Malware Analysis Report

2025-08-05 09:59

Sample ID 240403-xvxyeaaa41
Target a44888f03675f69a357d19adbcc220ae_JaffaCakes118
SHA256 f7dbdc92a1d8c28935e36c18f2e9967735d9a82831dd86d09a6b1b0367ea0a88
Tags
discovery evasion persistence spyware stealer trojan upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f7dbdc92a1d8c28935e36c18f2e9967735d9a82831dd86d09a6b1b0367ea0a88

Threat Level: Likely malicious

The file a44888f03675f69a357d19adbcc220ae_JaffaCakes118 was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion persistence spyware stealer trojan upx

Downloads MZ/PE file

Registers COM server for autorun

UPX packed file

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Checks whether UAC is enabled

Adds Run key to start application

Checks installed software on the system

Drops file in Program Files directory

Drops file in Windows directory

Enumerates physical storage devices

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies Control Panel

Checks processor information in registry

Modifies Internet Explorer settings

Modifies system certificate store

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-03 19:11

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-04-03 19:11

Reported

2024-04-03 19:13

Platform

win10v2004-20240226-en

Max time kernel

147s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation C:\Program Files\Mozilla Firefox\firefox.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe N/A
N/A N/A C:\Windows\CTS.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe N/A
N/A N/A C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\default-browser-agent.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Windows\system32\regsvr32.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\default-browser-agent.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\default-browser-agent.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\default-browser-agent.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\AccessibleMarshal.dll" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{CAA8F5E2-0024-45EC-BD76-CB446914A78C}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAA8F5E2-0024-45EC-BD76-CB446914A78C}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\notificationserver.dll" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" C:\Windows\CTS.exe N/A

Checks installed software on the system

discovery

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Program Files\Mozilla Firefox\firefox.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\omni.ja C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\tobedeleted\nseF708.tmp C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\defaults\pref\ C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nsz36AD.tmp C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nspB77B.tmp\ C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File created C:\Program Files\Mozilla Firefox\libEGL.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\vcruntime140.dll C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\features\ C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\installation_telemetry.json C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\mozglue.dll C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File created C:\Program Files\Mozilla Firefox\notificationserver.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\defaults\ C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File created C:\Program Files\Mozilla Firefox\nssckbi.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File created C:\Program Files\Mozilla Firefox\freebl3.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\platform.ini C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\defaultagent.ini C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\omni.ja C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\gkcodecs.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe.sig C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File created C:\Program Files\Mozilla Firefox\private_browsing.exe C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nseB78D.tmp C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\xul.dll C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File created C:\Program Files\Mozilla Firefox\locale.ini C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nss3.dll C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File created C:\Program Files\Mozilla Firefox\firefox.exe.sig C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\ C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File created C:\Program Files\Mozilla Firefox\install.log C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\ipcclientcerts.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\platform.ini C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\wmfclearkey.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\defaultagent_localized.ini C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe N/A
File created C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\updater.exe C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140_1.dll C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\CTS.exe C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe N/A
File created C:\Windows\CTS.exe C:\Windows\CTS.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\Colors C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\Colors C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\Colors C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\shell\open C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\ddeexec C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\ = "Firefox URL" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\FIREFOXURL-308046B0AF4A39CB\SHELL\OPEN\DDEEXEC C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\URL Protocol C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\shell\open C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\shell\open\command C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Interface C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\URL Protocol C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\AppUserModelId\FirefoxToast-308046B0AF4A39CB C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec\ C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,0" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ = "ISimpleDOMNode" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec\ C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\shell\open\ddeexec C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{CAA8F5E2-0024-45EC-BD76-CB446914A78C}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,1" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\FriendlyTypeName = "Firefox URL" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\FriendlyTypeName = "Firefox Browsing Protocol" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\EditFlags = "2" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,0" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\ = "open" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\ = "Firefox Browsing Protocol" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\shell\open\ddeexec\ C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\command C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAA8F5E2-0024-45EC-BD76-CB446914A78C}\AppID = "{CAA8F5E2-0024-45EC-BD76-CB446914A78C}" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\FirefoxPDF-308046B0AF4A39CB\ = "Firefox PDF Document" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\FriendlyTypeName = "Firefox Private Browsing Protocol" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppUserModelId\FirefoxToast-308046B0AF4A39CB\DisplayName = "Mozilla Firefox" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\ = "Firefox HTML Document" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\DefaultIcon C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\shell\open\command C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\command C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec\ C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAA8F5E2-0024-45EC-BD76-CB446914A78C}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\notificationserver.dll" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\FirefoxPDF-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,5" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\FriendlyTypeName = "Firefox PDF Document" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\FriendlyTypeName = "Firefox HTML Document" C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\CTS.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1460 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe
PID 1460 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe
PID 1460 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe
PID 1460 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Windows\CTS.exe
PID 1460 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Windows\CTS.exe
PID 1460 wrote to memory of 4592 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Windows\CTS.exe
PID 640 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe
PID 640 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe
PID 640 wrote to memory of 3324 N/A C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe
PID 3324 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe
PID 3324 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe
PID 3324 wrote to memory of 3720 N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe
PID 3720 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe
PID 3720 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe
PID 3720 wrote to memory of 552 N/A C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe
PID 552 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe C:\Windows\system32\regsvr32.exe
PID 552 wrote to memory of 1816 N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe C:\Windows\system32\regsvr32.exe
PID 552 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
PID 552 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
PID 552 wrote to memory of 2192 N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
PID 2192 wrote to memory of 1900 N/A C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
PID 2192 wrote to memory of 1900 N/A C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
PID 552 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe C:\Program Files\Mozilla Firefox\default-browser-agent.exe
PID 552 wrote to memory of 1772 N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe C:\Program Files\Mozilla Firefox\default-browser-agent.exe
PID 1772 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1772 wrote to memory of 3000 N/A C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3000 wrote to memory of 1264 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 552 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3024 wrote to memory of 672 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3324 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3324 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 5040 wrote to memory of 3436 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3436 wrote to memory of 4068 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe

