210dbd36826cc7f97bfeab65600eeb0e17f377d91d7818cf9f14c1cb3677ad26

Analysis

max time kernel
270s
max time network
226s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

+.exe
Size

312KB
MD5

087967699a792bf912341b0ad68fc4f6
SHA1

5b338e4ba2da5ad7806ea63eb5f5812d71f24ec4
SHA256

e0f97721582084108b8a84d01f04d05364bb77b2e1ac7e6e476b82fc669652b2
SHA512

7b3e1d9354dbece2e58f2270d61f8d67562a2aa932dc11d73c193f313819b957a9a7ed462702aa236a8c95fa8e7648746b96cae67db2a7bbc90a9ac742377540
SSDEEP

6144:LaVWdyzOxeA1DfdwX3MmIOkF46t2EWNxrq+MqmVGKUqmFVzioUSlptDXdq:LMROxdDfOnMmXC46gPNE+MZEKUqmFFiF

Score

8^/10

discovery evasion persistence spyware stealer trojan upx

Malware Config

Signatures

Downloads MZ/PE file
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

firefox.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation firefox.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 18 IoCs

Processes:

setup-stub.exedownload.exesetup.exemaintenanceservice_installer.exemaintenanceservice_tmp.exedefault-browser-agent.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

pid	process
804	setup-stub.exe
1168	download.exe
3652	setup.exe
2908	maintenanceservice_installer.exe
2308	maintenanceservice_tmp.exe
1084	default-browser-agent.exe
4772	firefox.exe
616	firefox.exe
4416	firefox.exe
4772	firefox.exe
1324	firefox.exe
2712	firefox.exe
4760	firefox.exe
4360	firefox.exe
4464	firefox.exe
3108	firefox.exe
5068	firefox.exe
1852	firefox.exe

Loads dropped DLL 64 IoCs

Processes:

setup-stub.exesetup.exeregsvr32.exeregsvr32.exemaintenanceservice_installer.exedefault-browser-agent.exefirefox.exefirefox.exefirefox.exe

pid	process
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
804	setup-stub.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3528	regsvr32.exe
3528	regsvr32.exe
1292	regsvr32.exe
3652	setup.exe
2908	maintenanceservice_installer.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
1084	default-browser-agent.exe
1084	default-browser-agent.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
3652	setup.exe
4772	firefox.exe
4772	firefox.exe
4772	firefox.exe
616	firefox.exe
616	firefox.exe
616	firefox.exe
616	firefox.exe
616	firefox.exe
616	firefox.exe
616	firefox.exe
616	firefox.exe
4416	firefox.exe
4416	firefox.exe
4416	firefox.exe
4416	firefox.exe
4772	firefox.exe
4772	firefox.exe
4772	firefox.exe
4772	firefox.exe
4772	firefox.exe
4772	firefox.exe
4772	firefox.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

setup.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1792F720-725C-431B-8F8B-69AD986BEC83}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\notificationserver.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\AccessibleMarshal.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\AccessibleHandler.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{1792F720-725C-431B-8F8B-69AD986BEC83}\InProcServer32	setup.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4552-136-0x0000000000400000-0x0000000000446000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\download.exe	upx
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\download.exe	upx
behavioral2/memory/1168-222-0x0000000000400000-0x0000000000446000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\download.exe	upx
behavioral2/memory/1168-296-0x0000000000400000-0x0000000000446000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

firefox.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Drops file in Program Files directory 64 IoCs

Processes:

setup-stub.exesetup.exemaintenanceservice_tmp.exemaintenanceservice_installer.exe

description	ioc	process
File opened for modification	C:\Program Files\Mozilla Firefox\nsc75E3.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js	setup.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	setup.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\precomplete	setup.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig	setup.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log	maintenanceservice_tmp.exe
File opened for modification	C:\Program Files\Mozilla Firefox\softokn3.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\install.log	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe	setup.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll	setup.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe	maintenanceservice_installer.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	maintenanceservice_installer.exe
File created	C:\Program Files\Mozilla Firefox\installation_telemetry.json	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\defaults\	setup.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	maintenanceservice_tmp.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini	setup.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json	setup.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini	maintenanceservice_installer.exe
File opened for modification	C:\Program Files\Mozilla Firefox\qipcap64.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\mozglue.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\IA2Marshal.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\xul.dll.sig	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\libGLESv2.dll	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\install.log	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\defaults\pref\	setup.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini	setup.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\ucrtbase.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\freebl3.dll	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\	setup.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140.dll	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies Control Panel 1 IoCs
evasion

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Colors firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\Colors	firefox.exe

Modifies registry class 64 IoCs

Processes:

setup.exeregsvr32.exeregsvr32.exe

description	ioc	process
Key deleted	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_CLASSES\FIREFOXPDF-308046B0AF4A39CB\SHELL\OPEN\DDEEXEC	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\ = "open"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{1792F720-725C-431B-8F8B-69AD986BEC83}\DllSurrogate	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B32983FF-EF84-4945-8F86-FB7491B4F57B}	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\FirefoxPDF-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,5"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ = "ISimpleDOMNode"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\ddeexec	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\DefaultIcon	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\FIREFOXHTML-308046B0AF4A39CB\SHELL\OPEN\DDEEXEC	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\NumMethods\ = "8"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\AppUserModelId\FirefoxToast-308046B0AF4A39CB	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{1792F720-725C-431B-8F8B-69AD986BEC83}\InProcServer32	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ = "ISimpleDOMText"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\FirefoxPDF-308046B0AF4A39CB\ = "Firefox PDF Document"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1BAA303D-B4B9-45E5-9CCB-E3FCA3E274B6}\InprocHandler32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B32983FF-EF84-4945-8F86-FB7491B4F57B}\ = "IGeckoBackChannel"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{1792F720-725C-431B-8F8B-69AD986BEC83}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CE30F77E-8847-44F0-A648-A9656BD89C0D}\NumMethods\ = "6"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCA8D857-1A63-4045-8F36-8809EB093D04}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,1"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,5"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ = "ISimpleDOMDocument"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CE30F77E-8847-44F0-A648-A9656BD89C0D}\ = "IHandlerControl"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\ = "open"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1792F720-725C-431B-8F8B-69AD986BEC83}\AppID = "{1792F720-725C-431B-8F8B-69AD986BEC83}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DCA8D857-1A63-4045-8F36-8809EB093D04}\NumMethods\ = "9"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B32983FF-EF84-4945-8F86-FB7491B4F57B}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\FirefoxPDF-308046B0AF4A39CB\FriendlyTypeName = "Firefox PDF Document"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\ = "open"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CE30F77E-8847-44F0-A648-A9656BD89C0D}\AsynchronousInterface\ = "{DCA8D857-1A63-4045-8F36-8809EB093D04}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppUserModelId\FirefoxToast-308046B0AF4A39CB\CustomActivator = "{1792F720-725C-431B-8F8B-69AD986BEC83}"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Interface	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\NumMethods	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CE30F77E-8847-44F0-A648-A9656BD89C0D}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\ddeexec\	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\ddeexec	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B32983FF-EF84-4945-8F86-FB7491B4F57B}\NumMethods\ = "8"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\ = "Firefox HTML Document"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\ = "Firefox URL"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec\	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\FIREFOXPDF-308046B0AF4A39CB\SHELL\OPEN\DDEEXEC	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\firefox.exe\shell\open\command	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DCA8D857-1A63-4045-8F36-8809EB093D04}\ = "PSFactoryBuffer"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CE30F77E-8847-44F0-A648-A9656BD89C0D}\AsynchronousInterface	regsvr32.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

setup-stub.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup-stub.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup-stub.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c00000001000000040000000008000004000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup-stub.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	setup-stub.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup-stub.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

maintenanceservice_tmp.exe

pid process

2308 maintenanceservice_tmp.exe
2308 maintenanceservice_tmp.exe

pid	process
2308	maintenanceservice_tmp.exe
2308	maintenanceservice_tmp.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	616	firefox.exe
Token: SeDebugPrivilege	616	firefox.exe
Token: SeDebugPrivilege	616	firefox.exe
Token: SeDebugPrivilege	616	firefox.exe
Token: SeDebugPrivilege	616	firefox.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

setup-stub.exefirefox.exe

pid process

804 setup-stub.exe
616 firefox.exe
616 firefox.exe
616 firefox.exe
616 firefox.exe
616 firefox.exe
616 firefox.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

firefox.exe

pid process

616 firefox.exe
616 firefox.exe
616 firefox.exe
616 firefox.exe
616 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

616 firefox.exe

pid	process
616	firefox.exe
616	firefox.exe
616	firefox.exe
616	firefox.exe
616	firefox.exe

pid	process
616	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

+.exesetup-stub.exedownload.exesetup.exemaintenanceservice_installer.exefirefox.exefirefox.exe

description	pid	process	target process
PID 4552 wrote to memory of 804	4552	+.exe	setup-stub.exe
PID 4552 wrote to memory of 804	4552	+.exe	setup-stub.exe
PID 4552 wrote to memory of 804	4552	+.exe	setup-stub.exe
PID 804 wrote to memory of 1168	804	setup-stub.exe	download.exe
PID 804 wrote to memory of 1168	804	setup-stub.exe	download.exe
PID 804 wrote to memory of 1168	804	setup-stub.exe	download.exe
PID 1168 wrote to memory of 3652	1168	download.exe	setup.exe
PID 1168 wrote to memory of 3652	1168	download.exe	setup.exe
PID 1168 wrote to memory of 3652	1168	download.exe	setup.exe
PID 3652 wrote to memory of 3528	3652	setup.exe	regsvr32.exe
PID 3652 wrote to memory of 3528	3652	setup.exe	regsvr32.exe
PID 3652 wrote to memory of 1292	3652	setup.exe	regsvr32.exe
PID 3652 wrote to memory of 1292	3652	setup.exe	regsvr32.exe
PID 3652 wrote to memory of 2908	3652	setup.exe	maintenanceservice_installer.exe
PID 3652 wrote to memory of 2908	3652	setup.exe	maintenanceservice_installer.exe
PID 3652 wrote to memory of 2908	3652	setup.exe	maintenanceservice_installer.exe
PID 2908 wrote to memory of 2308	2908	maintenanceservice_installer.exe	maintenanceservice_tmp.exe
PID 2908 wrote to memory of 2308	2908	maintenanceservice_installer.exe	maintenanceservice_tmp.exe
PID 3652 wrote to memory of 1084	3652	setup.exe	default-browser-agent.exe
PID 3652 wrote to memory of 1084	3652	setup.exe	default-browser-agent.exe
PID 804 wrote to memory of 4772	804	setup-stub.exe	firefox.exe
PID 804 wrote to memory of 4772	804	setup-stub.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 4772 wrote to memory of 616	4772	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe
PID 616 wrote to memory of 4416	616	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\+.exe
"C:\Users\Admin\AppData\Local\Temp\+.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4552

C:\Users\Admin\AppData\Local\Temp\7zS8C197256\setup-stub.exe
.\setup-stub.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:804

C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\download.exe
"C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\config.ini
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1168

C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\setup.exe
.\setup.exe /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\config.ini
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3652

C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
5⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:3528

C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleHandler.dll"
5⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1292

C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2908

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" install
6⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2308

C:\Program Files\Mozilla Firefox\default-browser-agent.exe
"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CB
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup
3⤵
PID:4772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Modifies Control Panel
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="616.0.232315225\260280468" -parentBuildID 20230321111920 -prefsHandle 2680 -prefMapHandle 2844 -prefsLen 21864 -prefMapSize 236827 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80b40aed-9321-439a-a022-8c48027f31e8} 616 "\\.\pipe\gecko-crash-server-pipe.616" 3016 2233f96a858 gpu
5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4416

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="616.1.2024760310\1819798140" -parentBuildID 20230321111920 -prefsHandle 2440 -prefMapHandle 2580 -prefsLen 21864 -prefMapSize 236827 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ae73de7-19b0-4460-815f-a7ed44624cd8} 616 "\\.\pipe\gecko-crash-server-pipe.616" 3052 2233fe1d958 socket
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="616.2.822954872\736985282" -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 3144 -prefsLen 19817 -prefMapSize 236827 -jsInitHandle 1104 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcddf040-da94-415d-b573-955549e51aeb} 616 "\\.\pipe\gecko-crash-server-pipe.616" 3120 2234219c158 tab
5⤵
- Executes dropped EXE
PID:1324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="616.3.1906947317\568745196" -childID 2 -isForBrowser -prefsHandle 3380 -prefMapHandle 3376 -prefsLen 21998 -prefMapSize 236827 -jsInitHandle 1104 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05066ce2-d04e-4347-a8a2-38f297978ab9} 616 "\\.\pipe\gecko-crash-server-pipe.616" 2044 2234335e058 tab
5⤵
- Executes dropped EXE
PID:2712

