird.exe
    "C:\Program Files (x86)\CometBird\CometBird.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4812
  - - C:\Program Files (x86)\CometBird\CometBird.exe
      "C:\Program Files (x86)\CometBird\CometBird.exe"
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:3596
- - C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\stats.exe
    "C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\stats.exe" http://www.cometbird.com/client/install-stats/?l=en-US&file=
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\CometBird\components\xpti.dat

Filesize
99KB

MD5
f12a0e3d97936acac15e824bac142849

SHA1
3377f5c2cb1e39947a8e577e66b0af8bb32002b7

SHA256
d77b90be445665e6aa41079bb582fb01062b72b9e142c86a67703fa145615d85

SHA512
c7f1622022ee74652a3c6b543296ad681cbd7940ffdc94dd13f7c3e26b943cec1118d3827c1a9d5928e669059d57baa21691bac04aa3d27d121102549959e883

Download Submit
C:\Program Files (x86)\CometBird\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\skin\download_link.png

Filesize
1KB

MD5
615cda5649dd503d0bb38373e6bd69e0

SHA1
dcef2dea8583bd13cf6dd133c8fbb0a9eb080aeb

SHA256
b836d0291b2648b11da277b06cd8179c4c52b670307908a788cc02517a07f15b

SHA512
a5f93cec6776ef673d8b26ebfea7a50c26c7ceca202fb9d8a6208309b53a6d3479393f600de674267d486c7fef827ef008d2358130c781d0fada9553e9680bfa

Download Submit
C:\Program Files (x86)\CometBird\res\table-remove-column-hover.gif

Filesize
841B

MD5
f6f8b831f31c8a4081e61403b258d944

SHA1
389daf6bcd0ba84a413dce4aff02ae9800eb1061

SHA256
f19d34969cef9b58e845f4f3630ec3df5a3cc054831f3880c1b68a34afa431d8

SHA512
01bb9b06927083d052b11a76ce147073bc25d7c95308d189dbc5598776f83ba26c22a260450f41c2d18e4c3ec86aa24719a90bdeae1417ebd4b1066b80c8fbab

Download Submit
C:\Program Files (x86)\CometBird\res\table-remove-column.gif

Filesize
841B

MD5
90ef7ea72f363d421c608e37141f0e29

SHA1
891c963cb3c26628dcb18db5653eaca5275b0f9e

SHA256
dd6549e0c43acaa44bba371928f96cb02f71440149f6ae4d2e9ad4706cbe2231

SHA512
6a05229fd5e33ccab5b5e4f185395fb77447384c83b2d0ca5379106e3a06296a6e372acf8c3be7b7d1e8046d5b3002ec5c4c4c22ea186fdff828acd2aa5702d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\AccessibleMarshal.dll

Filesize
15KB

MD5
5a82ab7fa70234622577d8bc52207dde

SHA1
4a8d03a3c2939f06a3a1835c9dc58d653b1b7d35

SHA256
866b6859888cefa5d94b4f26c4065cf86bf8d918ee4c42adb3105aad5e786487

SHA512
bfd78f76d778fdac525bd14cd55ee96b2d55d84053996c8316c1be296af4f30f69c8c3a2da302180758aadbdaccfaf50d8010425340639b8177aabf8376f2023

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\CometBird.exe

Filesize
127KB

MD5
a94cb8071c59b46d5a7a86b664add7da

SHA1
80c265a2d097f619989522bbd1b978f824522c7f

SHA256
2cebad9a36f29c1c8e2579b3a04a291ae7983ba93a4837abe2670a30bedf424b

SHA512
a50449141eee92cd920ccaddfe8d310b376ae32b2d2d357ed3cbb8f904cb2b3f14361975c6e54897c89ec42f5eb7bd243d0814e4d21610216fbc918650410cbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\LICENSE

Filesize
30KB

MD5
e29589b1c1a59446aaf1b8b64b9016fa

SHA1
612b3403f1d60fbcefc18115ccd2eeebcc8d30ee

SHA256
6ade90023d99aee1338283f25556ca161afa4e14df8fb442e03d1195aefebd03

SHA512
66bdcfefef86ae7e4c7ec386c483f376b9a04fe8c81713a24d25d9b9006d80d0196f5cdf63786e3bb3bc37c511ee0bc52937c7fa66f35fa7af2da42019085d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\README.txt

Filesize
181B

MD5
0940247b348051ad93df54d354b91513

SHA1
d23547d400637473fa163dda95781f1a691b3d85

SHA256
7f7c0a303bbb6a156f4d3ef1e7a99b9e8c9567864e508514108ede5647b20b9b

SHA512
d0385bae9c5ea074e38d2fe60fb4e378d14842f9e53e297f993cdf5ae4090fa71dab35e6ba21e49a30fbce3fbc76d63fa152cd71d8b3b53b7713c5f114b0e4a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\application.ini

Filesize
1KB

MD5
47e45b3dca21173c5d74d8a60f4a7cfa

SHA1
20f01b22bdf4dfc5e16ccb789ad42858fb97f366

SHA256
c7fed70302d45a443ee4c9dbdf4017b391253fb357f2a9c25d3d040afd17746c

SHA512
7714b867c4016ea9cd8968d1e7c79409b1bcc25a63b98ba0c49ce6578301a41e73c61440592c1915bdba9556ec1115b72bbdd753e8be4e4678734db92be818ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\blocklist.xml

Filesize
2KB

MD5
096c36008d2ca63382176d0aee04c78b

SHA1
70c179334cc909ae0e80a4f618bdac6477d198c4

SHA256
ec165c899e97365cd7deca4b56cc6f188398b4ac5352a30d046664b7b5e94fe1

SHA512
26b785c5fa52f31962897d2d49169fab8804a29a06e880d28001aef146ab7c24f85f034fbf445aadfad8c22462125194f80d136670acb40b9c0c2ccbe5f6da98

