Resubmissions

23-12-2024 20:58

241223-zskw6s1lfs 8

23-12-2024 20:49

241223-zl9lys1kbz 8

Analysis

  • max time kernel
    300s
  • max time network
    309s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-12-2024 20:58

General

  • Target

    qbittorrent_5.0.3_x64_setup.exe

  • Size

    37.5MB

  • MD5

    83505c82e83bd2e61bd67dfcf30724cf

  • SHA1

    5fbde5f904a7c0e1346b9bcef4a66a7a7dd7e5b9

  • SHA256

    878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f

  • SHA512

    87ead0cac1dd041f7929e68bfdf8b61ac50c9d05a74344ab951f9c624874452e22a30f678a6a059cc3e8906f92189c39cfe7bba6552681140d610edb1b529833

  • SSDEEP

    786432:7nvRa6b9c7DLVZhxGjtYO9NByxgyXXbFTUgCe4Oa0eMe6NwRI/gWfe+C:7paO9c7VZejf3OBbFTU3U+6NxIV+C

Score
8/10

Malware Config

Signatures

  • Contacts a large (1122) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • A potential corporate email address has been identified in the URL: [email protected]
  • A potential corporate email address has been identified in the URL: [email protected]
  • A potential corporate email address has been identified in the URL: [email protected]
  • A potential corporate email address has been identified in the URL: [email protected]
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Drops file in Program Files directory 39 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 27 IoCs
  • Suspicious behavior: AddClipboardFormatListener 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\qbittorrent_5.0.3_x64_setup.exe
    "C:\Users\Admin\AppData\Local\Temp\qbittorrent_5.0.3_x64_setup.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    PID:3612
    • C:\Program Files\qBittorrent\qbittorrent.exe
      "C:\Program Files\qBittorrent\qbittorrent.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: AddClipboardFormatListener
      PID:5592
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2556
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1920 -parentBuildID 20240401114208 -prefsHandle 1804 -prefMapHandle 1800 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47817044-2910-40cc-936c-97135fbcfd37} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" gpu
        3⤵
          PID:1112
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a4abaf-6262-4b23-9358-e00366c9cf58} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" socket
          3⤵
          • Checks processor information in registry
          PID:532
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2548 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01f2fc3a-30e3-4552-965c-1ed4c7e24e62} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
          3⤵
            PID:3516
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1048 -childID 2 -isForBrowser -prefsHandle 2384 -prefMapHandle 3980 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99b3cdf9-8554-4dca-a292-d1bc2e6f2a0b} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
            3⤵
              PID:3256
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4484 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4148 -prefMapHandle 2384 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7224ec6-148e-4934-b99b-019d1a5cc761} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" utility
              3⤵
              • Checks processor information in registry
              PID:2320
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5360 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbf8e8ec-a971-44f2-8ff6-fdde3dcf603f} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
              3⤵
                PID:3288
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 4 -isForBrowser -prefsHandle 5556 -prefMapHandle 5624 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4e41c1c-ad45-44c7-8640-7812283a997b} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
                3⤵
                  PID:3232
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 5 -isForBrowser -prefsHandle 5820 -prefMapHandle 5816 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {030aa335-52ce-4d93-a684-cee21d776f72} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
                  3⤵
                    PID:4568
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6340 -childID 6 -isForBrowser -prefsHandle 6332 -prefMapHandle 6328 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c3e396a-86ca-47b9-b349-bde50e2d09bf} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
                    3⤵
                      PID:8
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4824 -childID 7 -isForBrowser -prefsHandle 4868 -prefMapHandle 3116 -prefsLen 27253 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2787092c-3608-4702-b80d-62709d51ae5f} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
                      3⤵
                        PID:6096
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6484 -childID 8 -isForBrowser -prefsHandle 6740 -prefMapHandle 6632 -prefsLen 27253 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb4b3e3a-dc61-4215-8702-583c73cccc8d} 2556 "\\.\pipe\gecko-crash-server-pipe.2556" tab
                        3⤵
                          PID:6120
                    • C:\Program Files\qBittorrent\qbittorrent.exe
                      "C:\Program Files\qBittorrent\qbittorrent.exe" "magnet:?xt=urn:btih:D4FEB0B237B8A3F109C3191E06E53B22C1E7FAD7&tr=http%3A%2F%2Fbt3.t-ru.org%2Fann%3Fmagnet&dn=Adobe%20Photoshop%202023%2024.7.0.643%20%2B%20Firefly%20AI%2025.0.0.2254%20%2B%2025.0.0.2265%20by%20m0nkrus%20%5B2023%2C%20Multi%20%2B%20RUS%5D"
                      1⤵
                      • Executes dropped EXE
                      • Suspicious behavior: AddClipboardFormatListener
                      • Suspicious behavior: GetForegroundWindowSpam
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:5948
                    • C:\Windows\system32\werfault.exe
                      werfault.exe /h /shared Global\b8c2cea11b8e4c429e18cf536b14e793 /t 5944 /p 5948
                      1⤵
                        PID:5776
                      • C:\Program Files\qBittorrent\qbittorrent.exe
                        "C:\Program Files\qBittorrent\qbittorrent.exe" "magnet:?xt=urn:btih:D4FEB0B237B8A3F109C3191E06E53B22C1E7FAD7&tr=http%3A%2F%2Fbt3.t-ru.org%2Fann%3Fmagnet&dn=Adobe%20Photoshop%202023%2024.7.0.643%20%2B%20Firefly%20AI%2025.0.0.2254%20%2B%2025.0.0.2265%20by%20m0nkrus%20%5B2023%2C%20Multi%20%2B%20RUS%5D"
                        1⤵
                        • Executes dropped EXE
                        • Suspicious behavior: AddClipboardFormatListener
                        • Suspicious behavior: GetForegroundWindowSpam
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SendNotifyMessage
                        PID:3960

