878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f

Analysis

max time kernel
233s
max time network
235s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-12-2024 18:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qbittorrent_5.0.3_x64_setup.exe
Size

37.5MB
MD5

83505c82e83bd2e61bd67dfcf30724cf
SHA1

5fbde5f904a7c0e1346b9bcef4a66a7a7dd7e5b9
SHA256

878ca7e3fb7a90a937afdbe080c055877b4c6334a9589d27e092fd6737a0716f
SHA512

87ead0cac1dd041f7929e68bfdf8b61ac50c9d05a74344ab951f9c624874452e22a30f678a6a059cc3e8906f92189c39cfe7bba6552681140d610edb1b529833
SSDEEP

786432:7nvRa6b9c7DLVZhxGjtYO9NByxgyXXbFTUgCe4Oa0eMe6NwRI/gWfe+C:7paO9c7VZejf3OBbFTU3U+6NxIV+C

Score

7^/10

defense_evasion discovery

Malware Config

Signatures

Executes dropped EXE 9 IoCs

pid	Process
320	qbittorrent.exe
4452	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe
2844	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
4300	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe
2760	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
4432	Ages of Conflict.exe
3668	UnityCrashHandler64.exe
3724	UnityCrashHandler64.exe
1772	Ages of Conflict.exe

Loads dropped DLL 22 IoCs

pid	Process
1712	qbittorrent_5.0.3_x64_setup.exe
1712	qbittorrent_5.0.3_x64_setup.exe
1712	qbittorrent_5.0.3_x64_setup.exe
1712	qbittorrent_5.0.3_x64_setup.exe
1712	qbittorrent_5.0.3_x64_setup.exe
1712	qbittorrent_5.0.3_x64_setup.exe
1712	qbittorrent_5.0.3_x64_setup.exe
2844	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
2844	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
2844	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
2760	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
2760	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
2760	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
4432	Ages of Conflict.exe
4432	Ages of Conflict.exe
4432	Ages of Conflict.exe
4432	Ages of Conflict.exe
3668	UnityCrashHandler64.exe
1772	Ages of Conflict.exe
1772	Ages of Conflict.exe
1772	Ages of Conflict.exe
1772	Ages of Conflict.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\system32\symbols\dll\glu32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\devobj.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\ktmw32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\system32\gdi32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\winhttp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\fastprox.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\MMDevAPI.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\powrprof.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\rasadhlp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\gdi32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\combase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\crypt32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\wbemprox.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\TextInputFramework.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\gpapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\mono-2.0-bdwgc.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\system32\dll\gdi32full.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\imm32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\winmm.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\opengl32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\winhttp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\ResourcePolicyClient.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\XInput1_4.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\cryptsp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\cryptsp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\ucrtbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\winmm.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\d3d10warp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\wintrust.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\steam_api64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\hid.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\ResourcePolicyClient.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\shell32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\Windows.Storage.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\CLBCatQ.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\wbemprox.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\wintrust.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\steam_api64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\user32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\Kernel.Appcore.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\Windows.Storage.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\iphlpapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\MMDevAPI.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\UnityPlayer_Win64_player_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\XInput1_4.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\ntmarta.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\mono-2.0-bdwgc.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\system32\msvcrt.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\UnityPlayer_Win64_player_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\ole32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\ws2_32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\UxTheme.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\userenv.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\TextInputFramework.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\mono-2.0-bdwgc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\ole32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\cfgmgr32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\shell32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\UxTheme.pdb	UnityCrashHandler64.exe

Drops file in Program Files directory 39 IoCs

description	ioc	Process
File created	C:\Program Files\qBittorrent\translations\qtbase_zh_TW.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\uninst.exe	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_lt.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_cs.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_de.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_pl.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_sk.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_gl.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fr.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_he.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_tr.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_it.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_lv.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_nn.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\qt.conf	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_sv.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ca.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_da.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fi.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_zh_CN.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\qbittorrent.pdb	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_pt_BR.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_uk.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\qbittorrent.exe	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ar.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_fa.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_hr.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ru.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_es.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_hu.qm	qbittorrent_5.0.3_x64_setup.exe
File opened for modification	C:\Program Files\qBittorrent\qbittorrent.exe	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_sl.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ja.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ko.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qt_pt_PT.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_bg.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_gd.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_ka.qm	qbittorrent_5.0.3_x64_setup.exe
File created	C:\Program Files\qBittorrent\translations\qtbase_nl.qm	qbittorrent_5.0.3_x64_setup.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Amsi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\propsys.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\WrpYGF74DrEm.ini	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
File opened for modification	C:\Windows\symbols\dll\ucrtbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\MpOAV.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\XInput9_1_0.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\dxgi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\advapi32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\userenv.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\fwpuclnt.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\ntdll.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\shlwapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\setupapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\cryptsp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\discord_game_sdk.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\profapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\msctf.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\wbemsvc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\UMPDC.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\ucrtbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\shlwapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\rpcrt4.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\Kernel.Appcore.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\Kernel.Appcore.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\ktmw32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\mono-2.0-bdwgc.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\symbols\dll\mono-2.0-bdwgc.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\symbols\dll\Amsi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\WinTypes.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\dnsapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\exe\WindowsPlayer_player_Master_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\d3d10warp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\CoreMessaging.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\cryptbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\gpapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\apphelp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\WLDP.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dhcpcsvc6.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\dnsapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\mono-2.0-bdwgc.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\imm32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\DXCore.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\wintrust.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\kernelbase.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\symbols\dll\UMPDC.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\WinTypes.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\iphlpapi.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\DLL\kernel32.pdb	Ages of Conflict.exe
File opened for modification	C:\Windows\glu32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\cryptsp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\rpcrt4.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\fastprox.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\glu32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\CLBCatQ.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\sechost.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\wintrust.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\ws2_32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\d3d10warp.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\powrprof.pdb	UnityCrashHandler64.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Ages_of_Conflict_World_War_Simulator_v3.1.1\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe:Zone.Identifier	qbittorrent.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	qbittorrent_5.0.3_x64_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Ages of Conflict.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Ages of Conflict.exe
Key opened	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Ages of Conflict.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Ages of Conflict.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Ages of Conflict.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Ages of Conflict.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Ages of Conflict.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Ages of Conflict.exe