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\freebl3.chk

Filesize
478B

MD5
e13ebb14562f0bf9d7308815e71cb307

SHA1
bb6c48e11631df5278e2f29eb2421c0378de0205

SHA256
c717875a9f5b53b1f83dc1b73c93c0dcfe013b676fcc26ddc1ab2bce230c9b29

SHA512
09130d96c3edb238f64a6694df37b28026a05214da61bfe9867cc6cfbf34628945afb581434a9d203afca875d788a1112ddc15565e86dae940088aab61dd7881

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\freebl3.dll

Filesize
244KB

MD5
30b13895bcf2030d5ceb565b49d7c067

SHA1
a5e6fa30c8b0c09e19146fbd58917667cc8de129

SHA256
b3b06e0ba7649a1a16778fab9827a75b6ca4b0a6083d421944ac564f55269319

SHA512
b76f8d8039d0786a6ab3e87b36a5e67159ea7e509cdcb9242cef76c8f71b5e48764ae7b989c88cd62a1742421311f06f5fc6e0b527e0f6bf843376826da2db69

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\js3250.dll

Filesize
835KB

MD5
e4db6c2db20355404899a335fc2c108f

SHA1
75a99a7110f8e32886e4ecd606fb33a7e143ffc5

SHA256
fb6ae2632e0343d646460ce3203b3b6304a421691c3c2412f96656940540fba8

SHA512
1f36b11cf8147de460f4d830b0a95b065cb3ddd52155e8e3ee7e53616f5a98883619cc80310f520bea4026924eb78ad32e7eb08a032c8f0fb0ec4218743a71ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\mozcrt19.dll

Filesize
695KB

MD5
49f766ebab25c7bfc3793d485d05e8cf

SHA1
f19deea16c73664ea2c194a96fa0cca81295fd6c

SHA256
7648d512adfb0f3d5c532646696368c7fa115169c110008e81ccda49724bb982

SHA512
d04c7cfee19313fe6f146e7edcce90e73734f1c028e499cad44f06d044d75c3b251491e88c817bc49227df488c6763c79c334a294fb377b17505ca1ad1de37a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\nspr4.dll

Filesize
163KB

MD5
ed90efbe7d4e36a1475bb6a41bb88f15

SHA1
94c2eb742d79f830f3d94d1ca7f0a0ff828e9c44

SHA256
583d188a5535f4d5c94f371b7b99f03d865289ed32d0d73c9930904d3fafc2af

SHA512
89fb25d80c945fc0f80eeb80b62ae5dab544bc1a797f66c8429b29d19f81f7ee1a4035cd05583c28e81ca2d849fa0043293c8776ae8f9f6da2ef4424259b2174

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\nss3.dll

Filesize
627KB

MD5
d5d7ba01731db4bd7bb2a8589638a48c

SHA1
cd749be244d7de27671af372b0b39a0d629cf4cf

SHA256
b498a06cf4a2f6c8a808ef6d44794333f7b5a696ff1da9cbac67a4c9a390a053

SHA512
b4b8a110bfd4b8e1ad253841acfc9c71891ff7146cf95e0212e56e10fc62d390c450fc3f58e6ce06e8d9a20994c322edabde723019ad48f234d6efca2e479fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\nssckbi.dll

Filesize
339KB

MD5
349ac275ce4ff896ca8b0525d5c65d21

SHA1
0425ca4dc95fda6ba95742a4bd65e4af99f6310b

SHA256
40aa7ef93a87af1982bd7efece99f727e5b2124f65fe5bd3c8ebfb73e069601f

SHA512
8cd289b98c5c05ee0dc84e64580ec3e5b334901ffa33c574ab36f8cf827696ff194c3567990d9c12ba5e06b68efb0697b8e320b1e11b598b6bebd094b85d1f51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\nssdbm3.chk

Filesize
478B

MD5
c6f26938b040d482b4ba4ce3d310650d

SHA1
c51fab49b35f42aab181e98662e671bf3d32fe54

SHA256
3bf60e6203e508a0a3e4e1443640acde61f3cb75bf2582438c5928ee152ac606

SHA512
24352896b87589842d180a06727bb21c4c46fbd9083d714c894275eb558a0957cbbb24ce0a31a29104a715740d3f3db32777bc5b4ab13cc2dd490d7406c0332c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\nssdbm3.dll

Filesize
99KB

MD5
fd6f20ab7ae244177aa09856f73f432a

SHA1
a11301aa1fba68a2d322da66d6cd927a568f644a

SHA256
7ac5fb64ac5970178921516a37293bdff198b640561eb05382246fb88b3fcec7

SHA512
ce9ac5ae70ff6c3806f2de4fdfd0139289149dc01e25baa4281487052f7abcd4655b5c9eaf6837a34e216e2b8bfd865c9c1ca65cebb28213e60e60c361aa78a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\nssutil3.dll

Filesize
83KB

MD5
c8bbd46aa8096225de7fac21aed49fc0

SHA1
839e8349796055e6c0e31c0db56504a9083a9a83

SHA256
0862aa34af576efe4cc42418ab109783d17d4d32e33e941c94741fca5d9194bc

SHA512
f2e48078754550146aa1a80d801cc573d3be16b6f9e0083ab4309ffbcf3f30490b3dfbef0d245a4c37d5c6de48d2d5d50b38117182b581c67359597846268da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\platform.ini

Filesize
52B

MD5
2acdf69833401b1564d0eb6cc8316049

SHA1
539481ec6b9f7330610967eddaed4b25481b05ac

SHA256
a5ff4f20adf6afcfe678ab113d9efd82911db28fc580373af797f13568a30741

SHA512
43a9383a6fd9872f4657cb27738530ddf7f4fe2d986ddbd89033b058dc067e82c4b6731bb6b9c20efce3e2db85697d2afba7f615561947e66382f8ff1874e878

