2da40e18b4a3f1027d9e1e07a16c26c4e0afe59ccecf14e77fcd54115dd25d97

Analysis

max time kernel
593s
max time network
400s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-10-2024 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.0.154_chromesetup_154_59.exe
Size

19.7MB
MD5

44688f6107193f3fa31811a3c91e5f0b
SHA1

84450a1864681ca6bed45400078d3de26e74d476
SHA256

2da40e18b4a3f1027d9e1e07a16c26c4e0afe59ccecf14e77fcd54115dd25d97
SHA512

cd1e43fe03fdee8ef56b5a8fd7d8ee5ea5b380a4478e007adea63c6abac5b22345564d8fd63fa6c2d54d001adf837a4cad16fe74cf01d66c039953e5e3ee874b
SSDEEP

393216:HMuEZsl6FeKZhbGoJWEk4H91e8wbKskQr2XA0bH8g2CD6CH:HM6knbGkQ8J22wa20

Score

7^/10

discovery evasion persistence trojan

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2428	1.0.154_chromesetup_154_59.tmp
2628	update.exe
548	update.exe
352	1.0.154_chromesetup_154_59.exe
1648	setup.exe
1760	update.exe
2040	helper.exe

Loads dropped DLL 60 IoCs

pid	Process
2096	1.0.154_chromesetup_154_59.exe
2428	1.0.154_chromesetup_154_59.tmp
2428	1.0.154_chromesetup_154_59.tmp
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
2628	update.exe
548	update.exe
548	update.exe
548	update.exe
548	update.exe
548	update.exe
548	update.exe
548	update.exe
548	update.exe
548	update.exe
548	update.exe
548	update.exe
548	update.exe
2428	1.0.154_chromesetup_154_59.tmp
548	update.exe
548	update.exe
352	1.0.154_chromesetup_154_59.exe
548	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe
2040	helper.exe
1760	update.exe
1760	update.exe
1760	update.exe
1760	update.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox = "\"C:\\Program Files (x86)\\Common Files\\Godfather\\update.exe\" about:robots"	update.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	update.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Godfather\components\xpti.dat.tmp	update.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\DPX\setupact.log	expand.exe
File opened for modification	C:\Windows\Logs\DPX\setuperr.log	expand.exe
File opened for modification	C:\Windows\nsreg.dat	update.exe
File created	C:\Windows\nsreg.dat	update.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	helper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1.0.154_chromesetup_154_59.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1.0.154_chromesetup_154_59.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	expand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1.0.154_chromesetup_154_59.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	update.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2428	1.0.154_chromesetup_154_59.tmp
2428	1.0.154_chromesetup_154_59.tmp

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2428	1.0.154_chromesetup_154_59.tmp
1760	update.exe

