9a5c41bbbd43bca03c028622e12c5070ba9d1ac0756ae2cf93d2974a483bb0cb

Resubmissions

30-10-2024 05:34

241030-f9ksysxepe 3

30-10-2024 05:32

241030-f8d9saxenb 3

30-10-2024 05:21

241030-f12ecaymam 7

Analysis

max time kernel
318s
max time network
333s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
30-10-2024 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

-↑-LaTesT🟈SeTuP🟈pAsS🟈oPeN🟈9192-↑-.zip
Size

21.5MB
MD5

a2ac80da3aa940b04876356020ccaa99
SHA1

4d1f5b6885570faeee71ae1865748b84deee26d7
SHA256

9a5c41bbbd43bca03c028622e12c5070ba9d1ac0756ae2cf93d2974a483bb0cb
SHA512

eecac18345927eb3c917ecfeeb0ce85623157f3103a7cd39687a02d5ba0088cd32a746846e0dcf9ab5609503e8db6448fdb369ce3fc75f10ae87bbd7c26be5e3
SSDEEP

393216:hpLAOwIyM4Wfkqem5bbAbZByI60ED6Ad0+U8dxk10OnrDVarQ9FB:bAOhyMTfzPbkiIDu6wpU8dxktrRnN

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

Set-up.exeSet-up.exeSet-up.exeSet-up.exe

pid	Process
236	Set-up.exe
860	Set-up.exe
3928	Set-up.exe
4008	Set-up.exe

Loads dropped DLL 30 IoCs

Processes:

Set-up.exeSet-up.exeSet-up.exeSet-up.exe

pid	Process
236	Set-up.exe
236	Set-up.exe
236	Set-up.exe
236	Set-up.exe
236	Set-up.exe
236	Set-up.exe
236	Set-up.exe
236	Set-up.exe
236	Set-up.exe
860	Set-up.exe
860	Set-up.exe
860	Set-up.exe
860	Set-up.exe
860	Set-up.exe
860	Set-up.exe
860	Set-up.exe
3928	Set-up.exe
3928	Set-up.exe
3928	Set-up.exe
3928	Set-up.exe
3928	Set-up.exe
3928	Set-up.exe
3928	Set-up.exe
4008	Set-up.exe
4008	Set-up.exe
4008	Set-up.exe
4008	Set-up.exe
4008	Set-up.exe
4008	Set-up.exe
4008	Set-up.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Set-up.exeSet-up.exeSet-up.exeSet-up.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 2 IoCs

Processes:

OpenWith.exeOpenWith.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

Set-up.exeSet-up.exeSet-up.exeSet-up.exe

pid	Process
236	Set-up.exe
860	Set-up.exe
3928	Set-up.exe
4008	Set-up.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

7zFM.exeOpenWith.exe

pid	Process
4492	7zFM.exe
568	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

7zFM.exefirefox.exe

description	pid	Process
Token: SeRestorePrivilege	4492	7zFM.exe
Token: 35	4492	7zFM.exe
Token: SeSecurityPrivilege	4492	7zFM.exe
Token: SeDebugPrivilege	420	firefox.exe
Token: SeDebugPrivilege	420	firefox.exe
Token: SeSecurityPrivilege	4492	7zFM.exe
Token: SeDebugPrivilege	420	firefox.exe
Token: SeDebugPrivilege	420	firefox.exe
Token: SeDebugPrivilege	420	firefox.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

7zFM.exefirefox.exe

pid	Process
4492	7zFM.exe
4492	7zFM.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
4492	7zFM.exe
4492	7zFM.exe

Suspicious use of SendNotifyMessage 30 IoCs

Processes:

firefox.exe

pid	Process
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe
420	firefox.exe