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\plc4.dll

Filesize
18KB

MD5
37b3ecec22bc564926a49f087f1a8767

SHA1
19c377006e9e8999ab624731ede0b1d8da00d011

SHA256
4d61ae092fb98949f79effc838af2b622d989481a86f0e5043cdeb10a4c030e8

SHA512
fe2a95266108d25c081c078d96a3d2944629197d75b0f638e6dd8f0934fae1bdda46505d1e6b92e05bad83264f0ddccd93b5ebba552f460282094bc7620ecd2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\plds4.dll

Filesize
15KB

MD5
5534f19ee364e958f4f1bf44caf40a71

SHA1
49245e7c247849dee8dad654e98759d15a6e3ac4

SHA256
cbd23e8c86b4bf876c89e6aa96b17947d47f745019f8df4d19008f8efa72b8b3

SHA512
642f5769a674637600c943d378a32ed31c9bd93afca41a4d3827fc1352f36819917919bcf520bf97ade2c11ee603f7da79e94142b0822bf0dcc07d2603420a27

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\EditorOverride.css

Filesize
10KB

MD5
5196388791ae40c89985316a4ea6a4f2

SHA1
8089dec8ecbba3c6af0db3ee8062eeb2668e0891

SHA256
d22accf236d1a0ec52ff1697e8a0366df53e864b7b9f0908a63ee33160bddca5

SHA512
90994259e288d5af27f199d9ebbb4b3dcbec9f8cd231966bd012281f6ba64f6151ec0e3cab5dc8c6e062f8cd15e05bff38fe12a594df05ca143c32cd64679672

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\arrow.gif

Filesize
56B

MD5
a8402374069ffe8e23326ae4bec08a66

SHA1
25fb498bffc0956f61e3b2990686d71c03791de5

SHA256
dc17b7231e1c28d6ff700142bcac0498f7b9b828e61b828f661332635e1af423

SHA512
9f4514181b02dddf5a4e653bfebf57254a5c55b4391378b93f949d604ffaac763ed76c4a6a44ff219c911d6ebf29f8e24dda083cffe94ac6254e167852c9abf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\arrowd.gif

Filesize
59B

MD5
6bf2d8c5ca467c97888ebf8b03a4237a

SHA1
dcbc2be2e1a22ba0e534f0ec9714615293e862d4

SHA256
93b9d62d87a3b5e9f4072fc949d531cdda99926ee427758db2a130f769e402d9

SHA512
53d1aec1968d330a501a1ead86e3c73c05745b81405c58fbe5be29688a067f6d360dce91802a72e5daeee68a5be53148c7fc628dab01900d95e7d3a17d567f9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\broken-image.png

Filesize
253B

MD5
ebe41f9931f2208c1377f379b63608a0

SHA1
a518eabd47edb20612d1181326811967578e2652

SHA256
cf177a93b9f9ef6da0f439a6819e099a20aaecdfc0bfdea73e4230d6b5ef3281

SHA512
f52229e8ab2efede5c1021963d8c1f7895287dd24c4e86b0cf057f30d3a4a97d9ee0c512bf2bcee48b34e95d292b060665d86a83203ef6cf6e590decdc24f77b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\charsetData.properties

Filesize
8KB

MD5
1e055bf4b4610b0cd136cb8d5ab039eb

SHA1
e02e80cff272591841a4daedd36bd212d4cbb918

SHA256
9d8f9a567b33961f0e62029199bcde76f7a0f4fd80d35d0793e786835747b722

SHA512
ee3f28ea0a0359ce15ad44cb67eb76fe00ba4605aa088ec61b71fc82a806f813349d0c0455312b0bf869a83d8542fd8c473389751fa624d2bdc0399f487a71d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\charsetalias.properties

Filesize
10KB

MD5
2d329762947c44fafa719bf59a6581f5

SHA1
db7ca416a29aab720482edf5cd7602393e9fc6b6

SHA256
67608a0be0c41c9a404334a58b838ab24cf15ad35d950fc802d48d3ba9a1a610

SHA512
f9c79cdcac255fe917ad68bafd4c2836eac4923d67965afd5a742b853082170f8cf50acb8ce9e2eca9fc5a5abfb42ebfec9ac49d4d04854812a7b063fba2585a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\contenteditable.css

Filesize
11KB

MD5
64683081fe6eb8ccad5636483b8b7441

SHA1
f247f8b2d672a04d118dc5567e7aeb43ac593892

SHA256
e2e376b60c6dcdad000e4591f20c17e03be411ca1049b5b68d4cddfdd111a679

SHA512
b4e1732aabc6963178394091a944ced1615e92cc376b57b09a2e26324d6c693c387fbeb57d3c150853d5821da49b7c7d4af00d83c911b867746ff35a9197d27d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\designmode.css

Filesize
1KB

MD5
4ccdfc58a6eb5109fee61c81cb2c9ca2

SHA1
4537e4a64f58298a1984e7029fe7606e6523c855

SHA256
4c29f2111cb1e13fd486622a58443ae85283f0a2db499bdd06ea96bd38464ef6

SHA512
b0ca253c9de7c2aeb9eba02fddb4775a22d7be3dff56816f74535dce41123d2c6385009a59e5eac6c5475824b7bc9d53c7d6d16569c120b8bf2b5bd0a0c27042

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\forms.css

Filesize
15KB

MD5
cc465019eb5c47a1302cebd1e09f0422

SHA1
3501653d9b40114eac8498d62267abab6a0d79d1

SHA256
c85170992c76c0b84854167924bfc4f1e59eed4b11a30fa6e479101865102187

SHA512
728f3c502f04fe550d6436c660afca9bdf2436b7a2c16659dfd8bca77861b3129264bac9f567d9feb2c7c2d06ddfb8bc96af9567c3b00844acb61b9141fa671d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\grabber.gif