Modifies registry class 29 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent.File.Torrent	qbittorrent_5.0.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\ = "Torrent File"	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent.File.Torrent\DefaultIcon	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\shell	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent.Url.Magnet	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\shell\open\command	qbittorrent_5.0.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\""	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\magnet	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\shell\open\command	qbittorrent_5.0.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\shell	qbittorrent_5.0.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\Content Type = "application/x-bittorrent"	qbittorrent_5.0.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\Content Type = "application/x-magnet"	qbittorrent_5.0.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\URL Protocol	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1"	qbittorrent_5.0.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\ = "Magnet URI"	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent.Url.Magnet\shell\open\command	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.torrent	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings	qbittorrent.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.File.Torrent\shell\open	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent.Url.Magnet\shell\open	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\USER\S-1-5-21-114766061-2901990051-2372745435-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent.File.Torrent\shell\open\command	qbittorrent_5.0.3_x64_setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\qBittorrent.Url.Magnet\DefaultIcon	qbittorrent_5.0.3_x64_setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\magnet\ = "URL:Magnet URI"	qbittorrent_5.0.3_x64_setup.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Ages_of_Conflict_World_War_Simulator_v3.1.1.torrent:Zone.Identifier	firefox.exe
File opened for modification	C:\Users\Admin\Downloads\Ages_of_Conflict_World_War_Simulator_v3.1.1\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe:Zone.Identifier	qbittorrent.exe

Script User-Agent 6 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	799	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	800	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	755	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	776	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	789	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	794	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
320	qbittorrent.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1712	qbittorrent_5.0.3_x64_setup.exe
1712	qbittorrent_5.0.3_x64_setup.exe
2760	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
2760	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
4432	Ages of Conflict.exe
4432	Ages of Conflict.exe
3668	UnityCrashHandler64.exe
3668	UnityCrashHandler64.exe
3668	UnityCrashHandler64.exe
3668	UnityCrashHandler64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
320	qbittorrent.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4200	firefox.exe
Token: SeDebugPrivilege	4200	firefox.exe
Token: SeDebugPrivilege	4200	firefox.exe
Token: SeManageVolumePrivilege	320	qbittorrent.exe
Token: 33	3404	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3404	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
2760	Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
320	qbittorrent.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe
320	qbittorrent.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
4200	firefox.exe
3840	OpenWith.exe
3840	OpenWith.exe
3840	OpenWith.exe
3840	OpenWith.exe
3840	OpenWith.exe
4432	Ages of Conflict.exe
1772	Ages of Conflict.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 2152 wrote to memory of 4200	2152	firefox.exe	91
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1288	4200	firefox.exe	92
PID 4200 wrote to memory of 1192	4200	firefox.exe	94
PID 4200 wrote to memory of 1192	4200	firefox.exe	94
PID 4200 wrote to memory of 1192	4200	firefox.exe	94
PID 4200 wrote to memory of 1192	4200	firefox.exe	94
PID 4200 wrote to memory of 1192	4200	firefox.exe	94
PID 4200 wrote to memory of 1192	4200	firefox.exe	94
PID 4200 wrote to memory of 1192	4200	firefox.exe	94
PID 4200 wrote to memory of 1192	4200	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\qbittorrent_5.0.3_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\qbittorrent_5.0.3_x64_setup.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b13ff69-c9c3-4337-8a9e-dcf051697fd4} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" gpu
    3⤵
    PID:1288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c409fd05-2b4b-4e5c-ba35-2d5d9ea59186} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" socket
    3⤵
    - Checks processor information in registry
    PID:1192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3272 -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3284 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e05079fb-43e4-4195-b16b-20fbcbb07b69} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" tab
    3⤵
    PID:3616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 2720 -prefMapHandle 3428 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ad9b207-047f-4a92-b825-1edd3a4f949a} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" tab
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4532 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2552 -prefMapHandle 2540 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1280affb-b71c-45c1-b16e-fea385c924d5} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" utility
    3⤵
    - Checks processor information in registry
    PID:2852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 3 -isForBrowser -prefsHandle 5424 -prefMapHandle 5420 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a73fdbd7-c3a0-48ed-bd97-a98e54f7bc6c} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" tab
    3⤵
    PID:1132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 4 -isForBrowser -prefsHandle 5524 -prefMapHandle 5528 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3adb3d87-1f85-4473-919f-f9067cd9e944} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" tab
    3⤵
    PID:2944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 5 -isForBrowser -prefsHandle 5396 -prefMapHandle 5512 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7595b7a-4360-4ec1-a291-8a9954393347} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" tab
    3⤵
    PID:3208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3812 -childID 6 -isForBrowser -prefsHandle 3204 -prefMapHandle 2876 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34aa64ea-98a0-4f7c-a227-e9f9bdfdd414} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" tab
    3⤵
    PID:3204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6336 -childID 7 -isForBrowser -prefsHandle 6344 -prefMapHandle 6348 -prefsLen 28086 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd4300bc-fa1d-45e6-8c03-6ef98dd57a0c} 4200 "\\.\pipe\gecko-crash-server-pipe.4200" tab
    3⤵
    PID:2308

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3840
- C:\Program Files\qBittorrent\qbittorrent.exe
  "C:\Program Files\qBittorrent\qbittorrent.exe" "C:\Users\Admin\Downloads\Ages_of_Conflict_World_War_Simulator_v3.1.1.torrent"
  2⤵
  - Executes dropped EXE
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:320