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Program Files\qBittorrent\qbittorrent.exe

                        Filesize

                        35.0MB

                        MD5

                        7a47d50bdb7a84a1fa58653f55eb2697

                        SHA1

                        fd767a6225bfdcca0537043b8f647d6ce33f7d1c

                        SHA256

                        6864e1a85198efb8ecf5f26564f7565d4d4e93f1ba7e4359bc05910ad74e83f0

                        SHA512

                        8c292a2a0bd6be2dac30e0f2cefe9bfd73aaff96e0cbb1301bba283fa8eabf378bbbc2c45667ec0cb0092e92d54bc02f054fb74b51eaa9068839225c3915d753

                      • C:\Program Files\qBittorrent\qt.conf

                        Filesize

                        84B

                        MD5

                        af7f56a63958401da8bea1f5e419b2af

                        SHA1

                        f66ee8779ca6d570dea22fe34ef8600e5d3c5f38

                        SHA256

                        fdb8fa58a6ffc14771ca2b1ef6438061a6cba638594d76d9021b91e755d030d3

                        SHA512

                        02f70ca7f1291b25402989be74408eb82343ab500e15e4ac22fbc7162eb9230cd7061eaa7e34acf69962b57ed0827f51ceaf0fa63da3154b53469c7b7511d23d

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json

                        Filesize

                        18KB

                        MD5

                        b42bdf1c1da0e8e71b499021ee1af0ca

                        SHA1

                        abbeb6ddc1cfc5ccfbb9c2e027c249c044799e4a

                        SHA256

                        0def3df0288bd5de00383fb5f3be057b1b9dfb4f379b59b19f7f8304e6eeedac

                        SHA512

                        aa391ead8f3479939de88bda1f1ccee7ae59b812b359a37c82864cf409ed1846cfa0d3c0e01a13c3de7654433caf04e93cd75f1ed8480819e4a7ea991f304bb4

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                        Filesize

                        15KB

                        MD5

                        96c542dec016d9ec1ecc4dddfcbaac66

                        SHA1

                        6199f7648bb744efa58acf7b96fee85d938389e4

                        SHA256

                        7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                        SHA512

