fedefb45f91e645780673132bbe189443512a36bbf4f2c042e41254c74e6320c

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

877fe09e6d8d6366ced5b491ad180125.exe
Size

365KB
MD5

877fe09e6d8d6366ced5b491ad180125
SHA1

b377f980ac2b10a11c46d0017cc29b9ebc313ca9
SHA256

fedefb45f91e645780673132bbe189443512a36bbf4f2c042e41254c74e6320c
SHA512

f82e79d6c99c66a7a2fd643d4b5082046397ca8dbba79c328f23124a6d84222e8e1d899933398ab63bad8d3f1277d7a1195a62cc444b40428d607700378f2912
SSDEEP

6144:hGyG9i2wAWfMrpUHOZEIiS5cBppSj+3sTjA35E8CQuwbQ/59osKzpudHUmDlsGtx:h3Ui7M+HOCdIcFSj+8TjA35EIuX/ksKY

Score

8^/10

discovery evasion persistence spyware stealer trojan upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 24 IoCs

pid	Process
4644	nGh9Va7IFroFgTw.exe
4176	CTS.exe
2968	setup-stub.exe
4404	download.exe
2996	setup.exe
4016	maintenanceservice_installer.exe
4600	maintenanceservice_tmp.exe
3948	default-browser-agent.exe
1680	firefox.exe
636	firefox.exe
800	firefox.exe
3460	firefox.exe
1444	firefox.exe
4344	firefox.exe
4892	firefox.exe
1792	firefox.exe
884	firefox.exe
908	firefox.exe
4152	firefox.exe
5280	firefox.exe
5484	firefox.exe
5696	firefox.exe
5708	firefox.exe
5720	firefox.exe

Loads dropped DLL 64 IoCs

pid	Process
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2968	setup-stub.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
4152	firefox.exe
4152	firefox.exe
2996	setup.exe
2996	setup.exe
4016	maintenanceservice_installer.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
2996	setup.exe
3948	default-browser-agent.exe
3948	default-browser-agent.exe
3948	default-browser-agent.exe
1680	firefox.exe
1680	firefox.exe
1680	firefox.exe
1680	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
636	firefox.exe
800	firefox.exe
800	firefox.exe
800	firefox.exe
800	firefox.exe
3460	firefox.exe
3460	firefox.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both"	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{D7EA918F-88D9-490A-9FBE-80D9A51A8D8E}\InProcServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7EA918F-88D9-490A-9FBE-80D9A51A8D8E}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\notificationserver.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\AccessibleMarshal.dll"	firefox.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2940-0-0x0000000000080000-0x0000000000097000-memory.dmp	upx
behavioral2/files/0x00070000000231f3-8.dat	upx
behavioral2/memory/4644-10-0x0000000000400000-0x0000000000443000-memory.dmp	upx
behavioral2/memory/4176-13-0x0000000000840000-0x0000000000857000-memory.dmp	upx
behavioral2/memory/2940-9-0x0000000000080000-0x0000000000097000-memory.dmp	upx
behavioral2/files/0x0003000000022764-16.dat	upx
behavioral2/files/0x000b000000023151-5.dat	upx
behavioral2/files/0x0006000000023218-126.dat	upx
behavioral2/files/0x0006000000023218-134.dat	upx
behavioral2/files/0x0006000000023218-135.dat	upx
behavioral2/memory/4404-136-0x0000000000400000-0x0000000000446000-memory.dmp	upx
behavioral2/memory/4644-261-0x0000000000400000-0x0000000000443000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe"	877fe09e6d8d6366ced5b491ad180125.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe"	CTS.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\xul.dll.sig	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsi42AA.tmp\	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\omni.ja	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nssckbi.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\fonts\	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml	setup.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nss72F0.tmp	setup.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe	setup.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini	setup.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe	setup.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll	setup.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log	maintenanceservice_tmp.exe
File opened for modification	C:\Program Files\Mozilla Firefox\notificationserver.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\defaults\	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\removed-files	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\ucrtbase.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\update-settings.ini	setup.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log	setup.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja	setup.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	setup.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\softokn3.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\application.ini	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	setup.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\libEGL.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\vcruntime140_1.dll	setup.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\nsi42AA.tmp	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\osclientcerts.dll	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml	setup-stub.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	setup.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	setup.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini	setup.exe
File created	C:\Program Files\Mozilla Firefox\installation_telemetry.json	setup.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	setup-stub.exe
File opened for modification	C:\Program Files\Mozilla Firefox\install.log	setup-stub.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\CTS.exe	877fe09e6d8d6366ced5b491ad180125.exe
File created	C:\Windows\CTS.exe	CTS.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies Control Panel 3 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\Colors	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\Colors	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Control Panel\Colors	firefox.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\ = "Firefox HTML Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox-private\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -private-window \"%1\""	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{D7EA918F-88D9-490A-9FBE-80D9A51A8D8E}\InProcServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox-private\EditFlags = "2"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\NumMethods\ = "8"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox\shell\ = "open"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox-private\URL Protocol	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\NumMethods\ = "9"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox\ = "Firefox Browsing Protocol"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox\shell\open\ddeexec\	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\FirefoxPDF-308046B0AF4A39CB	setup.exe
Key deleted	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_CLASSES\FIREFOXPDF-308046B0AF4A39CB\SHELL\OPEN\DDEEXEC	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\ddeexec\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{D7EA918F-88D9-490A-9FBE-80D9A51A8D8E}\DllSurrogate	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ = "PSFactoryBuffer"	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods\ = "18"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox\shell\open	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\CLSID	firefox.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox-private\ = "Firefox Private Browsing Protocol"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppUserModelId\FirefoxToast-308046B0AF4A39CB\CustomActivator = "{D7EA918F-88D9-490A-9FBE-80D9A51A8D8E}"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D7EA918F-88D9-490A-9FBE-80D9A51A8D8E}\AppID = "{D7EA918F-88D9-490A-9FBE-80D9A51A8D8E}"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\Interface	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\NumMethods	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\FriendlyTypeName = "Firefox PDF Document"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\FriendlyTypeName = "Firefox URL"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox\shell\open\ddeexec	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}"	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox\DefaultIcon	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\FirefoxPDF-308046B0AF4A39CB\FriendlyTypeName = "Firefox PDF Document"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\ = "open"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox-private	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox-private\FriendlyTypeName = "Firefox Private Browsing Protocol"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\DefaultIcon	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\command	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox\URL Protocol	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\ = "Firefox PDF Document"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\ = "open"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox-private\shell	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\firefox.exe\shell\open\command	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\ = "open"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\firefox\shell	setup.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4600	maintenanceservice_tmp.exe
4600	maintenanceservice_tmp.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2940	877fe09e6d8d6366ced5b491ad180125.exe
Token: SeDebugPrivilege	4176	CTS.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe
Token: SeDebugPrivilege	4344	firefox.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
2968	setup-stub.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe
4344	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4344	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 4644	2940	877fe09e6d8d6366ced5b491ad180125.exe	23
PID 2940 wrote to memory of 4644	2940	877fe09e6d8d6366ced5b491ad180125.exe	23
PID 2940 wrote to memory of 4644	2940	877fe09e6d8d6366ced5b491ad180125.exe	23
PID 2940 wrote to memory of 4176	2940	877fe09e6d8d6366ced5b491ad180125.exe	24
PID 2940 wrote to memory of 4176	2940	877fe09e6d8d6366ced5b491ad180125.exe	24
PID 2940 wrote to memory of 4176	2940	877fe09e6d8d6366ced5b491ad180125.exe	24
PID 4644 wrote to memory of 2968	4644	nGh9Va7IFroFgTw.exe	28
PID 4644 wrote to memory of 2968	4644	nGh9Va7IFroFgTw.exe	28
PID 4644 wrote to memory of 2968	4644	nGh9Va7IFroFgTw.exe	28
PID 2968 wrote to memory of 4404	2968	setup-stub.exe	93
PID 2968 wrote to memory of 4404	2968	setup-stub.exe	93
PID 2968 wrote to memory of 4404	2968	setup-stub.exe	93
PID 4404 wrote to memory of 2996	4404	download.exe	96
PID 4404 wrote to memory of 2996	4404	download.exe	96
PID 4404 wrote to memory of 2996	4404	download.exe	96
PID 2996 wrote to memory of 4152	2996	setup.exe	111
PID 2996 wrote to memory of 4152	2996	setup.exe	111
PID 2996 wrote to memory of 4016	2996	setup.exe	98
PID 2996 wrote to memory of 4016	2996	setup.exe	98
PID 2996 wrote to memory of 4016	2996	setup.exe	98
PID 4016 wrote to memory of 4600	4016	maintenanceservice_installer.exe	99
PID 4016 wrote to memory of 4600	4016	maintenanceservice_installer.exe	99
PID 2996 wrote to memory of 3948	2996	setup.exe	102
PID 2996 wrote to memory of 3948	2996	setup.exe	102
PID 3948 wrote to memory of 1680	3948	default-browser-agent.exe	100
PID 3948 wrote to memory of 1680	3948	default-browser-agent.exe	100
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 1680 wrote to memory of 636	1680	firefox.exe	101
PID 2996 wrote to memory of 800	2996	setup.exe	104
PID 2996 wrote to memory of 800	2996	setup.exe	104
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 800 wrote to memory of 3460	800	firefox.exe	103
PID 2968 wrote to memory of 1444	2968	setup-stub.exe	106
PID 2968 wrote to memory of 1444	2968	setup-stub.exe	106
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 1444 wrote to memory of 4344	1444	firefox.exe	105
PID 4344 wrote to memory of 4892	4344	firefox.exe	107

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\877fe09e6d8d6366ced5b491ad180125.exe
"C:\Users\Admin\AppData\Local\Temp\877fe09e6d8d6366ced5b491ad180125.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Users\Admin\AppData\Local\Temp\nGh9Va7IFroFgTw.exe
  C:\Users\Admin\AppData\Local\Temp\nGh9Va7IFroFgTw.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4644
- - C:\Users\Admin\AppData\Local\Temp\7zS42219A57\setup-stub.exe
    .\setup-stub.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\download.exe
      "C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\download.exe" /INI=C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\config.ini
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:4404
    - - C:\Users\Admin\AppData\Local\Temp\7zS43168427\setup.exe
        
        .\setup.exe /INI=C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\config.ini
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Drops file in Program Files directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2996
      - C:\Windows\system32\regsvr32.exe
        