C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe

C:\Windows\CTS.exe

"C:\Windows\CTS.exe"

C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe

.\setup-stub.exe

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe

"C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe" /INI=C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\config.ini

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe

.\setup.exe /INI=C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\config.ini

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"

C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe

"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe

"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" install

C:\Program Files\Mozilla Firefox\default-browser-agent.exe

"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CB

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CB

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CB

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask install

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask install

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 2236 -prefMapHandle 2276 -prefsLen 23610 -prefMapSize 244606 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e5e6ceb-41af-48e4-85fd-afcb99206a96} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2180 -parentBuildID 20240401114208 -prefsHandle 2220 -prefMapHandle 2264 -prefsLen 23610 -prefMapSize 244606 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e1d0957-677a-4f3f-b4cb-a9c307769b99} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 3196 -prefsLen 21630 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7394040-649f-46c9-8123-b299cebf13b3} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3628 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 23726 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc22fe3f-3609-4a8d-bf04-29ab7cb6f285} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3548 -childID 3 -isForBrowser -prefsHandle 4080 -prefMapHandle 3864 -prefsLen 24751 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {471ee952-91e2-4c11-8254-9acb43f26d1e} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2192 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5056 -prefMapHandle 5064 -prefsLen 29225 -prefMapSize 244606 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {035547c0-d55b-4abd-b239-92e1f1db9abe} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -parentBuildID 20240401114208 -prefsHandle 5468 -prefMapHandle 5452 -prefsLen 29225 -prefMapSize 244606 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbf15c09-0b3f-4651-9254-d5f209f17e1f} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 4 -isForBrowser -prefsHandle 5672 -prefMapHandle 5680 -prefsLen 27044 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ba5caa7-a0e4-49e7-9e66-e358665b4e99} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -childID 5 -isForBrowser -prefsHandle 5876 -prefMapHandle 5476 -prefsLen 27044 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4db53e51-8559-4f2c-a703-604071c34fee} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6040 -childID 6 -isForBrowser -prefsHandle 6048 -prefMapHandle 6052 -prefsLen 27044 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cfc9332-8b86-4748-ae9f-856e07c776f5} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 227.97.18.2.in-addr.arpa udp
US 8.8.8.8:53 product-details.mozilla.org udp
GB 18.245.143.32:443 product-details.mozilla.org tcp
US 8.8.8.8:53 32.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 145.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 download.mozilla.org udp
US 54.163.103.50:443 download.mozilla.org tcp
US 8.8.8.8:53 download-installer.cdn.mozilla.net udp
US 34.117.35.28:443 download-installer.cdn.mozilla.net tcp
US 8.8.8.8:53 50.103.163.54.in-addr.arpa udp
US 8.8.8.8:53 28.35.117.34.in-addr.arpa udp
US 8.8.8.8:53 40.33.115.104.in-addr.arpa udp
US 8.8.8.8:53 232.110.86.104.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 213.122.19.2.in-addr.arpa udp
US 8.8.8.8:53 243.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 incoming.telemetry.mozilla.org udp
US 34.120.208.123:443 incoming.telemetry.mozilla.org tcp
US 8.8.8.8:53 123.208.120.34.in-addr.arpa udp
US 8.8.8.8:53 download-stats.mozilla.org udp
US 34.120.208.123:80 download-stats.mozilla.org tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 52.10.78.57:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 34.117.188.166:443 spocs.getpocket.com tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 57.78.10.52.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 37.158.120.34.in-addr.arpa udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.107.243.93:443 autopush.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
N/A 127.0.0.1:63571 tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
N/A 127.0.0.1:63745 tcp
N/A 127.0.0.1:63973 tcp
N/A 127.0.0.1:64008 tcp
US 8.8.8.8:53 aus5.mozilla.org udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 prod.content-signature-chains.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
IT 92.122.225.225:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 225.225.122.92.in-addr.arpa udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 142.250.180.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 r5---sn-aigzrn7d.gvt1.com udp
GB 173.194.138.202:443 r5---sn-aigzrn7d.gvt1.com tcp
US 8.8.8.8:53 r5.sn-aigzrn7d.gvt1.com udp
US 8.8.8.8:53 r5.sn-aigzrn7d.gvt1.com udp
US 8.8.8.8:53 202.138.194.173.in-addr.arpa udp
GB 173.194.138.202:443 r5.sn-aigzrn7d.gvt1.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
US 52.24.13.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 locprod2-elb-us-west-2.prod.mozaws.net udp
US 8.8.8.8:53 216.13.24.52.in-addr.arpa udp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