                        cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                      • C:\Users\Admin\AppData\Local\Temp\nsv93F5.tmp\FindProcDLL.dll

                        Filesize

                        3KB

                        MD5

                        b4faf654de4284a89eaf7d073e4e1e63

                        SHA1

                        8efcfd1ca648e942cbffd27af429784b7fcf514b

                        SHA256

                        c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

                        SHA512

                        eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

                      • C:\Users\Admin\AppData\Local\Temp\nsv93F5.tmp\LangDLL.dll

                        Filesize

                        5KB

                        MD5

                        50016010fb0d8db2bc4cd258ceb43be5

                        SHA1

                        44ba95ee12e69da72478cf358c93533a9c7a01dc

                        SHA256

                        32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

                        SHA512

                        ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

                      • C:\Users\Admin\AppData\Local\Temp\nsv93F5.tmp\System.dll

                        Filesize

                        12KB

                        MD5

                        4add245d4ba34b04f213409bfe504c07

                        SHA1

                        ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

                        SHA256

                        9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

                        SHA512

                        1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

                      • C:\Users\Admin\AppData\Local\Temp\nsv93F5.tmp\UAC.dll

                        Filesize

                        14KB

                        MD5

                        adb29e6b186daa765dc750128649b63d

                        SHA1

                        160cbdc4cb0ac2c142d361df138c537aa7e708c9

                        SHA256

                        2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

                        SHA512

                        b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

                      • C:\Users\Admin\AppData\Local\Temp\nsv93F5.tmp\modern-wizard.bmp

                        Filesize

                        25KB

                        MD5

                        cbe40fd2b1ec96daedc65da172d90022

                        SHA1

                        366c216220aa4329dff6c485fd0e9b0f4f0a7944

                        SHA256

                        3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

                        SHA512

                        62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

                      • C:\Users\Admin\AppData\Local\Temp\nsv93F5.tmp\nsDialogs.dll

                        Filesize

                        9KB

                        MD5

                        1d8f01a83ddd259bc339902c1d33c8f1

                        SHA1

                        9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

                        SHA256

                        4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

                        SHA512

                        28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

                      • C:\Users\Admin\AppData\Local\Temp\nsv93F5.tmp\nsisFirewallW.dll

                        Filesize

                        8KB

                        MD5

                        f5bf81a102de52a4add21b8a367e54e0

                        SHA1

                        cf1e76ffe4a3ecd4dad453112afd33624f16751c

                        SHA256

                        53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

                        SHA512

                        6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                        Filesize

                        479KB

                        MD5

                        09372174e83dbbf696ee732fd2e875bb

                        SHA1

                        ba360186ba650a769f9303f48b7200fb5eaccee1

                        SHA256

                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                        SHA512

                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                        Filesize

                        13.8MB

                        MD5

                        0a8747a2ac9ac08ae9508f36c6d75692

                        SHA1

                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                        SHA256

                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                        SHA512

                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                      • C:\Users\Admin\AppData\Local\qBittorrent\BT_backup\d4feb0b237b8a3f109c3191e06e53b22c1e7fad7.fastresume

                        Filesize

                        1KB

                        MD5

                        458ddfb703ebc03cda65ab94500b1375

                        SHA1

                        b0d7979fe32d37b26993717361f2de59e74d6eba

                        SHA256

                        e35c50785250e0d79c2a9f394364637fa929257d6d3fdb35a9ee51902dd37db5

                        SHA512

                        404aa7b7b94641a6e110c1cdf33179bed2eae877f6e91644449c82d7eb282356fdddb513fd9cf39259bc29687bf35848c4cbea495798c9bb259edc79dd436920

                      • C:\Users\Admin\AppData\Local\qBittorrent\BT_backup\d4feb0b237b8a3f109c3191e06e53b22c1e7fad7.torrent