Suspicious use of WriteProcessMemory 50 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2428	2096	1.0.154_chromesetup_154_59.exe	30
PID 2096 wrote to memory of 2428	2096	1.0.154_chromesetup_154_59.exe	30
PID 2096 wrote to memory of 2428	2096	1.0.154_chromesetup_154_59.exe	30
PID 2096 wrote to memory of 2428	2096	1.0.154_chromesetup_154_59.exe	30
PID 2096 wrote to memory of 2428	2096	1.0.154_chromesetup_154_59.exe	30
PID 2096 wrote to memory of 2428	2096	1.0.154_chromesetup_154_59.exe	30
PID 2096 wrote to memory of 2428	2096	1.0.154_chromesetup_154_59.exe	30
PID 2428 wrote to memory of 2628	2428	1.0.154_chromesetup_154_59.tmp	31
PID 2428 wrote to memory of 2628	2428	1.0.154_chromesetup_154_59.tmp	31
PID 2428 wrote to memory of 2628	2428	1.0.154_chromesetup_154_59.tmp	31
PID 2428 wrote to memory of 2628	2428	1.0.154_chromesetup_154_59.tmp	31
PID 2428 wrote to memory of 2628	2428	1.0.154_chromesetup_154_59.tmp	31
PID 2428 wrote to memory of 2628	2428	1.0.154_chromesetup_154_59.tmp	31
PID 2428 wrote to memory of 2628	2428	1.0.154_chromesetup_154_59.tmp	31
PID 2628 wrote to memory of 548	2628	update.exe	32
PID 2628 wrote to memory of 548	2628	update.exe	32
PID 2628 wrote to memory of 548	2628	update.exe	32
PID 2628 wrote to memory of 548	2628	update.exe	32
PID 2628 wrote to memory of 548	2628	update.exe	32
PID 2628 wrote to memory of 548	2628	update.exe	32
PID 2628 wrote to memory of 548	2628	update.exe	32
PID 2428 wrote to memory of 352	2428	1.0.154_chromesetup_154_59.tmp	34
PID 2428 wrote to memory of 352	2428	1.0.154_chromesetup_154_59.tmp	34
PID 2428 wrote to memory of 352	2428	1.0.154_chromesetup_154_59.tmp	34
PID 2428 wrote to memory of 352	2428	1.0.154_chromesetup_154_59.tmp	34
PID 2428 wrote to memory of 352	2428	1.0.154_chromesetup_154_59.tmp	34
PID 2428 wrote to memory of 352	2428	1.0.154_chromesetup_154_59.tmp	34
PID 2428 wrote to memory of 352	2428	1.0.154_chromesetup_154_59.tmp	34
PID 352 wrote to memory of 1972	352	1.0.154_chromesetup_154_59.exe	35
PID 352 wrote to memory of 1972	352	1.0.154_chromesetup_154_59.exe	35
PID 352 wrote to memory of 1972	352	1.0.154_chromesetup_154_59.exe	35
PID 352 wrote to memory of 1972	352	1.0.154_chromesetup_154_59.exe	35
PID 352 wrote to memory of 1648	352	1.0.154_chromesetup_154_59.exe	37
PID 352 wrote to memory of 1648	352	1.0.154_chromesetup_154_59.exe	37
PID 352 wrote to memory of 1648	352	1.0.154_chromesetup_154_59.exe	37
PID 352 wrote to memory of 1648	352	1.0.154_chromesetup_154_59.exe	37
PID 352 wrote to memory of 1648	352	1.0.154_chromesetup_154_59.exe	37
PID 352 wrote to memory of 1648	352	1.0.154_chromesetup_154_59.exe	37
PID 352 wrote to memory of 1648	352	1.0.154_chromesetup_154_59.exe	37
PID 548 wrote to memory of 1760	548	update.exe	38
PID 548 wrote to memory of 1760	548	update.exe	38
PID 548 wrote to memory of 1760	548	update.exe	38
PID 548 wrote to memory of 1760	548	update.exe	38
PID 548 wrote to memory of 1760	548	update.exe	38
PID 548 wrote to memory of 1760	548	update.exe	38
PID 548 wrote to memory of 1760	548	update.exe	38
PID 1760 wrote to memory of 2040	1760	update.exe	39
PID 1760 wrote to memory of 2040	1760	update.exe	39
PID 1760 wrote to memory of 2040	1760	update.exe	39
PID 1760 wrote to memory of 2040	1760	update.exe	39

C:\Users\Admin\AppData\Local\Temp\1.0.154_chromesetup_154_59.exe
"C:\Users\Admin\AppData\Local\Temp\1.0.154_chromesetup_154_59.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Users\Admin\AppData\Local\Temp\is-5IRDH.tmp\1.0.154_chromesetup_154_59.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5IRDH.tmp\1.0.154_chromesetup_154_59.tmp" /SL5="$40150,20387928,57856,C:\Users\Admin\AppData\Local\Temp\1.0.154_chromesetup_154_59.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Program Files (x86)\Common Files\Godfather\update.exe
    "C:\Program Files (x86)\Common Files\Godfather\update.exe" about:robots
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Program Files (x86)\Common Files\Godfather\update.exe
      "C:\Program Files (x86)\Common Files\Godfather\update.exe" about:robots
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:548
    - - C:\Program Files (x86)\Common Files\Godfather\update.exe
        