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="616.4.1921830615\1268497700" -childID 3 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 22916 -prefMapSize 236827 -jsInitHandle 1104 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46fb0158-a0b6-405e-85e2-688c4910ee9d} 616 "\\.\pipe\gecko-crash-server-pipe.616" 3272 22344666d58 tab
5⤵
- Executes dropped EXE
PID:4760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="616.5.879647154\679393838" -parentBuildID 20230321111920 -prefsHandle 2660 -prefMapHandle 2656 -prefsLen 22957 -prefMapSize 236827 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76af9de4-0e03-41f7-a0af-60976013e380} 616 "\\.\pipe\gecko-crash-server-pipe.616" 4112 223444a6158 rdd
5⤵
- Executes dropped EXE
PID:4360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="616.9.1409890967\1565499832" -childID 6 -isForBrowser -prefsHandle 5552 -prefMapHandle 5240 -prefsLen 25410 -prefMapSize 236827 -jsInitHandle 1104 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a695dcef-1a94-49a9-8d23-614a4de44395} 616 "\\.\pipe\gecko-crash-server-pipe.616" 5712 2234897a958 tab
5⤵
- Executes dropped EXE
PID:1852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="616.8.1093844103\2110298435" -childID 5 -isForBrowser -prefsHandle 5356 -prefMapHandle 5464 -prefsLen 25410 -prefMapSize 236827 -jsInitHandle 1104 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {063a9cec-762f-4fc9-b61d-b12df30d730f} 616 "\\.\pipe\gecko-crash-server-pipe.616" 5564 2234897a058 tab
5⤵
- Executes dropped EXE
PID:5068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="616.7.418781015\1210412421" -childID 4 -isForBrowser -prefsHandle 5196 -prefMapHandle 5192 -prefsLen 25410 -prefMapSize 236827 -jsInitHandle 1104 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230321111920 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03ff41bc-3b30-4f2f-8dbb-c1dc31a5e741} 616 "\\.\pipe\gecko-crash-server-pipe.616" 5240 22348978258 tab
5⤵
- Executes dropped EXE
PID:3108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="616.6.716739519\1187654433" -parentBuildID 20230321111920 -sandboxingKind 0 -prefsHandle 5184 -prefMapHandle 5180 -prefsLen 27707 -prefMapSize 236827 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa7ee7c1-3409-4ffc-81e1-0f5693185e74} 616 "\\.\pipe\gecko-crash-server-pipe.616" 5220 2234897a658 utility
5⤵
- Executes dropped EXE
PID:4464

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Mozilla Firefox\Accessible.tlb
Filesize
2KB

MD5
8104751de2a8e948284f3ed577fe4872

SHA1
f03832fadce708f9fbb21f7ef1a44929f1792e08

SHA256
2a27d969cc58cb2b453f15e50c6fba15de088fe99c9c44d9998ec00f7be9676a

SHA512
27bdb251cd6886a81c0b754a545937c23c92420d2fa9c311a525c30319c4506a5b77988506aea1085615a163d1b758659164e4e244f3b3079890fa0f649891a3

Download Submit
C:\Program Files\Mozilla Firefox\IA2Marshal.dll
Filesize
80KB

MD5
6a1b13521873b53017d7551bc0a00518

SHA1
bac8a9881c42334722c9f30cfbcf23997bc4e987

SHA256
412e8d78ecf0cb26217f370733c797fe89cd1a95968b45d639316e60067d8860

SHA512
e6ff9fc89e9c4e2ab1e9472a66aefa862a8c8ecebbe6a20511813cf37465a1156aa976a58af27f7e90c828daaa98ac351ffb2fb3e6a75d14ebcd3d645977f051

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll
Filesize
18KB

MD5
49c3ffd47257dbcb67a6be9ee112ba7f

SHA1
04669214375b25e2dc8a3635484e6eeb206bc4eb

SHA256
322d963d2a2aefd784e99697c59d494853d69bed8efd4b445f59292930a6b165

SHA512
bda5e6c669b04aaed89538a982ef430cef389237c6c1d670819a22b2a20bf3c22aef5cb4e73ef7837cbbd89d870693899f97cb538122059c885f4b19b7860a98

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
588bd2a8e0152e0918742c1a69038f1d

SHA1
9874398548891f6a08fc06437996f84eb7495783

SHA256
a07cc878ab5595aacd4ab229a6794513f897bd7ad14bcec353793379146b2094

SHA512
32ffe64c697f94c4db641ab3e20b0f522cf3eba9863164f1f6271d2f32529250292a16be95f32d852480bd1b59b8b0554c1e7fd7c7a336f56c048f4f56e4d62f

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
18KB

MD5
d699333637db92d319661286df7cc39e

SHA1
0bffb9ed366853e7019452644d26e8e8f236241b

SHA256
fe760614903e6d46a1be508dccb65cf6929d792a1db2c365fc937f2a8a240504

SHA512
6fa9ff0e45f803faf3eb9908e810a492f6f971cb96d58c06f408980ab40cba138b52d853aa0e3c68474053690dfafa1817f4b4c8fb728d613696b6c516fa0f51

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll
Filesize
18KB

MD5
47388f3966e732706054fe3d530ed0dc

SHA1
a9aebbbb73b7b846b051325d7572f2398f5986ee

SHA256
59c14541107f5f2b94bbf8686efee862d20114bcc9828d279de7bf664d721132

SHA512
cce1fc5bcf0951b6a76d456249997b427735e874b650e5b50b3d278621bf99e39c4fc7fee081330f20762f797be1b1c048cb057967ec7699c9546657b3e248ee

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll
Filesize
18KB

MD5
f62b66f451f2daa8410ad62d453fa0a2

SHA1
4bf13db65943e708690d6256d7ddd421cc1cc72b

SHA256
48eb5b52227b6fb5be70cb34009c8da68356b62f3e707db56af957338ba82720

SHA512
d64c2a72adf40bd451341552e7e6958779de3054b0cf676b876c3ba7b86147aecba051ac08adc0c3bfb2779109f87dca706c43de3ce36e05af0ddee02bbbf419

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll
Filesize
19KB

MD5
6c88d0006cf852f2d8462dfa4e9ca8d1

SHA1
49002b58cb0df2ee8d868dec335133cf225657df

SHA256
d5960c7356e8ab97d0ad77738e18c80433da277671a6e89a943c7f7257ff3663

SHA512
d081843374a43d2e9b33904d4334d49383df04ee7143a8b49600841ece844eff4e8e36b4b5966737ac931ed0350f202270e043f7003bf2748c5418d5e21c2a27

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll
Filesize
22KB

MD5
d53637eab49fe1fe1bd45d12f8e69c1f

SHA1
c84e41fdcc4ca89a76ae683cb390a9b86500d3ca

SHA256
83678f181f46fe77f8afe08bfc48aebb0b4154ad45b2efe9bfadc907313f6087

SHA512
94d43da0e2035220e38e4022c429a9c049d6a355a9cb4695ad4e0e01d6583530917f3b785ea6cd2592fdd7b280b9df95946243e395a60dc58ec0c94627832aeb

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll
Filesize
18KB

MD5
c712515d052a385991d30b9c6afc767f

SHA1
9a4818897251cacb7fe1c6fe1be3e854985186ad

SHA256
f7c6c7ea22edd2f8bd07aa5b33cbce862ef1dcdc2226eb130e0018e02ff91dc1

SHA512
b7d1e22a169c3869aa7c7c749925a031e8bdd94c2531c6ffe9dae3b3cd9a2ee1409ca26824c4e720be859de3d4b2af637dd60308c023b4774d47afe13284dcd2

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
20KB

MD5
f0d507de92851a8c0404ac78c383c5cd

SHA1
78fa03c89ea12ff93fa499c38673039cc2d55d40

SHA256
610332203d29ab218359e291401bf091bb1db1a6d7ed98ab9a7a9942384b8e27

SHA512
a65c9129ee07864f568c651800f6366bca5313ba400814792b5cc9aa769c057f357b5055988c414e88a6cd87186b6746724a43848f96a389a13e347ef5064551

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-heap-l1-1-0.dll
Filesize
19KB

MD5
f9e20dd3b07766307fccf463ab26e3ca

SHA1
60b4cf246c5f414fc1cd12f506c41a1043d473ee

SHA256
af47aebe065af2f045a19f20ec7e54a6e73c0c3e9a5108a63095a7232b75381a

SHA512
13c43eee9c93c9f252087cb397ff2d6b087b1dc92a47ba5493297f080e91b7c39ee5665d6bdc1a80e7320e2b085541fc798a3469b1f249b05dee26bbbb6ab706

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll
Filesize
18KB

MD5
ab206f2943977256ca3a59e5961e3a4f

SHA1
9c1df49a8dbdc8496ac6057f886f5c17b2c39e3e

SHA256
b3b6ee98aca14cf5bc9f3bc7897bc23934bf85fc4bc25b7506fe4cd9a767047a

SHA512
baccc304b091a087b2300c10f6d18be414abb4c1575274c327104aabb5fdf975ba26a86e423fda6befb5d7564effac0c138eb1bad2d2e226131e4963c7aac5bd

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll
Filesize
27KB

MD5
4dd7a61590d07500704e7e775255cb00

SHA1
8b35ec4676bd96c2c4508dc5f98ca471b22deed7

SHA256
a25d0654deb0cea1aef189ba2174d0f13bdf52f098d3a9ec36d15e4bfb30c499

SHA512
1086801260624cf395bf971c9fd671abddcd441ccc6a6eac55f277ccfbab752c82cb1709c8140de7b4b977397a31da6c9c8b693ae92264eb23960c8b1e0993bd

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll
Filesize
26KB

MD5
4e033cfee32edf6be7847e80a5114894

SHA1
91eef52c557aefd0fde27e8df4e3c3b7f99862f2

SHA256
dff24441df89a02dde1cd984e4d3820845bafdff105458ed10d510126117115b

SHA512
e1f3d98959d68ef3d7e86ac4cb3dbdf92a34fcfd1bf0e0db45db66c65af0162ab02926dc5d98c6fc4a759a6010026ee26a9021c67c0190da941a04b783055318

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll
Filesize
69KB

MD5
50740f0bc326f0637c4166698298d218

SHA1
0c33cfe40edd278a692c2e73e941184fd24286d9

SHA256
adbb658dd1cbecaca7cc1322b51976f30b36ccf0a751f3bad1f29d350b192c9c

SHA512
f1331ab1d52fb681f51546168e9736e2f6163e0706955e85ac9e4544d575d50e6eacd90ea3e49cb8b69da34fe0b621b04661f0b6f09f7ce8ceca50308c263d03

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll
Filesize
19KB

MD5
595d79870970565be93db076afbe73b5

SHA1
ec96f7beeaec14d3b6c437b97b4a18a365534b9b

SHA256
fc50a37acc35345c99344042d7212a4ae88aa52a894cda3dcb9f6db46d852558

SHA512
152849840a584737858fc5e15f0d7802786e823a13ec5a9fc30ee032c7681deaf11c93a8cffead82dc5f73f0cd6f517f1e83b56d61d0e770cbb20e1cfff22840

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
22KB

MD5
8b9b0d1c8b0e9d4b576d42c66980977a

SHA1
a19acefa3f95d1b565650fdbc40ef98c793358e9

SHA256
371a44ab91614a8c26d159beb872a7b43f569cb5fac8ada99ace98f264a3b503

SHA512
4b1c5730a17118b7065fada3b36944fe4e0260f77676b84453ee5042f6f952a51fd99debca835066a6d5a61ba1c5e17247551340dd02d777a44bc1cae84e6b5f

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
24KB

MD5
76e0a89c91a28cf7657779d998e679e5

SHA1
982b5da1c1f5b9d74af6243885bcba605d54df8c

SHA256
0189cbd84dea035763a7e52225e0f1a7dcec402734885413add324bffe688577

SHA512
d75d8798ea3c23b3998e8c3f19d0243a0c3a3262cffd8bcee0f0f0b75f0e990c9ce6644150d458e5702a8aa51b202734f7a9161e795f8121f061139ad2ea454f

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll
Filesize
24KB

MD5
96da689947c6e215a009b9c1eca5aec2

SHA1
7f389e6f2d6e5beb2a3baf622a0c0ea24bc4de60

SHA256
885309eb86dccd8e234ba05e13fe0bf59ab3db388ebfbf6b4fd6162d8e287e82

SHA512
8e86fa66a939ff3274c2147463899df575030a575c8f01573c554b760a53b339127d0d967c8cf1d315428e16e470fa1cc9c2150bb40e9b980d4ebf32e226ee89

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll
Filesize
20KB

MD5
6b33b34888ccecca636971fbea5e3de0

SHA1
ee815a158baacb357d9e074c0755b6f6c286b625

SHA256
00ac02d39b7b16406850e02ca4a6101f45d6f7b4397cc9e069f2ce800b8500b9

SHA512
f52a2141f34f93b45b90eb3bbcdb64871741f2bd5fed22eaaf35e90661e8a59eba7878524e30646206fc73920a188c070a38da9245e888c52d25e36980b35165

Download Submit
C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll
Filesize
18KB

MD5
54f27114eb0fda1588362bb6b5567979

SHA1
eaa07829d012206ac55fb1af5cc6a35f341d22be

SHA256
984306a3547be2f48483d68d0466b21dda9db4be304bedc9ffdb953c26cac5a1

SHA512
18d2bdce558655f2088918241efdf9297dfe4a14a5d8d9c5be539334ae26a933b35543c9071cedada5a1bb7c2b20238e9d012e64eb5bbf24d0f6b0b726c0329d

Download Submit
C:\Program Files\Mozilla Firefox\application.ini
Filesize
899B

MD5
bec763786e67638dd34510daa8c7d31d

SHA1
2932c5ac5bd22bbe9707d541561b47ad1515a3a1

SHA256
49193d9d4170d0cf39e9736ae2b37a1a5b96f042d478173c1c2bfdcf632273f8

SHA512
624ec727a1fecf12e9a96b0b572fc6119a10aa8b79105645eba5d0a8d0b3e96cd83477d563c3eea2b1fae15d43775435e8c85a65f2bd7dc80331c0589eb59f2e

