Analysis Overview
Threat Level: Likely malicious
The file https://qemu.weilnetz.de/w64/ was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Subvert Trust Controls: Mark-of-the-Web Bypass
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-13 21:01
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-13 21:01
Reported
2024-11-13 21:06
Platform
win11-20241007-en
Max time kernel
244s
Max time network
252s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://qemu.weilnetz.de/w64/"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://qemu.weilnetz.de/w64/
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {acda0339-8f1a-4556-8815-93dae9eda43b} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2344 -parentBuildID 20240401114208 -prefsHandle 2328 -prefMapHandle 2324 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1596dd5-bdbc-4be4-b735-6595a696714d} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3236 -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3196 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fb57259-3aff-42ad-bebf-1668c395f100} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4008 -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1436a59c-7b70-459c-9b80-e9fe782e21bb} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4908 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4720 -prefMapHandle 4896 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab54bedb-8143-4581-8d4c-823c3cd1dce9} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 5464 -prefMapHandle 5460 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b08c9696-4f1e-4b5f-b7b9-91546a6084a1} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5608 -childID 4 -isForBrowser -prefsHandle 5688 -prefMapHandle 5684 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {374ac154-1e41-424e-b100-d2c0d22d71a2} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5808 -childID 5 -isForBrowser -prefsHandle 5896 -prefMapHandle 5776 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d75ad26-9451-48ab-9b5b-9fdf41c960da} 4664 "\\.\pipe\gecko-crash-server-pipe.4664" tab
C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe
"C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | qemu.weilnetz.de | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| N/A | 127.0.0.1:49736 | tcp | |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| US | 8.8.8.8:53 | qemu.weilnetz.de | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| DE | 46.38.224.30:443 | www.netcup.de | tcp |
| AT | 144.208.243.2:443 | www.netcup.com | tcp |
| AT | 144.208.243.2:443 | www.netcup.com | udp |
| N/A | 127.0.0.1:49746 | tcp | |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 46.38.224.30:443 | www.netcup.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| DE | 188.68.58.204:443 | qemu.weilnetz.de | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | tcp |
| GB | 172.217.169.78:443 | redirector.gvt1.com | udp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | tcp |
| GB | 74.125.175.169:443 | r4---sn-aigzrnsz.gvt1.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\AlternateServices.bin
| MD5 | 8d7b4393ceea279b5e78d94684e668ef |
| SHA1 | a4e9a85046aa45e57d7d5d95f0bbe6e45c683d0e |