        "C:\Program Files (x86)\Common Files\Godfather\update.exe" about:robots
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Checks whether UAC is enabled
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:1760
      - C:\Program Files (x86)\Common Files\Godfather\uninstall\helper.exe
        
        "C:\Program Files (x86)\Common Files\Godfather\uninstall\helper.exe" /SetAsDefaultAppUser
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2040
- - C:\Users\Admin\AppData\Roaming\1.0.154_chromesetup_154_59.exe
    "C:\Users\Admin\AppData\Roaming\1.0.154_chromesetup_154_59.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:352
  - - C:\Windows\SysWOW64\expand.exe
      expand.exe -r "C:\Users\Admin\AppData\Local\Temp\CR_D50B.tmp\SETUP.EX_"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\CR_D50B.tmp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\CR_D50B.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_D50B.tmp\CHROME.PACKED.7Z"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Godfather\application.ini

Filesize
2KB

MD5
9828130efaa3d6ca46026b17f4c3e816

SHA1
c8c7af5110a707f1d4fbb5d601d6e38145623797

SHA256
31a2a25e4546fc6b0fc2015a0f902aa70ce2bab54521af652728087cb9224bfd

SHA512
1c9472668c4c0616b010cdcaabdb02bd26926096109f93cab8e288e250a31253f184d02b9e17d63c702a98ed5be559eddfffa345947fc3410c921986f81cc973

Download Submit
C:\Program Files (x86)\Common Files\Godfather\components\browser.xpt

Filesize
360KB

MD5
590be06a17c07196ac07517f1d43a045

SHA1
8594a20782dd80bf1b7587cbc84ae88f3253db24

SHA256
6322575c1097d640a2a4276a605919a9e7645b3fbb4ae208ba4627a5d5b38f01

SHA512
397a1e337d7ad1478ecf42bc2ced6a8d513684c8f9c3371917b9db6a0b6ee324136784e4949230d37594dfcc0bae409f8d3c5f9f0058bce0fa7424a8c2d52e18

Download Submit
C:\Program Files (x86)\Common Files\Godfather\components\compreg.dat

Filesize
143KB

MD5
5f9fb9c58c4fcb31ecaefc977a6fc87c

SHA1
ea7efd8328e7fd503cdc4e58bc84e189863a0eaa

SHA256
6630bba2136566d4ba9608f77767e3b878abdeedc6f59552489da5e316215394

SHA512
6724a193fd28c9e8869f5454403cb4ceea4e6631e71b0e1eda136996a0779228ebea94e514e685bec9129d8d0bb7eb561f21e37277ad0ec738361fde13d72739

Download Submit
C:\Program Files (x86)\Common Files\Godfather\components\xpti.dat

Filesize
99KB

MD5
ada6e90fe7605d5803c7cfd2ab3293d6

SHA1
34a1f6c3ad947b992714aabd9f240ffcd689b9f3

SHA256
5000f1c4b9edcf59043a08fbcee08edc38bc09d5b42b2b1b578823748d438c75

SHA512
f411a490b1de615bc44f8b60adfbdc52d3b745a89f5735f8c9664322906e6ab250c1a420d346e5299a11ce5b6aebbc651458b7979b9470c707cfc8bd632d9171

Download Submit
C:\Program Files (x86)\Common Files\Godfather\defaults\profile\bookmarks.html

Filesize
6KB

MD5
6410c513bc09a48d7122eb1307bb8e6a

SHA1
b5365f156c0f11eaaebf08d6d0c64a3bd83745c9

SHA256
20ea863f739de4cc9fd0f83a4aea5aab4ca87ae0d0bc92c85fac6d4a456b78e0

SHA512
8ed27e2815443a8985c094865059bc684dbb6fcb44c8ad8ad81c789d5bcc9340d980930588b45d1e4fd41d2840bd9b3a4e1d9c0d64ce82470cc88d3dc848e2c9