Filesize
858B

MD5
ccf39b06aa3282d0a1f9e7582418583d

SHA1
c0b32c82d1580b7c9a6fde4eded9612530d284c9

SHA256
f281e4469914b472b2371fd402e02dca347577b7803ca1ae99fa1beee5ae85a0

SHA512
086f1bb76afe867e5713d71a3979656afe4ff5d1f68952f2209f2e000b72566f4163f522cd1e9e7eaccd789d69f48718b6601959e4c4d78df8f8926bc7f030fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\hiddenWindow.html

Filesize
117B

MD5
0c016c31bf6369424576eb280c105866

SHA1
e3345fb059be0a17fec9f212f97eace0fe4ae119

SHA256
f3683ebdfe930d58f109e402c188eee2f13ec52640d20ef07bd238f6f72ba457

SHA512
d9bd1d20f690165f3f79f7515afdc97aa5275c4abead33919b30856284c0bd395c718e5dd1ddf73e3170b89a1f088ed7b1e3828828b546b45569de83be7acbd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\html.css

Filesize
11KB

MD5
c1db70980f5618e5fe044057c0d984fc

SHA1
cd69011765aa76dba81ad4a811c4057149a52dd9

SHA256
4958f0ab38dde8f064e8d98d5240b82a29accb5e663d3360d0dafff83071f167

SHA512
f460c73169993a9c999b0281c40dac04abd8cd4a18726879c0804c435308f49c6f0fe6f2e72452dbc542c7ee7fcbbf942ff014ca5309f0f9c255661ad38219ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\langGroups.properties

Filesize
5KB

MD5
7c05d46f10eccb94517a6f9c742ab346

SHA1
bd41d6514b279e478afbb1fb376e2fff7d26511a

SHA256
f941ab76bfd1b77b0ef539d100936b085d291fabac4bf21a00d681b17f154e7a

SHA512
0ed164126b5fd2d2870a59b87ff2d658e33189c92585735e5c75c86e1d16b83b29ca3debfdc389691dcd7cf680a754d72eaa73312b45375479af2b73ccde7ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\language.properties

Filesize
5KB

MD5
417cbd69d28cc5d69dc8b36ee0f48043

SHA1
074b45c48660c86c99d7bf8c51bcd1ea3e018c09

SHA256
2d8406f2775f7645548a064a8f6b6bab5da7fd1bf93adcf8b7a853bd4bb37530

SHA512
5a6af893017ae451bd8869ea7afe99feff742b5e76b044c486a075e6818784ea8c43209605acc1936030dce5d94adfd64d777f8ffbc8a271774973974dc6d75e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\loading-image.png

Filesize
268B

MD5
4e034e71f488fd65d9793938aa7d5f46

SHA1
fdabd4431087e4b4472fba611b8db09d23328661

SHA256
33d66a16ddce9ba7ae7a14f66a70aa79ece223e03dfafd44817077de511d0227

SHA512
21b8fe5d6d15746ca90f67af7781c74dfb3dd7971d7e06028e1eb0ff7d1a3d0f6613c77fba73e1502b7fcc07930f8642b25f9cefd1f5ad0e7c91dd735ef34425

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\mathml.css

Filesize
14KB

MD5
672e2b05f3967067be9f6fcdc0bd0704

SHA1
238dce2f2e6b2406c3df3065004cc084a241812c

SHA256
c6b58e7f7067175eaacdeea3d06af52e0613131fecb14a5081173d5b5d90de76

SHA512
212d09e56dac449fa430985e0610cef7ca64abfe7d096c16eb830ecf06651efd1941832dabb955194b73f5e49581a96a4db06e701d725f9b5bece8a57ea9b3cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\quirk.css

Filesize
11KB

MD5
8d47e93badde73f6505e609b2e54bc0c

SHA1
c6fb9248044af1b3096bd6e7e5dcaff4b8f8a984

SHA256
1a9bd37246fba785a81b72ea8dbdc4ee0ca02451220a60104194c2eef791399b

SHA512
d33231e8810aab21238b7b8e7f3b06843ef15042e791ad43ff9d0c4a0f8fb642b65738e9155322bbb39bbd50c2e98e249aa95f22e53f64f56343bf9d5dd51beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\svg.css

Filesize
2KB

MD5
f816576ac602927c1d80ae817cda389e

SHA1
fd16ae9a91420349e9dc151046448b188d5d179f

SHA256
ace13ed2521e2f0a5feef813120eb3450f991742f725422d0139ffe35880ccc7

SHA512
8d128180612d635e06860a721efdc0fa8f2c70d42da118913091f6ee4ef67e986fe0934f3024e55e12925f0f6a0fce5f17d1dbdb7a6a3ecffbe31817b83aef72

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-column-after-active.gif

Filesize
58B

MD5
55291a8dc9802ce8cbbc5d92aa98617e

SHA1
ae968f5b8766fd895e7097b3a40de7f1c594ba26

SHA256
d2701eb10b21db555251244ecffdf20f79b0372ba19d85ac16471e06a004d371

SHA512
9910745a007ae92e9ebc0e4625a86246105cd8eb5fe95110e95dff7efb415a2549ffc32b54fb06cad498f88c1848cbfd072f555c5c4c7090111e1135ca4d825a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-column-after-hover.gif