Suspicious use of SetWindowsHookEx 51 IoCs

Processes:

firefox.exeOpenWith.exeOpenWith.exe

pid	Process
420	firefox.exe
4236	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe
568	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	Process	procid_target
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 1824 wrote to memory of 420	1824	firefox.exe	90
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 3516	420	firefox.exe	91
PID 420 wrote to memory of 1084	420	firefox.exe	92
PID 420 wrote to memory of 1084	420	firefox.exe	92
PID 420 wrote to memory of 1084	420	firefox.exe	92
PID 420 wrote to memory of 1084	420	firefox.exe	92
PID 420 wrote to memory of 1084	420	firefox.exe	92
PID 420 wrote to memory of 1084	420	firefox.exe	92
PID 420 wrote to memory of 1084	420	firefox.exe	92
PID 420 wrote to memory of 1084	420	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\-↑-LaTesT🟈SeTuP🟈pAsS🟈oPeN🟈9192-↑-.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da236c94-aed9-4de1-94a7-db9396cbcc31} 420 "\\.\pipe\gecko-crash-server-pipe.420" gpu
    3⤵
    PID:3516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea10b360-c186-46fa-8f02-ae327dc1a985} 420 "\\.\pipe\gecko-crash-server-pipe.420" socket
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3256 -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 3320 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4afc69ef-f668-4632-b63c-c0982867f4a5} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab
    3⤵
    PID:808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4252 -childID 2 -isForBrowser -prefsHandle 4244 -prefMapHandle 4132 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54405322-08ce-44eb-bcf6-002965121785} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4784 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4800 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d3ba8e9-ff4d-417a-9d9a-9738d2ebc3e4} 420 "\\.\pipe\gecko-crash-server-pipe.420" utility
    3⤵
    - Checks processor information in registry
    PID:2256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5156 -childID 3 -isForBrowser -prefsHandle 5128 -prefMapHandle 5008 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bbd69fa-bc46-4ef0-af5c-be1057205b0b} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab
    3⤵
    PID:2364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 4 -isForBrowser -prefsHandle 5312 -prefMapHandle 5160 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01dfdd95-65f0-46e7-b3a3-2ea40e7f0e82} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab
    3⤵
    PID:2248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 5 -isForBrowser -prefsHandle 5488 -prefMapHandle 5492 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3269fb83-79bb-4537-924d-1491edd6ab1e} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab
    3⤵
    PID:3864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6016 -childID 6 -isForBrowser -prefsHandle 6008 -prefMapHandle 6004 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0b4fed0-f41f-40ac-9949-2f5a65762724} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab
    3⤵
    PID:4044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6332 -childID 7 -isForBrowser -prefsHandle 4720 -prefMapHandle 3176 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1232 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85398df9-9d0a-4f3b-96e1-8aec75fc602d} 420 "\\.\pipe\gecko-crash-server-pipe.420" tab
    3⤵
    PID:1108

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4236

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:236

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:860

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:3928

C:\Users\Admin\Desktop\Set-up.exe
"C:\Users\Admin\Desktop\Set-up.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\activity-stream.discovery_stream.json.tmp

Filesize
19KB

MD5
4076a4f689682afb7ba514a04bcf7e09

SHA1
76ba3413b1283046d4ed8376796f6c30be87cc32

SHA256
b0718f3fb88ad24c1f98da300cc27f02569c1034134cffddb88c02a775ceb76b

SHA512
f4b9fa5cb7d8220c4f8203399a99d621cd7dc138e4c5581b7c5164eed16446c3efe84db569c4dc036ebca9059e08eb03d60814c5c1b531250ac3e2c0cbed65fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\4A2A038469704D95FA78F250EDC1C9497E8B7ADC

Filesize
61KB

MD5
2cb8f8ac10b25c1740ffa10948f525d4

SHA1
b6c717aafcff58136b67b128aca5175097ef6a33

SHA256
3a8e41471015da08874b1dbe59b6f2899ddc1011924d3ad9022182a6eef9a6a3

SHA512
2d0b38599f0681f01b2aa09bb8e0af3fde2878f8a38ef812b3f1c6633d95d801c7c44474994441bced0f455958eb9c78aa2e3619572a0acb4e4f3e82dde30787

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

Filesize
8KB

MD5
3bc3fd21b15cbcb163ca02e764f8af21

SHA1
209f8f8fb9f556a34fc5e68c812feca7b36da3b6

SHA256
1889fbdc1470ad14b1ddb501dea5faf5b4a283d45befa3591e59d6f017a4465b

SHA512
e5149b6a9159aa12ec4bb9e083c142a4af91d9734c3d4800ac1313f844cc590594c02586ee96cfea21bd73cfc389c2a3077ce7f10f72d46581f7aa4fc41f428c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