                        Filesize

                        10KB

                        MD5

                        a5c7894d0a45209bd05c4a7133dd7837

                        SHA1

                        231cc0c50b8f30a8ca3761c8cafd1b283af8c5f8

                        SHA256

                        4d43b7a3ed8b884b8f5bdba00884c3729626ca9660f07069ea675534f9522257

                        SHA512

                        b098029268c87704915feebd98c0cb0856b037ec5016b848e650fbc657ccae1e627915f742a7c5351a5285a5ba0b947a42e4b0506d8cc9794b74358544791b72

                      • C:\Users\Admin\AppData\Local\qBittorrent\BT_backup\queue

                        Filesize

                        41B

                        MD5

                        36c72791de5204537c545e6f46f511ef

                        SHA1

                        c22d691c36b8c6f2841d7f3e5400619daecb8c90

                        SHA256

                        58ef8d54e2ada19c2f7aa495d29cce1664755951e34f221932f43bfeb62dda2a

                        SHA512

                        9c41f38f2a724f9312a6496f4b24a944b243f863c69541acb0f8f409f099625500cc53dd267acb3eb5c878cd875b0c01d38919706d61c443764fc7d8dd268dea

                      • C:\Users\Admin\AppData\Local\qBittorrent\GeoDB\dbip-country-lite.mmdb

                        Filesize

                        7.1MB

                        MD5

                        7f4cd930e541f29ac8e120aa8a43ee0b

                        SHA1

                        df85c812cad8512147c4f029634a36980b35ce6c

                        SHA256

                        d87b275016e23e2f913971b73c007cbfe5a1bde255a9c60cbdb16f622d8be850

                        SHA512

                        bc209113113c7092e9d5bc2d64e04a4f15b3343b6ae7a6c7172bfc670823c92c3f6ebaa0c132b7d785c29424170ad4e8328a635b0c8542e7d4912e702c0cdde9

                      • C:\Users\Admin\AppData\Local\qBittorrent\logs\qbittorrent.log

                        Filesize

                        2KB

                        MD5

                        23a8d9586f57765dad3b79fc760798f1

                        SHA1

                        b9d583de8aa5156cde6e67bf64df5b4fb8b476cc

                        SHA256

                        72ef63860daa940d469d9befb7a38adeabe04e089b6ee7b7234b36b0571ff15e

                        SHA512

                        c2e03eeb30d26f6a5387650b227c4bf5fc2f27f37ee7b2fe172676f42db5a8879a8c681b9d20ad466886fc7ccf6c0e633f77d2085f07577dd97dca15a61796fc

                      • C:\Users\Admin\AppData\Local\qBittorrent\logs\qbittorrent.log

                        Filesize

                        2KB

                        MD5

                        615f9dbbb8d670e7c8290d95a5cbe040

                        SHA1

                        e974768f15cb256ce77519521deee7202cfa936e

                        SHA256

                        f559527db75b489f83a981db756948985331048a440f68c8c330c0163e6c2d4c

                        SHA512

                        a70a1d3dde4b2463e9a3e3bf898fdb4427d21766b2e4a63888f7461e58849eb7d106fe180633d0d7fe876f4c1e5a15e4153dff9df90cdf1bb13d3c654277d550

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

                        Filesize

                        6KB

                        MD5

                        a5eb460998966b2ab1d3da8b2dc9a723

                        SHA1

                        75c0c5ef31aca4e14241d592972b1ec6620498ec

                        SHA256

                        1e628f06f91a31d9dfe30f74af8343882c5e554f99187cc872fc96da3af12ee5

                        SHA512

                        f1a63134c97a72caaeb0fa5a010572c29ba9551762f8c422358821ee860e20e0843fd8813e6c44d1d1898e867a3f3366c12c73122f59c0effddbf3eedd79d354