Filesize
826B

MD5
0c57685fbbd85c5eb8aa186019576972

SHA1
33675f50d10cbf4e7de38068a8c35692aa1de8be

SHA256
5b25b7884bf6be16aa6cf99875ceecf33c40d03c9f3cfec30625b8ad17bfdb5c

SHA512
6173d16da9ee4f8808df8ecd99d9acb147e09fd0071b311ee80f38409e92bf9d07c936d501d893f9c21279ebcdfc2dda07a8eed42f65cc4b056dded440bf8c1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-column-after.gif

Filesize
826B

MD5
feff9eba20bc5ffc063c0b659ddfecfa

SHA1
bffa6ac37f2d6aa9f030e7b428bc5ca5ca55218b

SHA256
c4a26dfcdf51f779b80ac85fc417f9c71bfb4544da6fde889de6180db5ea1b32

SHA512
09d5f9f1944554fc245d69625dfc5d98417b953ae3233ec48b580a1efa999d7a8ecd84289f285df5606ec544996297a22a0e1e58ffaf9fcb4e7517c8c4ab009e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-column-before-active.gif

Filesize
57B

MD5
220ac222b8234f8965f35732044dac31

SHA1
e531178014d8dde3295ecf51e0d4de28c9df7595

SHA256
f149f7c1cf9e31ae3918cc9c467c1f6feaeec6a94a8f12e95ba518c0d8f47309

SHA512
ffa55ca88d9658e7ab976978b57916e196da6480f14e1e514979c6776647c759d1dbaad15bc042edf2b279b6253e7ab92deba387171bc8063a12478741500c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-column-before-hover.gif

Filesize
825B

MD5
db5b629893e402162b24764d509337de

SHA1
6aa75faf4e9d7ce0c743d9f014d1349822efd64d

SHA256
ee08fb30bbf7a2bc1fa0351276c18d87315f43d1dcd6e721a076c7f4850d8576

SHA512
85ae25cf42e6acd82339d9e34792d7b9de16d38ab08e424beca0dd3129b64006a957074e3599b14402bf65a11f43f43e27023215c230fa2cff32be5f896d51fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-column-before.gif

Filesize
825B

MD5
2915b1ccccef8f1b4efe358744fc4a35

SHA1
d07472295c783f52842c727abe8e568bde27bc58

SHA256
7aa10dc5f73e868a1cc4790fc4c0de63f7c8be43d9557b5e3a63089fc576aefe

SHA512
6c5831a948c9f56c505b82504541d99b46c0baf475717f4629b12fac39f09ed47ea12bf8b8a2a6d8cc354aa49d573f4a0d50feaf78a4215a9919f0399a089195

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-row-after-active.gif

Filesize
57B

MD5
344e4cc9a285d380f55129af513192ba

SHA1
8d20541ad474eeff42515e77e81bbd91e5fcbe88

SHA256
6ff130978951266493cbbdcc6be6e0a4cfe249b6bc31c4dd0223849bdc493421

SHA512
918f9828ad4fb25effcab899d098e1c2767e35aac89407ac2a3ddf2fad0e3ba9f36780a49cfe4056716e0a3ef3d724f38bf2aafde97ae9208db47d10a7354130

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-row-after-hover.gif

Filesize
826B

MD5
73d91177fe9ee5a7d6f27f950fdaed06

SHA1
6cd76a918b50021f3baf7d0f535f1e7588232f52

SHA256
7f95f83b24a702e701808d2d294827c37a260c4cab54970d8a89cffca311aa3a

SHA512
2b03039a595bcf8e3569888682c016f599bbde90ae1db9b4abd0f5369cb388f3b71458e0f8b341dcc24faf7306c161eb937904c4b21a98628d3dda66afc14758

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-row-after.gif

Filesize
826B

MD5
86ea7058408e6573f06e35a22c381e5b

SHA1
9f55167f4843d25452419ad8b6856c491a7919d5

SHA256
4314043ba7acd3ff7d7b068c01039306a6162a706ed9e74ecb4ff9f81512b726

SHA512
b20a349a6d9b652b0a1b6932c7c8664736927b34529c44ccf2d4959d5b4a08c16b0ae568dde8417b0a4859eab54da3488b80abdeae4cacb33578065250c3e78f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-row-before-active.gif

Filesize
57B

MD5
e5a008df8ee0987d63554f36c1e4eecd

SHA1
22b4dcaf09843d1a4b73f3aea4de9a988fca277a

SHA256
b3364df0289ecfba9920e101b8563d36702170ce75fca5d4b8c7963566bf08ce

SHA512
548b046e705e0b27d775b89047e35ecb3ba24444ddb062799752be62e0717a16b2db972743f1b95448ece41f5911f5e1f9eb9ac40112d014ca90b7ff115dc829

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-row-before-hover.gif

Filesize
825B

MD5
3effbb21fc1ce4a3541ff129e61b6360

SHA1
226b23cd455176340c8c72f21481d6fa0ba438c7

SHA256
82d2c0c94973797f588c41cb17f5965d2979d42032b87a74a66b19b4ca881722

SHA512
e5e381b2ebcde5ca014634f44ec0463ad7a4ef44098c856e23c112dc84d62f25750fe4a22428617543bcd89424ea8b0e22525ecd11b98ecb49f06eeab846add0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-add-row-before.gif

Filesize
825B

MD5
3bca4df18e26d1d22adfdc990fcbbcdf

SHA1
71d14238f799191d3196f662de97445b2544e56f

SHA256
48a964d88c52616ebd70d146fdd7d98bf585c8488b997963842b0ecb5ee16cb3

SHA512
a900e17d2af8883f6ce87c334a2d806abcb7104ebfe34ef80a2230072b931bd013bbd55316bbdf5b9279842c1f13776ba809722aeff130be006d5a0fa8cab278

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\res\table-remove-column-active.gif