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
        6⤵
        
        PID:4152
      - C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
        
        "C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:4016
        
        C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
        
        "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" install
        7⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4600
      - C:\Program Files\Mozilla Firefox\default-browser-agent.exe
        
        "C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CB
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:3948
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask install
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:800
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:1444
- C:\Windows\CTS.exe
  "C:\Windows\CTS.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:4176

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CB
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CB
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Checks processor information in registry
  - Modifies Control Panel
  PID:636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask install
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Modifies Control Panel
PID:3460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Checks processor information in registry
- Modifies Control Panel
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20240118164516 -prefsHandle 2244 -prefMapHandle 2236 -prefsLen 22851 -prefMapSize 243126 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de3b7f15-e5c0-439d-b232-cd123cfa1027} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 14d5a6db510 gpu
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2708 -parentBuildID 20240118164516 -prefsHandle 2704 -prefMapHandle 2700 -prefsLen 22851 -prefMapSize 243126 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcaf54b3-8e70-418d-8fa1-87c58c3d89e5} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 14d4c086310 socket
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3172 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 1700 -prefsLen 20875 -prefMapSize 243126 -jsInitHandle 1372 -jsInitLen 235124 -parentBuildID 20240118164516 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e84f3313-1b95-412d-8bc4-178d550416f5} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 14d5e409150 tab
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3564 -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3440 -prefsLen 22965 -prefMapSize 243126 -jsInitHandle 1372 -jsInitLen 235124 -parentBuildID 20240118164516 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba16cc09-edea-4ee6-b403-433d54950372} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 14d5e4ccf50 tab
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -childID 3 -isForBrowser -prefsHandle 4460 -prefMapHandle 4568 -prefsLen 23965 -prefMapSize 243126 -jsInitHandle 1372 -jsInitLen 235124 -parentBuildID 20240118164516 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08fa73ca-a096-4cf7-902a-bf729f9dad32} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 14d5ecc7310 tab
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Registers COM server for autorun
  - Modifies registry class
  PID:4152
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -parentBuildID 20240118164516 -sandboxingKind 0 -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 28439 -prefMapSize 243126 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aff90b9e-13b5-430a-99f3-d3356a9f4665} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 14d5a095310 utility
  2⤵
  - Executes dropped EXE
  PID:5280
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5740 -parentBuildID 20240118164516 -prefsHandle 5736 -prefMapHandle 5732 -prefsLen 28439 -prefMapSize 243126 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48c266c9-71e6-4c6c-bb96-3562c2cf7bea} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 14d5c49f510 rdd
  2⤵
  - Executes dropped EXE
  PID:5484
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6224 -childID 6 -isForBrowser -prefsHandle 6300 -prefMapHandle 6296 -prefsLen 26264 -prefMapSize 243126 -jsInitHandle 1372 -jsInitLen 235124 -parentBuildID 20240118164516 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0270582-0b0b-4a23-b363-8b59ebff34a7} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 14d626504d0 tab
  2⤵
  - Executes dropped EXE
  PID:5720
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6032 -childID 5 -isForBrowser -prefsHandle 6108 -prefMapHandle 6104 -prefsLen 26264 -prefMapSize 243126 -jsInitHandle 1372 -jsInitLen 235124 -parentBuildID 20240118164516 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5f28601-1249-4cfc-9aaf-d5529b930eab} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 14d62650310 tab
  2⤵
  - Executes dropped EXE
  PID:5708
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5888 -childID 4 -isForBrowser -prefsHandle 5880 -prefMapHandle 5872 -prefsLen 26264 -prefMapSize 243126 -jsInitHandle 1372 -jsInitLen 235124 -parentBuildID 20240118164516 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43c54e14-378f-44c4-ad0d-e3c4fe3b1aed} 4344 "\\.\pipe\gecko-crash-server-pipe.4344" 14d61cfd850 tab
  2⤵
  - Executes dropped EXE
  PID:5696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png

Filesize
15KB

MD5
e9068cd977693bdab242de4280dda725

SHA1
35a5c8aee11597ec7cc6adaf15e8673b713d73a9

SHA256
1701ff395543f3ad6b25584fa7014073f74949baca0dd2552216f58131328fef

SHA512
29ebff0f99c9a8f47b8f145ee8d88877b17ae0e3eeed1bc017caa20c68a63166831f5feda768189e837d2390cc80790e3e69aa7ec26bf92da2e90b66e1be3362

Download Submit
C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png

Filesize
5KB

MD5
c9ae03c43b67a4e4986518fe3fe29756

SHA1
07221e0401f306487504ae9b3c46ef1cb5dec843

SHA256
adf41380b5ed3f73b8e5fb51f7f33b722f4db4600791cdf92033267c9971c4d5

SHA512
0ace7c3cdc18eb1e67971a5acd0a54e1c00d37ac556f8183dccede984cb6520660c9b27064a8ef5f7b706fdabd70e5e424b7b7271ff751bffd997cf2284f9fe7

Download Submit
C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png

Filesize
22KB

MD5
8e058139e0576b4ad8d424bb21071063

SHA1
f584d2412c935aa8a7cf73ecdfaaa6a3cf87c064

SHA256
e86ee493e89f5dfce2ce8817ac5d1c04d8ba2b07a06ff0f967c0167562510df7

SHA512
9ce457aa516fb2d3cb7b4a08f2dd81573de301fefc6ddc877142a35851151407367605f00862fb77067d0969ba745bc6bc612a4440aa3017e508e572ec88f2fc

Download Submit
C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png

Filesize
8KB

MD5
1a340e565e697e63b5a4ce51f7297119

SHA1
cdb4ca85700ed81db13b15d4bd5b77d41bb20d34

SHA256
c4bb210e61cd35f9a0a54fb941ea2e3bf6abde799bea1c78d24c761c9a3bc429

SHA512
92478fe26f9ea7454206a3106632534c5608d6940588f01fecfd799de636f11b003ffd1e5c762201f9a14f4ebb7fa6a711d99312b03914de817246a6008c7b35

Download Submit
C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini

Filesize
787B

MD5
9524df130a8e1ab4efdfb32b4e68a7b2

SHA1
98593d6520ffeb0c49803dc1ada0ee3131be4c88

SHA256
699cb7896b205018db7248a2954d0432022c63957ad3a83ae53711755ad47c8c

SHA512
9689e204f84bd1ae815a07da860fdb6613bf9c3220e301ce2395e971fca0ef6115b3fd3ab50983e48f49e5a7b2a79b951df22bf9a00a362fa274915001a9fc14

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\[email protected]

Filesize
131KB

MD5
6c037924dab17d97f0d3d0355d399f92

SHA1
6d00353933d351dce95778b1034fd37004a0471a

SHA256
34a041d38a54865711c3bec7f67796f028f4b8114c740f29a4e3ec9a10875187

SHA512
e4a7f0d2ba504087d7636afd97a0681de6c2a630b2db041bdfe874de993f51b7d626cf36af085757b960bb21a87dbc0cbd06927aa9035ce14ebafc2dde5d7470

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\[email protected]

Filesize
61KB

MD5
3702bd7db59a2feefb35401b32876245

SHA1
31e2e408ff9c185001513386fc346f7512effbd9

SHA256
dd5a380c7f29c8c1db6e7b2071ee550c8a93ac3321c11bda9d0912f176f8746f

SHA512
0412f029075866af6b6df95b6cc690542504c52af23cc7666b63f53893983d4d14e3729a02c1843f3bce1361d7ed5028bb5d59aa7be4403e8e6c79faf7fadd6f

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\[email protected]

Filesize
168KB

MD5
2f1bf72ce57bb644dd54e6376dd2fe4d

SHA1
6013cd2d3613a6b0035920f1da9ec0a4d6dc00a9

SHA256
21ce8909c9ac4e076589ea9c8fbcf6b745b485816841131c61575ea705ba0a03

SHA512
9fd85ab306bec919defa3454d8d5f6b13230392198174fab8a2f7cf0db67a4dc4fce61c896109a31970a0d585d4db3ce9fd0c76fc7e6359ba873d1cdfe2e26fe

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\[email protected]

Filesize
9KB

MD5
507739399c82ef6487da73e587423f1f

SHA1
95177d06563e55f4084504e06e88a1c0f3f52b0f

SHA256
796ba4ee5430db311dac2e45323c3e71059f23a54ec2d5bea22387f33fb92de7

SHA512
6bd0bb547f3bbcaef5db00e554a0b9fb45a78efd01018a4d706bcc94d5566458f931cf954cea22e2674ab2065c72617e49b21f9e354f16109b4b64d4fcd0b4f6

Download Submit
C:\Program Files\Mozilla Firefox\browser\features\[email protected]

Filesize
423KB

MD5
d11b0f03de1ad144e81785b83b6d8340

SHA1
b39782e1f76191d205496db0313e23c479312db0

SHA256
4fe69af7e25ab17e4a8a5e6eaeb377ee3bd9a3a9894b82eede1b6b40c24c3412

SHA512
82020a5a3d6c1ae33cac76b69d8e4674ab4fd30dbda7a6cb69ba452e65300198f629f085fbb65342b441e0e1b9b9703620e355510609eb9fbebfee4eef462385

Download Submit
C:\Program Files\Mozilla Firefox\browser\omni.ja

Filesize
213KB

MD5
99da2da2d0eaa7c0cc5cbda454583dfe

SHA1
ab54225566108ad2a12fce0b79373e28a2d848a1

SHA256
f75d371a23f6c30ffdf6a71c7c16123f921c082856a95e165141a1526afb3448

SHA512
7d808683f050e5f06940d234843697d89f88205d6f6fa33205e2b37b2008cb961c111532cac8a34fc344290b59b01f24a772085bc73bc0ea063b049a035ff15a

Download Submit
C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Program Files\Mozilla Firefox\firefox.exe

Filesize
319KB

MD5
28a5d6375d9839b8d763094ad5eb7397

SHA1
a0ffcbd43416529723541c6be40a6294ded29125

SHA256
3f95af5dd50d0b7fcb66787939251ab6dda838b5d47f14f6341fe52cf9b0af3c

SHA512
b7daa7885a659fb457a8d8b94efe5131cfaa8466907ac70b72735b70b10a8448739da270a7e05fd14a63765500dced1fed24ba2fb6dfb714f67aa15d951194f4

Download Submit
C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf

Filesize
323KB

MD5
bc486edba8fa2cf027a5b57605b8d38f

SHA1
33df1a98c4c3ab78b5f13d63e8784297f4d2a18c

SHA256
f66628e63f5a3f9a405d3d803f601399524434d8807d30735486f9999ae2b147

SHA512
b86b95cb195950697ef950909e4ecd425d46e63fb61399f75af03270e425a88a6964255954fd5d5d3ca4d9297ae784b521c4039b67432d5da5e49ebcb0bc4317