Filesize
12KB

MD5
a281f9201c7f1b6717e8a7a76b1a43c8

SHA1
a93b2fdad9d25c3b6d2408703029d9fec1dbf091

SHA256
6619997a8021177eab405d6fc9cc40f899fd9ebaae795de73310398eb5d8ac90

SHA512
5d54b0eb34d58146c3442b9feec927eb2ce7c0bc6e33552806641ba569afd3e1f73c29cd40d58784d9e9f7a0deb1684908495e4bf1ba99c7e4a75f2994405d07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5e5f7c30110dd2a9545702547392f258

SHA1
c82d3676999b80f2ffe63e685a486d6f2a817823

SHA256
37cb8eec2964c3a6e95f4eaa2c5bcb1898f7fa7c8a6f3874b256338dcda743a2

SHA512
3800a19ceefed402fcdf8c92a080f2fb32ff8049785d222d8cb95d0a6ac73639df6166b2fecadff11a9b46d205400804e04b80e060edaa0e66a418f933af876b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5d42ee19e04e621ccdd604e65f6b3005

SHA1
dbe9e69e97d39217e2679b9883683b258d82bfc4

SHA256
0dbed747830b4adef5663f083331c31c14c259e693a57cdc05f468521e60ad5f

SHA512
c94d72ff9b50cb65cd5003e7178f103d454f76b0830118bef4573f855870c372415851bad29004ed1d42ae6f39b1fc0b0b82ae81223900191202a9a82b220b8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ba7d63558a8a9f1ffe1243eecb61f289

SHA1
d55c4f8799c3ec63b286b814cd70b8ca817f0edc

SHA256
efacf22de7402d8eef4cd39874da5d71fc3035ac707d1f90842d6ef45d0d52f7

SHA512
570da689f168c8e30aa6cb9f2502f644713b4c84664b81a9722ec58bc0d09ac3a2e67d5551f4e8585fbacd617bc15a666b87600a2d7a773b14f0061bc2434803

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\22a88496-fcc0-4141-8c23-2263ba4b14fc

Filesize
671B

MD5
c51727a8c58f1a16a00831102ea5b593

SHA1
5100e5a53e6db0b95b7a1c5a761fd32ed4a835b7

SHA256
1c093f9b97f7409f5d80d52c3702025482ebf042ca5155e747f020d40032d82e

SHA512
2bae1ed9d6dd0209e12aa023c15141e02d7cd758813a01619cbf6f0bdcf45179a9bdbb8f76f2d65acd4f9b4ef5846849130abbfd61c821badf4aef13926747fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\5a425789-13c7-4f3f-8e46-b0050161d55c

Filesize
982B

MD5
a01cd26d2d8a85ddb31686c893e62f54

SHA1
8914d13fbaeb787fed7310c26b635c047fc5291f

SHA256
0e9cc3b6377cd82fca72c7bc9ee040db1dd5018f0fce7026b06e3d3fb95cfa4f

SHA512
16e124e4e322ad09b90471b743fb60143e78a3862522e6ece45e6d63db8f73b53f2827323dbb38413da5999226711af844e1336577d3a464ea98258a05aefc5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\f07fab3d-a67a-43ac-bc74-958eec0e4f28

Filesize
25KB

MD5
cd3ab9fc3adb2582124a7d7c926237f0

SHA1
a5653b41e1e63dbc09e667df9c4da3f060fd30d8

SHA256
fee2fb65bb74d3698e5d632921434b48b6446119e837288022a0471dc39bc300

SHA512
5cf6ac0c36c903dd6d44abbff2b6bba2c54abc2669d921d05d11435b3059d0ae936aaa80523315531406a0a2488cf570b6a5aeee73bf545a431875d8af14dde4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

Filesize
12KB

MD5
dbad6f821466b35164a1b64535b4b7ea

SHA1
c2ca8150e59d875bc36cdcc5fe750f755e80d335

SHA256
e805aa762ae5250277c8acdff80a97bec2a3cf6cbe6f7694d46de360bbe145e8

SHA512
9604701e0770d606411876b33d8f09cd44dae5ac992b495c41499f62c10ed94275a0596037674addd25952181e531e5c063ca8fec2ace476541737cfe319cf2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js