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

                        Filesize

                        11KB

                        MD5

                        e8847367a82b8f3063e32738a3782ab7

                        SHA1

                        dc03f0cec13dd6cf74b14c412b368c4e0e39acdb

                        SHA256

                        7e7af4cf00a3950c1102369066d3390cf0fffc47f5b7f7352533479471464da1

                        SHA512

                        43ecf481c1a7a6087e5c6bea64acfbba4767f984d9acf106e65972255e51a2f8178e05d01b11edc18a0aae1bc01f57041971bd75648a69b4a32b08cf7831e25f

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        26KB

                        MD5

                        c51f77156ccf2c6079202146da8e927b

                        SHA1

                        5e1bca392c42d17d7ca6b80f33457c1209f9ad5a

                        SHA256

                        8f334f96e06a4f069af58ccc31a4fd43ab837abb05fb4aa52a6435329ce63f63

                        SHA512

                        ee36c6f14bcea63ce81f870a02e7fbba4e5e69ed65ab0167899adc46cd7046e4edae5a3fff3f3be212fce51496a60329efdf7dd2c46db6fa9a9df2558069a922

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        5KB

                        MD5

                        9b914e3a5888a65c36e907f11ba176f3

                        SHA1

                        c90c4045080bcd018226ccc992558f10578bbfb2

                        SHA256

                        28b7241901ee062c6fcb242f229bb879aef98cf0aed2c8ee0f7d86ebbe50d4de

                        SHA512

                        c516bb96f6eee4abca2ba7ab2b3559b8f3f4550b83c1d6ff79b0022a935f8b0c6411cb04bd6c77e6c4c55b35b494530db66fcae3fc9fb7f683f9db0d976d47cf

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        3KB

                        MD5

                        50b96c2680ca3acd632d74c2a4508f16

                        SHA1

                        be5b180835721d7d5ed6c8dff1443f14032991fe

                        SHA256

                        4942cb9f8f0adda64b1624866d61e9304952fa0db4dfb4b9fb43b06ba3a0e748

                        SHA512

                        e240b71e8ac7ca8aea7fc38b8586151317cf84225a76ecea011b8e49b629251511f859d3774b1c4627af508af8122e5e7adea16b8e11b12ea8fa90bd9456f5b3

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        6KB

                        MD5

                        0452793ae41314e11fd5154846f80de4

                        SHA1

                        3300417c99c467d4e9566cba35e46eda2dab37b4

                        SHA256

                        13bc0569ea5e606089613a4df18c5efa81427b76d371c606df50197f6b43702c

                        SHA512

                        0e3fbbec08c62a291d2574a754f5852394ccc42c12413ad7dee86fa1996f3b8c2bbb796531723c60cf18f1ed05c3bded300adb57fe62aa22836befdadb7f4018

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

                        Filesize

                        6KB

                        MD5

                        839236c3c173e2ec3ff3e35af9d3f9d3

                        SHA1

                        3012861582b2999a6039448d339030a2d014fae3

                        SHA256

                        6c7003a478b01d8774aad77ea3f82c78e7a7acf9cdbbeeb31cef2bf87775a6e9

                        SHA512

                        24d378d25c1a9758c907261d0462023be502f4f90ea150f93e45bc87d9ab4e9a4c831b47b21b61dce7e2393070718b96cfb02c86d5a17cd99d27cce8b4cfde64

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\28e846ea-9d8d-4de4-8027-8796539a2b54

                        Filesize

                        671B

                        MD5

                        9ce166ee0a3f4dbcb57051f044775996

                        SHA1

                        7c49f36e7250300e21338c74b21970b701e195a3

                        SHA256

                        951dba5fb91e935f54ad387a1485a6577d5baf78e82c4c6dca0a9a88cb67bc8f

                        SHA512

                        921abf17a3c94240cd7c0d7093bad8ba1204d4750061788528c1f4a1d20d1f50272998e25cfa839277f72c2a0bf485743c7e5a41fd7368e56499022dddc0bebe

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\630f8360-6932-4c43-952b-683bb4288304