C:\Users\Admin\Downloads\Ages_of_Conflict_World_War_Simulator_v3.1.1\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe
"C:\Users\Admin\Downloads\Ages_of_Conflict_World_War_Simulator_v3.1.1\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4452
- C:\Users\Admin\AppData\Local\Temp\is-RID0F.tmp\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-RID0F.tmp\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp" /SL5="$10362,107411231,1047040,C:\Users\Admin\Downloads\Ages_of_Conflict_World_War_Simulator_v3.1.1\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:2844

C:\Users\Admin\Downloads\Ages_of_Conflict_World_War_Simulator_v3.1.1\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe
"C:\Users\Admin\Downloads\Ages_of_Conflict_World_War_Simulator_v3.1.1\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4300
- C:\Users\Admin\AppData\Local\Temp\is-6TTJK.tmp\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-6TTJK.tmp\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp" /SL5="$20364,107411231,1047040,C:\Users\Admin\Downloads\Ages_of_Conflict_World_War_Simulator_v3.1.1\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2760

C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict.exe
"C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4432
- C:\Games\Ages of Conflict World War Simulator v3.1.1\UnityCrashHandler64.exe
  "C:\Games\Ages of Conflict World War Simulator v3.1.1\UnityCrashHandler64.exe" --attach 4432 1840871116800
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- - C:\Games\Ages of Conflict World War Simulator v3.1.1\UnityCrashHandler64.exe
    "C:\Games\Ages of Conflict World War Simulator v3.1.1\UnityCrashHandler64.exe" "4432" "1840871116800"
    3⤵
    - Executes dropped EXE
    PID:3724

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x16c 0x1f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3404

C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict.exe
"C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:1772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict.exe

Filesize
639KB

MD5
a0fbb5eaf8d59306caab48a71cbe1a7f

SHA1
e75c19c7968cc8d2a24bbafe1507413a7aa6140e

SHA256
da191a4f2c14d2ea8506618d437fb86fcf30e571aafbac31984edbdc063c05bd

SHA512
4637ff4de464d3326c09e418d8d4994693118cf71b42ec1d8776226c85bbccd1daf9fdd2dfb65ba88993be5fe7e2ac6a478d7e4025c9ea7c11d9264335fc771a

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.AIModule.dll

Filesize
10KB

MD5
5441a8bdbf7e7995429dbb3f08f91737

SHA1
9a469a372dcff9d204d9d1c18bb1f536a385bc5a

SHA256
2617ae89873fdbc881703895f6a51b4dd721572b9bba3d27d1e88887e6a27e4e

SHA512
6971b673552f26b0c84fcce82067f43dc2e47632ff59a5ead7fa3ae5c94003ea622f0ca945375ce59628e38846bd4b7d0bcb563dcc635f0c640b9552960d3734

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.AndroidJNIModule.dll

Filesize
38KB

MD5
807741e7a5f2d56212e063b8aa294878

SHA1
99ce108a4cd98fdb64cfc0d3b59de3c9bcff941b

SHA256
bb693b0948b0adfbf42d09b357f385bc6384b507ce35e3b9c1dc50633b2f39af

SHA512
c10c39bc6217ec5b5f4bd2300c5d7254e37eb7ef45262d85adaa88b5077d52da0b8294ad2b49ba37ea1af92824add2b70c02cb18f182abad9f309d989f11d179

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.AnimationModule.dll

Filesize
21KB

MD5
df19cc429cf6565868792468871c9b4b

SHA1
e30a2059e47c479017821017d99a27c5a0cb147e

SHA256
c725fb252751f2fb907c014b6d6549593be4e8e2cd2615c25de88bb8081f6645

SHA512
5df89b4be4c1a4efd3044df3c496d1e3433e9db127954e4618c637159459c15a35db0e80a5f0d687be80bdbff3f5fc12d2b504b144eceaad056efa937812da09

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.AssetBundleModule.dll

Filesize
9KB

MD5
048d9e9a4e21bd4c5b6f81b65b8030c6

SHA1
303c763cba8eb5101d4319fe07ffb5a7cfdcd8dd

SHA256
d25cb68e4a34337514b636d5fafd23c67aaa70e83de599c76150a374583e0a3d

SHA512
a2357ac9af877edd7911599b8dc641d9041163e28b07e756403033ac373c88aa803d2c399723a40d59fb19276c2f6d466e04be5399ca51fd64d47b5abd56bb71

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.AudioModule.dll

Filesize
14KB

MD5
861061deabc743db00994cc1b40a19d9

SHA1
5d4502b3c774c3cbd9765c84e7d52f8b430aab02

SHA256
5cdcafcf9a821f9a35f469d452fac58fdeebfbacf7703fec2be92eaecac4eba1

SHA512
b98298a38770e398433e7d110edd191ed29be1fd7132b33044d58d6430329e191438cf3a621e061356d1d436f570fa320db78148b5be384f29234b7fd9f895e7

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.CoreModule.dll

Filesize
498KB

MD5
1798076d0f2c2b28060e59b0d680b2e2

SHA1
adc718402b2885e619656ae355f4f345576c7f38

SHA256
31a8f16854c10731af24f196268ffcaafe77e827d002c87d31bbc6ebf9be53d1

SHA512
a64d039ab9babc5a93d9cdeaa8831d09c0e733f6512dd9cd6bc3bee54c6c81ab690c739871ed646fb83fea5bf9491b507763e7f4b5221f8716c94841b87031c6

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.DirectorModule.dll

Filesize
10KB

MD5
f67ede82b3adc2c64db5641cbbfefe6b

SHA1
959fdd00869a7bd11029fc330d30e61a7a57136a

SHA256
606b3c5ef33a0b64a65b8b8a2343ebb813406fab93505352f4b14831b0a55b7c

SHA512
88181d377a66be05165736c55048abf5b54fb90eed046f87c64e6c7babba7a4aa2d2115a149fa216f20d3ea50b454823d2cf9d69cec0051e12c086472d57e2f1