Download Submit
C:\Program Files\Mozilla Firefox\freebl3.dll

Filesize
265KB

MD5
db35444aac83d28673e8edd2dc62d70c

SHA1
54e5fea65791676186e7955e56149d3125012efc

SHA256
3bde878674ae6b83259dc614be93c5af2f63fdd53ef1154f32ecec374a38f45d

SHA512
73f63bc5a218b9fc444877ebaa8f34ccf34b97b21c80873343064fc3760dd7d7cad9398e03cbfe09f8d3f759bcceb876cb2d2225291fea5572ac1285e6b4db5d

Download Submit
C:\Program Files\Mozilla Firefox\gkcodecs.dll

Filesize
332KB

MD5
91bf3b9cefa55abb560c79f5d64c871e

SHA1
9b259200278be9dd7f29cf4afc75c856cd0359d2

SHA256
1c9265e7794b9c8eac441e9e790646a7002b11bd4207273656c644b93c2c7d74

SHA512
8d1e9bb7ec3fda1b188e68a7f2ece8bf56ce78c2e64ad13dedbd8e85c4ebe2fc2be75efe20cfa847633c338a222bb11f4ed5da77b16dbba53b061ac3d2b3efbd

Download Submit
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll

Filesize
103KB

MD5
bdbc37d228d3a1858379c6cadd6bf0ad

SHA1
5e5fb43f21018331ca3816525927a995639400cf

SHA256
301e6408f0f33aa0254be4a8ba9c4d7c5b38192d55019586ad7555f9a029de42

SHA512
d1051217e0f08be9cb20eb4f9aa6ba99a62f3e10ccfc17fa2d26f4bad3cbc8acf6a0987519461e2633376d38c7b965dd65df57b4085d0e20e6053a26b356ffef

Download Submit
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig

Filesize
1KB

MD5
9ec538ed4ec9f6b590727af14d0f2d3c

SHA1
a601de3d17b88799a4af5c35836048bc563fd467

SHA256
b56c059222ae6050736063b3342341c6f0039309ac6eeeb972d2322504559ccd

SHA512
3f3127ede0cdc3ad7b89e957f0e504439fe0898cbe0e1d51bb6db1282d4dd961ddcb1d1adf78de6a7454169a228ce0747dcb9a598bc0e7a2ad27e2b5a1a12cde

Download Submit
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json

Filesize
229B

MD5
cffdadfaeeaaf0a5a78e7f9a299aa7f1

SHA1
7a8f06d7c91877484301ce8474dfbb1bde08a040

SHA256
ef47e83036753b53f59d079fef62bfedc749abdbcdb0fe16f448d9920f11114c

SHA512
5a11e448389326ddbd3be792d9a10ae746c66e4a41f9c96f4979ec71fde385fc4deb205a40f1b4f24415abd9d41c453ca1285f4b813005b1d12a2701f214db85

Download Submit
C:\Program Files\Mozilla Firefox\install.log

Filesize
4KB

MD5
90c962048755eb9a50871c2fce56f2ae

SHA1
43a1ef0f3e4b28c4398a07b304c187e8f8b6de40

SHA256
94bb67573b8c9b2d5c018ecfc466b9cddf1a3b2a2551424181a31fa77d431251

SHA512
a14e70b182db5ef47fbcc8f1cbb3df5122014f184c9feb91a343ef177536cdb6997fe5d6a0bdfe8ba71582292a5ab21645ca1562b7e95d5246707d46acf51abf

Download Submit
C:\Program Files\Mozilla Firefox\install.tmp

Filesize
2KB

MD5
c5ed5e570e0ca475141a4de167504ca9

SHA1
9f05ef975471136a8681ea89e0b802996bceddba

SHA256
1a8ae226e73333eeb19707093cb2c54160c30ee45290d8a05a151361529d5d39

SHA512
4f9f07dbab6b5d3ff0f4e34adbbf5eb15134d73de1372cf49e7f923ccea953ffd8df7a4278714630a6233559bc6733e5b6af199c190ca31ff707eb59c78a0600

Download Submit
C:\Program Files\Mozilla Firefox\libGLESv2.dll

Filesize
332KB

MD5
855c54e781346f9c3200d729138b91e3

SHA1
4e2447d08a8f2af00a3e2d24baca2080ed9616cd

SHA256
b3d2d1f607bb6243fc73a34248b527f627a1a153172be2edf1e1cc8984d044de

SHA512
7d90940bf642ebf2c2f06d6400662ff92a5882978a69a4ed9ff5cef1c569908bfed9b284efbadebdc87fc7300ccc028e9937fb8012fbf8dcdc213a7343c3c27f

Download Submit
C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe

Filesize
183KB

MD5
c695afbd26357ec1487ea87fcb1ea74d

SHA1
258cfc3cc9f4880ea0c9861b45bb740cfb81a68a

SHA256
f7f0536205c6bd43b93bb232b780f1e0b0f7b030214e73837801dfa935cc01ae

SHA512
e836df44e38294a9b2775d5c5b476d4038e56ca05edcbfc1e180d68054608eaf2194e9a95e7bb9827cc640fcfcc36a0f888a5da98a14f5c2dc5692ec109ce45d

Download Submit
C:\Program Files\Mozilla Firefox\minidump-analyzer.exe

Filesize
222KB

MD5
8351d721cc409dde85f4fa715670c53d

SHA1
da713bfc1cc821869ff350a835ead67629a34e1b

SHA256
dd4e5b8e294e9938a236a565365034d32167f739a45a75d43c9bb2a9338ef2a4

SHA512
b32061530fe7e0ac38207c91896025f4fbd5b6e166078c17c7f5ccc0d1cadd282ff65f60d06c7313b5ca7977ba9d36345e7b8f299038dd31618e81d990c8353a

Download Submit
C:\Program Files\Mozilla Firefox\mozavcodec.dll

Filesize
173KB

MD5
87a0146571ad5b9b6d592390a76dcf4f

SHA1
2234a6c8add6c538542e14725fcd0be2b95b892c

SHA256
6d677f979514a74ce3eeaa250cbc7513ed38a591c76d58649b753686523bdbd5

SHA512
f17e0c99fefdb330136caff5958abdd250e6e3ca8ec3b588e466f7c679a5d89b90cf705bff9a89ab6d7238e26aab6c777996bfc77b99a5c8b678405a13a979b4

Download Submit
C:\Program Files\Mozilla Firefox\mozavutil.dll

Filesize
135KB

MD5
7ff108b4e3d0dee00b7e6feea2d6d496

SHA1
5a5f73c6e14b9cc460e66d6d9306b2266e74b8d0

SHA256
88fbb01b39f7fd23110d757eb2778df11de3b97b4e84cba1423b1ea90f7dab4c

SHA512
d7c6eeb17f58581bb8f29f065b7a7554c0a90a6af6f94f617b64f0ebb2fc136b27fd06618979475152a4fcb102bfe7e0e885fdc63b71171d84a3d320cdffceac

Download Submit
C:\Program Files\Mozilla Firefox\mozglue.dll

Filesize
211KB

MD5
4d4988a93511406bcbce8dbfd5e7902a

SHA1
2f0d0e351da0f2288555d174c71c61dd10e12ca0

SHA256
08ca5f68a30cae147e223510653dc2ea5973afab0b2bb462eaaa7c341c3c51ec

SHA512
b0c6bc71b926424feea04e29d130b3c0ff1a2d2485ad56d396f80475647a9405e0a75157e0cea4dcb2cf1e7477dac77b405acb2714a34386d470f776c28adf58

Download Submit
C:\Program Files\Mozilla Firefox\mozwer.dll

Filesize
179KB

MD5
9fc20f2504ef28af60401b2deff3b53c

SHA1
5bb4130a9d7df01f5f05291dd560b03642689a22

SHA256
883d798b4f71f0118bfbf8886bf325d049ee14832a92d475afb19ee89674cedb

SHA512
928c8c898a023a4ca2f65ea2cfdc0958591cd5a902f22c6900abecd7e6b7bcac9361874aba8d186384f4cd35d81a4142bfcee3a72605639da370e9298b7babf7

Download Submit
C:\Program Files\Mozilla Firefox\msvcp140.dll

Filesize
120KB

MD5
fea4391a0f2f67c662fb9c973eb3223b

SHA1
5df747a0a10993f8aaa06c86caff755be4f9c83f

SHA256
17fae1c3174bd329cb4a05bc09031884431014a105cf3d521781e463ebd40800

SHA512
2566f652322b98dd536998c36ad181648df820b691e662e8075669b035eeab8af708d59981c5ee9dc5acd074101e61fd05ea3bfa5b2bbe236f974961bf5b6408

Download Submit
C:\Program Files\Mozilla Firefox\nss3.dll

Filesize
124KB

MD5
15204d8556ed8cd63bdb1a6fa4d467b9

SHA1
7954685ca3f142a1207412aa099972b27df5516a

SHA256
6c955a3407f7ba83f4cd38a70891b1f90ed0604cf02307ee8f7bbf38f0070883

SHA512
5e1bbe433b23fef5ecd6c9299fe98e18675b2a409324c8433d887c7c08c83978a8ea6790d42b880a0db1c0c0660ecac9b2062cac51d7e551956f1e43e1aec733

Download Submit
C:\Program Files\Mozilla Firefox\nssckbi.dll

Filesize
241KB

MD5
c751938c2515bfc1e33a014d600df9ce

SHA1
ece221c7e3157ec271062755a8be07ca479e57fa

SHA256
b4b6816ab81d728ad0b52fa42e1fa21d5ff021edd3a79e0c1eca28d68f60964e

SHA512
a2141f018999ff900ab8699cfccb90794f382dd4fe6b583059693d10dab27668a6d67e0ed3bd98456f480cc461a7549205d294e24aa8ffe5817d5b767c279907

Download Submit
C:\Program Files\Mozilla Firefox\omni.ja

Filesize
165KB

MD5
2fbdd69627727901e3ca9560d7d0d048

SHA1
3a8108e19d911b0be150f8fea9c463c790f0cd30

SHA256
1b629b38d3065d816a3407170546a14f7bca0d6ba980cebc2c72820276395eb0

SHA512
ea72ba7a9e08c162486a00ef7dbb36ac48389d736156e1bb8e074178a17cc7a7e6e3c0bbc4fc83243fad5982b041216e5dc8bd3afd41ce4d38b89a1779b0bd93