Filesize
835B

MD5
cdeeb11aaefc565b7e2e6de6c5122adb

SHA1
67c0bbae8ac6dd12cb66621f3539fae6971d91e0

SHA256
1ba095a2abd0fd53efb16480111e199cb06cdc0f7205c73691ce83e302af1c03

SHA512
b123401eaf3d0407638c1e0f3a17d102987b769139d83f2af346d5f5c3a1f16a7aab17bd9c046583542d15fbdcf11d24206a4bdf62885bf87b2aca4ecacb77a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\smime3.dll

Filesize
99KB

MD5
b51805d63ebe95a533123a2f216ad02f

SHA1
43c2271e948b9a142f06a372369e4fa26e6a07bd

SHA256
c7f1d0fb3f14ffe8ae670a65bc00069a54e069f7bb5278b5cd26c6e975111cf9

SHA512
f592c811077b47722c544f835bbfa0cfc78b9c50ae712e87f88442d8ea205dd541e40252a34c5dc623a1685f8a3b7344664316325cdb67b67303e8e71d8a29f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\softokn3.chk

Filesize
478B

MD5
d3fb960e8778c6d1699752438efce039

SHA1
6f3ca685887a2a7a18f47b4034cc4b7d038c0ebc

SHA256
2e2b3bbbddfc2865222146b2945e7f35dc3465a9cc77ca14b4e672016e9457d4

SHA512
6111300fadfd1bc2bd7638989f9f708ff69254ced695d68d9f8d473516f8188002c0e6fed5c9bd53f1af840a8f217ee5d2c117e686875359d5016bce4a9e3ae1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\softokn3.dll

Filesize
152KB

MD5
f67130317ba9fd0535b6cc0bc5fb0ea3

SHA1
6e649037c7e1eff9342e9ffa3bef2efb29713a22

SHA256
f553a6c66ee6ded56eeca6306a573170d1627362fc462ba133931244cd0db00a

SHA512
e163a327264c23737cdbb349574540df9580a6f441283a966b322d7731f9712ad1488ea704eaaf659ba1a99d176a2c5c8bd043384acc7f1375ba3600d47c9e6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\sqlite3.dll

Filesize
459KB

MD5
35eb2e7ab4985db9e7b0bd111b7de5bf

SHA1
2867efbec5013be8af1ea5b728c443bd52ed8259

SHA256
94f18f1fabe384e2cb24e755622326063b60b5c61631737214690bc6b5becc26

SHA512
21f53b4726f3601bce00943dd6437373f88e409293cb08d54e0298aa883b823d03cb36c324521023d21d76cb9294f0135e3ea2c7b279c9117408fd72ed470c65

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\ssl3.dll

Filesize
135KB

MD5
ac620b070a1f31ee2dfe3f28d4e6c385

SHA1
2e9eb77b82ddeb097e36c5f6f651871e0bf8f5b7

SHA256
2afadfc70bc123f5d7120250695d8ec3ceefcde524fb6d5f40a50b559fa6acbf

SHA512
d7ce1d185388fb9f25297eb330ff8b1ba5d816d00729fefd4f87727e9de3ccca047eaeab07128fe3a787174d859c57180dc9889952fed61520a38d330d6234cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\updater.exe

Filesize
247KB

MD5
2c6be05ca445ad07fdbe06663a76902d

SHA1
337e6dae01201b69243f6de2b639df75620eee8c

SHA256
6d6ad78fa95e0578aaa9172e336f1387898af8723cb4d8399f6ca8cb1b846afd

SHA512
dad22fda7edf9b91087c508bf637f1b8a844906d73f706225cfeffd8b0c1d5645c45782dc6dd9f6cf1f3a1627c239ffdc8347ea7ca4829a6a7d70ef575c1dcda

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\xpcom.dll

Filesize
15KB

MD5
a48d2af923d84136d367e4d809e5ddb8

SHA1
c266c9d9d2f9f4ee49c35ebeed76439f39248c69

SHA256
7554e0a5a3c89f5610a7dcb95873fee1d9bb22cecb1adc185004b340f1e2c007

SHA512
4203ae9f8335ade353692714055d21258e0980013ffb2a00c4dbe558902e1c5ce2c94ba776a8e6495d986612bbfdfacb1672742524b72bd62353c6ded24b31f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\nonlocalized\xul.dll

Filesize
9.8MB

MD5
46918f2f1cf26beaf48f1178e9bbff8b

SHA1
782eed158e8f3232d95d4b3d29922dafa9866f3a

SHA256
be2cba3e42876a3d1df5ade006b503559a7d9111263c48167704cdd3e63295fc

SHA512
2e37b735f5b18d738466fa8c281a24c9ae9baa84347bc10b74facd1f0fe4a15118fe40efccfae01e00b0cd078735d73951e359eb8ff0ad5e74c6becd4a8f1500

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS99CF.tmp\setup.exe

Filesize
561KB

MD5
41a8e43c35e1599ca1d8eff1cee75806

SHA1
1fe5c6238d815767c3f7fb54094653d09dfaf9ab

SHA256
497d8f68b0f1a4f4824439d326cbaa7eb82576743652e4c7db03036aefc4efee

SHA512
6b85f7dbb38d67b0a179d40db656bd4299047cfac55343651f1e38a5aac29726909e2c9277648774c84ca9f215a38bbfede18728e21c5472b2bbb5fe78d2709a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\AppAssocReg.dll

Filesize
4KB

MD5
1145a8e66064f36640e62e7ed58472bd

SHA1
e0416facc56fd30581f15bda522216ba586736ba

SHA256
386c19010f04c04a3a0071cce09f7a2c10393392c7ca5877becc437ad9d31d37

SHA512
0c68a0d27dffe3a2a9d3a41ca80418c051b069f70923a0621a341cb9167422d12215114de88c852223ca7dce651233a0d92b426349de41c5ca6988c1a8bb3a45