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.GridModule.dll

Filesize
9KB

MD5
177099624fbe5936a60adc6efe5a3a65

SHA1
7a9328183b79534dac3d9203f684db58286ada3c

SHA256
227c6504d2b17a4fdd53209a88ef5ea58470380fec4c2053d8e7d8ff86b02923

SHA512
9b50c9d77431702fd70e9684837dc7c7d3525667104fd2cfc3c697115041e5c061b9b3800273783d545a89172beee0a7adb0a3fdb5e1fb32e951d3ff7a98bdc9

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.IMGUIModule.dll

Filesize
85KB

MD5
4a996e877fe2fbe1e944a860d0480a2c

SHA1
67a9ecff7f00b60cc0ed39824f260c3bbda8c1e0

SHA256
2707bce3edc5507724acc4aaaf5d8f6d3b108b471f01e444dd379c07c8a9e3bb

SHA512
a229ffc0cf8a7429a8a84098e0c1278685776a47b78d66bab1d714382a6e45382b76347b4d1c2b12d889640e011b768c564b3329890cacf7c07b005a7002cbc9

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.ImageConversionModule.dll

Filesize
10KB

MD5
f15077f6ef3e0c9c22d9ac90220e6272

SHA1
6c3ea16140f5442bd96b684da9efb9a810c344e7

SHA256
252972890659bdcac22e02189147fe8106888c94aaf4bd1c38f6d9c20aecc41e

SHA512
860e573a8e90abfbe9e2d7a0e1902b93b87e5c0b6a3d0af35672a26373b1ad216faed60faef44e58f1b82d294b37210c82fe367b4f1ad13d24a5ae83455b4ba4

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.InputLegacyModule.dll

Filesize
16KB

MD5
27bda8712f0bbe2b117d5a4e9b53e83f

SHA1
f08b01bd83d90c57c09c597a19c2b3b1f007539d

SHA256
28c3fbd1e6fdc8165fdc26a806b45c80d98aa3025ec9ca6979753927eb1f2010

SHA512
98818dc2f66ae249d02541b08ced26eaf247ea4edefdcf7a80cca48584a39ff24076d93818421ec2baa78b89d45ac1b1b18387d692dd696c46625d4ada55e5e3

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.InputModule.dll

Filesize
12KB

MD5
a49f6067983fc7f6606af9344f9287d4

SHA1
db504de014cb8d0af4623403aab010f1e04b9550

SHA256
9b93c32582ab11fbbb98c9377b1cd63ae596b01593dfab0a0a6d05aac23a94f8

SHA512
a88d4d4cf9a9e008d8c1a59c724203412da3b9023c43a1fdda1f45de6bae059fcec504fb1988522f531951d0010cf045ae0d219f1f18668eb9fc0a11b707aed3

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.JSONSerializeModule.dll

Filesize
10KB

MD5
586e4b8cb4b7628f73245ab45544b317

SHA1
17a1dfc2a98c9f8b040041abaeef85d676d2fe40

SHA256
5ec7615eedd40fa92e1cd57c1bffee27b1e0f810a08c0121c781ead079668c7f

SHA512
272eb5a4839c385a50b0e61aea03a6a9371f66ebc5b1a92c9da0cb7ee3acb4456cada927c33068133cc9bfde33e6ad4199877c11042d5fbbf668affab7859fa9

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.ParticleSystemModule.dll

Filesize
15KB

MD5
45212bb2954db53279ea160f810ecd88

SHA1
d11798651f2efa3a059b4e74405781a0ca12a2b3

SHA256
50f583300b47ad237807dbe465331ee5dce5b248adc5613be0c0e9488aa89e56

SHA512
8bd02ea6f43149c1db1088fc8d61512a1515d8788a1c4fcdc16252976355a5b2baae1fbb298673dee7d065ffe955e474997b2500ab0cc1e6f965dd096ef7cf72

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.Physics2DModule.dll

Filesize
17KB

MD5
0c19b565750d9d4da47c28e174acb836

SHA1
9c6e1a7efedc3968de5cf9547f5b60afdc520924

SHA256
6f625b2945abb3917322471fa5ea79add1afff4f64a715fc85ad1be5af14c9b8

SHA512
449dd79517c6e35320a4c0714d3acc8d95a569c617b6b4f28c4f8600e035448eb2a1320a9883a3fc44282007cca14d4b7098169616f38962f2976d2f6abfa0ca

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.PhysicsModule.dll

Filesize
18KB

MD5
5a5334e4a774a68c962d3edf1dd70e83

SHA1
d2d6149888f09ca933ead67775fb183e1d5bc173

SHA256
b5b0a1937d61bcfc6d2d9c48bf6beb35b4bf4762d2974a4bdc4702bd04999d8f

SHA512
33f5e48bc8d082a3a98bb78787645c0934628a6cb45d34c7023f8c986a4908d7789d3fdbb1c5d72bcbf52ebb1a6226df09605230c0b81d8dec1c5949dd53e10a

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.SharedInternalsModule.dll

Filesize
16KB

MD5
f97b70007d8a91fa80ceb9a48c63da24

SHA1
abd64545a44e54b097f0c4d9baeb4f9511572791

SHA256
af7e8dca264b8d144500baf4bff4b7cbb7fbc743f32056ae81a4436e3ad21c82

SHA512
a8d685d50c7de73de44b1a050de98cf7b7c9087e685e2300211d37fb65ceceee28b26adeca59489aa119a27eed33320700715d8ae15ccf1c803318c4dc08da2e