                        Filesize

                        17KB

                        MD5

                        a3f3259862df48be154a8c0cc0156cb7

                        SHA1

                        49ec30491703be35add376334a5bb48f9549bb35

                        SHA256

                        d4825a63f3cf55f41b38edeca376c6a45ae2bc7ef47b0d0d8e063fb136485c68

                        SHA512

                        33dc55a5ee5c947d604778943ca26d7251912b29ac13f468f0a5af16b3a1e0744b485a7a03910b71a5fcba949984405e439aa7cecbb9f11aa8332382c1a2ebaa

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\ac4073b1-d9b2-43f9-9694-dcc50bb598d6

                        Filesize

                        26KB

                        MD5

                        a7f112cca3d24f56d5ece9122297329f

                        SHA1

                        f67726c1b77f27ca25505c7dea6b20c86c67cc72

                        SHA256

                        468fd9ba61f46cb2dd8e0f9191eba0aa8d6cd8542c51095c42f446dbabf8404e

                        SHA512

                        6a41f30e96eea778c6491ee507937390604ab6a0afa67d36a7e748c26c04f8b4a651057c4fd64f7bea219df80c642cf4af3eaae9fe0a9540e164d188a20bf18d

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\c5442b9d-4887-4b38-9ce8-e9f788391199

                        Filesize

                        982B

                        MD5

                        b7e2b26e642bd49c9b7076e639d5050b

                        SHA1

                        417fe3d60f41380f65f0ef222dd40082e3545d8a

                        SHA256

                        05120fee9f88565a0032208068bb9a6fdfe03a23ce05d5494021d14ac70898d0

                        SHA512

                        8a939426ca835ae285ff165d8aa5c1c3b83c7fffd5e675b36a8e343ef33347423425848084e9dda06a3febb11cd573198bcf20af24958794b006abe6ed8d99f3

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                        Filesize

                        1.1MB

                        MD5

                        842039753bf41fa5e11b3a1383061a87

                        SHA1

                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                        SHA256

                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                        SHA512

                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                        Filesize

                        116B

                        MD5

                        2a461e9eb87fd1955cea740a3444ee7a

                        SHA1

                        b10755914c713f5a4677494dbe8a686ed458c3c5

                        SHA256

                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                        SHA512

                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                        Filesize

                        372B

                        MD5

                        bf957ad58b55f64219ab3f793e374316

                        SHA1

                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                        SHA256

                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                        SHA512

                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                        Filesize

                        17.8MB

                        MD5

                        daf7ef3acccab478aaa7d6dc1c60f865

                        SHA1

                        f8246162b97ce4a945feced27b6ea114366ff2ad

                        SHA256

                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                        SHA512

                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\handlers.json

                        Filesize

                        413B

                        MD5

                        e571e70e1757624ca8196c286defe313

                        SHA1

                        669b55ae51d2071c1ba2f7096297816603f81e83

                        SHA256

                        2d452d8ec369c65cd0d8c6344e666d550e332089d2638cfdc4a060445f7ff420

                        SHA512

                        3a88f8166f3c3527fd4fc5810c1117385db7531b759ea598705694eae58cbee52529857354c1fea96f4bd2aa860f94ad7de03ac756df52e53c5730532a5b0809

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

                        Filesize

                        11KB

                        MD5

                        74c2218db5af8d161621e891e470cfa3

                        SHA1

                        cfda2d19633aaecd9943cd6d17a647e7edc2a6ac

                        SHA256

                        39a0b1d1ff2018cbada257e4641d032d93acd529c9ecd72de22d85f8c42cbabf

                        SHA512

                        ed1137f3cadeac4a252ac9e84fbd69c9888023e2e256578a233a8d7cc6293db54b026136896b772eacc805e32b7c97892ea37c55d5643023ae8ff424fad2f671

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

                        Filesize

                        10KB

                        MD5

                        ddb495f1993a441c0c45b21ef1c427ca

                        SHA1

                        14362d85f932d5280cfcdf803c1aa57dfed4cd30

                        SHA256

                        32ca516cfb2046f5331dddcd26eb87addc58b9a259c560e9babb6914414091d3

                        SHA512

                        8a692032542cc0d614d9fac7e74ccc699e6b54ae0ca3b62d53463bdd953d560d14d3f3b17540c4d0237372288d1e54929176322aa9a121ba6d79ca8c6a61e43a