Download Submit
C:\Program Files\Mozilla Firefox\osclientcerts.dll

Filesize
147KB

MD5
e7ca5a43840bfccd1eeece2aba66cd6a

SHA1
2546fc7d82be24b218de5a5ee62973316fe1c471

SHA256
2695cdfdafb02b6fc2febefacbfbab53ad13edd35af8ab07d1396c820214fbee

SHA512
8e41791e0b3582fa95839a116d23a245ea9ca1f2d67054a24be393d3374acc12241010c3c772a9f82ab4f9b12c349cd294877390d0093cb19c089ffb55c95697

Download Submit
C:\Program Files\Mozilla Firefox\plugin-container.exe

Filesize
233KB

MD5
ef64f29a6e49d8964b60bb85aa5ca6e0

SHA1
f30646bf0e2eecc9359bdfbcb36ea9d3470caa7f

SHA256
2f690397b7f5ff5d05a03e650edba526a3ccef42dec9947960473cc1ca02d2ee

SHA512
620f4c7ba7e13cf452d02592cb9d07b22ee0ce581a14b3beceed8ba501d14664ee8e4f7e3408dfca910e2616ccb9cae77dc1274318622d7a5cc49328bf80b222

Download Submit
C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml

Filesize
559B

MD5
b499ede5c9228c742578086591193efe

SHA1
18e682ec73ed8fcea99893142fa8b08ee8a32b72

SHA256
9ea86a18d41112e25b17454044ac29b458f508d9814700a6f4c0f9370678f3ae

SHA512
b99ef0e9152da3bf6adac5fef67b44738ae7a2d1ef0041786a5700b8389acde7380f1bc9bf1402c7a356f1777aca7c2b05af5ee22b7297bc879fe2e6b9741f13

Download Submit
C:\Program Files\Mozilla Firefox\private_browsing.exe

Filesize
63KB

MD5
8cc3e15e31e51cf777a92047aa08165f

SHA1
5ca6d688839c2520f7c75751040f945563c07108

SHA256
108265320b88743245ed2015eef04d6d709dde6d0c3c961e2d3bded6b5c45648

SHA512
83dff2c3071932fe6e392a7a858557450809b12f9a4ce2a417d0f298bd0036f78147705476e37cdfd116acd34b3b4ec91bb2a883c0930ecf173a04f13a43017e

Download Submit
C:\Program Files\Mozilla Firefox\qipcap64.dll

Filesize
20KB

MD5
c4cdaa8a88bb61fe4c62d5a25678d3f2

SHA1
0110963f97cee2d103c283203a167126ebb9deee

SHA256
dc5858ef0f5bd0fc238a50bac1a88a56c43e23895b127a1e0afbd859cace61ab

SHA512
f9b48551be959fe4c6ca3bbb601f953a2f334589375ae5d01dc2ae84834ad140160d36f2848be030e364e94f658be9562c51d7490b1c1e9bb33cd29da494c19c

Download Submit
C:\Program Files\Mozilla Firefox\removed-files

Filesize
16B

MD5
fefbfac37461bd30e05f5befaa1f7705

SHA1
74f9024662db06184e645cab76bfecb0e6897545

SHA256
52523da24287c4d459131c2e4818a713a732765e06e9bbba1cf353888ba34f9f

SHA512
874d6bdef28dea531c858443810d0b026a3a5667e0b9985bce84b7c5ab63d06a015487bd1da2a914d28af7b6568335b1927f9fb9656715947929cd6671ccc4b7

Download Submit
C:\Program Files\Mozilla Firefox\softokn3.dll

Filesize
153KB

MD5
97a44511befac43b756a5a844672b44f

SHA1
ff8c99e7c0183f463d0d689614eccd6d2c642cd1

SHA256
7a6e7b617d21f538da703aa1dbddafbeac333f8e424e43f218240e8a2decb050

SHA512
7529f02da7d1c1bce6fbcf361c4463592db6b04ec3528c470ad6e7561c56ba1e614dba46de73439d217106909a79d49ee08931189b7ddb1f4b850bae7cde3ba3

Download Submit
C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Filesize
101KB

MD5
7d704d25e4cd98afad970c78d585649c

SHA1
e319d7ddaf751a0dbc61c4d0e381d8b9ed1fd7b1

SHA256
b2595d5af10fc7bf6ed26a7ee3eb3a2bd5a33cfab62ab0e31118cf19411033eb

SHA512
e8aa8c03e107e88742c90cec8255cce0a62bf1def181bf7a703d56142d16a8a29ac98aa6077e15b158bad08a5495b475446afe8bc67863be19f2525c8de0f1df

Download Submit
C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini

Filesize
78B

MD5
8e35d83754d3127021a8eecfd98ae6a7

SHA1
e7d19d3e307d42d1bbf47df5da8b329a44ade217

SHA256
b84a7d6c61d192442d5148d889d445792dbd1e67e037525dcefef3e0a95d2b83

SHA512
684f0375fd4b22cbdb0f549091011a41438d243c1705882c7455a79b43f2df2fff78fab4d101b1230d99964828a8dc0cc26769550d36c832083f67adca601d7c

Download Submit
C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini

Filesize
222B

MD5
4b8dc92a079f224935392f9b5a2dc051

SHA1
1027fc1b3e2e8ae78c60bfb25c5c9f87f9b3cae2

SHA256
79d1631316cd79bc5127f745aa6707b4445f7d0432b685ef2c3ec3cf3a62ecba

SHA512
ad0186cfc9df574e4a3c7c209b5dc3078fb86f6b1de0008bdede6768ec08d61b20f371d7b2d01dc50aa7d094b150db816358f03fa0d9135ce26d80d8886a1704

Download Submit
C:\Program Files\Mozilla Firefox\update-settings.ini

Filesize
132B

MD5
1413131f8cfad1e19d299667bf759087

SHA1
a0435cbf1a2817ec960c56a896d455e78adc226d

SHA256
c18489344fdc21ae366b4d957a0b9f11be772483ca46f9ffab6ed0356f946513

SHA512
590b53aff46903b1883c5fb14492ca85db2c6e0e900d0fdf62c3e6da10f1d10c3aa51224dc6db50f4eb12d42de017892f77e91d79aa16fcaefba10b27748748d

Download Submit
C:\Program Files\Mozilla Firefox\updater.exe

Filesize
115KB

MD5
4ea7e17739e173f5fc77d5728870572d

SHA1
2c7e2825652e8e5de8e4fd44860278d0cf183c3c

SHA256
316941d021be2c32e674e9d3ec5be93ca262fc6bbc795c9bfb1ce4077d04ccd9

SHA512
d6ab620a336165dd746a8614fc57e8b465ffe69b0857fd1f1e1d0635154afbe81862c618b02f0176df1180405298761d0f14f17abcfe03ec4702bd4d87269da4

Download Submit
C:\Program Files\Mozilla Firefox\updater.ini

Filesize
1KB

MD5
7a6cbd521497f6dd382f7b8c6aaa1eb5

SHA1
a0bccd339f6d045f0aeb4de504398c97c3dc2be0

SHA256
531b55d2224efa181b75ed4ceb84e4f854f26c2382dc411945515d57d8df2243

SHA512
af32b8b1e93c2fc1bb6c7ce0f371c8cedcdcb753393e8cbdf282424935db5f8f04b3468d450edc81ef28d8b4430d8941dacb2d8826d28be9065dc787c53eb553

Download Submit
C:\Program Files\Mozilla Firefox\vcruntime140_1.dll

Filesize
14KB

MD5
46fccf3a8a0f29ea35e0eb1e70f84c80

SHA1
42d0024d0fcb16cbc7ff95ff0cf9c980b6e3e7fd

SHA256
ba309c0bdbf79527cc59654c2ebb885aea65411a6c06126ad77a025286ea3ef2

SHA512
9cbc3a48355b9774a9e3b96afdb2b766f8019f8e2346ed75a2b172aa17a374e7a3f56e924cc593037473e65aa54251f4c660e8cbef5fd5a3914ad513fe58ef20

Download Submit
C:\Program Files\Mozilla Firefox\xul.dll

Filesize
32KB

MD5
90e3184a7e82765db9e31f37ff73d6da

SHA1
61f3f41b1788a9f13f94e0f0f604d3a752954b1d

SHA256
742e4d2a7e0bac7691efb046825553766bd20576ac64e9a0288ed0e4b45c8ccd

SHA512
1ecafeecf6bd064554eff34ee769f820c26d8e9b05917bc055196a2fad5f7d4cbaf2d5ea136ac5c888e084ec287a5d21ba58cf1a4516fdd819f79be3fd260d09

Download Submit
C:\Program Files\Mozilla Firefox\xul.dll.sig

Filesize
1KB

MD5
ad04f5f47d1f8e5a5da61722c4f419ba

SHA1
7f4ec4be146e1efd605592394c4454673ca32d82

SHA256
e835c97ab00d7471913ec2b586d0dddb70b8a22c91709a3534c7010465b08b6f

SHA512
1b9ae09bcb4b06f00a7b05f25bd758efc64ae1c786bc39f0b0027aee1642f894ce0b677941b82833f85b6fb6b28f9f0ce4273e53870eb8d864bd110cb16b1df5

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk

Filesize
1KB

MD5
64b3f790716fb0119d21d923e8eeb25a

SHA1
93ac37caa3c8dacf115da622e103687a750e5118

SHA256
7752d552aa6f97646559b5b27664b0002bb459f1664184ba4704c44f6fb54c3a

SHA512
af8b5ed140853ec3ad673e09fb20d70262224d57465312f42ba6180e079d5df7c632130665ff9f6802dfda96379ddd274b4045b304f8f77e7a6a034fda961d49

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk~RFe577b6a.TMP

Filesize
1KB

MD5
64c9c7cbf7289408a9f8588763769d26

SHA1
9aad0843831b82b980f5923f5523d9dab0e642d3

SHA256
2ab4e24e00d73f9cd09a94d41a2f6636d0265ee8eef981e0ff70fa50a6239eb3

SHA512
3f00632fd8b4192283eb0387c971901fa9f44fea1504690103be80b5f3500468562fca78f9370493ecba962d8c7877de506b84f3d4f8a916c2a5084453a37a7b

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

Filesize
914B

MD5
bd63ff60db80d75cb0dd4e81f7ca99cc

SHA1
7cee619e473c176fd9f487c273b2a63602af4ee7

SHA256
902af26ca57ace17a5250dbb11b6a9bb3578211dc8aa564e125b8204da411961

SHA512
3ea1c77e7abaf9dd91a9191d7e0bbc95bce9a155abde6b0681abfb78f8bde4c1955f136786a23d04c9023ac51fba825587ce2d7072be2a8afbf425d5f759f838