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\InstallOptions.dll

Filesize
15KB

MD5
6982595ed8bad3e983d6200201b9a1ab

SHA1
ddf3790820f6800e975e2293d46c95e1429b1d3d

SHA256
efb07b38b205f4dcde166887df43c089cfecff627099922cc0c88fce27075063

SHA512
3bf611bf9792b275632dc6980bb8f8ff522109db7365c936b2a340d2997ace6658af6dce3c8082de4e3a5b64cd2324ac21f67de061908933666fb1aa529a6eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\System.dll

Filesize
9KB

MD5
ae182dc797cd9ad2c025066692fc041b

SHA1
7ee5f057be9febfa77f698a1b12213a5bbdd4742

SHA256
b214f6d6c4d27f749105f7e8846a7c2d475dbcc966876370b5a7dab6e4b8a471

SHA512
2a9a200d067df47638a86f4f058c6d78fb59bd064c65650cae5022a62a3714e33f93f6af1dd599fda180d5af18f432835a1f909807f4fb459aa9d6c24e3fbab7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\UAC.dll

Filesize
17KB

MD5
9f3dbabc38f2380a9ca5f00a5a726ddd

SHA1
018b149d04fa0333d5688b3ec242f43c7029157f

SHA256
510096b146cf47fd9679f27c473551f9083dffa7c0df3f0188b7903c3e5ee1c1

SHA512
fa96ce64cdbbe5294f50e3de99f81b625a2e6eec86f2cbb0c04bebdec6ec05839c445c9dd50099827c40c0cca99dff5031a98574628ba61a0f543930d66d3ef9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\ioSpecial.ini

Filesize
1KB

MD5
2d8ba7038b6db0b8c82ffe815f5a2288

SHA1
49a1381d96e0aac886b96abde02067c04de1a7ec

SHA256
2c0c19d3b9ff3ab75e02ca03b705f993e4a199210ffbb0075bb82dde7259f03a

SHA512
52e09867a3a567f2d3510055f06031c218ef4622705c36a238cedaac805101e7b8bf8a1d3b828dfbd5089028d0fb6a81b65406fcca9a8153a712cdf9be260b15

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\ioSpecial.ini

Filesize
1KB

MD5
2ab0d2f124a3586bc719397e940d0bb6

SHA1
8d5b748ef71e124dd252836f275901c8fd1e22e4

SHA256
7df1457866d13b6f6ae3ce385ec92c010928b3b57271dd6f1be0bd2d9d425396

SHA512
e8028a022b2b610e66069e5ca0536c4e3f5e026b915e376630c88ff046dfc87014fe6cdc90a81fa38861fb91f0e1b6e37e56fbdf7ee34403b0d551be96335ae3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\ioSpecial.ini

Filesize
798B

MD5
5d4b337adbb6e1def24e45e52f1736f1

SHA1
e6d21cb12c65f77ced8d5508ae355e2ecc2927ab

SHA256
5d4ca130a4e0c4bd142e3726fd4a248b718ba92928275c5c24986a817da9c7cc

SHA512
4486041b5485416a3b94b6cb424465be3d4d89a9f0e20cab9cc971c485beed14a2287594f1f3f730e3d90309892c067bbea52932dfb2c7a63fa0adf49c3cfb8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\ioSpecial.ini

Filesize
1KB

MD5
1d0ad9645a2e99ea7d06bbf47abcea3c

SHA1
82fad9e9ba50a845ae8f57a9fdeebe8b62075e60

SHA256
ddfd1a83d7abcc324c335e79ca8a82302358796ac024788d8739f2226b257ac3

SHA512
347df9723252465e491dfa807c14bd355a7da92b8f84703b53b4521494e526ed1d3c8164b9bda51012861a67cec629fc2bbf1e5051c1b66f4186b55078159ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\options.ini

Filesize
1KB

MD5
1677d00748fce98535bff9d2f20f9798

SHA1
f7df9cf959d2701a8bdbb691c5b8b694ab0a876d

SHA256
e883488790815590fe285aebc3d533b8239b001d78c7c0c556d027c278adb97c

SHA512
9d9b7267e5fb34f9a5e486d321d5b7671a71263932685e75ab84f11addc5be9525fe3f741544fc516a06b4b75872bcbe5862aef97ae0fcb2c31d29f19b8851a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\options.ini

Filesize
1KB

MD5
50948a044d6fabd905fdf527723a07aa

SHA1
16a2d4b326d29087313f8bb771082a7959af9ef1

SHA256
54d26dfd6170d890caa2f2e759f0f22fa5a5ea251fa23abcbd059977c89bda4a

SHA512
b1896ab6661cca3dc75bc4262a677bc86711439035aaba5997790cb9c37bc2d049ee40ffd3bbea999681715fa1ac47d7d4518e99687e696e4b99d6eb0dedd751

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\shortcuts.ini

Filesize
902B

MD5
42b5e716e4c42d7f6245c53625dae897

SHA1
96d8bdc194d822b364079cca6d5f366794a83a69

SHA256
c7e19d4160bc22861675597e90cfa09abd972397afa31888130fbe47e288a775

SHA512
2941465503ccaf5b325763f0cf497154d175fefa5f4b4001c2fe27e5c8184e4dbc903bf2e410be425d4b5cbaa2595bceb312329b5ad200f4ae2d03eaa96b63bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\summary.ini

Filesize
904B

MD5
5a5f5a499568e155a3edee6e2b37960e

SHA1
d1e1d7f8609301b51f053447b629149b7a0d492d

SHA256
10819d53e2f8d51393ae002a525348615567ae9a1ee50cffbe9b479f53c1468e

SHA512
4be45ee37f9a66c78c4f142c3d77d0d3c74984c30e08f562487ae607d49a0d4c571982e1721f1f83e70647981eb255e94621cd0342525eea747b7b36ec3aaa34