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

                        Filesize

                        10KB

                        MD5

                        1a14666914cecde649937a55230ed59e

                        SHA1

                        5dc1906ccd7f2b2abd21e3d243a72e5b5e295060

                        SHA256

                        5eb1a5cb2e0620416ec71d90bfaebfa27aaf0cc20680cba51b54e6ba7ab7d9c2

                        SHA512

                        22a3db57032b969004d2d2764c3ed4ea2948a5183b304a5a6a50c51958d09d23dcb18e1abf0bfd94c917cbf7b9aa1c7184943ccc7f174b85682a37147b8968fd

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

                        Filesize

                        1KB

                        MD5

                        c728b78628c9e6fa2f4b69eab73dcaf9

                        SHA1

                        4e4859156fc434d3cdc7ffb586dd92c88bafe285

                        SHA256

                        adf0252e7de575788c10cb8b8f9d9215eff51d724b0eae4af6e8de1979699e29

                        SHA512

                        0fc60a373d95aee98a711c07f05103a16be63ecec6ffbaf5ab951dd17ee880f9764b0a13beef12c6a75c0e830c2e7beaff6e873a73ee59a44086c392976689ce

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

                        Filesize

                        9KB

                        MD5

                        ecb15be4108c8e08437460c96b26417f

                        SHA1

                        ba1a9b4346ec61ea0b17ae2d1b7b8ac44e65cbdf

                        SHA256

                        a23c3952b54feec896dcb42454e8ade8bdd11b6f9b3cdfdfcd1ede2146b3f79b

                        SHA512

                        2b65815a402d736aa52165fd937acaec0165db3a5f2ae7f2730e61c34bb4dc5ae4df52edb97a412f5d84d5659993e9079afe95e25f42392a14e2fa922ac59321

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

                        Filesize

                        10KB

                        MD5

                        7ee36ee6c1c0ac81d9dcb4f3a1f7a37f

                        SHA1

                        d250158833fba03e1ec503eb95b4b11726b02fcd

                        SHA256

                        72b91d33a9a4bc5740767a5c4ef2853f7d61030fd6c5f412e927a3bd12f24d8d

                        SHA512

                        955b33e3da22bd69de6dea0fa9c3e51a647d29ca8f4d0889726d15f413a3961c38d7cf874d04df3c4a8af771954a0154f1ac2a6c5456286dbeb8695aebf7755f

                      • C:\Users\Admin\AppData\Roaming\qBittorrent\qBittorrent.ini

                        Filesize

                        1KB

                        MD5

                        90fe0968db319baa4ce21ec576ce0b30

                        SHA1

                        22b4d4398668df6f82a699c4695d2e0ba6e7b9f8

                        SHA256

                        2f9855e5ba41fce7ecd88e3a83ea321be393247f87df25a10607c0cbb41e7781

                        SHA512

                        5d605b2e043af0603eb9e23e21a82b3f8ddfaea58cd754d6c19ecf5a2ff2108ec4948323751df801a5e966035c758cbd598eba392cd3c0290c72517133f3433c

                      • C:\Users\Admin\AppData\Roaming\qBittorrent\rss\feeds.json

                        Filesize

                        4B

                        MD5

                        5b76b0eef9af8a2300673e0553f609f9

                        SHA1

                        0b56d40c0630a74abec5398e01c6cd83263feddc

                        SHA256

                        d914176fd50bd7f565700006a31aa97b79d3ad17cee20c8e5ff2061d5cb74817

                        SHA512

                        cf06a50de1bf63b7052c19ad53766fa0d99a4d88db76a7cbc672e33276e3d423e4c5f5cb4a8ae188c5c0e17d93bb740eaab6f25753f0d26501c5f84aeded075d