Download Submit
C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png
Filesize
15KB

MD5
e9068cd977693bdab242de4280dda725

SHA1
35a5c8aee11597ec7cc6adaf15e8673b713d73a9

SHA256
1701ff395543f3ad6b25584fa7014073f74949baca0dd2552216f58131328fef

SHA512
29ebff0f99c9a8f47b8f145ee8d88877b17ae0e3eeed1bc017caa20c68a63166831f5feda768189e837d2390cc80790e3e69aa7ec26bf92da2e90b66e1be3362

Download Submit
C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png
Filesize
5KB

MD5
c9ae03c43b67a4e4986518fe3fe29756

SHA1
07221e0401f306487504ae9b3c46ef1cb5dec843

SHA256
adf41380b5ed3f73b8e5fb51f7f33b722f4db4600791cdf92033267c9971c4d5

SHA512
0ace7c3cdc18eb1e67971a5acd0a54e1c00d37ac556f8183dccede984cb6520660c9b27064a8ef5f7b706fdabd70e5e424b7b7271ff751bffd997cf2284f9fe7

Download Submit
C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png
Filesize
22KB

MD5
8e058139e0576b4ad8d424bb21071063

SHA1
f584d2412c935aa8a7cf73ecdfaaa6a3cf87c064

SHA256
e86ee493e89f5dfce2ce8817ac5d1c04d8ba2b07a06ff0f967c0167562510df7

SHA512
9ce457aa516fb2d3cb7b4a08f2dd81573de301fefc6ddc877142a35851151407367605f00862fb77067d0969ba745bc6bc612a4440aa3017e508e572ec88f2fc

Download Submit
C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png
Filesize
8KB

MD5
1a340e565e697e63b5a4ce51f7297119

SHA1
cdb4ca85700ed81db13b15d4bd5b77d41bb20d34

SHA256
c4bb210e61cd35f9a0a54fb941ea2e3bf6abde799bea1c78d24c761c9a3bc429

SHA512
92478fe26f9ea7454206a3106632534c5608d6940588f01fecfd799de636f11b003ffd1e5c762201f9a14f4ebb7fa6a711d99312b03914de817246a6008c7b35

Download Submit
C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini
Filesize
803B

MD5
801a2278df1483b8b66a56f2c9ae0c02

SHA1
f734f78b7ba110fa1514624c2856892f13569136

SHA256
29f51f90f79043b7f8991e58e48934e4e2036d7b42c0e6b39f00d71810039541

SHA512
b5f2c3d6eb2ff5e60f01e4398245cff8902c461d7fc2126c0265062c6fbb092d705634e0fb1fa322217f52fa5841ae2997b5d6ca02fb898e67000bebca07f77f

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\formautofill@mozilla.org.xpi
Filesize
137KB

MD5
43664df755132c9512b83d2f09e1d4b6

SHA1
822f0dbe4b0d78760fc5b85ee582a6fadd1268b2

SHA256
54de8a52035ffab66ec74907a0a9a3d444ec08396812b9b4089e3790605335bb

SHA512
296c202a844359f5bdb1c622c5993aaceeb37376ba383b8aa58feb3ce2c2b68ef5c324188414d63281eb1831ff88895ce5564f6ef617f55157ebedd862dbe64b

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\pictureinpicture@mozilla.org.xpi
Filesize
45KB

MD5
9e643e1c144777323711517d4825b405

SHA1
11be918c1024c373c4949f0e17efdcbc714de718

SHA256
6cd497106b1a74ad2603c2c7830b3a5bef2042b5388b0e2bd4660a9124ecf5af

SHA512
7757c065d521af7158aba25a44c39394010e1a382049021b9264952635f5830b648302ad6b6f908f15116b1af869b36267248959f33d70b2c91f33a3a945ea96

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi
Filesize
168KB

MD5
686c5a3d611e3e19d2751b4521582e72

SHA1
1ca78809e46941c5a72d167aa1ae649144d68a33

SHA256
5db69c666b89ec24cfec09813549a935922764d157c6874423bba8be3133bbd9

SHA512
696d567641ae0be6efda2aeeae668f6b929664061160c62f9c1953dc04a72369435ca53f6d29a1fc27678994c1aeb5262e15346d010f710a16a5c94244704451

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi
Filesize
26KB

MD5
26c15bca175046f6ca41345c75b02d13

SHA1
5a892029b6e908110156642d936e8065d31fc228

SHA256
4008a740ee0d6a119bbbbd57600b8bed717756c3ed9a16daa057228fbcc6ffb1

SHA512
ed27f58292731c3266c6e4428f67e60175f65a0bd16d164aa8751cf19b95cabecdaed6954e316b684ecdc3b5d97fb2212346ca9949b0dbeba48603d7799f2937

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\webcompat@mozilla.org.xpi
Filesize
367KB

MD5
47c7794d518d4e78c7aa7e14dacbc12b

SHA1
6ee8d37a76ba9ec6df5e5042d7b905db9aef8efb

SHA256
fc172224b03059f83fa1eb6d6c0c5dcf74f196a7f13f47b43066f2de8fafea16

SHA512
0e7b88b35284e576dabc7d9ac11c4a3bdaf815d22653518e0406a99499c80ebff1447b5722df97735813082b329ff72c7401d7e0d3e28f6a324e436f45404a8b

Download Submit
C:\Program Files\Mozilla Firefox\browser\omni.ja
Filesize
41.1MB

MD5
4cba45f31cfb4c2f0f2d0f49b5ad6206

SHA1
3a7f2948778fbc09eacb4c9b08446bd8962d06a5

SHA256
f43a4cd1d49d32e4734e7ac6b796fa8008567c1e426c0dcad1557a8178556dd8

SHA512
fd6691ee87758072ebf1811126484ecb22d70b7036954f457fe6934a8ff06f308f98b261a137d5ac065bed7c621b32840d8e3a5ca88cab44f5a799d3f233f5a8

Download Submit
C:\Program Files\Mozilla Firefox\crashreporter.exe
Filesize
258KB

MD5
4c8b0d9c9f9838ee30cd31373fcaf2c8

SHA1
22fcee9c8752f0a73efb1a929aa35faf502ed911

SHA256
32cc4697fee7af3d1c12429aae03397e929ec9ddac73329719ab7f766dbf359d

SHA512
b0795d35d20660b0fbb0d2e836495e88a084c2bbbc4e0b9c471ae65fbfa6d0420b65dfcd39e0612218f7047881ccf9dc0fb7a297072ad0a66b43d0b0e780d9ea

Download Submit
C:\Program Files\Mozilla Firefox\crashreporter.ini
Filesize
4KB

MD5
6db6cd123c130ca22868fa6d69fd8d4c

SHA1
bc8c8b540b0a09d5638940f7d4209b706658a926

SHA256
fe64c5ea527931d988712a9e1064de9da38e1852b1ba6b81fc9048b3fd450e58

SHA512
cf6195491f8092f7f8cf0da2d3482fc9dfdbb906fa6b8479ff50ebd68807d550f136dfa8c571ff4aaf099ca0075b63138426e7c4274e5a31af134663a8aeb990

Download Submit
C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll
Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
Filesize
701KB

MD5
4c62d76f7815c09cf0be0f00d463ea15

SHA1
8fdb99f68ab048d2c8a34aac082c242f9a836df3

SHA256
12fa08796eb2e6c2432143dcf908af6309c8a7832c9b8cad83cc37cd07cfef2b

SHA512
cd1c58a5f4748d2c45150dae2648fd530a4429bd760f0800c83d778bdb2364683f4a7ad012fd546698c07fb86762bed1aa5e311cac7e1c232ad063047cdcd6e8

Download Submit
C:\Program Files\Mozilla Firefox\defaultagent.ini
Filesize
932B

MD5
88d7d32ad20bf89bb7785bd07c638e17

SHA1
2bd40f0b69c2edc64ab6b7e6dd2e7ca6a6fea6f6

SHA256
5cf0660a8f2624433c8c1022f93ff3c94c5611ccbc93118ee053566590eb53f4

SHA512
7bb3328ce42e7bb546a2192ade1e8e153408912f3582c27dc0c5cbe1c2d807365aaf4206c3ceab6cb3d6c34d3155125cb7509dbf800ecf70ab35f8a64f764010

Download Submit
C:\Program Files\Mozilla Firefox\defaultagent_localized.ini
Filesize
1KB

MD5
42127672c89336c9365ce16cf600f699

SHA1
8fe989208c0e2a21db60b5b6451777f65586e0d9

SHA256
43e0d2d74133599aebab06e09362f776c4a6c3ac54de684ca843f9608248b873

SHA512
bfd9ff9451bb0987467eae69c7162745f73c1dcb3a1d7d905a151cfd17b716edc57c91dee25e24e28f0710565086ab4c0590708c91a2d935736adbcb1058516a

Download Submit
C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js
Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Program Files\Mozilla Firefox\dependentlibs.list
Filesize
446B

MD5
35da5601932b6ade92ec29951942ec1f

SHA1
4d0b52b709c3e25b50dd53dfab9337ef8958d1ca

SHA256
3da3fa240910cc0aed83b17a81c87251a6bc6cf5db5be9e71a3e01d7b7d88f86

SHA512
0bd4ae8932d6f2d7bb1655b13f66fc24a858a17993be9354921406e63372242661a3bb52010445173fb856d4e5f98fcfbd44a155fe0760feca8cc65bebd777c0

Download Submit
C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml
Filesize
557B

MD5
0aa43576f0420593451b10ab3b7582ec

SHA1
b5f535932053591c7678faa1cd7cc3a7de680d0d

SHA256
3b25ae142729ed15f3a10ebce2621bfa07fda5e4d76850763987a064122f7ae6

SHA512
6efb63c66f60e039cf99bfaf2e107c3c5ed4b6f319f3d5e4ef9316c1f26298b90d33c60b48b03699059d28b835fbc589417ac955fc45a2bc4c116a5200dfdc32

Download Submit
C:\Program Files\Mozilla Firefox\firefox.exe
Filesize
660KB

MD5
faf5c0f947f90c140a6629a0ab8e03fd

SHA1
80b5b104c896c72d73b1cfac22d290d80687b4f6

SHA256
5b2abf9947a12ff9cc3765e48d875d97752193fcbc5e2b89fdb3e138c3232568

SHA512
2b44ed615f9c9bbe62f1ed61aaa7b95738a5fe6162e09f0428e3b26d6edc1ec50a52991a13e636bb02c2c4582020a2ce1e2ad48c2b2400cb23ca18a176cb4be8

Download Submit
C:\Program Files\Mozilla Firefox\firefox.exe.sig
Filesize
1KB

MD5
9ffc40b155fb07dfbde518193d8efcce

SHA1
e81a5608e9243b38117debc9b44582fa65a4664e

SHA256
63bc9d776722b7ac70b7ca03f0e72e0ef9a66971887d666a4826fdff067caed5

SHA512
51b05386fd01d57a98bee0cdcf87406eceaf01f7a6fee433951038b211b03f1511eaf91031180f280716137cbc484bead0080c6b15c0d63a69dee28cc3698e91

Download Submit
C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf
Filesize
1.4MB

MD5
aac75d901445bc0419d56e56dbc18891

SHA1
3ada434f3a727167ce6dce3b865fa6bfb70ed86f

SHA256
6d90152ee0d29e82fe2a87793af5aa4b7ad13e6538360889e141e81ed299ee8e

SHA512
83fd92ff444ab6de18d48997247f49845abb8420a07b74ebc8a65bda8da69d28f87b6abe0f607b2fd7da398dc0f8cbe7fbf655af6d25785ad8b2f1a3afca136a

Download Submit
C:\Program Files\Mozilla Firefox\freebl3.dll
Filesize
749KB

MD5
947aecbc883e1e4bb16e793705e1a618

SHA1
c5856592982d33572d3fe3ae332b11f6107bbdf6

SHA256
9840946ea4199c2337103cceaa6d885f2def74699e64e43ea1dc54caf7b9751b

SHA512
811878164a393e1f77070bc2fe9f26123ffb20ce18d03801a9ad2a89235fdd4d3a47939b3fcfa05be72c6cb7842bde044745220f532ded4cc8e1543a7c545536

Download Submit
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
Filesize
107KB

MD5
861ebfdfc649dea42ecb6c4a7110940e

SHA1
4a8117b28f5d7426eb91c3200a8864d0326ba03e

SHA256
8a788257e6450f55ebec4c5b808118a6937f31893e81020b858a81c14d07302e

SHA512
5ecce6bcbfc42301d0242004c67e926e728a71dfd564162dbdaf051b3e7ad22b5b2867ccd7949b193621f3b8ef76b58599241d7506f9c6748f9dc610fb9a96a1

Download Submit
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig
Filesize
1KB

MD5
841f7b83c238d489d2a515a64dc26e6a

SHA1
3b29e5a076049ca316ee840e79af6c9249adb4bc

SHA256
4c39ca6e3c9aacaa2ce14d39a6605f209da32e7ec559e8996774eb42f0e0537d

SHA512
6d709bf434c3f54b55295d534bf3896b9fa37c44c824b71860c2fc56560d6744cd0bcbea030633cc72a4e2af3c7044a6083bc414bb77ef63f929252fc58a7ace

Download Submit
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json
Filesize
229B

MD5
cffdadfaeeaaf0a5a78e7f9a299aa7f1

SHA1
7a8f06d7c91877484301ce8474dfbb1bde08a040

SHA256
ef47e83036753b53f59d079fef62bfedc749abdbcdb0fe16f448d9920f11114c

SHA512
5a11e448389326ddbd3be792d9a10ae746c66e4a41f9c96f4979ec71fde385fc4deb205a40f1b4f24415abd9d41c453ca1285f4b813005b1d12a2701f214db85