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

Filesize
1012B

MD5
c7d4ceff2460ad618b478d0c56aa6b35

SHA1
424b7366bba64b56010246540c5d8ea1626ca951

SHA256
e5288d2c525189920858779ef16149c41c3a255e195932f5cb36312ce49ebcac

SHA512
55b3a7b51b139baf3d53c7fdab34619b555a757a67d1ff6feb56b937e0ac27aecd6035e95ff88e49436aca01ad962e5989c250617107e52d270ebbd2ca6c34e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
382KB

MD5
33039ba6d8bb83f2b2ad7affc5db7302

SHA1
f7912111c819ae5abdbfdd8443a63ccf6bb86786

SHA256
58901cedbeb9414132e7acc4f20ce92ada7ddeaa40df889a729fb015c30df7cb

SHA512
e8276ca176f0f4e66d4a29906f69b3200eb9978b26fd413009758359b149c6a0d3fd9538ad5cca2153f985b5107096bcaffacb104ca5fe5649ced673271cd662

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS42219A57\setup-stub.exe

Filesize
407KB

MD5
27eba7c268114cde294ba56de94c1814

SHA1
0a0bbce1beaadb36e92bbcd1ed7de601e79528c1

SHA256
958aaac6fec9912ff65b7fa3ee87df665ee38ded11c90222b82efe8569847c9e

SHA512
5879384d9d22771b96db3b37ff9fb625f5c09ef3aea75919889b4450cd1efaa73c61f017d4a32802acfe8c0c90a1ed585062eec1b1331ac0cef8c45e31fffb98

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\AccessibleMarshal.dll

Filesize
5KB

MD5
0aa1a676d09322f9b8f4b11f26ff8b0a

SHA1
6b1e9cbf5a0af7666a8b623a2c2d0e1fa5b54186

SHA256
08805e765587f77c216cba0e738cbf577d971c5c11d7d513bf0c31019c02f0fa

SHA512
1b6f25d0882d44d5e8e14e0d369c5abd011beb16bbd159928936dc64ee9393404fa6acc5c89e7c18ccd0c3c1eefbe5fcf6ce17b1f193b3bcf3042b36e9896459

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\application.ini

Filesize
891B

MD5
714c51d08230cf2bd651886a1284d501

SHA1
bad4642fa73d6bbaa2775c8e2bccdcdd22c8d98a

SHA256
b86b4e63c9a7d02f6dbf324132e8b4bc7ee24a9bdb27e18ae20a0b0e2ecb8aed

SHA512
2f1a2a245099b34398b9b917e61f5159b930ccf13a3b94bd9c6fba6bfe9e6a0f81a257f30896f204961fc504bd22c570fffa18c3e7a6340473634a8d7e6dd252

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\crashreporter.exe

Filesize
251KB

MD5
15ffb981146709442e2ad42d3c09f1d0

SHA1
56f46cb6c2044cbb0899b79f92e0c5e85e24fb53

SHA256
762640918ff124d79f31446c3d8460e51b48ef84e4557dbfd5870ab35069410d

SHA512
8db0c2e8b1818e58f6d0551f6c2a2651da4660e9c89e91225f64861a3c032bba5a7635d40710ac63a18ec218ddcc8f3cb30d2af1c0ced7bc40b948d587092fcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\crashreporter.ini

Filesize
3KB

MD5
1b0d446f9d17c1374c81acec9d8d2406

SHA1
016bca3d4ee9a0dbb4350ee7a1898779dced6c11

SHA256
a0cc8cc3287d54d7e23a156256a553792970df9ca57f6ad85dceed32b979da71

SHA512
4e7de92579628cf8c31287506d6f3096bb15402ee6d694a72462cbd1f093e7d04cbcc9e13691b94408091e0c5ea8d8c528365a90885b55a126416af37be6979a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\default-browser-agent.exe

Filesize
33KB

MD5
46674ab0cd34b2386f80505e51dea993

SHA1
fd31bb6b755d7a67302a47f2dde29562a45b0ec7

SHA256
c843ff128651e52118cbde8d7e115a2fdb08b1b5f1c7191ed85cef544f173084

SHA512
af2ffd480b34ebb96c2f27175d3fe358439b9fc57f74db5aca28beba40f19ceccbd23bb82b5fdcdd60b8bfc3b6044e9ec2169a1d603d26dac845d7f781f9e8d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\defaultagent.ini

Filesize
483B

MD5
7a84fd3929948b8c43fa5fdfbf59c64e

SHA1
fb1ce51832cced529f785b8b4a0a6d631625abaa

SHA256
814f2e58ec2f5f33bbf365f743db28022bd141870b95febf87c0fa042b819106

SHA512
abe1f6d86bd835940f5e1cda1a7872ba27fe9be48dd53965fd9b8f5f96e1aabc0f8f931c04bb9fc7b0ac11b83cfd4661b67293025485c9cc09df0b171afeb806

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\dependentlibs.list

Filesize
55B

MD5
a515bc619743c790d426780ed4810105

SHA1
355dab227f0291b2c7f1945478eec7a4248578a0

SHA256
612e53338b53449be39f2e9086e15edc7bb3e7aa56c9d65a9d53b9eb3c3cc77d

SHA512
48ecd83a5eb1557dfabfaf588057e86fb4b7610f6ece119d6d89a38369d1c9426027520ce5b6d1cc79a4783b9f39ac58afb360cc76e05bbe8bbbd5128c5d395b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\firefox.VisualElementsManifest.xml

Filesize
557B

MD5
0aa43576f0420593451b10ab3b7582ec

SHA1
b5f535932053591c7678faa1cd7cc3a7de680d0d

SHA256
3b25ae142729ed15f3a10ebce2621bfa07fda5e4d76850763987a064122f7ae6

SHA512
6efb63c66f60e039cf99bfaf2e107c3c5ed4b6f319f3d5e4ef9316c1f26298b90d33c60b48b03699059d28b835fbc589417ac955fc45a2bc4c116a5200dfdc32

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\firefox.exe

Filesize
370KB

MD5
5e82bd15ea82908ebdc8ddc9009f396f

SHA1
dc527c9953ec096a8f6cb6f62064291f7c5592ae

SHA256
5ef1e13cc8b8bae0a7b82801e14ad1263ac6d728460a67d0029eb192457db328

SHA512
580a1ccad838744d9be9f4b8f99b02e1ba1a885191da5e01ee938eb6321d99426ea51fcc0762238c0f06f1376bc17c1232a06c667d6c9b32c74830bbdfebda62

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\firefox.exe.sig

Filesize
1KB

MD5
a199dda100aef7f40ff09180f261871b

SHA1
68752101c5f8d0df1900bc51c48a525e5c393711

SHA256
34afd5c8d04aff4e0514e801203996be0460ff97a65e86d3c7e39050c185ee6e

SHA512
8597be439af69cc50ecdf93a02187b3b48069a35891679b510a35805710295e6d5707002391f08f7e8c43a3332b93ad9ad027ce179dc7556fe00406a04c4f65b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\freebl3.dll

Filesize
335KB

MD5
6cbd84326dd11200b74b255c74ccdf93

SHA1
82b6d6bf3cf301fef1e907211a59bfd1953e2f0f

SHA256
d388a9d7c5783eee18d7323ef6af781b82d78ecba2fd1a1f955190034c52244a

SHA512
d7755b1002baa3f7909c1036b01b265b6ca5f326fa34d59a4eb2ea45ca7e50a0e3b96bd0c59fa1e04eca7c3bc750c998563a93460e987d7e902815bab2a90780

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\gkcodecs.dll

Filesize
276KB

MD5
d46560be93045d37a1966264313de1eb

SHA1
a3de75a386b735e924e3185be7b83626eaa620d5

SHA256
0712221b3bc1205897f838d95f72be1e51a8b84018e22882d89438c2e19978df

SHA512
ba49f8a5273203592b5c35832a15b0d7beac7c1b4ed952c56b603437f437722eb17cbf8224a7f0d8c5cd80a930a892464b489f0e597feb9b47567fa7b0cbeb21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\ipcclientcerts.dll

Filesize
209KB

MD5
cd4eae013bc55062538e522627bfb96d

SHA1
cf1055663ccd512ebd7a18f5cfd31fdd1089b2ff

SHA256
526734b6535ccbf52cd1308bb3ce7123de12ce2a9c4bd5e592326f1098aabb4f

SHA512
96995718d7e544641d9ccddd2dc499d8929b7b44e6cbc976af477e6f30d044c4002b58221a6273386808c40e4d0ebaff49a99b79e8b042c27849c27d385346a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\lgpllibs.dll

Filesize
151KB

MD5
d93063ddc72cb1182c9e3e14ac2cc966

SHA1
8b22d5fd07f5aa496630e57016b4b4a095c9d5a3

SHA256
d59c97462a170913a09d8c67d5b22b9f71ec3e79f8d69129b73501d2cb97572e

SHA512
280aab8e806556b7a911d732b68be4b81b9ef4cd0da04dcfa39cf25eb79333e7bc0bec0893039bb6635c621089f433a51339bb5ac5ea9550454fed7740ff883f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\libEGL.dll

Filesize
46KB

MD5
83e7fe4b7ff166eafae662f292605898

SHA1
ab4e668605ff3a9c12bef459d768cf7b21e263cc

SHA256
a7dc2de907cc7e5ec5137e18e909d29ccdff3227e4d3c54fbcfc7113e7bb9691

SHA512
a231b522291f4628e8de6ca42e8a9bbd7f11d1e094747a0e7f3d4e56084baf4cfd7b45d027904ba5a1fc677d21f6044c77fc35f29f983cdfcdbdab763232730b

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\libGLESv2.dll

Filesize
224KB

MD5
aa810531f3c5a7c3a95071652ae59208

SHA1
e535cd3fc5046975802e2ef919c18546b6ade270

SHA256
9342c49e8e47e88e44b9555c049a598aa0ea4427043f4e1f356d43edda72f042

SHA512
16fe75737847a3b270e70887e26f491bd45e7a3ee1f213b91e2983b10ef2304260a92737bcb6ba3f7ddb95eaa830b489127ad39953daa990be63100cc55e9eb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\locale.ini