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.SpriteShapeModule.dll

Filesize
9KB

MD5
a211787e00753770feaf2e5b44d9e5af

SHA1
fdb9399cf116c5c0c75ffec873f3d0bdf2552abb

SHA256
8bde890ff525bb7395d6817fba78a11a4fd81f43ad8d4c920712afce2d27c509

SHA512
95bc45d03f7c36fe052f2e487308e5e60d50fe2f78e4975c90ba195993096091c1c52a658d46a472837f2b3be831b1c1d826f2ac4085aa8cabcc3735ce2e0d8d

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.SubsystemsModule.dll

Filesize
14KB

MD5
ca46ff4e7a6411dd84c5a16506219a6b

SHA1
41fac45548288853370064c7ff6cdb97a870b803

SHA256
c81f283fade999796303c2ca803b823d561a66bd9c1721529bd727fcce121f6c

SHA512
3372ab1da8edc992a3641ab89db396d53e7e41e2c83df89cdb52233a86557ed9f179cb5ae51147af2724f33a36de3921662d58a4df0f71adec5d54a894124d91

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.TerrainModule.dll

Filesize
17KB

MD5
fbb774fd45d491ade6c923f921472465

SHA1
26cb6a7b137c938f78f6d54eefc9717b4bbe2274

SHA256
c3c2f09972dbc773d3affce5f3ea2dffa7ae05eaf1ce17fd228ab13dcdd44c98

SHA512
cf4966292ad37e499ed5c6df278cbfbfc43854b5b9fe933c6282c53704df6efda051e69561ce9abe55e422e636ccc5b5b5c378c4755fb4f6edc23faf6cc7e08f

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.TextCoreFontEngineModule.dll

Filesize
25KB

MD5
bb75fb4f77b93c025390338c7ff46266

SHA1
f11b35976393d86a6e2e7e46db815f82d2da544d

SHA256
a186f0ff560f572f0568c49da896220d5a5bc4cb149a5174652203bb65840446

SHA512
539a0e45aca504a4ca1ba373f2f3a74153fcf99211be8d30b87c34b145b21fba868e77addcc8a829365c7ecde17fcaf23d18ca0fc499b1c127ce7b5832cc25a8

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.TextCoreTextEngineModule.dll

Filesize
162KB

MD5
6ea2048113a060efdecc5727c63f3668

SHA1
faf2cab3e2929138c3e975a75ac395c0f4d936f1

SHA256
1a3d6105acf820181ba4d62139bbb486f668a3a9a35828ef3446d74c318f72a0

SHA512
6b576ab25d96cdc1301c4e3d270ef3d8edc9c6e9e72335711c5cb128ed081b9f6e338013808c541671408d569a08d5ad3d3a4245a9c8aa5b007947c07adad3c9

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\UnityEngine.dll

Filesize
58KB

MD5
adcefd32bdd421d48bcd591ff202f2a6

SHA1
f0027ace67e46e782249d9b64e7cfdd4709548c7

SHA256
5d7c6f749faaff02c64d9a62823731f8ed75c2c68bde3a91d6522481e5f9fc49

SHA512
b3425e7de168ed3ae1041380553308a1ba42d6be56ff9dbbb59643d404677d1c175bcfd2dfd34986b6708428ddea70f58024574fb9e87e5aaceb9497965ac19c

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Managed\mscorlib.dll

Filesize
2.6MB

MD5
4f84f92cfb98d396f96e2f25a288d169

SHA1
a204d1f6441fd47736f50680b9587f8d8771a258

SHA256
3e2514bce5d3a5babd273a7f200d59cf3493d8729a55db9f3537cbed7e43ef69

SHA512
df23ab9cd28369976e4b0510351b3daf1139b453e8ed626886e2b7460fc2438a1679284184f176bb10ecc59ca7c7da601a9fc0416e00fbd5b0ec42d6e398ab42

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\Resources\unity default resources

Filesize
4.6MB

MD5
30ca65ecdce3120adb3a7a4704ff4e9a

SHA1
d11141baa87537588009b24d5ffa842876acf674

SHA256
e8240f4deb637ae052b5ac8c735f7b0ccc6c8aeb32dbaed5e722520f6297b9d7

SHA512
3a3fa878028c0cddb8c77cc03565f9e5ac0844c30a95a32d28a57f1d08c27e02ec60a910730242f78dbba9d38bc140c31a953b88d159b8e9163f3860001d6e3a

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\RuntimeInitializeOnLoads.json

Filesize
4KB

MD5
395fa54a914b01353f27b3b66f6c23c3

SHA1
8c75772864abeb29254ff230218fe91bca1c83ad

SHA256
0bca4a44c846433ffa6563eff69ef62540234613529416bff23592293e16b801

SHA512
729c2f7e0c841ddad621e2dc1864e908b52725b40e35a8ec9a58037a2359f52db323989d31c2ea0d073889cf2efc043bd03f4427b3a934f2202e64d8782fd0bc

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\ScriptingAssemblies.json

Filesize
4KB

MD5
101d9c60f931db943a12e74bce49b5cf

SHA1
ec6291e827aa080270be31292bab85c5b459d031

SHA256
08ac7ee66657147afface4c0ee7b28b4dacac11a33d053b461bcffa672e7deb1

SHA512
8334fe506c73d685ff1e6205ace36971a41cdb5964f84338cd3bcd26d2060b32f640a6dab06ab976f166efb1b8545e51eff17d28e49ab7d01cf1b484042a4d68

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\app.info

Filesize
30B

MD5
b5732187a1f2e56e930374350e94b3e4

SHA1
566f0d53fc2f894d05d60773602131f37d707028

SHA256
51341f86b15fa41ad0f37cdd6a5c92ced640f7ef72ccf57cde2029b1e5ee9b3a

SHA512
225425b697fb82150f8f358817302611cfa6205b73c2c238c48b8e9d4e770eee5bedfe643f3136ed835da8b1231888b93801175e5e9c4a46a791360c4f0f5714