Download Submit
C:\Program Files\Mozilla Firefox\install.log
Filesize
2KB

MD5
eaeef3e39e835fa2fd06098680ab243e

SHA1
1b70d4b5a61ba834bd17ad09fe444f2c877f7b8b

SHA256
3c3910519d9be7cad33270fc0f7fe52b283329caf75409d4e5f87b99e2a6f2f5

SHA512
b24d8d559843c1d30dcc5ed40c7f35101643996f33416d2bf116146c00500e74b2da299bb6900c5fad3c5c39142057f82722a74c31abe463efb3d5f675c25c7a

Download Submit
C:\Program Files\Mozilla Firefox\install.log
Filesize
3KB

MD5
45e225fad4a0af73ea8b0a5e93da54ba

SHA1
8bdd33be226a27d4437a88cbc1bed86cee7071a2

SHA256
6b37ca6ff2d7f1c9e166dab524958048c9a146a2d89fb2c622d28403e80c9671

SHA512
0027143fb56eb7d61c80707ece6cdc198406347ea2483d9c8851882ed9eeff6abb058b2795ff5540319c10e0fbbefefbff356068a966a514a7fa000eaefdbf9e

Download Submit
C:\Program Files\Mozilla Firefox\install.tmp
Filesize
2KB

MD5
20c93dce3e1e0e2ae36884ad001f9c3c

SHA1
84141d024a4bc00ed4a6afcf28dce451b279cfb5

SHA256
f03e756c792a97de4914bcf283edbf2e2f094998fba82d236abc0b685ef8d35f

SHA512
27bc37cba7366609b7be6fee784ae27ed65daab60a86a38e2092aadcb9134084520e1d255c83313a811083fce34b64956fb1c9078095ee6c9db5cd22c177cc3b

Download Submit
C:\Program Files\Mozilla Firefox\install.tmp
Filesize
3KB

MD5
8053231722ad226cfae8d5b52465feaa

SHA1
9631cdd07ec68ba2391d16650cd6fd92a0e2bdd2

SHA256
c4216b01f6e696781ce7e08c81e92a716f426d2a42bbe2de203fbe0623ae552d

SHA512
83c2c9526cd886a00cc7b904c7a0e873478034c22c8eb310f6b7b8c76462c2fc7b5692ebc5bce5831af68d224ce72350e5d0a08a833da86f37e51f7bed74c5f9

Download Submit
C:\Program Files\Mozilla Firefox\install.tmp
Filesize
4KB

MD5
85c1e76ed4ad6761e7e833824e400e39

SHA1
78bcf318b2130ab7e1345e7ffa00f413eb8a3fe1

SHA256
cd4eed0a62c4cebedd7bbfd5866435867e53b8230348a784ee2d16ea9ab00168

SHA512
654b9238ca3310ca54cc3c895c6eb8bc81ad3d7ba4994fc580df9ff7abb6b259a0cd6248684fd8c3fbd7e1b1b5bb28b521869d10802b4a4ca4df93e87f98aa47

Download Submit
C:\Program Files\Mozilla Firefox\ipcclientcerts.dll
Filesize
214KB

MD5
14634425c3fb0dfdfa85f4d8e4d7d4d1

SHA1
731de76d6a951f56aa408487bf70f3fcd9db0ff8

SHA256
30277f7f58fe0a8fbc7b833b1b7feaa4d4d9b02cfe9c3646cc731030af003e99

SHA512
dab3496efa0e3badf57861180216b67daf3fc747b35d008e1b2c7419c6be16789e9693821576bd5a3f6d761b91aa47e8baff9caf4275acc3c6e21c18dd18c5a1

Download Submit
C:\Program Files\Mozilla Firefox\lgpllibs.dll
Filesize
39KB

MD5
bb6172c7ba5491c55ac160ae4f2df11f

SHA1
4ac85c41f8da77c6aacccdee0bbe8394cc824b19

SHA256
bb4b4f45037be1857946188ab9a7098822148586ed8d22f6c2140faeb6667ada

SHA512
b504416588160e1b2f1c6e7cc70168e1a4b46a744114ac016a203f44babd672532e64bf4fac81fcf066c9e0c5a28233cc918daeb6661107dc2abee4997b4ea64

Download Submit
C:\Program Files\Mozilla Firefox\libEGL.dll
Filesize
40KB

MD5
e3c3290552a3ce504304894065004ada

SHA1
c4c8dd1671c37a1e67e864355c255344db0a1740

SHA256
1806d7c9c8fa2a9107ffaea83d6cff3e26986a597598e3ecae5225196ed2bfc7

SHA512
8b589af4d997eadcf9c53a6d97001d330f6091ba741aba5e178c2c3ad6e367f5054345d25a49a2bd65a42c5204fa66a3576b17429992302faf4c984d242a36c0

Download Submit
C:\Program Files\Mozilla Firefox\libGLESv2.dll
Filesize
4.2MB

MD5
fdd0fc27980b899c8e07e23d0586c5f6

SHA1
a7eee581b981d21cb0f12c060c1e6cb5649b415a

SHA256
33de6506ba9e7195062802b7bd553c92a6283f002fdddaeca7940efe840f870e

SHA512
b20df7fdaa389bf461fc04a121d4e445c87ab306070abcf39dfe395d3a822483cf141fae0607e3fa216d22b7f33fc2e6720e40d3e83b4396c690d02eb89be9b7

Download Submit
C:\Program Files\Mozilla Firefox\locale.ini
Filesize
22B

MD5
b349148255f944c0b8ddc7ae3d80dbc3

SHA1
b53e560865f148002bc60378707a3ff0e435d54c

SHA256
3f06e8fe59b145ab13c3a5f5ff435747a2202092c23c4f4375516e4cc0989d02

SHA512
f0c8a2fa43d2f306ddbdf1754f424bc036d78275728780f06afc4e806553ccb53925aeef0459ade66a6c0190204e823d30b1750c62b86b963b032bd990fc3889

Download Submit
C:\Program Files\Mozilla Firefox\maintenanceservice.exe
Filesize
241KB

MD5
d4bd7d45ecc626f1d8e0fc0f756d6417

SHA1
0a947caac7df5b9f3a3646becf4a904bfa302cf0

SHA256
de347a4835373ee9dac01a885bc2c92be46ef423243e6d6ebfd49e9726f23dc8

SHA512
6331bf3f9de8a4fe95e7f40c75971b5333fc78d1c90620edda04adae905b0503e4177f9f7d9aea270695aac044b9afdbf572cbb09476ba491963834e4919c948

Download Submit
C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
Filesize
183KB

MD5
3a0b57842f6276651b23c621a2fc524e

SHA1
877d575a8ca9cec8ba49a098469578439b3a0732

SHA256
96d05b6d2f8f449c807f3e136dc8d6c84f749e3a005cceb8fe3d4853fbf95d6b

SHA512
052099f3a541967b4e3011a38e325acc9502a3be36405f7d3016fc4834016d58f5a4a702d9dccb3a3daaa28cb4623fa5e4463108a99ede4dc6a9f30f4932d6ec

Download Submit
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
Filesize
753KB

MD5
24c88de8cac3eb337761d7ee305b4b21

SHA1
7595f9354841d22426fc364341888337be29fb59

SHA256
fb643efb719cce1a653f3ad157c16929d1b24130cd5daca6ea9f2c99fdf08556

SHA512
e8f71b8c215ab283fcfa602f7c34d1dab60ef6211c12c44183d68ea3bdd92012acb6dd548da74db2652e6cb337d6060faef62927f8ce44fd0b0b7dc3d2ef7f45

Download Submit
C:\Program Files\Mozilla Firefox\mozavcodec.dll
Filesize
2.9MB

MD5
05f7ff0e586c267f64f7aa3bb9ebaaf4

SHA1
734697f72f81f48d0ed4c285faa028fc530c5306

SHA256
3ddbab0e7f56065367beb7a3cc2f3bc4f7fb39f040361081c4a48511a0728d63

SHA512
5fbc791003fe051dea0dce35e5820c25720211f53cb5a714a269a80a618c0567c8634c099a619f654afbff8f4bf38030c3d4096aa79fef7f7cf5ca9dbcd57fca

Download Submit
C:\Program Files\Mozilla Firefox\mozavutil.dll
Filesize
200KB

MD5
12051efc8811a97f6e0a1e308f8f1e44

SHA1
bcdad66d57a41f28bdc21dcfc2a5384edfe8992c

SHA256
a9ef419bd037dd7d5068bb8ebcc79416087caca8c3072c602cf5f61cee8a56c7

SHA512
51146a1bb20da1fc5d9e2afc639b0c7debbcfcb7cd7370adc376fe5e363a30e16c48982b0f44348a2a692d340dd3f2c2b77d5f4dce0c2cb11665370f9dc1c9ba

Download Submit
C:\Program Files\Mozilla Firefox\mozglue.dll
Filesize
704KB

MD5
367b2f7adcf6f6f93ba12eea8e538c9a

SHA1
30c34de67715aefc0415a0653eeebbe7b0e0794e

SHA256
052d523b5ea6ec4675313c7727cfe07a8dea0d8430a0c2c750f7bc928f1a71cb

SHA512
8da81162d8df930dd1993cced896a83ce900dc849923d66009bb67765386a951b1325afb8bec51c1c494da4649b2e3cdfbc63a58cc9ef5442ea8139d358b6cfd

Download Submit
C:\Program Files\Mozilla Firefox\mozwer.dll
Filesize
309KB

MD5
c890ffe8c3ac17d48e0f4a2904dd9b5d

SHA1
b0c18343849165f0e164779264a294375845b73c

SHA256
1e3539cc313d6f9c31bece8c2cb3299bd052d051f251a6378df09c1475222382

SHA512
4011985d934671d97f98a1cb49bcebd5095a793437ce8f456cdc85c610b906d1e036bdc3a2c1a3137e68da1db5d2c446bf60fc8640a928de2a6ea988231a5ab0

Download Submit
C:\Program Files\Mozilla Firefox\msvcp140.dll
Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Program Files\Mozilla Firefox\notificationserver.dll
Filesize
59KB

MD5
4e8b6668bce87bf39f8317d9d222a93c

SHA1
bd5027d06f19c1746fbdb112894695e5fd60d460

SHA256
3c21b2ac1f4144cab14f0d27799d0757e855aa50091ee731b8845ebe8eac9fcd

SHA512
f53c5a7708b85458e9fbe9a0909df051e7ce80cf1fd6fe4e8cd2e5fb60d22c40b6372b1f152cda66a448deab57819604a238c8ce590c10b5fe455940cafb8c61

Download Submit
C:\Program Files\Mozilla Firefox\nss3.dll
Filesize
2.1MB

MD5
c3761e8af04a1fdf52ee986064785eb1

SHA1
b808216fbd5ebdc5d691c3be343b22ca099c00d8

SHA256
086391b4fa4e704da49d0c8179aacd44686c3a319018b97bc621a1becbaeb4be

SHA512
b8573649bf863b983faa6491a0da4cab88a3dd2c326dc3b82620b6cc1518f2768ea38103797cdc43f8391349839b636133195ad781c87b0eca015df007c796a5

Download Submit
C:\Program Files\Mozilla Firefox\nssckbi.dll
Filesize
392KB

MD5
d48b5b584f9a1b553d192b55352ad124

SHA1
96531bc1851f30db5ad34082521a63221071f4da

SHA256
0131343bf60237e2abb47d5392a580201e8c64bf013272155ed95c7def796bb6

SHA512
f095bded66e859d6e4befc5121dcab7b14c37460ba8bba5c7eabd9bd357edb68eb638825b569dc3e357262a0676c09e2c71f56dc39f860ef30955b3cbe3e805b

Download Submit
C:\Program Files\Mozilla Firefox\omni.ja
Filesize
31.1MB

MD5
01ef0a110a66e5712cf1e7032c1c3d6b

SHA1
02daee59bc55e947f6cae0e8272fcc0f9d2cb953

SHA256
3c6f3d11fbd39eec16bac317cae32b4fc1386c8edcf758aa6eaa615759b532a8

SHA512
612935974e40668e50349261e244734f5ddbc226d19f053ebf412ee805c61c327d219bc16d4ea01293a83e67b985be596707c4f056b29b4e2148fd80f462afb2

Download Submit
C:\Program Files\Mozilla Firefox\osclientcerts.dll
Filesize
371KB

MD5
eb237201dc35cc745ad2327d045a999e

SHA1
4fac927fb9604a2b8d5013c0514f7a7b34bd4fcc

SHA256
7dba7b02d75f48fcafb5ecc6611e89660b573ef685503e72d5faff9eb7e5bde4

SHA512
11c88ccb78356d41bf9e1f9a86a8a4edde8833afa22366e4a1176705b71e107941214a6bcf515f78f9eba171100f47413ce64626dd9d2b76fb87b027671143d2

Download Submit
C:\Program Files\Mozilla Firefox\pingsender.exe
Filesize
78KB

MD5
352539f1c1c6d0b6c72f0d45dfb3edc2

SHA1
d9482409dd85a930f1cc892cc423bc55c634a3c7

SHA256
62ccbac7d0118b18a7899902dea87c04666020987fedd3179574ec379f250551

SHA512
325ed88df31a70db9e992f94e8e58b38681902aaa27ad0b76a138e10ae3cb8d1ab2352253fd0a42f9fd63daab7bb5828b34425af6018ea338473793dee9cb119