Filesize
22B

MD5
bad74b155b8731bfddb8d54cbd1b0021

SHA1
5a4d8b98ae81f75e362d510713e05022be64c60b

SHA256
a4a030b6f430548e5bba3cfc748515d40b72c522a1345957df4ed5f88736013c

SHA512
ebfab2f589390553bd93c1299db8b7a7bfb8b1ac9ac5ce3c2c8d478c79ef8b93d6193f9e739e94f662dfc026cd49b04a8f2fe3ed82dd4bd191d1cf34e1e4501a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\maintenanceservice.exe

Filesize
233KB

MD5
30bf80ff0ccf0014cdda92bd4c9a2f24

SHA1
3bf71cccff39ca03b8dafaab587b811ce2ca5fd1

SHA256
a3e2d533e230aca935710e38f8945f26fd2011e782199900f6633e400777889d

SHA512
09097a28c69821b3130e0efb4fe3f95db5acc8d3123ec3f3bdb51dbbd179e36fb3e906b9708aa78ff30cb1f3b51250a698434f82980f1ed440d01c6c1dd3fdd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\maintenanceservice_installer.exe

Filesize
179KB

MD5
d0a65ae71e40eb248f1d058685f42c55

SHA1
5b9576ad07b079a2e64a9198172948dc98abbfc5

SHA256
701c74cbd0d0229f1387fde9cebb38e0f91ab88bc8b880f4fccb9a430c8b60e5

SHA512
51d779b5334208730cdf6adc078c4e0d49dacc69223116257ed6a37b2baf4068a926ba46d20fcdef63341f0f76802430e6781915a4d399128526704836b981c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\minidump-analyzer.exe

Filesize
434KB

MD5
e07cd60b26471876910ea2b0d94c2c0f

SHA1
a6b33b113c829caff49369d734d24e4abec91d4c

SHA256
bf6fadfbe92e0ee2db84e3a22b370f125c1aa97d4c5717865c266cf6332daf3d

SHA512
5cb429f5d516ec74b67920d926b88b886fe22b32f39b90605a9fd6dc9d98edfbf2fc3c69e407e2990b56b878e6879abcc29b94a8ef79ce22a631c27d1438192a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\mozavcodec.dll

Filesize
193KB

MD5
6e47e5d2ed7f1128112ff0a098fb6bf4

SHA1
1a2d404e4637af8284ad6c90d90080e72ae084de

SHA256
318e8a5685ccc0f909e8b2a567052b6c6f7d17d92a8d0b731f24b62be43bbe40

SHA512
83fcb839214757bec0afcb380edf0c7fec79b2f9cc6e5e33e056c51753d10ca7e72258e6d2c7991c7526a6672cd742bfbd1a760ed376a4a0c9ca336720e13883

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\mozavutil.dll

Filesize
211KB

MD5
e214fd0ff0ddcca529dfbab7b20bd669

SHA1
eaa607f3beaf53fca99dbe549873f736b7810110

SHA256
99c4f4bbb680e8b2c3865137d846f93473c12c51b608127eb8cd9ba0ce1999c8

SHA512
704dd90a440d81e75af2f80c3b44c402d6feec6a7d144ab1fbba22df5210fa41054abf19ab23d41872e4a18c3879dae36ce31f9b46575d6c2492b4c50b1973ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\mozglue.dll

Filesize
184KB

MD5
b239267d9b449ac2a6c9812298cc927c

SHA1
8d6a741d0044fdd6c75852d49a6fd7ab35563812

SHA256
567860593c5e3ec096a6574943097138aedf4e7778b7dcaafbaba6cb2b02f785

SHA512
dc914cdc9541812b0145f6dfd3c0bac2f3159dcdd226f4a024ea047d322aae3090d1b1206e13b306affce8dfce3ae724bf616e08b8aeedd35a9e7978a079b9d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\mozwer.dll

Filesize
288KB

MD5
e8047ceeb5cdc62bd188d4ac076bd1ab

SHA1
41f18eed3d3e5a51ed53580220d4021302b4f973

SHA256
c2570569ea8b655ad9082ec612f0e0a009cef81677b402192e8638eb7eaf2fd2

SHA512
6767329e5804d1d4a70fa8921f7fff7dfb064dd46b4746784e0bc8565fac01585a32e606cad85002de06ffd907fba22ad324e446a1762a6ca7d3db72debb8c8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\msvcp140.dll

Filesize
149KB

MD5
04cd54ef914d3a4fb895f98f03c7dec6

SHA1
98a2f9825ac07b3ef1b138281d80e6a4e3409158

SHA256
9b9c2d09e77ec67deb74549d600c705264a7690b428f1d4baafbd7cac64219ea

SHA512
2de5ada384bcfe132ea6d208fc25cd0eb77fdb78a1482fa3abed6517b646b992f01fb602f76002d2c577e112c3a3e16d97f869a89ad0475d4be7d76a177349d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\notificationserver.dll

Filesize
60KB

MD5
bdad4fc110aadf5ac193a9bb5141c4c9

SHA1
1edd7861221b94fb5686e21d230c10f1ee7020ac

SHA256
6da21b5971325406cf2a7ab41105d38a0ba60ee98390cc6bfb1bdcd46b4d7da3

SHA512
b4552876828ee064ba6714f61541a68b2e58a1209872f73108998af46cd13c341ebb3705cbdbcf9c21d1933a531b3248300cbc2cd8ca437ee8e7ec169013ab30

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\nss3.dll

Filesize
340KB

MD5
63672c3776157781d579d165531eaa63

SHA1
68d20bb4c29327c8d7a481c8f0c878e454e49559

SHA256
49be2a8cccb9317e651f264fa76bfce332108def58a7f9bda43e73f04b48c31d

SHA512
e763ae307b4f41dfe6923ef6c5f248fb3bad22370cfc47aed28e85d9533d2958273f32039ce2c4b4cc8b5314cbdcdecfcee44ad85bc91e7122b82ad9d527ec0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\nssckbi.dll

Filesize
172KB

MD5
52e0dd08705767204a05ca0524c2f2a4

SHA1
155dcbef230c5604f81e9563f2a66749e8317507

SHA256
b7b14936eaebdc6d9fd832ac401ec26c48316e22c0cb3f6030ad8db2b6e89329

SHA512
7db166c29f7e8b8a6f225478b269dc126e32ebe290d1a1c13f1d45612285d0a8b138078852d547f663e6ed6b7533c2ae4dcb2d16c079695503a9f885e120df60

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\omni.ja

Filesize
243KB

MD5
6880ccbba03bec48236a553f78d9eca7

SHA1
9455173f83d04cd5d051b01828b1e74f9048fb6e

SHA256
a1c6689c27c386874cf058a7410863a4b6301b564edc4b3ad1f07c71c850fbcc

SHA512
3dcaaad39681985d2fabafd7bbaedbe756a27722f278733dea7126d26620928e6858e938f839eaeda487ea4a8f93c41fabb356e6f527dee972f83e1dc8a89dcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\osclientcerts.dll

Filesize
237KB

MD5
7e007f9738be991d095ec9f654835b71

SHA1
2975b125a9d99e9ac59c20a966dc5e6b2bba4cd1

SHA256
6bf6e7879a5a94cfc3e61cbe55669cc1d67f7cb0e0f67a9a4fed6300113a4d17

SHA512
499c797d1c251686f1db5f8e83c21312498f392967b869945d543bc1c6377a47b5f43a2e9548191d3542f2395229bf3460d04eb089525ab2b38e9f46104645f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\pingsender.exe

Filesize
78KB

MD5
140a7648e0efe979ee967fdf82b751f0

SHA1
1280d4085aa601390353bcbefa9c0b1027f39adc

SHA256
d6f930b3b588ccdd797bb53972c41d8de9464e6fc5bceeaecd5587dc795a0fbe

SHA512
08ad0d632d6e2bf22d0107fc64eb140604e0fcd301187b0e3eebb6bafedc783a77e400b674f96c23c9d5544aa01170941671c91658004f114d3566ed4073cfa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\platform.ini

Filesize
165B

MD5
2e6faa1bfb06a9304ae6bb4dffa29c5a

SHA1
221055389fcd394a1453b8a7a273e3ab392e6282

SHA256
976d7f86c43003bc7b10681e4a1f24d721707536ea3912547b5e318975901828

SHA512
845d6a1c59346d0e3299bdd3d7ee4b33e81b653a76dc64ab08db5628b685a2214485c70db1ee1d8499599056f4a43acf091ff6b9c5e51b20c362767423cbd46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\plugin-container.exe

Filesize
241KB

MD5
0173b4d6fe0c20a06eb9c5502487c16c

SHA1
8b7e0e7da3486d4476b04c15e61f431600582ff1

SHA256
c6d4112e26f34dc16d68585445d1e3be6e4c2bd0ee21f5fedb8881c61d5dec58

SHA512
914fdaa531fe9563e01eb70bdacc47a7a950b112e56cf33e094eb2f1c62329f0a0bcd07a91f4195584cab792f50265942d129cbe480b62c330cef7d83140f3e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\plugin-container.exe.sig

Filesize
1KB

MD5
fda66743af32b32c4c7565509836add8

SHA1
d93a9815eb2398ceb9ddc21eafb4e5daad51c04f

SHA256
38fd6c38828de645bbc35a78d0e9db45a5945a821966b5242cc13387bd2e86ad

SHA512
6f9e762e5af6efca8d7361136c5f612421617267fb04354582c83f88cc833e541243964d7488351a3308d2534b81f0572b29e8b68fb8e8ae9695a5cad3eb809a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\core\precomplete

Filesize
2KB

MD5
81fb10c6162ee61c817bed8aeadb97b9

SHA1
fb1e1d2321734047fef9e0156fdcfedb80daf6d4

SHA256
35b1e11d98735728c2c52f5b788a9b9c60cbe3a603d0cd8262a95066442dc563

SHA512
4b412e020003a4fb84a0b25282f65fa9cdd825847f82bcd8295493b59a5a04c86ed329d92591a6dcaa6c14b22007d02ca3a415171c712929639651bef9744396

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\setup.exe

Filesize
92KB

MD5
d9b963aa5713de6364ebf98e48b88779

SHA1
c6485e1641f5f93ac833a9eb954edbf8443df64f

SHA256
4629d770ddc781a52fdb55832b4a0251367781bb3543e608cb50ba3667b3d2a3

SHA512
8413e8ce87d800a56ff94cc1773bf91b6214afe1721d798c4516040bfc141ac0a30ddd8b4a37529b03fd57ff0119351297d7c36f5276ca39a6178b23627b45f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS43168427\setup.exe