Download Submit
C:\Program Files (x86)\Common Files\Godfather\defaults\profile\chromeuserChrome-example.css

Filesize
959B

MD5
c63733eef9d337c86e6609bcc478a668

SHA1
68fbf7ff28aa42a11d28474a1f3535e8f4da3083

SHA256
57ee0bacf83e994a52d2b70a9d27ff81958c5fa49bd116e2f465922a64c40681

SHA512
576d3216f702d42fd01f3913b9c9909d09a19a23468c7f1608b1ed8608835205e34a18376464c510d92d237ceccd8d1f23e7a87da83b73b127b22186febf08bc

Download Submit
C:\Program Files (x86)\Common Files\Godfather\defaults\profile\chromeuserContent-example.css

Filesize
663B

MD5
d3765c7d2de5626529195007f4b7144a

SHA1
257aab5a68752a4de9375aa50809f3faa8b83b26

SHA256
10cd5c7d7fb1f6f1123893530099888822c6cb8a4a41584534c2d2eba38f5ba9

SHA512
ca8e87d31f8df9fa1f9c46a51aa2960b980949c4e5b360c82297a5ebb3a823f7c63fc8ada7db53f8e7fa25cf409d33d492f573e5ab061ec7659204577f4f0545

Download Submit
C:\Program Files (x86)\Common Files\Godfather\defaults\profile\localstore.rdf

Filesize
153B

MD5
ea03cc19c2a3f622fa557cd8ea9da6eb

SHA1
2d8aee4b5cbfb5e1c08f2a4c9af2110bc1262b11

SHA256
f72301be0ecb4ce64e26fb8ee57cf4bea3dc8c8f3830f2fd0c91ae893ab5e592

SHA512
06f6f5bdb6609f0e72291ef82aaf55c035fa1fdc0906debbd7807549d6b61579428585b91ceadcb8aba511ef7a144c9636c6216afedd9753bd26e4e72f49c330

Download Submit
C:\Program Files (x86)\Common Files\Godfather\defaults\profile\mimeTypes.rdf

Filesize
356B

MD5
6047f42624d9930caa8d651fa94d28f1

SHA1
ebe84276ea707bf822cf6673064a2c3a6de1d22d

SHA256
c9aebb4219a0e86565a9399c14b70219ea4f066464102848010cefc425d72008

SHA512
f9b83f91669152a5ca10c95a9fdd502f6a4f7124c76c0fc1958c781d8b1e09e2b28f27705b390b31af23793ac31a709a6f29d5cb00595b0eb8fbeb33a50aafd9

Download Submit
C:\Program Files (x86)\Common Files\Godfather\defaults\profile\prefs.js

Filesize
347B

MD5
99940ecd258d83b3355ab06fca0ffddb

SHA1
8d94cf5c736408c218bd7e483cea3357124d232f

SHA256
0a9bcb3c03867313418c0a1e97eed0f016a3c37ca56d16793df8df90e2f2a212

SHA512
057432f34bc2daf33eb2d4ea7a182521e4edb39c4229fccb875615d7d42d405a642e09974ee8d59d1bd018e328126ad8e6dab7d6a2b6ee6a77734c7785ea75b0

Download Submit
C:\Program Files (x86)\Common Files\Godfather\platform.ini

Filesize
141B

MD5
d10568fb5f573e8fb0b6c4033f815def

SHA1
df02855d88037ae1e5cb47fda7259c853c0d213e

SHA256
d1b795356b770c5104c984558eec08c21eaec4cde6f02b771d6050aba84b6a0d

SHA512
c835d02aeb7d1a56d0a7fb08ae07c7662a035493309ed373dd134f9513a7135f0f6c39e7d0275dac09ac71bd1af88b27a4001ff097d95ebe9778ea20d1b6ac7e