Download Submit
C:\Program Files\Mozilla Firefox\platform.ini
Filesize
167B

MD5
e4e7a1f56e03823672fd33ada126dd5b

SHA1
fd6135575a07b38931e0b8051b88f9afec6a9db5

SHA256
215d7ceb708a501b032b77738c37cbc99642c6c371706859b3836bee34413b51

SHA512
271a3e1daf70301d4552e945f3411eec29d2cafdadf91d80dc1721dc30311b1b86b6783cdf3692b5c92ba3f9fae8e49e2f4854a8505f77c1f55aa35aa0c0901d

Download Submit
C:\Program Files\Mozilla Firefox\plugin-container.exe
Filesize
289KB

MD5
ca48305295af8d3d7271e50b4f025461

SHA1
bc94a7c47422c2dcdafbb612d4c3da69ef0bdcde

SHA256
bf3716bddf84d564447dc73d25d30da1a3464e86c4aa10e93b7567993cb23983

SHA512
470d1326ca442e022f523571842c860a24ad4523624f5cb50c75e18bd55485bf73a2089b94bcb58c85d81ed3d9bf846e4c78e40d0aff2c96a65216ec0c51b62f

Download Submit
C:\Program Files\Mozilla Firefox\plugin-container.exe.sig
Filesize
1KB

MD5
918f0fdcab7cad9b0908f871868564a8

SHA1
72aa532fc681c3719eaa1c4e36910348af4e346b

SHA256
16fe8d287361dc1f9a2a05c21d73f799ac6d70f150baeb3ea5c288856e6ac4b6

SHA512
61447385f405624fac9883cff2090265fbc433f993f37c5043519042fc2ecf7458abd12c5b285ef4685f45d4cc115fbc3ed49b1db2d9dd807daa26e1f29b5242

Download Submit
C:\Program Files\Mozilla Firefox\precomplete
Filesize
3KB

MD5
15f7c7608c49e5ee4d5fa79cfbf63973

SHA1
e716ef4c370fce86645d497740b03eb4d8d9edaf

SHA256
471b60c88e0ced613cd7e0bf021342a9ad3fa229f31993c7a49e5e0eb052e6b5

SHA512
f7e0f334e635deae7722ec050d5e16aa78be3d820ff5315a665daf8d2b00833860f58f141a45fa5d0b13ca03f53c69ec72ca1b8a07dc3d64870bff194ca66a10

Download Submit
C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml
Filesize
559B

MD5
b499ede5c9228c742578086591193efe

SHA1
18e682ec73ed8fcea99893142fa8b08ee8a32b72

SHA256
9ea86a18d41112e25b17454044ac29b458f508d9814700a6f4c0f9370678f3ae

SHA512
b99ef0e9152da3bf6adac5fef67b44738ae7a2d1ef0041786a5700b8389acde7380f1bc9bf1402c7a356f1777aca7c2b05af5ee22b7297bc879fe2e6b9741f13

Download Submit
C:\Program Files\Mozilla Firefox\private_browsing.exe
Filesize
63KB

MD5
4d3dfe04b0f266741eda867bec200367

SHA1
7195ed3f0fe11f47925a3b8bcd9532c373c33932

SHA256
53e9c9b03e6f42ef89ed7f52b4851ac6dba54d3744fc8435cb8ad5a1686e3842

SHA512
eca08c707262f99fbcfb92cc7d4bd16ed760dd97c17fbbe4a74bb61dd9d439672f395f7c1017ef08c4aaa82e166628010d5bc0da2b71f4b78d235078eafb684d

Download Submit
C:\Program Files\Mozilla Firefox\qipcap64.dll
Filesize
19KB

MD5
d12faf61277d92a5c45008e6acce4def

SHA1
ffe735b43b321be3209db746471621f7b9d9e34c

SHA256
669296a1402f62dbe94918b6a8f3e43622de504391bf13cd811ab5216dadf043

SHA512
58706b288d50c780cf59f8162d0b1dcd480c304b2e0bd61cfb658e9c58680a094c03946bda76f1aa60f6c07d38d0ecce746cbbef0079eb9f22e767a4d5b1e932

Download Submit
C:\Program Files\Mozilla Firefox\removed-files
Filesize
16B

MD5
fefbfac37461bd30e05f5befaa1f7705

SHA1
74f9024662db06184e645cab76bfecb0e6897545

SHA256
52523da24287c4d459131c2e4818a713a732765e06e9bbba1cf353888ba34f9f

SHA512
874d6bdef28dea531c858443810d0b026a3a5667e0b9985bce84b7c5ab63d06a015487bd1da2a914d28af7b6568335b1927f9fb9656715947929cd6671ccc4b7

Download Submit
C:\Program Files\Mozilla Firefox\softokn3.dll
Filesize
267KB

MD5
059ef74cca0222a429402d4c23fbebfd

SHA1
ca248147c79610f9bdb348dca5461aadb79834c1

SHA256
ff9f8b7905641cd747dcd4f2e00b0fee2246c2c8532209e73eead38c33c699c5

SHA512
057849c011b16db6c2d4b15d3086ea1a5c0c5ea81545996c908b0e18b6420697bfeea8aaf85c285b1e596080762159d234d48e72e9544c9f8ec5e1c30b2745ad

Download Submit
C:\Program Files\Mozilla Firefox\ucrtbase.dll
Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Filesize
1.2MB

MD5
122fb753a606b4729ae37b15fa05e968

SHA1
050531df0d95b6499f0597833628dd8332807c45

SHA256
1645162a752b4c15738cfae7adb6b59ffe8176b5ae64a17a1f9a4e16840f1ccf

SHA512
b6750e13c78fc446eaafb9e5588fc03df3d6488be448cc4ddfa296913a2e3cb2460433ac33a80e66cee297552fcb174a8738dcaffbfcb92108b20060563941e9

Download Submit
C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini
Filesize
222B

MD5
4b8dc92a079f224935392f9b5a2dc051

SHA1
1027fc1b3e2e8ae78c60bfb25c5c9f87f9b3cae2

SHA256
79d1631316cd79bc5127f745aa6707b4445f7d0432b685ef2c3ec3cf3a62ecba

SHA512
ad0186cfc9df574e4a3c7c209b5dc3078fb86f6b1de0008bdede6768ec08d61b20f371d7b2d01dc50aa7d094b150db816358f03fa0d9135ce26d80d8886a1704

Download Submit
C:\Program Files\Mozilla Firefox\update-settings.ini
Filesize
132B

MD5
1413131f8cfad1e19d299667bf759087

SHA1
a0435cbf1a2817ec960c56a896d455e78adc226d

SHA256
c18489344fdc21ae366b4d957a0b9f11be772483ca46f9ffab6ed0356f946513

SHA512
590b53aff46903b1883c5fb14492ca85db2c6e0e900d0fdf62c3e6da10f1d10c3aa51224dc6db50f4eb12d42de017892f77e91d79aa16fcaefba10b27748748d

Download Submit
C:\Program Files\Mozilla Firefox\updater.exe
Filesize
401KB

MD5
855aa213d0a90e7b31a2615da03ca5f5

SHA1
c27da657885ce1f35d46f67928a988262eafa5a1

SHA256
637a7b509acfc25af30912cb172eb0ba866da9701b2ee25e4e20fff423ddeb2c

SHA512
9ec9a5cec25a78144d551c3bee6fe34505ea876bcb8c0f3a23e3f71214947ac2abe6697313fa8030391eb1614c6d3c194ebdc264a947532d95e8e19dd84612f6

Download Submit
C:\Program Files\Mozilla Firefox\updater.ini
Filesize
1KB

MD5
fbc4f9768c1fd113599b1e00dc6d97cc

SHA1
41a72a44c354d3ddfe3c0916a40acc9f13ec8c11

SHA256
9b204861757ba31303b675e25934eb287203b5c652b662339e5d5b7c49db5a1c

SHA512
46078589aefe28709133d5ef76c42affe250bb0866d6f489f06888b72fab5bf61aeff1ff9cd1ab95062f6d604e1436e766ff365ba842aeacc3f6fc86e5928100

Download Submit
C:\Program Files\Mozilla Firefox\xul.dll
Filesize
118.1MB

MD5
dde185cdb034fd88268389ce206386be

SHA1
1d94452b52f5871425de641bce26d152a7532fa6

SHA256
a7d2475fdbf840b05ecf3973339ca52f85f84667f84d48f4216bc4ec0fc6dbae

SHA512
2bf5c16c827ce7dc3e062948bfe55ee926252b319de6c45991b8410503f8bc1e87f7a12e12507e57b3b06d9eadf3da0e6524eec990d01cd6f9352ed1e1d030c9

Download Submit
C:\Program Files\Mozilla Firefox\xul.dll.sig
Filesize
1KB

MD5
1816db994205b43218155450f35ab976

SHA1
0226e8ede1de4fa1f770c6e661b0d52f6300aab3

SHA256
0942b6523e9d94a2d40b45f8bce8a702623b2af594911be17c66090f26a8da48

SHA512
c90db1c98dc84d12553438857b265b3859a145a7656ae10df531bbfec7e044caa7c0d053dfc64c6ecc0574d77ed3219b0ce0d6c7d78264d5e3b8139de6fafe26

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
Filesize
914B

MD5
eecebbe0611dd7cfeb25d4300cbb4657

SHA1
b6475fb6fafee49163b82e3dd45104bc1d05d754

SHA256
23de63ef0ad73b3a0e333ecd9ac652285f8417c2e74edcc7c8bc0582179c2a3a

SHA512
ed91db09f26aec36a153f7cec2c72ef59834400de6f5aef68b2e2f8f760297ceb9c96567e8643ba25521f2c324362265cfd19176c7dee532b693cc9e5e2aa1ca

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegação privativa do Firefox.lnk
Filesize
2KB

MD5
bf2f8a8fe0743f46722f09cb0adf2837

SHA1
14e97cc39667ca3b9b24a05cfa70f7a90924693f

SHA256
93787eb1f527fce0f8977e3855ec76c484ee9cb3f1f417e65cef10212a8934f3

SHA512
cbbb003891e787686aa72e0e822cbddac5d144f30e57b1d67a74880c46839059851b94e7f1f3204d7276e7594976a9d1f6c72c2ff6535e78738f4f6d9d778292

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navegação privativa do Firefox.lnk
Filesize
1KB

MD5
6eaae873edb00bdc7b4d7a159729e953

SHA1
28a8db7f20f32a788c6219b3062c025be991f209

SHA256
1c1ba1861d69003d02887308788de8ddbae9c267769709ad771d8f673eb896c9

SHA512
0901eb687723eb38ba30bdf8c9f45e0a9b28dd9ba67e65089011429aae9a5fb41ed0e181329df44e33ed73ab43c8a086c9ca46c20aef0e46bb50491bf389661a

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\~irefox.tmp
Filesize
1012B

MD5
09b86d94969b56d649866c29327676cf

SHA1
08a3fb3288b5a71ef0e4ca0a25f054579c3bbaae

SHA256
467da24c53f45370399582efc2b6a3d27beccbb11226054d7bced7f94fab033a

SHA512
5dcda380f05754a041da68588669f1e1a88408311c690b061217b460901ebd8c1b5a466ba35f4f0a4c58565c660a26e2e6971fce5b81b72ad0db138460f5aa08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize
8KB

MD5
a10cdbdad96a59fa5ef7d373742fa51f

SHA1
6ba3577cd649a3f10fb257a38e3b77994cb78ade

SHA256
de820cb4c891b47f1c73a72f1b0650d5f6fdec74bd1972a457c75995026465eb

SHA512
0b4ef94076fd8406b9ad1df73d09a8c133901bbb2982c4e153ba05ff2e84ad839762dc3419771df349be40d70e8826f69ee81afdd6818447f1be377477c62dee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\Accessible.tlb
Filesize
2KB

MD5
8104751de2a8e948284f3ed577fe4872

SHA1
f03832fadce708f9fbb21f7ef1a44929f1792e08

SHA256
2a27d969cc58cb2b453f15e50c6fba15de088fe99c9c44d9998ec00f7be9676a

SHA512
27bdb251cd6886a81c0b754a545937c23c92420d2fa9c311a525c30319c4506a5b77988506aea1085615a163d1b758659164e4e244f3b3079890fa0f649891a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\AccessibleHandler.dll
Filesize
178KB

MD5
d37c40afc38adbfa0a26e9fb90c6eba3

SHA1
1e7a6a9e912022b9da3c512250cdf4396819a531

SHA256
cf4b8ecb362387e50ed6b3542aae95ff8a7755e1f950423b17c728d9ed94630a

SHA512
db64383f557a17b15f7b41a93b519139ec7594f2ed3f1ee1eca87ec9bf03013a25e68c51100a84681435ce83df5978e71c960e733f15ccdc2f1f4954864427b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\AccessibleMarshal.dll
Filesize
30KB

MD5
d8adfc0dfb3e53e08dc221947786f0a2

SHA1
6669599b34890f1d5b2af08aefb468a8e7f77b1c

SHA256
21ec80c0b9f341f455ad00d7eaa0845dde0324dd5cf1251f0fce4b9f7b9e311e

SHA512
48f07380d85e3fc4e27bdce5f6219cf98d410ae172ca633943d315cf20cd8eb183c2f02a926b002aa26bfe07662e913c99b84d549b0330f35009b44163d0b92e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\IA2Marshal.dll
Filesize
80KB