Filesize
185KB

MD5
b48111ca83e6d85afabea262ba59359b

SHA1
5c48ee283fc005f8db01206b6e1ddb30e96a9916

SHA256
1df8e8a415c4b1647e1776940daeed58940570933c44bcbd910756ba1274791f

SHA512
77f611b9123e4cf31400872ae6d50b3ff581bfcd8fd6bb535506ad03b9a59fb5b38a88d4a6974af9094dd701e68618f39f06450396356d32dc64fc0cdfc2bfde

Download Submit
C:\Users\Admin\AppData\Local\Temp\nGh9Va7IFroFgTw.exe

Filesize
306KB

MD5
b1ec7bff4192f75a0a53608047a190e9

SHA1
7686a580333e8d60e1806418c8467e85beab4d2a

SHA256
134e9f12545c3300eedc7a5644c28f390e00918a15fbcf2143492810ab4a5474

SHA512
2af2d71ef3f292888adbe9836ae8bb3b1a8f99f4c95be0565515adf544c989e4ff722342721500b0aefc5f57178a1de9a916c4096c3f6722b42dcd0063cd6067

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\AccessControl.dll

Filesize
21KB

MD5
eb7a540d0d2e28f6bf524d2cdbe0f478

SHA1
76204991c60913cffeba5595033c4f79e1e89bd8

SHA256
ef4b548b27a6edab3bcb25cff0598918c645795850d62f232909dee851e04c6d

SHA512
947132d07f7875dc99fbe8a87757f6efee0a8c6271f8a3bac6747f9f4f60ed7e203e28a588db8c55ee898ba8f3dcf640f6562c49c45d6c6d8fdbe2d2309b9984

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\AppAssocReg.dll

Filesize
14KB

MD5
012461cad43cc5a871bb2019a461a2e4

SHA1
75617dce95008117b5b1bd602bbbe58dfda4e6d8

SHA256
eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15

SHA512
f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\CityHash.dll

Filesize
53KB

MD5
2021acc65fa998daa98131e20c4605be

SHA1
2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

SHA256
c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

SHA512
cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\ServicesHelper.dll

Filesize
14KB

MD5
b9e8c2212ac8dae4b0eaf97c048529fa

SHA1
331d172323480b0518abdb0cc9e256dc7f46c357

SHA256
d6f6758adac2c073bec481e8de762af3a5574789bce3f43de02356afc9911e0f

SHA512
d93aa032e27c8268a4f6883711cf41f7ee2b5d33673a26d78db24456f2c548af39b7b98ed4b4737245c278d524fffb3e4bf708b6815dc866acd371427ff6be96

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\ShellLink.dll

Filesize
14KB

MD5
fa94d120efb029b43217c66bbc8c650c

SHA1
1fcf2d76adf69b403b7400681ac91d50ed20385f

SHA256
5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db

SHA512
07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\System.dll

Filesize
22KB

MD5
b361682fa5e6a1906e754cfa08aa8d90

SHA1
c6701aee0c866565de1b7c1f81fd88da56b395d3

SHA256
b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

SHA512
2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\UAC.dll

Filesize
28KB

MD5
d23b256e9c12fe37d984bae5017c5f8c

SHA1
fd698b58a563816b2260bbc50d7f864b33523121

SHA256
ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

SHA512
13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\components.ini

Filesize
44B

MD5
c9b5d86a9a0f014293b24a0922837564

SHA1
3cc73b4a30a1a0bfdc6812bbd17994f53eb5db2a

SHA256
775c85f3552754ad3794b88c0cb6d6fc43d412cd9a87a4b9e847386a5bd0a9c4

SHA512
790f365afbe4c5a37dbb56443d38f0c439eadca002e4001d373d6db8c1d80c4adacf3749e9d210cd0316381682fbbc46616a3fa36581c7ea6f5ce69119944b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\liteFirewallW.dll

Filesize
19KB

MD5
f31ba98a8d87faba153eea134968c854

SHA1
da0865cc1a86a39367f22897e1f9fbf4fb1f804f

SHA256
708fb54cffb6aea3547fc5ac745d1435ecc814df563bef59ba7a94f57d082bbb

SHA512
d991a2dd5ef537b25898afd7b7e73274a3cb8e6f5fca1621af22ee2761b82baf220aecb0c84434566742e2ab00b2f57a3740ce9831e76d4e1829bac3e044c8e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\nsExec.dll

Filesize
17KB

MD5
0e584c7120bd474c616013c58d51dc6b

SHA1
0bc980892341b52985d92fb3d8fbb6be77951935

SHA256
7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391

SHA512
aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\nsJSON.dll

Filesize
33KB

MD5
e832077eaee06f3b2ac9a8d2e7264567

SHA1
decbc329257c9c7fb67d3c449b4c5dfc1f87471f

SHA256
705f4947fb94254c4e5084e6a962045f6a4e790dfc1ecf59cd0fc3feb38bcbbf

SHA512
c1bada98c52ee2318d23c48fe202380eb42c5e1f18226cdc017f264c8c34f548bfe4d9b6eef13caae69ba321a71b199431b249fdec65f8bb1c386810932ccf6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\options.ini

Filesize
1KB

MD5
f50ac2442dddb1ec2bd0dd5410fcfbb4

SHA1
13a4a1dbd6cad83aa6e5d9043b6d98e1bf4ec371

SHA256
89b31e3fe0c4390d252a686512bacec6f53e3f4da6d1f12bca2866d4ba37d021

SHA512
697bad94809681055d19fb03f8979c79bb948bd01888392a0fff37b30fc87f965e7f716c0c28de6df6746518a5d5c26006e3a313eecbc6f8bdbed25d39d6f8a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc72DF.tmp\shortcuts.ini

Filesize
874B

MD5
71851e095439dfcac9099254c0881673

SHA1
d31c9dfade1d31b937872dd6a8761c4c117ef588

SHA256
97ef03760837f339242d39927e0f9fa046669ed66b9a413b853ea8b6450ebfc4

SHA512
1025ff9cfed7f064670b43b401f80a2a805354cdd0f3a348c3935e15e08d67d9fb05d028b259a66003403425d842d5f10aa88e9bb57563765cecb91e85ab6c18

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\CertCheck.dll

Filesize
4KB

MD5
837429ef2393bd6f8d7ae6ab43669108

SHA1
bc1a6e461de60db2f3036778c761103c02374082

SHA256
9e1831bf44b75980903eff8446960f21ab323b9f8249ddb49519718d873135d5

SHA512
c9b464377720799030e7303ea98acd38dc56ef0ae613ec540a5d9907d84bb7c455f6e02b38073901ee717bfdbf92137ab095aa9ce047971b6a2e6d3bc9d039d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\InetBgDL.dll

Filesize
33KB

MD5
73a0bec837004bc5ae5cd0a5b0d3bcf8

SHA1
92cb463841b6adeecb8cc9cc8eb5f39a61dc7edd

SHA256
0dd38281a824298100b2bc89ee5b8a5c9cd9ec7a3b051dff42037a891fa7c534

SHA512
f7aa18261fb4ef99b66e9a16e2df6323d34444de84a5bdabd3890154b0207f8509f34f2fe115b00e2396d33df778be6456a7fd754cc00271f8189e5a4420b6d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\System.dll

Filesize
11KB

MD5
17ed1c86bd67e78ade4712be48a7d2bd

SHA1
1cc9fe86d6d6030b4dae45ecddce5907991c01a0

SHA256
bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

SHA512
0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\UAC.dll

Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\UserInfo.dll

Filesize
4KB

MD5
1b446b36f5b4022d50ffdc0cf567b24a

SHA1
d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

SHA256
2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

SHA512
04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\bgstub.jpg

Filesize
17KB

MD5
49de6374f83191fde6836418fc489837

SHA1
7662e9717a996101559db15c16573a81e99de833

SHA256
04009456682876f46abfec45f629f1d85dd518f05a84d8d4700b56f2060fd071

SHA512
0a272b0b73da08069793398e6e36b45f8e3c7cd8e2b62dafb42e79c194041df8b4fee1c312cea76c86a51c7557ffe8cb2f4b6b110c6e70ee66112d76ae5fbe81

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\config.ini

Filesize
187B

MD5
ed23468cb20f1f37a967eb26f639faef

SHA1
5707e3d394b6a3e36e8b1e23317ec115bafa1e9c

SHA256
812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913

SHA512
9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\download.exe

Filesize
5.2MB

MD5
1246ce64814da00c2bcb7ef5730d378b

SHA1
be35e0c8ba83df94bdd3c523fec8dc319cb6e38d

SHA256
9cd8ddb7b30960aba9a31bd3f6f15343fbdb1f55a3fe5e8f9be010d56fd7e9bd

SHA512
bcc6083956a090cfcf0953e20f9f9fadad86e7c131103b3877c7acdedea5be78bbf054e1dcdff5b1938a2ab58e3ab9300be11d36a046d36a11853b823bb573bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\download.exe

Filesize
934KB

MD5
b9a66c2552f6b1ed7d6ee421af947032

SHA1
23eab114a2158bc5130e79fc01d178fe8f7c951f

SHA256
d1cda61d1f9cf3ed591e02ec6d65db68fdde9ddbdb6a9416edd641196de81b76

SHA512
d424038880f12f6942e9655511dc74702bd472a6f278e681648a156260c0b8741aea8132a4c23e7540ae32d752346e57f8599fe66dc6a5e7df4ef1447d7d0d1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\download.exe

Filesize
1.1MB

MD5
98c16350899940b6158f40eac215bf70

SHA1
a9656f3fe3e19396cfa585dd45800e6629368e51

SHA256
708ca3a2fb630498cdc70d536d5d15208b1d2cb9e13b01294331496b8fbb081c

SHA512
2851338413c1d66a37ade038c121c2bba36125472884810f904fa4beadee0c0e470eae0fe431421ea94913d602395e2219af6c9970e9835ed22440ed8a31de0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\nsDialogs.dll

Filesize
9KB

MD5
42b064366f780c1f298fa3cb3aeae260

SHA1
5b0349db73c43f35227b252b9aa6555f5ede9015

SHA256
c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

SHA512
50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd4298.tmp\nsJSON.dll

Filesize
18KB

MD5
e89c7cd9336d61bb500ac3e581601878

SHA1
45b2563daa00ba1b747615c23c38ef04b95c5674

SHA256
431fc2ed27d0b7a1ce80de07989595effcc3ffb1dea1af6c0e178b53f6bd2f1e

SHA512
09485a354ac4ace6084cb6fcbd92eee8488074763c8443638f78e655e45e8aa0fe40a45d4ce0dff116ed3a4bb7bc4d7d845a6ccf0e0bf35533ce81626a8db06f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
956KB