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\boot.config

Filesize
69B

MD5
2b77119d737c1c2caf66bc03e37efed2

SHA1
07516483372e39b828f8a4d8a6f3e13f2a607b22

SHA256
25202c8f0caa8139d220c1db829ac0445de52047059b03c920c7d145ddfeb4ba

SHA512
53de04a485fc86e9327e39f6c2efce794f44295817f7106fc66e814e3f690209ee04c33b08c21dd951a15fbe472bf7b5a92acec465130319b85fa5ac09f9baf2

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\Ages of Conflict_Data\data.unity3d

Filesize
6.1MB

MD5
8b8606155a0bbbe1278cd5bd5e053be2

SHA1
a4a8dc91fefbe681a0ec902ef60d7a9a794dba3d

SHA256
3872e3330c7a9f48709294205dfd30f2e52194fe34f9f0e2012bb9490c333338

SHA512
4cd743a32b3836b802e54fd39d6cbdd17464d48be8b3ba249ce3d7880c693444639f938c6b10e63c282f90731254f320b9f594c0eb08d3b7fb537dc86a16ef4f

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll

Filesize
7.4MB

MD5
7d3e278af1fcc72745463d74431a3643

SHA1
bdf3a23004b987a3db532676db0378755ce9f473

SHA256
749b8ce44e6aeb3d744dac957fa8b423ccf20e455889e25caa3f0746864c17e1

SHA512
97089ec3244052a44d88db1a1bae277d444879c28db3d5cd8af64f082f46c93d538054dfa5473308461a64a02780a13c59445a3cbb8024970fb2b8ca97675538

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\MonoBleedingEdge\etc\mono\4.5\Browsers\is-LIJTB.tmp

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\MonoBleedingEdge\etc\mono\4.5\is-A22AF.tmp

Filesize
59KB

MD5
f7be9f1841ff92f9d4040aed832e0c79

SHA1
b3e4b508aab3cf201c06892713b43ddb0c43b7ae

SHA256
751861040b69ea63a3827507b7c8da9c7f549dc181c1c8af4b7ca78cc97d710a

SHA512
380e97f7c17ee0fdf6177ed65f6e30de662a33a8a727d9f1874e9f26bd573434c3dedd655b47a21b998d32aaa72a0566df37e901fd6c618854039d5e0cbef3f5

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\MonoBleedingEdge\etc\mono\config

Filesize
3KB

MD5
ced30438c7663df1f57af23bba624460

SHA1
e02a718d8e6efb74bd8bbf70a1d6bc644055f39f

SHA256
107b0d888b6169bb0e51205e967d88fa82899cc6f66bde54ef9b70169dc43b1d

SHA512
925d2b0c356d86a2a193de997daef501359445df226a386994716867f891255316165e3bfa4c9546a508f29c0b579dd78218a1d96cf4e891e76c74394838920c

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\UnityCrashHandler64.exe

Filesize
1.1MB

MD5
e9bfb2a4bcd542fc9b528cdd4bc37719

SHA1
c48a09e946b3aa75ce8972d98ed58f92c69c76f8

SHA256
dd8c4f815e93e97e924fe3eae1bc09c238841f2167a07905b60e06ee6d97e51f

SHA512
0b021ed576fa567d1eed5e1e904c8992ec6c316b8db5c0e580cd0d5b656d96d83b823d505c701512971cf0f0db4c174f416a48ae9b3095cba90c581674504929

Download Submit
C:\Games\Ages of Conflict World War Simulator v3.1.1\UnityPlayer.dll

Filesize
27.7MB

MD5
1ac43df3d8cc386adf8ebbe61f8eff40

SHA1
936cbbf980cd95027d0cb2aaa8fb0e6bda3c24cf

SHA256
477c15a09d560e547d237596ad4ef1c55317c9dd049e38f62c24bb9bd4fb3331

SHA512
f9e1f9563260e56959bde6725d3b4ddaf44cb2cd10c23f8da7a244fe55b76cfeefd03c6e5606c7770fb75e17ec69a32bf3c430572b85c0de6a6f53efeb00b5ec

Download Submit
C:\Program Files\qBittorrent\qbittorrent.exe

Filesize
35.0MB

MD5
7a47d50bdb7a84a1fa58653f55eb2697

SHA1
fd767a6225bfdcca0537043b8f647d6ce33f7d1c

SHA256
6864e1a85198efb8ecf5f26564f7565d4d4e93f1ba7e4359bc05910ad74e83f0

SHA512
8c292a2a0bd6be2dac30e0f2cefe9bfd73aaff96e0cbb1301bba283fa8eabf378bbbc2c45667ec0cb0092e92d54bc02f054fb74b51eaa9068839225c3915d753

Download Submit
C:\Program Files\qBittorrent\qt.conf

Filesize
84B

MD5
af7f56a63958401da8bea1f5e419b2af

SHA1
f66ee8779ca6d570dea22fe34ef8600e5d3c5f38

SHA256
fdb8fa58a6ffc14771ca2b1ef6438061a6cba638594d76d9021b91e755d030d3

SHA512
02f70ca7f1291b25402989be74408eb82343ab500e15e4ac22fbc7162eb9230cd7061eaa7e34acf69962b57ed0827f51ceaf0fa63da3154b53469c7b7511d23d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
7e7671a7067aa1357ea15ea462a6e160

SHA1
6b0da1ed1756e86fd68bd0948e85bf5138164f39

SHA256
7040ac4d73f363195254c3b6383c848c05f933e2d8781c820c4689028f79b0d1

SHA512
e20cb0391a1a7074befa03c30296ad256484d87347a36e4948ef8f2c39d92ae454aed92bd53388c5df1b9e104f16e459809c7e261e1133bef5ba7e132460d52a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR5S4.tmp\botva2.dll

Filesize
41KB

MD5
ef899fa243c07b7b82b3a45f6ec36771

SHA1
4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

SHA256
da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

SHA512
3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FR5S4.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-P3FFS.tmp\links-logo.bmp