MD5
6a1b13521873b53017d7551bc0a00518

SHA1
bac8a9881c42334722c9f30cfbcf23997bc4e987

SHA256
412e8d78ecf0cb26217f370733c797fe89cd1a95968b45d639316e60067d8860

SHA512
e6ff9fc89e9c4e2ab1e9472a66aefa862a8c8ecebbe6a20511813cf37465a1156aa976a58af27f7e90c828daaa98ac351ffb2fb3e6a75d14ebcd3d645977f051

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-core-file-l1-2-0.dll
Filesize
18KB

MD5
49c3ffd47257dbcb67a6be9ee112ba7f

SHA1
04669214375b25e2dc8a3635484e6eeb206bc4eb

SHA256
322d963d2a2aefd784e99697c59d494853d69bed8efd4b445f59292930a6b165

SHA512
bda5e6c669b04aaed89538a982ef430cef389237c6c1d670819a22b2a20bf3c22aef5cb4e73ef7837cbbd89d870693899f97cb538122059c885f4b19b7860a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-core-file-l2-1-0.dll
Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-core-localization-l1-2-0.dll
Filesize
20KB

MD5
588bd2a8e0152e0918742c1a69038f1d

SHA1
9874398548891f6a08fc06437996f84eb7495783

SHA256
a07cc878ab5595aacd4ab229a6794513f897bd7ad14bcec353793379146b2094

SHA512
32ffe64c697f94c4db641ab3e20b0f522cf3eba9863164f1f6271d2f32529250292a16be95f32d852480bd1b59b8b0554c1e7fd7c7a336f56c048f4f56e4d62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-core-processthreads-l1-1-1.dll
Filesize
18KB

MD5
d699333637db92d319661286df7cc39e

SHA1
0bffb9ed366853e7019452644d26e8e8f236241b

SHA256
fe760614903e6d46a1be508dccb65cf6929d792a1db2c365fc937f2a8a240504

SHA512
6fa9ff0e45f803faf3eb9908e810a492f6f971cb96d58c06f408980ab40cba138b52d853aa0e3c68474053690dfafa1817f4b4c8fb728d613696b6c516fa0f51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-core-synch-l1-2-0.dll
Filesize
18KB

MD5
47388f3966e732706054fe3d530ed0dc

SHA1
a9aebbbb73b7b846b051325d7572f2398f5986ee

SHA256
59c14541107f5f2b94bbf8686efee862d20114bcc9828d279de7bf664d721132

SHA512
cce1fc5bcf0951b6a76d456249997b427735e874b650e5b50b3d278621bf99e39c4fc7fee081330f20762f797be1b1c048cb057967ec7699c9546657b3e248ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-core-timezone-l1-1-0.dll
Filesize
18KB

MD5
f62b66f451f2daa8410ad62d453fa0a2

SHA1
4bf13db65943e708690d6256d7ddd421cc1cc72b

SHA256
48eb5b52227b6fb5be70cb34009c8da68356b62f3e707db56af957338ba82720

SHA512
d64c2a72adf40bd451341552e7e6958779de3054b0cf676b876c3ba7b86147aecba051ac08adc0c3bfb2779109f87dca706c43de3ce36e05af0ddee02bbbf419

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-conio-l1-1-0.dll
Filesize
19KB

MD5
6c88d0006cf852f2d8462dfa4e9ca8d1

SHA1
49002b58cb0df2ee8d868dec335133cf225657df

SHA256
d5960c7356e8ab97d0ad77738e18c80433da277671a6e89a943c7f7257ff3663

SHA512
d081843374a43d2e9b33904d4334d49383df04ee7143a8b49600841ece844eff4e8e36b4b5966737ac931ed0350f202270e043f7003bf2748c5418d5e21c2a27

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-convert-l1-1-0.dll
Filesize
22KB

MD5
d53637eab49fe1fe1bd45d12f8e69c1f

SHA1
c84e41fdcc4ca89a76ae683cb390a9b86500d3ca

SHA256
83678f181f46fe77f8afe08bfc48aebb0b4154ad45b2efe9bfadc907313f6087

SHA512
94d43da0e2035220e38e4022c429a9c049d6a355a9cb4695ad4e0e01d6583530917f3b785ea6cd2592fdd7b280b9df95946243e395a60dc58ec0c94627832aeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-environment-l1-1-0.dll
Filesize
18KB

MD5
c712515d052a385991d30b9c6afc767f

SHA1
9a4818897251cacb7fe1c6fe1be3e854985186ad

SHA256
f7c6c7ea22edd2f8bd07aa5b33cbce862ef1dcdc2226eb130e0018e02ff91dc1

SHA512
b7d1e22a169c3869aa7c7c749925a031e8bdd94c2531c6ffe9dae3b3cd9a2ee1409ca26824c4e720be859de3d4b2af637dd60308c023b4774d47afe13284dcd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-filesystem-l1-1-0.dll
Filesize
20KB

MD5
f0d507de92851a8c0404ac78c383c5cd

SHA1
78fa03c89ea12ff93fa499c38673039cc2d55d40

SHA256
610332203d29ab218359e291401bf091bb1db1a6d7ed98ab9a7a9942384b8e27

SHA512
a65c9129ee07864f568c651800f6366bca5313ba400814792b5cc9aa769c057f357b5055988c414e88a6cd87186b6746724a43848f96a389a13e347ef5064551

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-heap-l1-1-0.dll
Filesize
19KB

MD5
f9e20dd3b07766307fccf463ab26e3ca

SHA1
60b4cf246c5f414fc1cd12f506c41a1043d473ee

SHA256
af47aebe065af2f045a19f20ec7e54a6e73c0c3e9a5108a63095a7232b75381a

SHA512
13c43eee9c93c9f252087cb397ff2d6b087b1dc92a47ba5493297f080e91b7c39ee5665d6bdc1a80e7320e2b085541fc798a3469b1f249b05dee26bbbb6ab706

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-locale-l1-1-0.dll
Filesize
18KB

MD5
ab206f2943977256ca3a59e5961e3a4f

SHA1
9c1df49a8dbdc8496ac6057f886f5c17b2c39e3e

SHA256
b3b6ee98aca14cf5bc9f3bc7897bc23934bf85fc4bc25b7506fe4cd9a767047a

SHA512
baccc304b091a087b2300c10f6d18be414abb4c1575274c327104aabb5fdf975ba26a86e423fda6befb5d7564effac0c138eb1bad2d2e226131e4963c7aac5bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-math-l1-1-0.dll
Filesize
27KB

MD5
4dd7a61590d07500704e7e775255cb00

SHA1
8b35ec4676bd96c2c4508dc5f98ca471b22deed7

SHA256
a25d0654deb0cea1aef189ba2174d0f13bdf52f098d3a9ec36d15e4bfb30c499

SHA512
1086801260624cf395bf971c9fd671abddcd441ccc6a6eac55f277ccfbab752c82cb1709c8140de7b4b977397a31da6c9c8b693ae92264eb23960c8b1e0993bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-multibyte-l1-1-0.dll
Filesize
26KB

MD5
4e033cfee32edf6be7847e80a5114894

SHA1
91eef52c557aefd0fde27e8df4e3c3b7f99862f2

SHA256
dff24441df89a02dde1cd984e4d3820845bafdff105458ed10d510126117115b

SHA512
e1f3d98959d68ef3d7e86ac4cb3dbdf92a34fcfd1bf0e0db45db66c65af0162ab02926dc5d98c6fc4a759a6010026ee26a9021c67c0190da941a04b783055318

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-private-l1-1-0.dll
Filesize
69KB

MD5
50740f0bc326f0637c4166698298d218

SHA1
0c33cfe40edd278a692c2e73e941184fd24286d9

SHA256
adbb658dd1cbecaca7cc1322b51976f30b36ccf0a751f3bad1f29d350b192c9c

SHA512
f1331ab1d52fb681f51546168e9736e2f6163e0706955e85ac9e4544d575d50e6eacd90ea3e49cb8b69da34fe0b621b04661f0b6f09f7ce8ceca50308c263d03

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-process-l1-1-0.dll
Filesize
19KB

MD5
595d79870970565be93db076afbe73b5

SHA1
ec96f7beeaec14d3b6c437b97b4a18a365534b9b

SHA256
fc50a37acc35345c99344042d7212a4ae88aa52a894cda3dcb9f6db46d852558

SHA512
152849840a584737858fc5e15f0d7802786e823a13ec5a9fc30ee032c7681deaf11c93a8cffead82dc5f73f0cd6f517f1e83b56d61d0e770cbb20e1cfff22840

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-runtime-l1-1-0.dll
Filesize
22KB

MD5
8b9b0d1c8b0e9d4b576d42c66980977a

SHA1
a19acefa3f95d1b565650fdbc40ef98c793358e9

SHA256
371a44ab91614a8c26d159beb872a7b43f569cb5fac8ada99ace98f264a3b503

SHA512
4b1c5730a17118b7065fada3b36944fe4e0260f77676b84453ee5042f6f952a51fd99debca835066a6d5a61ba1c5e17247551340dd02d777a44bc1cae84e6b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-stdio-l1-1-0.dll
Filesize
24KB

MD5
76e0a89c91a28cf7657779d998e679e5

SHA1
982b5da1c1f5b9d74af6243885bcba605d54df8c

SHA256
0189cbd84dea035763a7e52225e0f1a7dcec402734885413add324bffe688577

SHA512
d75d8798ea3c23b3998e8c3f19d0243a0c3a3262cffd8bcee0f0f0b75f0e990c9ce6644150d458e5702a8aa51b202734f7a9161e795f8121f061139ad2ea454f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-string-l1-1-0.dll
Filesize
24KB

MD5
96da689947c6e215a009b9c1eca5aec2

SHA1
7f389e6f2d6e5beb2a3baf622a0c0ea24bc4de60

SHA256
885309eb86dccd8e234ba05e13fe0bf59ab3db388ebfbf6b4fd6162d8e287e82

SHA512
8e86fa66a939ff3274c2147463899df575030a575c8f01573c554b760a53b339127d0d967c8cf1d315428e16e470fa1cc9c2150bb40e9b980d4ebf32e226ee89

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-time-l1-1-0.dll
Filesize
20KB

MD5
6b33b34888ccecca636971fbea5e3de0

SHA1
ee815a158baacb357d9e074c0755b6f6c286b625

SHA256
00ac02d39b7b16406850e02ca4a6101f45d6f7b4397cc9e069f2ce800b8500b9

SHA512
f52a2141f34f93b45b90eb3bbcdb64871741f2bd5fed22eaaf35e90661e8a59eba7878524e30646206fc73920a188c070a38da9245e888c52d25e36980b35165

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\api-ms-win-crt-utility-l1-1-0.dll
Filesize
18KB

MD5
54f27114eb0fda1588362bb6b5567979

SHA1
eaa07829d012206ac55fb1af5cc6a35f341d22be

SHA256
984306a3547be2f48483d68d0466b21dda9db4be304bedc9ffdb953c26cac5a1

SHA512
18d2bdce558655f2088918241efdf9297dfe4a14a5d8d9c5be539334ae26a933b35543c9071cedada5a1bb7c2b20238e9d012e64eb5bbf24d0f6b0b726c0329d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\application.ini
Filesize
899B

MD5
bec763786e67638dd34510daa8c7d31d

SHA1
2932c5ac5bd22bbe9707d541561b47ad1515a3a1

SHA256
49193d9d4170d0cf39e9736ae2b37a1a5b96f042d478173c1c2bfdcf632273f8

SHA512
624ec727a1fecf12e9a96b0b572fc6119a10aa8b79105645eba5d0a8d0b3e96cd83477d563c3eea2b1fae15d43775435e8c85a65f2bd7dc80331c0589eb59f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\crashreporter.exe
Filesize
258KB

MD5
4c8b0d9c9f9838ee30cd31373fcaf2c8

SHA1
22fcee9c8752f0a73efb1a929aa35faf502ed911

SHA256
32cc4697fee7af3d1c12429aae03397e929ec9ddac73329719ab7f766dbf359d

SHA512
b0795d35d20660b0fbb0d2e836495e88a084c2bbbc4e0b9c471ae65fbfa6d0420b65dfcd39e0612218f7047881ccf9dc0fb7a297072ad0a66b43d0b0e780d9ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\crashreporter.ini
Filesize
4KB

MD5
6db6cd123c130ca22868fa6d69fd8d4c

SHA1
bc8c8b540b0a09d5638940f7d4209b706658a926

SHA256
fe64c5ea527931d988712a9e1064de9da38e1852b1ba6b81fc9048b3fd450e58

SHA512
cf6195491f8092f7f8cf0da2d3482fc9dfdbb906fa6b8479ff50ebd68807d550f136dfa8c571ff4aaf099ca0075b63138426e7c4274e5a31af134663a8aeb990

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\d3dcompiler_47.dll
Filesize
4.1MB

MD5
222d020bd33c90170a8296adc1b7036a

SHA1
612e6f443d927330b9b8ac13cc4a2a6b959cee48

SHA256
4432bbd1a390874f3f0a503d45cc48d346abc3a8c0213c289f4b615bf0ee84f3

SHA512
ad8c7ce7f6f353da5e2cf816e1a69f1ec14011612e8041e4f9bb6ebed3e0fa4e4ebc069155a0c66e23811467012c201893b9b3b7a947d089ce2c749d5e8910c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\default-browser-agent.exe
Filesize
701KB