MD5
a88a1e9c8362ff250e83ef53d72bef60

SHA1
43ec0ccc34d2e2adc9a5b658a5be710d1c961905

SHA256
bb505f050819d610baad4e160335375e48235f6b25baffca658c231c6d6b12b6

SHA512
ef4c7ee2101468d62a80e7c1cb44e8dc78b65fa5f63897306ccdf1961c6f3405999556cc1dc8205586a9f78ea924060cc2da95e46ab281981550672db73be0bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\b0q9ekl2.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmp

Filesize
953B

MD5
ee97837639fa016583bc91cee1cdb4e0

SHA1
199bdcba473140f93d34cbd69d0e9bf330000faa

SHA256
53cc50cae71acb40a79e08308a7f35ffb263ac5cdf04e18ef0815bfe244b819d

SHA512
59fc2fccf2d158a3a8e5702c0f69a99a0e3c7dd7d00668536f6b5e1c905afe21013fa33162fffe5589275fae3b0b2cd9085a0c4066be153c94b47ad007cc2f60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\b0q9ekl2.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmp

Filesize
1KB

MD5
86bffc9e7bb8da35cd168089ead746d2

SHA1
e27315a548e863c3d8290f99f247fce177f26d01

SHA256
1c1c5a74aa6c76f64ce667cbfc33ca5a8b10abb2a86f8d102784d339439c7a3a

SHA512
6539a76866957dafd755f61cc48a57f53b72efe994774bf0ff1faeba3dfe4f7d9e954075cf5742b04508c5630900d8598119ba44869d28c2d7dcc248ef0a1e42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\b0q9ekl2.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\pending_pings\911d3db3-9518-4185-a8d5-b10496ca68a0

Filesize
588B

MD5
81add96e5c55474d80306f21e72a4949

SHA1
7272138f3a8626004ab6ba5627039abc5a0b507d

SHA256
8cc4751afc9d5835313e9135ceb953f2a5f989b461042a3913d6e3c7bcda5593

SHA512
3a767ebcf2c34cc7d57ecd0a5bba683fff81603a3cd750c7ce2c18659a6b9032e5900d1b5a5d82ab583570ead240f8bf2645e7f2ce5dde53937a923fdfa23b28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
3d6c56af8f1f9124c5f1a8e99a02c678

SHA1
86d01e732cb989646121ab5fafedad048395e235

SHA256
901f5147955133ed1ea5fdd511734c47f3ecf5b8864a790a525cbf28813dcb3f

SHA512
e70c57ac13394f205e562e85093149da8b32f00f188d230ce197ac92567c8a9ab169b3e1d4ad9dd5281a35a6a97944027913b46fcb8f5549067851f233a5aab2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.tmp

Filesize
4KB

MD5
30ab9f2455e40dbd0dc2c0c417d16024

SHA1
49887708165419579609c2407aa019f67d742d53

SHA256
8d318f255da791a1385350a05238b7a4e08db2ddca4d831e0083cd0846dd4dc4

SHA512
4f0742e700b898604fd2c7c171fe47eb49772427025b3df38b6b29d61bd007edd8d6d441be80c7e1c96cbfb753f103ad165a46aa7354acc513b83838bdc8c124

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.tmp

Filesize
4KB

MD5
b8d35de6a9104a1891c2ccfad662dc8e

SHA1
88a8045e4072f70c156248800524a9d554522131

SHA256
fa077aa16564d2cf72b882ede6b08a6c5218e2e26512092120d28f781c97916b

SHA512
8e865a47eb6f6f384dfa72e9b9bb22b0afd43a182e10f0040d9d0d37bdee70077e4907b9b8fbb3f14a230af8efe5b8a0826a4178d44359c25fcafa93fa50f153

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e687b3e3d0fedfaa86fe665f4fde8d23

SHA1
60717dce69262448d68c6555b0d2ae9b2bfb60d2

SHA256
008e43712fdf32dfadb8f6814628e908f4db3b117f96634042e4d9a70403dea2

SHA512
037c7bdeb28447aa33745b1f78335d505754324a89623506f8d60e90e414464d4df18565611aadb71f74d1efca5ff980306deb85e4a880c30367a274def9f530

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\46005e82-9504-4b25-8670-beebed58c4e7

Filesize
804B

MD5
3b04511e2c3bb6fbb15ad5cb734d26e3

SHA1
ac78fc5a4ab3f76d869968aeb5ae908efd1c11d9

SHA256
6918b323226905d248b0c5180be1bc53f867fc5eb942715d139f244452982d97

SHA512
d6aecbd1ae7160383ffd4026a75520332d3b05fd8a54f19d78f9d38d4e8f0983347d80685f51b1a30e3dc96857ab2e140510fb91013e9ebf512d5f12d2dd1b43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\datareporting\glean\pending_pings\7fb9dd9f-7db7-4cb6-9cca-79f3eb7c35f6

Filesize
10KB

MD5
433de56dfbdba4c3e94a8331a8666e10

SHA1
05ae210f481edf0387f670e02dca260959fb7ec7

SHA256
3c3adece3ebab0e366b13f4e950f53246635465e0b04f5864b2a8c650ac6ff9d

SHA512
a77379e931799fef0379e398dfd9efa1f7292358c9a3ec8a4ef34e49bc4e3ec22b52d636e608b8aeae789c69bed65daf2ee765fc1194e3b0832eb0c82f3ab3e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\extensions.json

Filesize
44KB

MD5
f5e20a39d092648638d1c574005645e4

SHA1
04c3c247fe4f5606d2641a5b824eeda9df50f6ce

SHA256
20826c2d2fcfbd778c5d47f3db9c63248ddc674a6ef3ccd639d97df44b28fca9

SHA512
3aea8016d0ad40d6f019afc40c3a4094c753b09538a5b47f4655d44cd91592f4149f0ca90f17c6cd9325185bed9c2effadb24fe279ef892b5f3ee014fdb7d49f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
422KB

MD5
2962bf9a0d58e08f24d5a85691ba73fd

SHA1
c24c40f0f9c7374fdc3ad154b1a1530cc4fb5f8d

SHA256
3b3cb0f80a40788a0c7959bc72d598023451552b0b7520fb0f041c097acad7b8

SHA512
64898cdb82aa7bbadc75e079fd4e00da01fedc1f38f420c94782f66bca78cd9383a4fc7857f2252d79544666eb426a1c147bb6e6576622e35a2e0d64ae6e918c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
618KB

MD5
ccf028811db461aefa0235c3e5da2242

SHA1
63817f92dfdbbed368da0dc630de4d62c5900143

SHA256
7080eefea3e2779a0f2394cf7ed7f98121b7a076cdb23e9a00e988572dac04db

SHA512
8c7539ccdb38331975033ee6b6e9d380cb1215a2f2b1a16c9b1e020a67885da6f45e49a4b4e77d223060a7f09683a8148f8096b4ebb2d915ce1c8e5d797895cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs-1.js

Filesize
9KB

MD5
de631307e2152bcdda741e5e2a4c5ec3

SHA1
d0b48356ce9747241526f47c894243fd32279d59

SHA256
0a722f24bcabfc104189fc938c26976b846acbb3e5cb8761504550b56d175338

SHA512
82c8052cfa29117c5263718fd7e706b534dff24f1a2d58dabe9e46c926ba6b1d9c814f48f2ca6ad96130e5d752a9211f12f70d86338b6c14cc173ae62e917348

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs.js

Filesize
8KB

MD5
324142c4a75e44ebfb569fd40e4dddc5

SHA1
1e9066e0a3f2c5cddd2ab5b8f8ce51b20a8296bd

SHA256
675f1772b48324cb478089c2c233f583687b5202d383559928cc180e26e33e62

SHA512
da9cce175ab2723e962905a8737ed850cfbb10fc09b7e83e8fe420519aef11e3e21c7985138a19f4d04af2f2e449af6606f3f1cc4a08be887a8c2d01ebe35b35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qmjs2eet.default-release\prefs.js

Filesize
6KB

MD5
3ecea48d3c443768ac06e671f5701b80

SHA1
17e47217eea0cfd8bea6c26b90895062ba20a254

SHA256
a6eeda9a73501a3b93ba5dbed879dd774eac1a212d37d0cd2b59f4fe32f6f209

SHA512
905ebcbc296628e2c15c4c79c6a90c06ccce77a5537dd426d300d45b1c7fd0faf10ec6d5a42eef6a70b9d582a9ac07edd4213e17c6a45176fed3dff09a61078c

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
902B

MD5
2baade32592ecae06d7d339c321d8d8b

SHA1
5801315b27d2fab63f1c885ee331e7b1675166ff

SHA256
8241a840533ba5f1391e1dadacdbcab330917962f3193940a305a6107ffac20e

SHA512
2ec5935758096b57163ebf8d00d0f3d7f8aa859b7089f9ef026cb8414028accdf325610998fb075889c52912b032b8c7b3919b509a28e9b29a49820bdf792a77

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
fcd53595b5b250fbcdec75aabff155e5

SHA1
63aa354431317a9daa68b21999e96ef57ff2f601

SHA256
9bb4b8f99d8bd035e7b64e705789768357263076f3eae3515fee7257443d9b5e

SHA512
15d4c46ab7e78cd4ce4cd191838a8c61c423ec59beabf1c03726c48337e938c6fd4cf73f8fe0049d78477a8f6edd1cd29d547a738727d768e724f4c941497d76

Download Submit
C:\Windows\CTS.exe

Filesize
59KB

MD5
5efd390d5f95c8191f5ac33c4db4b143

SHA1
42d81b118815361daa3007f1a40f1576e9a9e0bc

SHA256
6028434636f349d801465f77af3a1e387a9c5032942ca6cadb6506d0800f2a74

SHA512
720fbe253483dc034307a57a2860c8629a760f883603198d1213f5290b7f236bf0f5f237728ebed50962be83dc7dc4abe61a1e9a55218778495fc6580eb20b3d

Download Submit
memory/2940-9-0x0000000000080000-0x0000000000097000-memory.dmp

Filesize
92KB

Download
memory/2940-0-0x0000000000080000-0x0000000000097000-memory.dmp

Filesize
92KB

Download
memory/2968-91-0x0000000003020000-0x000000000302B000-memory.dmp

Filesize
44KB

Download
memory/4176-13-0x0000000000840000-0x0000000000857000-memory.dmp

Filesize
92KB

Download
memory/4404-136-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4644-10-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4644-261-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download