| SHA256 | 952f989625fc45e2a4306fe4d9565d52e95752308389f5d2deee7e1975c55ed0 |
| SHA512 | e241dca4dd96a884189fdb79510d23fad022a816b1e06da6f9825ef8208a6dd4e19f946ddcaa3a4aa3985c7b92db76732a876d1037ce14487736cd530a8d2805 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\7ba43c93-a279-419f-9e40-14def04aa75a
| MD5 | 94db370eb5a925ecc9fafe8f1e1ad464 |
| SHA1 | 4592dfd07e74868c6cd14451b4d38deb886323d6 |
| SHA256 | 650baebbf4c527af56755d06588d6670c053379d0d218587345bbf480e3cc7d6 |
| SHA512 | 7d9736bf86416181c57bd97906a9b114647dd3c173a3e7a4f2b694f757d6d48b5b2dde020875fd1da29d50b8fc14464a42ae0ad94f8a981453c4046179577cc7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\edaf5843-3f1d-43a2-bb66-77910394bd27
| MD5 | b85d3d512954f9f8145d156546dd98b1 |
| SHA1 | 8d30fb00e0da77c4800c7b38f4abb80fc6494576 |
| SHA256 | 07c4a3ac16d4f3112b5fdd1c2b72051256e85f278f7b3e5b3dc0c42af7126525 |
| SHA512 | 5b2cdb8a530938f9f7576e032b75b0e4e24d8e9bea9181f5ed09702d3cef859bd8958e0ba1da17c34f8f932773fd718f0db98faaee91456034b6f5d0b877f0c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\51a373e6-f586-4e6c-a626-e9ac486c63d8
| MD5 | f33b700bdd61507a456e6088f3571274 |
| SHA1 | 8d052b96078e0ea9ed463fa283580efef35fa808 |
| SHA256 | 2e3b3ce5a42f97ab03082a3e37af190062f91892f809fb5f105331a2c0a6656b |
| SHA512 | f333260066a01ce73bfc69c4e9d4dfd5d18b5e03b5aa43acd95e22537292d165214ec6f97eb4fbd0c18960b060568c4db014de1db8bb76f02a2301b485342fba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 53c4164ad035b4d42a280ed343bbc8c2 |
| SHA1 | 86a10e3efe3241be2f657732c8d1739f53662a1b |
| SHA256 | 52bdd961fcbb29c0691585cd462bdf3e42214e9e166c71f51b38e0a2c7cf9317 |
| SHA512 | 916bdc15d62090eadd1928cd6684b460be398551f9a4be041faa60460ec38303b43e1c7971d98e8d0279f44737dd6aabb9202bf6ea89fd0bec80866b987866f5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 6f9ddae9372cf7b37fd2ab4bfe7a5fb1 |
| SHA1 | 6c251360a6105cdb59b03b5ee90165f38344f899 |
| SHA256 | 4420c426e4a3800768e342c39b3a3cb5a86f4174657ac5cff98c45ceea9bfd0d |
| SHA512 | 487a063671af02a49ce2759031a644dc4aa5d369761c8962ab5329876a36e049e17fe94520908a96995ac5b0a236d7f87531d2695f22f33a3cad67512f146354 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\AlternateServices.bin
| MD5 | 59a2a067737925181a289390cd26d2f6 |
| SHA1 | 90d07f5100a08d35abca20a004cb0f396e761ac7 |
| SHA256 | 677e97756761998612f41f2f8349c6c2579c9289640ae1141768daa429ef1cb6 |
| SHA512 | d46d698ab430c766f12f385b814339284d6ad475c8e6ccae68672ebc0b1cc2a0551a5d533f4a7c715d5a75607809ec20c95f61f50720e218a7f209c94dd7752a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | bbff00463da56a92f0a2f46456a9b251 |
| SHA1 | 4cada4320383a170c22ac5db24e1d6c135689d13 |
| SHA256 | 1d7f378d5cfc2f7823c03d59e514792a9de0ee13e6275bbc90eabf49abccdfe6 |
| SHA512 | c3301cff3928dfcf8ded727b8685a429e5b85b4a291c06ef8d465805b8a11ace65eaac5889487b823987c1b654b01862c160888043614456e1813813c8110c70 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs.js
| MD5 | 237c4db0fd4d5bbfeefecc90f6408ded |
| SHA1 | dff7e51732bed960a11f9dad4cc5b87d60a8bb36 |
| SHA256 | 24c8e219bbdf524c10d7193cc103d3b92d2c1c89d855ed2d757376c9a506cd90 |