Download Submit
C:\Program Files (x86)\Common Files\Godfather\xul.dll

Filesize
11.1MB

MD5
d8d6a85ccd70aa242a3cebe1924d6e55

SHA1
6fef5ec92eb442e1ac960a01f254551b3ea951fc

SHA256
7202ea84008d94e09abb86f170beb50def74e58bf3ec320469bb91baadd9c92d

SHA512
e202b2ddd02475babbf1d12a3dc86f60d578b97f6bdbcf7d9845aa62149744049d622719605519cca674db28f960deb780d837e4f99a0fcecc433aedb52a0d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoE4B5.tmp\System.dll

Filesize
9KB

MD5
ae182dc797cd9ad2c025066692fc041b

SHA1
7ee5f057be9febfa77f698a1b12213a5bbdd4742

SHA256
b214f6d6c4d27f749105f7e8846a7c2d475dbcc966876370b5a7dab6e4b8a471

SHA512
2a9a200d067df47638a86f4f058c6d78fb59bd064c65650cae5022a62a3714e33f93f6af1dd599fda180d5af18f432835a1f909807f4fb459aa9d6c24e3fbab7

Download Submit
C:\Users\Admin\AppData\Roaming\1.0.154_chromesetup_154_59.exe

Filesize
8.4MB

MD5
e11e70ba243800626d17e3ffa6c9fb71

SHA1
5d2af9b1cf073963450b449177dab9eaac1585d7

SHA256
f0ffb4eb4baa73672a2390097d2a7fc1e2dd94a99f20992984ea408cacbd5c17

SHA512
06d0de74d1c4fbf47a1cbb878882fa330501e134649db3499d8d9a42ec3a7df8274b28aae3fa56ef9255c1daa219cf8e2795f84da7430ec959f19daa27491f91

Download Submit
C:\Users\Admin\AppData\Roaming\AMozilla\AFirefox\Crash Reports\InstallTime20100401080539

Filesize
10B

MD5
759ef7d27ed48a4d2b0601364354afe5

SHA1
10bf3ce8d52cf0065136e9ad58eb1a7fd349fa56

SHA256
d3c07060da6ec1e383b0a4945defef596dbe76ebabdbb58a1f3e12b2226abd55

SHA512
e57a6441731a899c1487c5da28e4de7402a48073933bda50a556745b2792e9ffb0ed37451736a8c0b6378e71f5f817350e2e11c7e2e32a7e4a2ccfe1c96a375c

Download Submit
C:\Users\Admin\AppData\Roaming\AMozilla\AFirefox\Profiles\di9yamyk.default\pluginreg.dat

Filesize
1KB

MD5
603702bedfb7fa467ed375cfebd85d9c

SHA1
59b69e21e4bebe68b7d585ef3a5f9d2b777d6cc7

SHA256
a6b86ebaece7448dc14764a9a53d4af75e12043c80cd6e053d02dbe008f9d5a0

SHA512
172fa9abf0bf7f58c10f7de15d3ea83a24ed64c079755790bbf1a63a6ce68b96dc4be51ad83c16e4b11e08315b12d8f9e4ea4bdd20ac272d13842d08cad9b8dd

Download Submit
C:\Users\Admin\AppData\Roaming\AMozilla\AFirefox\Profiles\di9yamyk.default\xpti.dat

Filesize
99KB

MD5
6eec0b5335f5553223fc4b86ef53fe79

SHA1
d396ed92318d59c5312f9548c561f37473b40f3e

SHA256
cbdd0f2ca8789008b14e5d2291f654e0eb56b07bfce2b2f5abb07856e4fd5fbe

SHA512
d66b36029f81c2f2a71402a8ab241ec22823b86fcc8c771966a7a000177ac5014f2854e9585817672577d00b423e34098feba3c90b5babb0a1dafce321709418