MD5
4c62d76f7815c09cf0be0f00d463ea15

SHA1
8fdb99f68ab048d2c8a34aac082c242f9a836df3

SHA256
12fa08796eb2e6c2432143dcf908af6309c8a7832c9b8cad83cc37cd07cfef2b

SHA512
cd1c58a5f4748d2c45150dae2648fd530a4429bd760f0800c83d778bdb2364683f4a7ad012fd546698c07fb86762bed1aa5e311cac7e1c232ad063047cdcd6e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\defaultagent.ini
Filesize
932B

MD5
88d7d32ad20bf89bb7785bd07c638e17

SHA1
2bd40f0b69c2edc64ab6b7e6dd2e7ca6a6fea6f6

SHA256
5cf0660a8f2624433c8c1022f93ff3c94c5611ccbc93118ee053566590eb53f4

SHA512
7bb3328ce42e7bb546a2192ade1e8e153408912f3582c27dc0c5cbe1c2d807365aaf4206c3ceab6cb3d6c34d3155125cb7509dbf800ecf70ab35f8a64f764010

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\defaultagent_localized.ini
Filesize
1KB

MD5
42127672c89336c9365ce16cf600f699

SHA1
8fe989208c0e2a21db60b5b6451777f65586e0d9

SHA256
43e0d2d74133599aebab06e09362f776c4a6c3ac54de684ca843f9608248b873

SHA512
bfd9ff9451bb0987467eae69c7162745f73c1dcb3a1d7d905a151cfd17b716edc57c91dee25e24e28f0710565086ab4c0590708c91a2d935736adbcb1058516a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\dependentlibs.list
Filesize
446B

MD5
35da5601932b6ade92ec29951942ec1f

SHA1
4d0b52b709c3e25b50dd53dfab9337ef8958d1ca

SHA256
3da3fa240910cc0aed83b17a81c87251a6bc6cf5db5be9e71a3e01d7b7d88f86

SHA512
0bd4ae8932d6f2d7bb1655b13f66fc24a858a17993be9354921406e63372242661a3bb52010445173fb856d4e5f98fcfbd44a155fe0760feca8cc65bebd777c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\firefox.VisualElementsManifest.xml
Filesize
557B

MD5
0aa43576f0420593451b10ab3b7582ec

SHA1
b5f535932053591c7678faa1cd7cc3a7de680d0d

SHA256
3b25ae142729ed15f3a10ebce2621bfa07fda5e4d76850763987a064122f7ae6

SHA512
6efb63c66f60e039cf99bfaf2e107c3c5ed4b6f319f3d5e4ef9316c1f26298b90d33c60b48b03699059d28b835fbc589417ac955fc45a2bc4c116a5200dfdc32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\firefox.exe
Filesize
660KB

MD5
faf5c0f947f90c140a6629a0ab8e03fd

SHA1
80b5b104c896c72d73b1cfac22d290d80687b4f6

SHA256
5b2abf9947a12ff9cc3765e48d875d97752193fcbc5e2b89fdb3e138c3232568

SHA512
2b44ed615f9c9bbe62f1ed61aaa7b95738a5fe6162e09f0428e3b26d6edc1ec50a52991a13e636bb02c2c4582020a2ce1e2ad48c2b2400cb23ca18a176cb4be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\firefox.exe.sig
Filesize
1KB

MD5
9ffc40b155fb07dfbde518193d8efcce

SHA1
e81a5608e9243b38117debc9b44582fa65a4664e

SHA256
63bc9d776722b7ac70b7ca03f0e72e0ef9a66971887d666a4826fdff067caed5

SHA512
51b05386fd01d57a98bee0cdcf87406eceaf01f7a6fee433951038b211b03f1511eaf91031180f280716137cbc484bead0080c6b15c0d63a69dee28cc3698e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\freebl3.dll
Filesize
749KB

MD5
947aecbc883e1e4bb16e793705e1a618

SHA1
c5856592982d33572d3fe3ae332b11f6107bbdf6

SHA256
9840946ea4199c2337103cceaa6d885f2def74699e64e43ea1dc54caf7b9751b

SHA512
811878164a393e1f77070bc2fe9f26123ffb20ce18d03801a9ad2a89235fdd4d3a47939b3fcfa05be72c6cb7842bde044745220f532ded4cc8e1543a7c545536

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\ipcclientcerts.dll
Filesize
214KB

MD5
14634425c3fb0dfdfa85f4d8e4d7d4d1

SHA1
731de76d6a951f56aa408487bf70f3fcd9db0ff8

SHA256
30277f7f58fe0a8fbc7b833b1b7feaa4d4d9b02cfe9c3646cc731030af003e99

SHA512
dab3496efa0e3badf57861180216b67daf3fc747b35d008e1b2c7419c6be16789e9693821576bd5a3f6d761b91aa47e8baff9caf4275acc3c6e21c18dd18c5a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\lgpllibs.dll
Filesize
39KB

MD5
bb6172c7ba5491c55ac160ae4f2df11f

SHA1
4ac85c41f8da77c6aacccdee0bbe8394cc824b19

SHA256
bb4b4f45037be1857946188ab9a7098822148586ed8d22f6c2140faeb6667ada

SHA512
b504416588160e1b2f1c6e7cc70168e1a4b46a744114ac016a203f44babd672532e64bf4fac81fcf066c9e0c5a28233cc918daeb6661107dc2abee4997b4ea64

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\libEGL.dll
Filesize
40KB

MD5
e3c3290552a3ce504304894065004ada

SHA1
c4c8dd1671c37a1e67e864355c255344db0a1740

SHA256
1806d7c9c8fa2a9107ffaea83d6cff3e26986a597598e3ecae5225196ed2bfc7

SHA512
8b589af4d997eadcf9c53a6d97001d330f6091ba741aba5e178c2c3ad6e367f5054345d25a49a2bd65a42c5204fa66a3576b17429992302faf4c984d242a36c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\libGLESv2.dll
Filesize
4.2MB

MD5
fdd0fc27980b899c8e07e23d0586c5f6

SHA1
a7eee581b981d21cb0f12c060c1e6cb5649b415a

SHA256
33de6506ba9e7195062802b7bd553c92a6283f002fdddaeca7940efe840f870e

SHA512
b20df7fdaa389bf461fc04a121d4e445c87ab306070abcf39dfe395d3a822483cf141fae0607e3fa216d22b7f33fc2e6720e40d3e83b4396c690d02eb89be9b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\core\locale.ini
Filesize
22B

MD5
b349148255f944c0b8ddc7ae3d80dbc3

SHA1
b53e560865f148002bc60378707a3ff0e435d54c

SHA256
3f06e8fe59b145ab13c3a5f5ff435747a2202092c23c4f4375516e4cc0989d02

SHA512
f0c8a2fa43d2f306ddbdf1754f424bc036d78275728780f06afc4e806553ccb53925aeef0459ade66a6c0190204e823d30b1750c62b86b963b032bd990fc3889

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\setup.exe
Filesize
917KB

MD5
34eb7b6351ad64faf2feec6927977cf7

SHA1
59434d3e316eed780487e2d249ad49b61846fa14

SHA256
73dcf0b2faaa88028fc1e2cf582ce3e792ef710d0c6287585dc855ab4f7f5b1b

SHA512
0d27f87b58b29c80b04cad1fff4c2fcbc909a20726ab1ec86e58bd3791f4b48c5459ef6bf07bbcfba0e1264a4a01b0b5edbf528ff7894a4d1b66370108d852dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS09426DB6\setup.exe
Filesize
917KB

MD5
34eb7b6351ad64faf2feec6927977cf7

SHA1
59434d3e316eed780487e2d249ad49b61846fa14

SHA256
73dcf0b2faaa88028fc1e2cf582ce3e792ef710d0c6287585dc855ab4f7f5b1b

SHA512
0d27f87b58b29c80b04cad1fff4c2fcbc909a20726ab1ec86e58bd3791f4b48c5459ef6bf07bbcfba0e1264a4a01b0b5edbf528ff7894a4d1b66370108d852dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8C197256\setup-stub.exe
Filesize
443KB

MD5
0cf2e744e5f2b26c892696e72f918bc3

SHA1
2aa930b41d627c22413d764c677079ab6a064431

SHA256
169d46ecbc6898c4dcb39edb857abc341486b2aab46ca3ad3c13e157ca9b617c

SHA512
aeb82eb873087805c1cfd0251547214cc1900b2185a129925055823bdd94ddcda447107a1723a037f0fd411f7ab4e8c0bf51896b460cf738aac51fc4d83249be

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8C197256\setup-stub.exe
Filesize
443KB

MD5
0cf2e744e5f2b26c892696e72f918bc3

SHA1
2aa930b41d627c22413d764c677079ab6a064431

SHA256
169d46ecbc6898c4dcb39edb857abc341486b2aab46ca3ad3c13e157ca9b617c

SHA512
aeb82eb873087805c1cfd0251547214cc1900b2185a129925055823bdd94ddcda447107a1723a037f0fd411f7ab4e8c0bf51896b460cf738aac51fc4d83249be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\CertCheck.dll
Filesize
5KB

MD5
2979f933cbbac19cfe35b1fa02cc95a4

SHA1
4f208c9c12199491d7ba3c1ee640fca615e11e92

SHA256
bcb6572fcb846d5b4459459a2ef9bde97628782b983eb23fadacbaec76528e6f

SHA512
61f07c54e0aaa59e23e244f3a7fd5e6a6c6a00730d55add8af338e33431ed166d156a66455a4f9321cafbce297e770abc1cb65f7410923cb2b5e5067d1768096

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\CertCheck.dll
Filesize
5KB

MD5
2979f933cbbac19cfe35b1fa02cc95a4

SHA1
4f208c9c12199491d7ba3c1ee640fca615e11e92

SHA256
bcb6572fcb846d5b4459459a2ef9bde97628782b983eb23fadacbaec76528e6f

SHA512
61f07c54e0aaa59e23e244f3a7fd5e6a6c6a00730d55add8af338e33431ed166d156a66455a4f9321cafbce297e770abc1cb65f7410923cb2b5e5067d1768096

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\CityHash.dll
Filesize
43KB

MD5
737379945745bb94f8a0dadcc18cad8d

SHA1
6a1f497b4dc007f5935b66ec83b00e5a394332c6

SHA256
d3d7b3d7a7941d66c7f75257be90b12ac76f787af42cd58f019ce0280972598a

SHA512
c4a43b3ca42483cbd117758791d4333ddf38fa45eb3377f7b71ce74ec6e4d8b5ef2bfbe48c249d4eaf57ab929f4301138e53c79e0fa4be94dcbcd69c8046bc22

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\CityHash.dll
Filesize
43KB

MD5
737379945745bb94f8a0dadcc18cad8d

SHA1
6a1f497b4dc007f5935b66ec83b00e5a394332c6

SHA256
d3d7b3d7a7941d66c7f75257be90b12ac76f787af42cd58f019ce0280972598a

SHA512
c4a43b3ca42483cbd117758791d4333ddf38fa45eb3377f7b71ce74ec6e4d8b5ef2bfbe48c249d4eaf57ab929f4301138e53c79e0fa4be94dcbcd69c8046bc22

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\CityHash.dll
Filesize
43KB

MD5
737379945745bb94f8a0dadcc18cad8d

SHA1
6a1f497b4dc007f5935b66ec83b00e5a394332c6

SHA256
d3d7b3d7a7941d66c7f75257be90b12ac76f787af42cd58f019ce0280972598a

SHA512
c4a43b3ca42483cbd117758791d4333ddf38fa45eb3377f7b71ce74ec6e4d8b5ef2bfbe48c249d4eaf57ab929f4301138e53c79e0fa4be94dcbcd69c8046bc22

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\InetBgDL.dll
Filesize
7KB

MD5
d4f7b4f9c296308e03a55cb0896a92fc

SHA1
63065bed300926a5b39eabf6efdf9296ed46e0cc

SHA256
6b553f94ac133d8e70fac0fcaa01217fae24f85d134d3964c1beea278191cf83

SHA512
d4acc719ae29c53845ccf4778e1d7ed67f30358af30545fc744facdb9f4e3b05d8cb7dc5e72c93895259e9882471c056395ab2e6f238310841b767d6acbcd6c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\InetBgDL.dll
Filesize
7KB

MD5
d4f7b4f9c296308e03a55cb0896a92fc

SHA1
63065bed300926a5b39eabf6efdf9296ed46e0cc

SHA256
6b553f94ac133d8e70fac0fcaa01217fae24f85d134d3964c1beea278191cf83

SHA512
d4acc719ae29c53845ccf4778e1d7ed67f30358af30545fc744facdb9f4e3b05d8cb7dc5e72c93895259e9882471c056395ab2e6f238310841b767d6acbcd6c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\System.dll
Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\UAC.dll
Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\UAC.dll
Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\UAC.dll
Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\UserInfo.dll
Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\UserInfo.dll
Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\UserInfo.dll
Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\UserInfo.dll
Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\UserInfo.dll
Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\bgstub.jpg
Filesize
25KB

MD5
7c2899ce7038a456c772f45f21cf9efe

SHA1
5f9116469f2026714a7c67d39b4d3fa0ffaf5d26

SHA256
a201e838caec6eac014a6facaf3ae5b8fd625bea510c856b332c535958e4cab2

SHA512
3d268bd2cfe2c811de766fe734f3e421cb4929b953f79cdc0556795ea92a63f5121de2609873c6dfcdacda7ef000fee27a1c86d8f3b8fdc2ada6a00a329813ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\config.ini
Filesize
187B

MD5
ed23468cb20f1f37a967eb26f639faef

SHA1
5707e3d394b6a3e36e8b1e23317ec115bafa1e9c

SHA256
812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913

SHA512
9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\config.ini
Filesize
187B