Filesize
2KB

MD5
67703a819b0e504a3b30fd30af44c2bf

SHA1
5b9b927a6c67556af954701ac8eebaf5b7ff856e

SHA256
6038e3cedd880a22708ca4ca53e1ddc09335c956dd0e08fb72a433ea2e44686b

SHA512
2493ff325f34f0ed71d1bd06b7ee043db02fe4251734b53031441e98275dbe769a6cc539618ab260e24caafc0ad524da64f74b5102ca0ac4b071cc0839e0ef3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-RID0F.tmp\Ages_of_Conflict_World_War_Simulator_v3.1.1_setup.tmp

Filesize
3.2MB

MD5
45e0e66b179be22b86b49e52768ee8a8

SHA1
1383ce7adfc1e8dbb3b56d90ce9fc9669ac39c15

SHA256
db7a332f128e680b0bdc7685fe5747907308d152310ae1d08d0ae46196377a15

SHA512
a19e475ba551082e6e22f43151dfddfa46ece612156f23558a34c8bcf947830c8d6d0bf820c222cb64cc3725954fa81e8bd9ed6103694f973489c7b07e236530

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4604.tmp\FindProcDLL.dll

Filesize
3KB

MD5
b4faf654de4284a89eaf7d073e4e1e63

SHA1
8efcfd1ca648e942cbffd27af429784b7fcf514b

SHA256
c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3

SHA512
eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4604.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4604.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4604.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4604.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4604.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsk4604.tmp\nsisFirewallW.dll

Filesize
8KB

MD5
f5bf81a102de52a4add21b8a367e54e0

SHA1
cf1e76ffe4a3ecd4dad453112afd33624f16751c

SHA256
53be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2

SHA512
6e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\AlternateServices.bin

Filesize
8KB

MD5
4f497f9e70bb6509e14ae1f97fd4a8ce

SHA1
cd35ca904bfeb96a1b17560b121efb6e23a810c3

SHA256
bdb3d3159f67a3f14d52fd17f39f8b0f457050e2c3a12725e99e5b834e7f898a

SHA512
1bed27318c5687fad9b54168b4d89998f11e0dd5d20e4d9bcbc1bdbaf0178aeae80714ae9b90d91715054556228f8024ecf055986cdaf6388a03daff1d7efda0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\AlternateServices.bin

Filesize
12KB

MD5
e133e31e393aedc067e2de9d6ad3bcb6

SHA1
ba5ee53281f13a5d3a83a584443b80aa1103fcd3

SHA256
6a3e0496f6ff925fd638f95f712876a0b6e1d2e4430bc7958f420a1e621c5041

SHA512
1e27564617da0cf8cd69b0d07428eacb6a1cd7e560ed9c0969c163fe12fa773123c40186e1870463e696e6c27bb445e3c4b949b2f821de559418b79590e99971

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
8ddb0896bd59ca60605124a310a40dd4

SHA1
3e0e8c20456244ada47ad7a21af9690a639639a9

SHA256
325ff407864827a60d19e04f95b20f8f446ce9ab4a3ec41e3fb153b6195245f1

SHA512
0e0ea91d6787055645ac7cbe1b784e43a1e237682188bb3613925e0fb773d571b84efcf31acd99a5652daa65ede777b88ac301be82cf683f5fafb79b41685afc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\db\data.safe.tmp

Filesize
40KB

MD5
2d109a3b15f49fbce263797206938e0b

SHA1
3e3e7088592a914f8dd49d2d759cbf2ecd80f578

SHA256
c9d6f147becaea0d4bf231dded3b27894159b173a6ac460be2485d9bd0ad9941

SHA512
6ac9d759660c2d34ee3e1d8fdb4b79dcc786cad33a9815ccdd7b2eeba17c2f1240e3515315b84961ebf5d8f6af840c4d2cb2059cd2e47c02984079e81f0c5175

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
355dca6d5122508b33b2be1520b22fb4

SHA1
371d4c53d3c7fa15b30ad69ca50bab0419c603b9

SHA256
db3e6fd3023a6b726639ffd3c35a84bac1c01bdf94a4bc406573d652b6e511ce

SHA512
e618bcdc40037e48581d4d031193ec40cf9f931dd7847a7f0b9a58b2bd32620e5018a26cbc5fd701fbe0d41d3080650258d7271962b80b904d4b31d7c4d0e9e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\pending_pings\03078661-4aa9-4b82-82c0-9f111817a06c

Filesize
27KB

MD5
53673cc37470a03bfd9bd5698087e6e4

SHA1
98ed39147b049671aa937aec956030ed12c94935

SHA256
f5ecadc71f20b01da3f781ac77439c9bfbc9f588b7e4b7e351edd12e2086dd2a

SHA512
1250be60b790c325410348d75ae5b07517ee157b6f4cebeb45ef6040ae940d100d75e15f63f7d255d24220f2ab861d8c73c1e1e2522162f673a061506503adf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\pending_pings\5d55b094-0551-4c8f-9af6-01479bf1355b

Filesize
671B

MD5
8d66730f427026072d0a0fd1c7dad784

SHA1
f4dd27ce78e637fb51ee9791339920879e501956

SHA256
e590926368ef988c49a202075ddf70b759ee4b2e07a5d4814b3913a5434f29b9

SHA512
e91563d440b1bcbbd7520a19ee7d0866c66999c26832dee7895de2df9949eba7c605d3c7b3ed110c5dc8cc17f90e27cde1e9ff1afc626ac67b4ad475d99b47f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\datareporting\glean\pending_pings\f249e11d-ed1c-47f1-83fe-535b6113d272