Download Submit
C:\Users\Admin\AppData\Roaming\AMozilla\AFirefox\profiles.ini

Filesize
111B

MD5
f5a845cc5ac7b7ed1cf097eafcacba9f

SHA1
3920f1b6d8d3690eadcea3b85a9fe067ce214d49

SHA256
d40e288a48ac5ddbc3e056841eb5855cc8eb76011fe8a87b5c7f3c3195d98540

SHA512
e63d83e09be37c595a491c7e075a8febaca475a5aa305caf57b95e229817986e37b583e54c08164484217dcd5a16e92ecac5185d9692b32ff0ce1296e4d99906

Download Submit
\Program Files (x86)\Common Files\Godfather\components\browserdirprovider.dll

Filesize
22KB

MD5
01fbfcffaaf7091a555e674e8fc890c4

SHA1
e644fc6f975e6b042ee07aabae83c39d97f60d27

SHA256
9ebf2c11953a05415f195b2e69a18cbad679e33b37a892a3533466132f8c142d

SHA512
72db595ced7c691ccf79bb3b3fd8d8953dd197cca63101f05de58dfabbce794ac9f4ae769893d327dc525082e73821ce92d49d0c43b43f8a94bf40b934023e4f

Download Submit
\Program Files (x86)\Common Files\Godfather\components\brwsrcmp.dll

Filesize
135KB

MD5
f0374273b79d0cf862651afc4342db69

SHA1
ec72d92c426f671523a9b37928c3bbfde3d9c380

SHA256
78b42a7ea171b7ed475e30a2c69a9b2a52e14121002cc375ed0cbb4991bb6781

SHA512
443368afbf5e07d29609174df2b321a8c49e61731cfce62ef04427622d288a8319afa2fb5f896051fea5abf8c5a675bc6ebe3fcd83e7714734c3485074275dbe

Download Submit
\Program Files (x86)\Common Files\Godfather\js3250.dll

Filesize
991KB

MD5
c04d65c3c95ea9df14bae7aca8cfb960

SHA1
19898e323877c76a4921abed0e073f65e21997a6

SHA256
ae1fde9da320be1cd322209419f3f8cbe527058aed1a678bc07bc7c64ee4b360

SHA512
3196f73af6b4ba9762f4de6a17e867e05615d76b2777adaebdca0384b228d9f8e1b4af97f8d63ba0e7ae42f50cf66640f1de13f2ab697366c04359e42d17d4b3

Download Submit
\Program Files (x86)\Common Files\Godfather\mozcrt19.dll

Filesize
701KB

MD5
0847bc96e23565dbae072ca335a212c9

SHA1
38cd786c05694c7d0433ff87d7fe14d7ae103af9

SHA256
9249895d827d088f1945cd0a227f102e7e0a65eba2244b7d8a67cb007438eb54

SHA512
c960c253bc7cd66e6a37c42cbd3cb43e38da06c823e3076eef823e1460d122da34213c8aa1e4660e56dfba62c062918481eaa22cc04c57b4008ecadf87f5a0a4

Download Submit
\Program Files (x86)\Common Files\Godfather\nspr4.dll

Filesize
165KB

MD5
32b2685234074047263d4a0cc8bf5d56

SHA1
e3b300a5a41e4e8bd5e3f135d3536d346dd6885a

SHA256
f0daff0ebf53489e1f1c4170c26a1f1a97c15ef95bc28b2aee9124a3faca78a3

SHA512
0014399281398ba0888f2e52612640aeec65b1005d96689a7b81d3d9daa65ae7ed6a7466df370041850217a8e162bf1b166f1808c932498d03d74a8f8b96aa63

Download Submit
\Program Files (x86)\Common Files\Godfather\nss3.dll

Filesize
629KB

MD5
27474b279fd459af18c7a794ec816bc7

SHA1
9f13bd5424cd6bea9d4c2cee4e10606246d99a32

SHA256
11f273f56bafac302dc1a42cd9b40eb1e160e3dbeb85520ff93c4c30a4f20491

SHA512
f7a6b6fab7e11862ad048c04fb7f68023c46ab1fefe29e3aa0f8e76303772b71872a2d4be236707b0eabfe288401d42e174c9161ef5a12937aa17903ece45eb3