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaA113.tmp\summary.ini

Filesize
1KB

MD5
7abdc45e1ded758bcced3cc65b7ea7d2

SHA1
34729d7012c120906656a0a1a55073e2a0278f4f

SHA256
790442a5e5cae206565b09be67bc11d4e25032b591c1981cb6f524766aad2aaf

SHA512
693fd1740ab97c709e45cc78af0dd94893fff8584fc2798060ceafa26a7ac405ff53885483d9290eff222c1419d61691cdea2bd39e9f6c992e3cebf1608d9b90

Download Submit
C:\Users\Admin\AppData\Roaming\CometNetwork\CometBird\Profiles\3zy4wnbi.default\bookmarks.html

Filesize
1KB

MD5
837bd96beb1c73916793478735fd3f53

SHA1
950297c62011719de6e34422a2941f887f45429d

SHA256
43522ee8f1d7cdd5d7d4734d49b9c03c229b237af61192f8366fe5640fa17a23

SHA512
9206a3ab60f972e6f7cc8d1a8c5979a5779b2cda3de72defb2509b9a0f7ca0030506643141efbd6a5646c6baca2faf177dcf3ea01d1a1e6f2e3370f3b0453bad

Download Submit
C:\Users\Admin\AppData\Roaming\CometNetwork\CometBird\Profiles\3zy4wnbi.default\chrome\userChrome-example.css

Filesize
959B

MD5
c63733eef9d337c86e6609bcc478a668

SHA1
68fbf7ff28aa42a11d28474a1f3535e8f4da3083

SHA256
57ee0bacf83e994a52d2b70a9d27ff81958c5fa49bd116e2f465922a64c40681

SHA512
576d3216f702d42fd01f3913b9c9909d09a19a23468c7f1608b1ed8608835205e34a18376464c510d92d237ceccd8d1f23e7a87da83b73b127b22186febf08bc

Download Submit
C:\Users\Admin\AppData\Roaming\CometNetwork\CometBird\Profiles\3zy4wnbi.default\chrome\userContent-example.css

Filesize
663B

MD5
d3765c7d2de5626529195007f4b7144a

SHA1
257aab5a68752a4de9375aa50809f3faa8b83b26

SHA256
10cd5c7d7fb1f6f1123893530099888822c6cb8a4a41584534c2d2eba38f5ba9

SHA512
ca8e87d31f8df9fa1f9c46a51aa2960b980949c4e5b360c82297a5ebb3a823f7c63fc8ada7db53f8e7fa25cf409d33d492f573e5ab061ec7659204577f4f0545

Download Submit
C:\Users\Admin\AppData\Roaming\CometNetwork\CometBird\Profiles\3zy4wnbi.default\localstore.rdf

Filesize
153B

MD5
ea03cc19c2a3f622fa557cd8ea9da6eb

SHA1
2d8aee4b5cbfb5e1c08f2a4c9af2110bc1262b11

SHA256
f72301be0ecb4ce64e26fb8ee57cf4bea3dc8c8f3830f2fd0c91ae893ab5e592

SHA512
06f6f5bdb6609f0e72291ef82aaf55c035fa1fdc0906debbd7807549d6b61579428585b91ceadcb8aba511ef7a144c9636c6216afedd9753bd26e4e72f49c330

Download Submit
C:\Users\Admin\AppData\Roaming\CometNetwork\CometBird\Profiles\3zy4wnbi.default\mimeTypes.rdf

Filesize
356B

MD5
6047f42624d9930caa8d651fa94d28f1

SHA1
ebe84276ea707bf822cf6673064a2c3a6de1d22d

SHA256
c9aebb4219a0e86565a9399c14b70219ea4f066464102848010cefc425d72008

SHA512
f9b83f91669152a5ca10c95a9fdd502f6a4f7124c76c0fc1958c781d8b1e09e2b28f27705b390b31af23793ac31a709a6f29d5cb00595b0eb8fbeb33a50aafd9

Download Submit
C:\Users\Admin\AppData\Roaming\CometNetwork\CometBird\Profiles\3zy4wnbi.default\prefs.js

Filesize
347B

MD5
99940ecd258d83b3355ab06fca0ffddb

SHA1
8d94cf5c736408c218bd7e483cea3357124d232f

SHA256
0a9bcb3c03867313418c0a1e97eed0f016a3c37ca56d16793df8df90e2f2a212

SHA512
057432f34bc2daf33eb2d4ea7a182521e4edb39c4229fccb875615d7d42d405a642e09974ee8d59d1bd018e328126ad8e6dab7d6a2b6ee6a77734c7785ea75b0

Download Submit
memory/2500-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2500-970-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3596-2021-0x0000000001030000-0x0000000001044000-memory.dmp

Filesize
80KB

Download
memory/3596-2015-0x0000000000ED0000-0x0000000000EE8000-memory.dmp

Filesize
96KB

Download
memory/3596-2017-0x0000000001000000-0x0000000001021000-memory.dmp

Filesize
132KB

Download
memory/3596-2019-0x0000000001100000-0x000000000119D000-memory.dmp

Filesize
628KB

Download
memory/3596-2042-0x0000000003DF0000-0x0000000003E00000-memory.dmp

Filesize
64KB

Download
memory/4812-1973-0x00000000014F0000-0x0000000001511000-memory.dmp

Filesize
132KB

Download
memory/4812-1974-0x0000000001520000-0x00000000015BD000-memory.dmp

Filesize
628KB

Download
memory/4812-1970-0x00000000014D0000-0x00000000014E8000-memory.dmp

Filesize
96KB

Download
memory/4812-1976-0x00000000015C0000-0x00000000015D4000-memory.dmp

Filesize
80KB

Download