memory/1460-0-0x0000000000060000-0x0000000000077000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe

MD5 b1ec7bff4192f75a0a53608047a190e9
SHA1 7686a580333e8d60e1806418c8467e85beab4d2a
SHA256 134e9f12545c3300eedc7a5644c28f390e00918a15fbcf2143492810ab4a5474
SHA512 2af2d71ef3f292888adbe9836ae8bb3b1a8f99f4c95be0565515adf544c989e4ff722342721500b0aefc5f57178a1de9a916c4096c3f6722b42dcd0063cd6067

memory/640-5-0x0000000000400000-0x0000000000443000-memory.dmp

memory/1460-10-0x0000000000060000-0x0000000000077000-memory.dmp

C:\Windows\CTS.exe

MD5 0e7e453ad39d8ea670bd958e9f9e4999
SHA1 759a278aa63f98ea495c3f5f829f52d2b26885ba
SHA256 a4bda0a7d0dbc07eb77195771d9ccdeb18d2d2e4d7c5a7e7028e771c6f567428
SHA512 53803908c638e19b033ea1d190474a3f22c38a97b73fae77f5fd9b9287309918268522003aadfe34b42cbbc7428043712ff8f3ef191a14739031f231092e538d

memory/4592-11-0x0000000000CD0000-0x0000000000CE7000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

MD5 b42e90b72182b75cd2c926f1bc05b257
SHA1 e7e5cc010bd1e3dcbe7abc5a4b887dd43f858366
SHA256 dd1512b56b176cb2c6f40f2baeda7f5521782dd1e0d90ff13eca8fb0a5aab83d
SHA512 337946d211e4a0a4bf919624b39d001b65045d7fab71c3568d24116c3285f525b3ea880c9f95adbc6a4ab645c2aa4829ffbaeefcfd45099c7543c05afc595586

memory/640-22-0x0000000000400000-0x0000000000443000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe

MD5 27eba7c268114cde294ba56de94c1814
SHA1 0a0bbce1beaadb36e92bbcd1ed7de601e79528c1
SHA256 958aaac6fec9912ff65b7fa3ee87df665ee38ded11c90222b82efe8569847c9e
SHA512 5879384d9d22771b96db3b37ff9fb625f5c09ef3aea75919889b4450cd1efaa73c61f017d4a32802acfe8c0c90a1ed585062eec1b1331ac0cef8c45e31fffb98

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\System.dll

MD5 17ed1c86bd67e78ade4712be48a7d2bd
SHA1 1cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256 bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA512 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\UAC.dll

MD5 113c5f02686d865bc9e8332350274fd1
SHA1 4fa4414666f8091e327adb4d81a98a0d6e2e254a
SHA256 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d
SHA512 e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\UserInfo.dll

MD5 1b446b36f5b4022d50ffdc0cf567b24a
SHA1 d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9
SHA256 2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922
SHA512 04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\nsJSON.dll

MD5 e89c7cd9336d61bb500ac3e581601878
SHA1 45b2563daa00ba1b747615c23c38ef04b95c5674
SHA256 431fc2ed27d0b7a1ce80de07989595effcc3ffb1dea1af6c0e178b53f6bd2f1e
SHA512 09485a354ac4ace6084cb6fcbd92eee8488074763c8443638f78e655e45e8aa0fe40a45d4ce0dff116ed3a4bb7bc4d7d845a6ccf0e0bf35533ce81626a8db06f

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\nsDialogs.dll

MD5 42b064366f780c1f298fa3cb3aeae260
SHA1 5b0349db73c43f35227b252b9aa6555f5ede9015
SHA256 c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab
SHA512 50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

memory/640-85-0x0000000000400000-0x0000000000443000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\InetBgDL.dll