Filesize
982B

MD5
26c8944f529de2b6a870dfdf70c99546

SHA1
d721973ee4b6d97f26f3629320da19ea45e1380e

SHA256
511b324c6cc4ae82f16de7c1e0fb11223052d878388bbed905c5a732e708e9f8

SHA512
2062d77cd62a0f192ec3e8ee81eb360168f93a95a1e3d817fdae6a9f760e696dd22985d6a2cfc30f322a2243e8a6f5b21fafc99bf01071e42cc8ec2001f618f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\prefs-1.js

Filesize
10KB

MD5
308446c0205f6872207acb2a6b44c553

SHA1
a0efe07af4f87f33d8dc759e627f8c1f7e12d070

SHA256
1608417be6733b9eaa454924c84358195b90e80019366de2c584b2e25a2c8e52

SHA512
f3cdfe42b72f932be520a689493124da61551c0f018d85a01ba8bb114634eef03d8114ea1a82d546d7ead1c04f33d40c1e495ac4c4160c96f8a70e81b796aa44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\prefs-1.js

Filesize
10KB

MD5
d8f13ee2797af91f3115954aba309133

SHA1
120ba3cb46b8fd2bca012eca8f58d00ffa1f7774

SHA256
7dffc388525b348cd28fbf4418fa1e74df2e4f6ea2228182c6064a05c9e865f6

SHA512
c5cd91afcfe8c9ef059382887b6b94d85b5a4deff1384eaf0319a7356c9ccd190b273636f39d540b042fbab2b60779eb916facab745eaecdc13e45424ed74a1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\prefs-1.js

Filesize
11KB

MD5
81c38463f4892539992c79dfe4dc5e1c

SHA1
5d854df080a2c2491f824db35f9db3d986d88a53

SHA256
e852bcae49aea8dce586bc5c177dcedcffc0d47c75abce8dd29b43ffbe017823

SHA512
7639c6a6c975872b724509f5fc1b099712f3532cbe7d6b27f9e296ea0f946fd9015ae4573b07e27e3e6d84f827075a8d496e2f261197103dc4acf29dcf469c0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\prefs.js

Filesize
10KB

MD5
fa343d898f6f52321d0ad6b059bb47cf

SHA1
039786e0e4c72fac464f4b12574b099d43bb5050

SHA256
dae368005e444dbc9cfd96b1265077eab3c1b5162ecf0a5b805bfeaf51bdf28a

SHA512
e701c4aeb163df26327958d9ed559f892dea7e36f23b61dd02ef85c7879bdd80029aca1171da4cdbc471eba5c524da2c5fb3098eff302a2c5c0f6e32ebf8bb77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
6344e79e416952d04b9e418638c15807

SHA1
b2c91182a92e78de84133d070e256ca549cdd5f5

SHA256
2cbe52aa85dd8bf38f8bac07da4effd539e30d48214f90277f75519346bc572b

SHA512
f57c2ab8964e13da88137653693649f86d86270e0d4b4f8dacc4ed9a40cafe5b81d464d860ff6936ea8a4ca755b65040ca643ee4f2d4144e40631d95fbafc59d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
aa2360f80ce080bc55bda84b0ccdf018

SHA1
9853ff90176aa657327959dd87960e707dd0664f

SHA256
229da6da325c955eadd7603df5680f00940b746862813eb813f9641f050d34fe

SHA512
664cccc368ee0daea36411d44cf99c6426d4bb50cb7e7c19f05d414d0e93801b79bf4139a0dd7fa33b182077f2482280fdeef24cda85982ce1fce81f19c76fa7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\uhqcqu3c.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
4a80a24a34d2ed558bca670d57d3e629

SHA1
11f79e56e29dbe833469d73b4b25e4513bd63f59

SHA256
b89b678237efaf0c9881756fd444a91db357fe35916e55a7cb09516043608d04

SHA512
4dcb9ca00e3db3b60e3eab1074647378a54545156cfc25460e1f685f23cd7406afae0a919ec2bcd1b52830a523a9300f3e463119df3ea3f6c014f4fd88a9187f

Download Submit
C:\Users\Admin\Downloads\OoCBhbyh.torrent.part

Filesize
9KB

MD5
362461c5c10b240e4387c63b091a8779

SHA1
87650f28db26b9abc7e964d5d0f7976eeaeede42

SHA256
caa6632c5a1caf08bb24565a9b56897c0c9038797af87f4989817b623be7934a

SHA512
66859079ce5589b732f1aae5faa1095da6759141f20d7864da54f225f4f198a08bb3fbb4dcac03b0e4777d1d897e84e9a5e52594ee4590b761835a9a88243ea0

Download Submit
C:\Windows\WrpYGF74DrEm.ini

Filesize
53B

MD5
dfaf8b5c39806703eca64eaf61eb0be7

SHA1
b8fbe730b36d880960cce305f64efd5248f7b946

SHA256
7214c77333343f87df720518757876e3ee20eeaf7e459e552eefafe83ee29b64

SHA512
bfb0a6d032b624d9dedae5b226b82431bf1bd521af33cecf67b13f76e5589fb7d54e367fa1fe04761c339ba4ce0773664dd75d10c30c30c3fe53eb2b5cb40b21

Download Submit
memory/2760-1238-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1239-0x0000000007D00000-0x0000000007D0F000-memory.dmp

Filesize
60KB

Download
memory/2760-970-0x0000000007D00000-0x0000000007D0F000-memory.dmp

Filesize
60KB

Download
memory/2760-1247-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/2844-936-0x0000000007F80000-0x0000000007F8F000-memory.dmp

Filesize
60KB

Download
memory/2844-950-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/2844-943-0x0000000000400000-0x0000000000748000-memory.dmp

Filesize
3.3MB

Download
memory/2844-944-0x0000000007F80000-0x0000000007F8F000-memory.dmp

Filesize
60KB

Download
memory/4300-1248-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/4300-1237-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/4300-953-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/4452-942-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/4452-951-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/4452-917-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download