| SHA512 | ec50a55670424eff26fc8a91e7d0862944eb9687c4c78f55df4250437f8a0c21d981a89af1f62fd7ed620db3fc03fb715d2131883321d7ef2d80fed93617a764 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs-1.js
| MD5 | 061e46e1801b4b748655e49b40659e24 |
| SHA1 | 62c0c0373a3e6ace3398bff11ab9880d799f5b5e |
| SHA256 | aad5213cb9eb14362b9a9b254af091d10935f8e2be6910d6c1523f373974cf6c |
| SHA512 | d59de8d3279796efcc5dba4648fd1deee976e4ed04266eb7777eb78d5ec9e7287cde11295fcb2a56f96ed3e8a654bb9451d1d7bece259b5c9a5834555538fef9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\AlternateServices.bin
| MD5 | dd2e601112337d8aaefd3d19ac6c2148 |
| SHA1 | 92eff0d3cfdf9dbb79e157037f4064c261917f15 |
| SHA256 | e8beec2e8b10d00df62d859247e343a75312e5d71887fd2e9671cc382782b3ac |
| SHA512 | aa31cce6e91c113be21de9713ac3a08b86c0a90e8ffea664f4e50ddda113bfddcc5f1cfa5ff85ea485ca91cacb14a9522a938ac0e45a75826a2e9405e00c4c3a |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4
| MD5 | ce9e8d3144593f4b78bc6329338fabbe |
| SHA1 | 8493aed22eacc1144d9a45c2991c995a5fe7a258 |
| SHA256 | e7371f3c5f45f8e4e2d8923a7d98a1fb181180c96e50dbb55dadeeb3654156ed |
| SHA512 | 9ce6b6f35b4c9088bc4ae70c5b7a6a38c9c05e2399f579ce12a94bb8edef3f8139f2c0ace7801a930c77b825e83ce72e5abf9d1a92cc480d4a1d67ca72ae655e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 56fee1aefd951a7fe74cb2cd37261335 |
| SHA1 | 747850727ba21451032e63e42c98825a5300535c |
| SHA256 | 6775525183ba8c17e6d18fceb3eee8e798eaed43db341b34b90aea357f3eaf4f |
| SHA512 | 1b950bbecd698983519410a36bbc9107071603b47d2fbdb4c6a935665675f6ab4f285bfc04ba35624062219d46081d006c7ac7501260d403c15c34fb6924790f |
C:\Users\Admin\Downloads\qemu-w64-setup-20240903.exe:Zone.Identifier
| MD5 | 87dc0947873d54134f7f1dfa511722f1 |
| SHA1 | 01aa7e4820702ea1573311dc2d5770f8d4ec51ef |
| SHA256 | 37499d54eccf779ed145b189232ec5875ae2f0f126152b41c033829e5eb09a7c |
| SHA512 | a6571ddaa7b49b00f179f4fa56e2a6d0f7ede418eebb0bbadb298deec26190c6326802d34bc355d8de18782caa88d5c61ce600b800dc52599ea698ffdb2f9855 |
C:\Users\Admin\AppData\Local\Temp\nsr9EC9.tmp\LangDLL.dll
| MD5 | 879fff417564b7e40ac155694554eeb0 |
| SHA1 | 14742d1436e485623c624ce143e23cecdd17cb89 |
| SHA256 | a77076ac3494e732a0e3171adeb21514c0cc7a7c9f447589c5048a6d4d08e035 |
| SHA512 | 7476086a4de0f6ee919e72d9e76729b63536fa98453ecdb8f282876b42f65a1470be1dd28da60764495cb824422c1cb83e2a06678c8bedadc38ff4c728c8efff |
C:\Users\Admin\AppData\Local\Temp\nsr9EC9.tmp\nsDialogs.dll
| MD5 | e23b7a59bf4fc0953cd713b8c710ef4f |
| SHA1 | 22d168ac1e8c073b68fa86af28082ae45fdd122f |
| SHA256 | 2b32395df2fea42a3a79db54b29f01d82db71bc090255201e03a6db872942ee8 |
| SHA512 | 1b775c58cf50cc7b5fededd742d6f297be247f74907c16e21e5939ce7339f6dfdd88755e52690242f77413d33c252a2cf471871e0d39bebf4c7b4f007478539c |
memory/3856-531-0x0000000000400000-0x000000000046B000-memory.dmp
memory/3856-532-0x0000000074550000-0x000000007455C000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\7ZXJQC28T7J8GXOBUZJ7.temp
| MD5 | 68aaed62177a8001755537ca2bcddbde |
| SHA1 | 777269291f73b5c0a49b323a4147ad2223703cb5 |
| SHA256 | 0d1854c832ee646269c27ee9cd344923ce096929341b985d104eb90886590553 |
| SHA512 | a4ee098771ca17571bd186669ecbb34e7ce4c775f234ab3e26ffbc81926f1faabbc7890ac0a074dac5b417bbc7333408b8771e3b75672d7efe170615205ed11f |