Download Submit
\Program Files (x86)\Common Files\Godfather\nssutil3.dll

Filesize
85KB

MD5
2c4e41abe9f418a865daa520f4cac072

SHA1
608eab2c2bae325d821ad1d9a2fc2c78a2b599f0

SHA256
8349471494e92cf5ba77e81ccc0a73461b489dffb8e667a0e154886ab65591d4

SHA512
83c293f7c9320feda7913249a6ecc0ce52c6096b489a08bcc07aff4d5d288a485fd72e0fde58aadc68c76188eaabb7653ddc4b222f17fa1993260241b524807a

Download Submit
\Program Files (x86)\Common Files\Godfather\plc4.dll

Filesize
19KB

MD5
1cce55587f95d57759e36f387c4f9dee

SHA1
8933c26e20b2b21cbf459e7b51b1011eb682d070

SHA256
4860d9f733cde8de491f7e1249dd8e124f2cc18b9dab15e69a41740ca8a288f0

SHA512
37796517f123d68875e9a277c17b6058959d482cc06210bc4281883d7d25a3c3ad3fbd38d2cd0ea8369253f8b23352e0c232d57d1143d5042f88a62335d5d037

Download Submit
\Program Files (x86)\Common Files\Godfather\plds4.dll

Filesize
16KB

MD5
9b31fe86fac03999982dccbe2a0103ac

SHA1
41cef5a27658c59ab1b8dc1deedfa7e0bcc5c4de

SHA256
503fcc35a3c471c3990ebe3f9f41e6f5b33b7982cb34b60149755963866fd120

SHA512
3fe0b6adf56efb00164f54c4b7bf76081890d0f979791a8b95058e0a3bd94d5b78c9f332b9dc0620d51c9eb9cbb800e16b57f9f3b73091a215cd2fe0b663aa4a

Download Submit
\Program Files (x86)\Common Files\Godfather\smime3.dll

Filesize
101KB

MD5
07982b93f6f55252d15c5d5ed8e32d3b

SHA1
556f4e5838c28db65c558a8dc587c70760061f4d

SHA256
a1e351bbe5c7345ed2854ae83672d5ecd722cc45da5598142b9ed4904b6bb21b

SHA512
e1f0216baf48ef10c115db864e2140b139e298fefaae6e7c9c2da12a6ddbe6f16bca50a06a0d03b6122742feb2909217a38d7fd14e2f7c454656b0ecb8d99792

Download Submit
\Program Files (x86)\Common Files\Godfather\sqlite3.dll

Filesize
447KB

MD5
4492958d3f7b80e39d2113d9caf7e28b

SHA1
b948f3f7487c397e489e98cba5956681203e93cb

SHA256
4a6c2f53c214932d10073fc3aac34316c9d1c6cf1603844c93d6edbaef8fcb67

SHA512
1244ad3376cc47b1d249ec8e94e103e7214e5eed4326448b75dea37988d83d2ae7a437837e0bc9bfd5340870adfdb7079793be71669a95084d7b26bf1c90b631

Download Submit
\Program Files (x86)\Common Files\Godfather\ssl3.dll

Filesize
137KB

MD5
4a537276acf912077a9f1ac2d623b514

SHA1
71c354f4c64d6f3deb07b397b864edac57228389

SHA256
6d713e10342b38f3c5030926743323cce68900b1ff73449542444cfc54325748

SHA512
e8fe5344e759b4f487cb6e2f318b7b7ad4f0f2b501b49f55d427bd60b39f0473fae00dd4c1408865d98493bdac991d123527b043acd404c136480a7c67be6328