Filesize
10KB

MD5
865cf3b23f45844384edb71eed0af935

SHA1
9b9ae2824619b65ecf9cc09aaf202ebbbfa9b9a9

SHA256
7d5cb56d762c3afbd3838eb5e06048d1f9fcad3891bbb7c350ad74db727e3ca6

SHA512
5563fb3d75703386031ecc3ea23750d7678bc263ced504d437edeb02958ec01c41a9155ff758ed99a11bb63285d90f3b0d06394a4d70470cb4415eb4f4d3909e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
6660813fd18a4cde835863b0d79ad1c6

SHA1
28b54379aabaa7b7bd7494af8e4a9b9b54e45137

SHA256
2f5afe81d2b493a1a71d96fd1125408b669309460e75c89f5093c2936ab13125

SHA512
be42f60ca1c7bf9a7b74f3083126d90124cbfa4f1ab6591a92c6b720d375a7ab1a51273dd39fb86cd7a521f251fd47ff6cd135d1b7d896ec14ddacdab74eba01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
972fa5f3116cadf2671cd1eeaf525302

SHA1
7a3e3b9c322d23aa0f047eb093a98ac8bdf21732

SHA256
9d6c16172fd6c5cf5f6cd7c2213c632508b5984635d87eb281c5b4ef38e9685f

SHA512
9455add3e62a554829ffb33f112ddac8a496536b8f4d7ec1d267ae78c3fe3647bf4ea5477f53a66ba599d224df3c2d87a22c5c475f7b556c1ed9cf211bac901c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
7df77416b2df5fe5631a9c8a17a693dc

SHA1
41be7b937136b8c69d77a8e07f11d0b7a8188c69

SHA256
c7230750584ab94c712d4a8b5925f73cd17255f4b993572b848f197b4fb93e07

SHA512
60d240b58143d1d1dd4ee8877ef30d1fc94266a7ab54e556764972fab6688eac07be4a5b15a43c701ec5f0b7c9477e4f958184165983369dd755932ba034a13c

Download Submit
C:\Users\Admin\Desktop\MSVCP100.dll

Filesize
411KB

MD5
03e9314004f504a14a61c3d364b62f66

SHA1
0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d

SHA256
a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f

SHA512
2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d

Download Submit
C:\Users\Admin\Desktop\QtCore4.dll

Filesize
2.5MB

MD5
8b7739ef8285cf5d7dd5afd6c7aabde0

SHA1
2d93b416493f2ed3b81a57649151596903e6fe7f

SHA256
bdb6698c579e8276ec19b2b2dcdd9ccafd4a293bbdf01a021f4d4cccd3459dbc

SHA512
af28e032d40c59b61de903e6744b660d5555d9fbcef42e6679f8bd6e34854c5851c93c1300537199f6470549aa0ec7e664b43fe2f31b4a2652b98047f7ccfab8

Download Submit
C:\Users\Admin\Desktop\QtGui4.dll

Filesize
8.2MB

MD5
831ba3a8c9d9916bdf82e07a3e8338cc

SHA1
6c89fd258937427d14d5042736fdfccd0049f042

SHA256
d2c8c8b6cc783e4c00a5ef3365457d776dfc1205a346b676915e39d434f5a52d

SHA512
beda57851e0e3781ece1d0ee53a3f86c52ba99cb045943227b6c8fc1848a452269f2768bf4c661e27ddfbe436df82cfd1de54706d814f81797a13fefec4602c5

Download Submit
C:\Users\Admin\Desktop\QtNetwork4.dll

Filesize
1.0MB

MD5
8a2e025fd3ddd56c8e4f63416e46e2ec

SHA1
5f58feb11e84aa41d5548f5a30fc758221e9dd64

SHA256
52ae07d1d6a467283055a3512d655b6a43a42767024e57279784701206d97003

SHA512
8e3a449163e775dc000e9674bca81ffabc7fecd9278da5a40659620cfc9cc07f50cc29341e74176fe10717b2a12ea3d5148d1ffc906bc809b1cd5c8c59de7ba1