MD5
ed23468cb20f1f37a967eb26f639faef

SHA1
5707e3d394b6a3e36e8b1e23317ec115bafa1e9c

SHA256
812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913

SHA512
9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\download.exe
Filesize
55.6MB

MD5
29e475b3703d7b9168a425adc55ddfc6

SHA1
d4d7e71481a889445cb824151034f8638c9b6be0

SHA256
72a4a53969cb997ed5ffef41f9c11c8889eab2c43b96588413a98989c4c267fa

SHA512
1f2e1628ff6173b7ffc4d047477621480c62060ca8409c7c1e132c707db0e81ebfe42c28b198617a0c0d89a7653cd64ec7bde023fb094fb7ba52eb257ee9bcde

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\download.exe
Filesize
55.6MB

MD5
29e475b3703d7b9168a425adc55ddfc6

SHA1
d4d7e71481a889445cb824151034f8638c9b6be0

SHA256
72a4a53969cb997ed5ffef41f9c11c8889eab2c43b96588413a98989c4c267fa

SHA512
1f2e1628ff6173b7ffc4d047477621480c62060ca8409c7c1e132c707db0e81ebfe42c28b198617a0c0d89a7653cd64ec7bde023fb094fb7ba52eb257ee9bcde

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\download.exe
Filesize
55.6MB

MD5
29e475b3703d7b9168a425adc55ddfc6

SHA1
d4d7e71481a889445cb824151034f8638c9b6be0

SHA256
72a4a53969cb997ed5ffef41f9c11c8889eab2c43b96588413a98989c4c267fa

SHA512
1f2e1628ff6173b7ffc4d047477621480c62060ca8409c7c1e132c707db0e81ebfe42c28b198617a0c0d89a7653cd64ec7bde023fb094fb7ba52eb257ee9bcde

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\nsDialogs.dll
Filesize
9KB

MD5
42b064366f780c1f298fa3cb3aeae260

SHA1
5b0349db73c43f35227b252b9aa6555f5ede9015

SHA256
c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

SHA512
50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\nsDialogs.dll
Filesize
9KB

MD5
42b064366f780c1f298fa3cb3aeae260

SHA1
5b0349db73c43f35227b252b9aa6555f5ede9015

SHA256
c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

SHA512
50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc7593.tmp\nsDialogs.dll
Filesize
9KB

MD5
42b064366f780c1f298fa3cb3aeae260

SHA1
5b0349db73c43f35227b252b9aa6555f5ede9015

SHA256
c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

SHA512
50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgFC77.tmp\System.dll
Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\ApplicationID.dll
Filesize
55KB

MD5
fdc0338e6faeaf6f7c271982e103473b

SHA1
9a41f7932abe8be7e32c6371f085cf14de355d00

SHA256
a9dad9fdaae93d10dc2ee346b231913445e731049554b8bb1506827e46f8a44e

SHA512
a766eef11db4c94b1445d1cd70cf1d3b6141d6b3973562e9fa8d81c79195886b884dbc9b9f6952f8a6e8619534a6bf2d615d539d2cace9c8843dc19415051cc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\CityHash.dll
Filesize
53KB

MD5
2021acc65fa998daa98131e20c4605be

SHA1
2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

SHA256
c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

SHA512
cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\ServicesHelper.dll
Filesize
14KB

MD5
b9e8c2212ac8dae4b0eaf97c048529fa

SHA1
331d172323480b0518abdb0cc9e256dc7f46c357

SHA256
d6f6758adac2c073bec481e8de762af3a5574789bce3f43de02356afc9911e0f

SHA512
d93aa032e27c8268a4f6883711cf41f7ee2b5d33673a26d78db24456f2c548af39b7b98ed4b4737245c278d524fffb3e4bf708b6815dc866acd371427ff6be96

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\ShellLink.dll
Filesize
14KB

MD5
fa94d120efb029b43217c66bbc8c650c

SHA1
1fcf2d76adf69b403b7400681ac91d50ed20385f

SHA256
5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db

SHA512
07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\System.dll
Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\UAC.dll
Filesize
28KB

MD5
d23b256e9c12fe37d984bae5017c5f8c

SHA1
fd698b58a563816b2260bbc50d7f864b33523121

SHA256
ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

SHA512
13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\UAC.dll
Filesize
28KB

MD5
d23b256e9c12fe37d984bae5017c5f8c

SHA1
fd698b58a563816b2260bbc50d7f864b33523121

SHA256
ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

SHA512
13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\extensions.ini
Filesize
44B

MD5
c9b5d86a9a0f014293b24a0922837564

SHA1
3cc73b4a30a1a0bfdc6812bbd17994f53eb5db2a

SHA256
775c85f3552754ad3794b88c0cb6d6fc43d412cd9a87a4b9e847386a5bd0a9c4

SHA512
790f365afbe4c5a37dbb56443d38f0c439eadca002e4001d373d6db8c1d80c4adacf3749e9d210cd0316381682fbbc46616a3fa36581c7ea6f5ce69119944b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\extensions.ini
Filesize
402B

MD5
2ed482117f3148d08f92e22bed69f5ed

SHA1
2ac31eb3b05d73d23bd946d6b7c9a7a461d1bdf4

SHA256
4e3f2413784c7e3666c667eb2c35084154536edf9335d96f24d18a1d17590066

SHA512
3b84ec3c4aa29e70b428535d9f34577d69d6373772d96ebae71b27a73cbe6d7a82de1163c71280e7b0ca906f4fc3b995f3626988776b6116a2d81a5e82153d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\liteFirewallW.dll
Filesize
19KB

MD5
f31ba98a8d87faba153eea134968c854

SHA1
da0865cc1a86a39367f22897e1f9fbf4fb1f804f

SHA256
708fb54cffb6aea3547fc5ac745d1435ecc814df563bef59ba7a94f57d082bbb

SHA512
d991a2dd5ef537b25898afd7b7e73274a3cb8e6f5fca1621af22ee2761b82baf220aecb0c84434566742e2ab00b2f57a3740ce9831e76d4e1829bac3e044c8e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\nsExec.dll
Filesize
17KB

MD5
0e584c7120bd474c616013c58d51dc6b

SHA1
0bc980892341b52985d92fb3d8fbb6be77951935

SHA256
7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391

SHA512
aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\nsJSON.dll
Filesize
33KB

MD5
e832077eaee06f3b2ac9a8d2e7264567

SHA1
decbc329257c9c7fb67d3c449b4c5dfc1f87471f

SHA256
705f4947fb94254c4e5084e6a962045f6a4e790dfc1ecf59cd0fc3feb38bcbbf

SHA512
c1bada98c52ee2318d23c48fe202380eb42c5e1f18226cdc017f264c8c34f548bfe4d9b6eef13caae69ba321a71b199431b249fdec65f8bb1c386810932ccf6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\options.ini
Filesize
1KB

MD5
21ff84168193f4f63e56efdcc3878ec8

SHA1
3efb4fd0b73b8e6b84c3e657acf118521d06556b

SHA256
1825456240ef7acc3a29b3e96f4543cf2c1a862a97abf9291ed9ced77d69e248

SHA512
68b91e8b029f63c1c755755d5a419b871eaf7b199817fce50490b223e5f82cb670d8037ae30a06586a943f9c649bb1b75bf3d30a8a40957a56ccbcaf03051da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvE3BE.tmp\shortcuts.ini
Filesize
912B

MD5
5935bd2b0930cb9f6feb91ee8202bfcd

SHA1
9a0d25ea9c3c033baba73f64aa3a6dfc5f826b13

SHA256
6a0ca9301a3af541f27a2f105220aaafab4b1624224211a56a083f2abbb84af1

SHA512
8722583689494bf488fdd263ad400280e977cd43f7f24159c99a11543a4730d1b3825f33240f780002591c2fcc4e409d6e9e4a6fe655bc9cdf785b8a496d3cfc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\extensions.json.tmp
Filesize
50KB

MD5
e0ad48608672153650d3291d6e3e8694

SHA1
bf75063293d901b42491c3b10c63b4c140e2eb82

SHA256
ea1ceb6f9a893d777a8feee1d205cd79f7e9370fb2a3e1a5507fa21099e6ff5c

SHA512
b37d8cf84ddbb8f01d93eea506efbc0fd0e1c4682aedf7b2c2ed3d83f57186188248d24fa52f17f2a9c9c12fadd194178ddd338459288c5b4144e68dae872ec7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
253822d8a7d443f4018d6549b1b373a2

SHA1
96f2ff67a8482baedb3e273092062b96e985151b

SHA256
890e6dcb1f96d9cd5314fa32651bb97978cce5c4dbfa12d0f983cec09b47d6e2

SHA512
4731f5649afcae4c6f06c6353dff0d2f708df42b728379a8f939c7a417e8505a626b65eb89365abd83851e8c00590562600e7c1a27cbedeceaca609b923dd550

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
7KB

MD5
6d74a5dd738376a8d2f96e4db77c3f41

SHA1
ceb42ae13397060cd776bedeb98d3e2997821b84

SHA256
ca06612e8f76b7085b936740fdcd82b28b693308efcb11c10905b6409e648c37

SHA512
4036b754cab681bff239fb6019147720b8f160c896f71a59b4cd15ff8d53d965720b95d949d6368b4f4ff4f3e42ad725a5e078be280a94d122637883a9776588

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
70cd35e5693c2bc8ef1396c87b955c44

SHA1
07a9c9b8b58b0a0e12fb9ee72fbc4157e3671dfb

SHA256
717e6ac782cddd81177e5bf08c2c8ceacbacade274967bfdbb08da312ef25f26

SHA512
63f9a9accfa887e95c98e45eb54b83ccb9218e995f08268288c53692f92ac3ae2b00b0f0555c458e6d3e45c0f21b53fedc97d522ccd19b37bb9c2938d276124e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
67e44342ad7d9727532e27a878b2606d

SHA1
40539bcbd22a7330545fe8f5ec6d302fd41bafbc

SHA256
e5a628dffdbcaf4946765bed3bc2b655cdd5b20e3ac34245569ea06fe65eec46

SHA512
ccc3cb880d67095d71648a47f481b2d69c3e182dc3db11a2bc71ee014b8afe63aa3dbb15a32033c3f43449e5eee8892ea59f626160a934f9e33f8ffd3ffa2f62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
e1e186a1a91b76335a3858250918faa5

SHA1
52033f8a7b064f9e538799617ccbe9618fbcec6e

SHA256
b16a24af131bd1aeff50e618041c61b5c787464aa9a7b071d4de5897b6b6e97a

SHA512
acbcfa717b722cf56f5595a2a1f9bf44ae2597f887c053bc19d24d3f6a23ebb1015193feebd8b3ab26a8cfb6c49411e4cd2dafc6b07a6458969bf78f2fd40517

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
7KB

MD5
b9c07b9bc75be1d23a787fa940011bab

SHA1
00693da9ce4b76e83908a8526d42fdb5e6982aaf

SHA256
93e6fb13f72a4e87c3915aac111f783befe97c6c84bae69bb63d49763ed5f8ec

SHA512
0c7318e929e9a526fac9b61595851b4f8a957c86ef754d937d27bdfdd913dc71ffa44804944a09480cf6e00813a8f68ab4eddd16480de131307054facf4ff5fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
7KB

MD5
9e4898488e3c10bb303c3d929814ef77

SHA1
91c7dd5c7b5b4106c6aa472269b04c41e58a7e91

SHA256
65cbb81d23c6f3a03f0595c7350f36642593fe152eb60d5514dd6026db034554

SHA512
413f48eb603ff52c4a8128bd74ad44d12a581b0961dc6493767eae0fc65fcd3d68302894b3162b133fa7fdef716d9bf52bab12de3dcee4d104d4d6eaf00d25a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
c69e957bf7aab810fcf1e498da383565

SHA1
7ba851cf63f9a30acb7b848fc324ba5ad1c4468b

SHA256
af3996ea5ed38dd906622d3188b827f28453ac2e729a53f42fd09a770fbf59a4

SHA512
0cf4fd420e464d05ce9d1e013acd29ed20381427dfcce81953d924f428d067ca07ec7f6f274c0d29bf2f79641e4b19444c7d0d5d166383137aa1be9da52fedbf

Download Submit
C:\Users\Public\Desktop\Firefox.lnk
Filesize
902B

MD5
85c40b00f6dccf99443db03ad74311ef

SHA1
37ffc605e4d729ea7d927b107aa75e1074620060

SHA256
afaf0421734a20cc7a24d768e5b84163e584c7ccd7a433d2e76b663d4a99b795

SHA512
652dbe81c71a171682925da5ebe2802e8c919c616a4ea213f2f5e83c606909feae9c89bc3b8d349ccc13709e5a9dcb066fa366278e0a27dee90a5802164649c8

Download Submit
C:\Users\Public\Desktop\Firefox.lnk
Filesize
1000B

MD5
43812a29fc5985c27e97dbaa27f463d0

SHA1
6be77e85804feea3df8f866a55a03eba565726d7

SHA256
a5d93591b59585d3d40010f5bc756cede073ba7a2d28a82e2680bb62435c4042

SHA512
fdf265591cfaf32054aa65035a54d4c9d56bca0347bb53183a4d9f6490d4845a797fd55e972676c29379820014ba83cf92e4de3e1e2e9350c587623823725a69

Download Submit
memory/804-168-0x00000000022C0000-0x00000000022CF000-memory.dmp

Filesize
60KB

Download
memory/1168-222-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/1168-296-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4552-136-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download