Download Submit
\Program Files (x86)\Common Files\Godfather\update.exe

Filesize
888KB

MD5
49958506b773e40d31832e3eeda522e7

SHA1
0e68b0bba6dfb367096c3227e1680b317693764a

SHA256
fb9045b74615a339fcdc3016f899aec5b8afbdacde5421d94d777c709295c2fd

SHA512
1faaad0665ea7bae2485254c1370fde17f3ba9c86c2933edd8d008d4206e8320bdc8c7dd40b749a994d88d4bf8e601588ec84116c0fe4dd3da5d5c8522309430

Download Submit
\Program Files (x86)\Common Files\Godfather\xpcom.dll

Filesize
17KB

MD5
e3b83b454a4da22285a4e17fdd139330

SHA1
6568300004c3007e539926074882c9775cc3e9c1

SHA256
9edbbf22055ad1d06e1e8a4505228ed50014142768f28957128b3b532c46aaab

SHA512
44e3d627a0b9fc49fde3d1c512b9e70993333aeb77cba5e8fd8ea814530cf22a3ad8bbc0fe830babb98eaf6212553a60705d84f8f85a2cdb63ba88cdfb749a6d

Download Submit
\Users\Admin\AppData\Local\Temp\is-5IRDH.tmp\1.0.154_chromesetup_154_59.tmp

Filesize
697KB

MD5
832dab307e54aa08f4b6cdd9b9720361

SHA1
ebd007fb7482040ecf34339e4bf917209c1018df

SHA256
cc783a04ccbca4edd06564f8ec88fe5a15f1e3bb26cec7de5e090313520d98f3

SHA512
358d43522fd460eb1511708e4df22ea454a95e5bc3c4841931027b5fa3fb1dda05d496d8ad0a8b9279b99e6be74220fe243db8f08ef49845e9fb35c350ef4b49

Download Submit
\Users\Admin\AppData\Local\Temp\is-A4DEN.tmp\_isetup\_isdecmp.dll

Filesize
23KB

MD5
77d6d961f71a8c558513bed6fd0ad6f1

SHA1
122bb9ed6704b72250e4e31b5d5fc2f0476c4b6a

SHA256
5da7c8d33d3b7db46277012d92875c0b850c8abf1eb3c8c9c5b9532089a0bcf0

SHA512
b0921e2442b4cdec8cc479ba3751a01c0646a4804e2f4a5d5632fa2dbf54cc45d4cccffa4d5b522d42afc2f6a622e07882ed7e663c8462333b082e82503f335a

Download Submit
memory/548-499-0x0000000000090000-0x00000000000A4000-memory.dmp

Filesize
80KB

Download
memory/548-558-0x00000000007D0000-0x00000000007E0000-memory.dmp

Filesize
64KB

Download
memory/548-496-0x0000000000570000-0x000000000060D000-memory.dmp

Filesize
628KB

Download
memory/1760-587-0x00000000005B0000-0x000000000064D000-memory.dmp

Filesize
628KB

Download
memory/1760-591-0x0000000000210000-0x0000000000231000-memory.dmp

Filesize
132KB

Download
memory/1760-707-0x00000000065A0000-0x00000000065F5000-memory.dmp

Filesize
340KB

Download
memory/1760-705-0x00000000045B0000-0x00000000045F1000-memory.dmp

Filesize
260KB

Download
memory/1760-701-0x0000000004560000-0x0000000004586000-memory.dmp

Filesize
152KB

Download
memory/1760-703-0x0000000004590000-0x00000000045A8000-memory.dmp

Filesize
96KB

Download
memory/2096-2-0x0000000000401000-0x000000000040C000-memory.dmp

Filesize
44KB

Download
memory/2096-548-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2096-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2428-541-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2428-8-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/2628-451-0x0000000000020000-0x0000000000038000-memory.dmp

Filesize
96KB

Download
memory/2628-455-0x00000000004D0000-0x000000000056D000-memory.dmp

Filesize
628KB

Download
memory/2628-459-0x00000000000D0000-0x00000000000E4000-memory.dmp

Filesize
80KB

Download
memory/2628-467-0x0000000000280000-0x00000000002A1000-memory.dmp

Filesize
132KB

Download