Download Submit
C:\Users\Admin\Desktop\QtXml4.dll

Filesize
348KB

MD5
e9a9411d6f4c71095c996a406c56129d

SHA1
80b6eefc488a1bf983919b440a83d3c02f0319dd

SHA256
c9b2a31bfe75d1b25efcc44e1df773ab62d6d5c85ec5d0bc2dfe64129f8eab5e

SHA512
93bb3dd16de56e8bed5ac8da125681391c4e22f4941c538819ad4849913041f2e9bb807eb5570ee13da167cfecd7a08d16ad133c244eb6d25f596073626ce8a2

Download Submit
C:\Users\Admin\Desktop\Set-up.exe

Filesize
6.2MB

MD5
11c8962675b6d535c018a63be0821e4c

SHA1
a150fa871e10919a1d626ffe37b1a400142f452b

SHA256
421e36788bfcb4433178c657d49aa711446b3a783f7697a4d7d402a503c1f273

SHA512
3973c23fc652e82f2415ff81f2756b55e46c6807cc4a8c37e5e31009cec45ab47c5d4228c03b5e3a972cacd6547cf0d3273965f263b1b2d608af89f5be6e459a

Download Submit
C:\Users\Admin\Desktop\StarBurn.dll

Filesize
654KB

MD5
f75225db13e3b86477dc8658c63f9b99

SHA1
6ffd5596fd69e161b788001abab195cc609476cf

SHA256
4286cf3c1ed10b8d6e2794ab4ed1cfcded0ea40d6794016ce926cd9b547c6a00

SHA512
07dee210de39e9f303bb72558c4b2aeb5de597638f0a5bfdcbe8f8badfb46a45f7a1518726d543f18682214668d22586299159e2c3947a9285990867bc457327

Download Submit
C:\Users\Admin\Desktop\msvcr100.dll

Filesize
752KB

MD5
67ec459e42d3081dd8fd34356f7cafc1

SHA1
1738050616169d5b17b5adac3ff0370b8c642734

SHA256
1221a09484964a6f38af5e34ee292b9afefccb3dc6e55435fd3aaf7c235d9067

SHA512
9ed1c106df217e0b4e4fbd1f4275486ceba1d8a225d6c7e47b854b0b5e6158135b81be926f51db0ad5c624f9bd1d09282332cf064680dc9f7d287073b9686d33

Download Submit
C:\Users\Admin\Desktop\ufq

Filesize
1.1MB

MD5
c7d258fd958aa1053923c8dfbf2c549f

SHA1
541c6bacee3f3d244ecac372184ea54a16a398fd

SHA256
a872935bffa1f91f3247eb4a3d0f1b366f5ecbfc7297e9789132b359bb575692

SHA512
c0d260ede86f5734f0f3fead5d962175d42b334a8cbd20273623a37f711c21fc6748765ae04a3d5d733fbcc11f834a602059aa6d730264073917cc06731a56b5

Download Submit
C:\Users\Admin\Desktop\yea

Filesize
8KB

MD5
927e3fd33dc66699b14716f6d0fe3991

SHA1
1929aa573e89326b5779b880502f98d2c3763b37

SHA256
6d6c745c84cbfb997a833df483364e216214bac587b4deaaa905bcb9c93c8bdd

SHA512
0c5594e7c65cb8743599ece779e107c5acb4a533cd865ebf29f89e9a73afff64e0501cc3ab6407a2cc315f2de84d09a9b811db162dce4662041ac1f1557cbb15

Download Submit
memory/236-721-0x0000000075810000-0x0000000075DE7000-memory.dmp

Filesize
5.8MB

Download
memory/236-722-0x00007FFC18770000-0x00007FFC18968000-memory.dmp

Filesize
2.0MB

Download
memory/860-736-0x0000000075810000-0x0000000075DE7000-memory.dmp

Filesize
5.8MB

Download
memory/860-737-0x00007FFC18770000-0x00007FFC18968000-memory.dmp

Filesize
2.0MB

Download
memory/3928-749-0x0000000075810000-0x0000000075DE7000-memory.dmp

Filesize
5.8MB

Download
memory/3928-750-0x00007FFC18770000-0x00007FFC18968000-memory.dmp

Filesize
2.0MB

Download
memory/4008-759-0x0000000075810000-0x0000000075DE7000-memory.dmp

Filesize
5.8MB

Download
memory/4008-760-0x00007FFC18770000-0x00007FFC18968000-memory.dmp

Filesize
2.0MB

Download