MD5 73a0bec837004bc5ae5cd0a5b0d3bcf8
SHA1 92cb463841b6adeecb8cc9cc8eb5f39a61dc7edd
SHA256 0dd38281a824298100b2bc89ee5b8a5c9cd9ec7a3b051dff42037a891fa7c534
SHA512 f7aa18261fb4ef99b66e9a16e2df6323d34444de84a5bdabd3890154b0207f8509f34f2fe115b00e2396d33df778be6456a7fd754cc00271f8189e5a4420b6d2

memory/3324-92-0x0000000003030000-0x000000000303B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\CertCheck.dll

MD5 837429ef2393bd6f8d7ae6ab43669108
SHA1 bc1a6e461de60db2f3036778c761103c02374082
SHA256 9e1831bf44b75980903eff8446960f21ab323b9f8249ddb49519718d873135d5
SHA512 c9b464377720799030e7303ea98acd38dc56ef0ae613ec540a5d9907d84bb7c455f6e02b38073901ee717bfdbf92137ab095aa9ce047971b6a2e6d3bc9d039d1

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe

MD5 8004042f7b49322c7d9d051c80ba6dfb
SHA1 f74650fe271fdc0242c19c45c38c8613e597db77
SHA256 f090a655e4973acfa991963694fdacc10547c668b44694aee8664eea24941b67
SHA512 fc7a5940a0a32ac9fc45771f57e709c3180f3985d59b639b330d458cbccf829b03c3fdeb0015f43ce52605002498a76dbef2e97001b113d6651e779d653f9ea5

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\config.ini

MD5 ed23468cb20f1f37a967eb26f639faef
SHA1 5707e3d394b6a3e36e8b1e23317ec115bafa1e9c
SHA256 812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913
SHA512 9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9

memory/3720-163-0x0000000000400000-0x0000000000446000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe

MD5 438e90694f02ad259acaf8774d8f044b
SHA1 0eb161320a765ee7a4ae14faab38d2a88bb34039
SHA256 7ea16cb69f17c122427481efd1a09249ccd789caa070fd354c56a25783fceb12
SHA512 ad2f4e4391c6e709907f15e326dd88f059e66c5ec3ff1eb902177547b378ea28f4d58eeb9feda1b24901b36e8cc016badefe436ab8dfa6d778a095dc4ee5c194

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\System.dll

MD5 b361682fa5e6a1906e754cfa08aa8d90
SHA1 c6701aee0c866565de1b7c1f81fd88da56b395d3
SHA256 b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
SHA512 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\UAC.dll

MD5 d23b256e9c12fe37d984bae5017c5f8c
SHA1 fd698b58a563816b2260bbc50d7f864b33523121
SHA256 ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c
SHA512 13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\components.ini

MD5 c9b5d86a9a0f014293b24a0922837564
SHA1 3cc73b4a30a1a0bfdc6812bbd17994f53eb5db2a
SHA256 775c85f3552754ad3794b88c0cb6d6fc43d412cd9a87a4b9e847386a5bd0a9c4
SHA512 790f365afbe4c5a37dbb56443d38f0c439eadca002e4001d373d6db8c1d80c4adacf3749e9d210cd0316381682fbbc46616a3fa36581c7ea6f5ce69119944b62

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\options.ini

MD5 f50ac2442dddb1ec2bd0dd5410fcfbb4
SHA1 13a4a1dbd6cad83aa6e5d9043b6d98e1bf4ec371
SHA256 89b31e3fe0c4390d252a686512bacec6f53e3f4da6d1f12bca2866d4ba37d021
SHA512 697bad94809681055d19fb03f8979c79bb948bd01888392a0fff37b30fc87f965e7f716c0c28de6df6746518a5d5c26006e3a313eecbc6f8bdbed25d39d6f8a2

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\shortcuts.ini

MD5 71851e095439dfcac9099254c0881673
SHA1 d31c9dfade1d31b937872dd6a8761c4c117ef588
SHA256 97ef03760837f339242d39927e0f9fa046669ed66b9a413b853ea8b6450ebfc4
SHA512 1025ff9cfed7f064670b43b401f80a2a805354cdd0f3a348c3935e15e08d67d9fb05d028b259a66003403425d842d5f10aa88e9bb57563765cecb91e85ab6c18

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\application.ini

MD5 b88b39cc6f0db319089ce85abc86bad3
SHA1 fe60addd45fe721a0bbb79fb12b5be85a471ea21
SHA256 52380c119d09bde2b00e375c32621aff55a676e07aaf88c604ac5c68f664ee25
SHA512 f4af28f15b8ec3b363deddf126d6e34692a74d29b8b2c908d41672e23c17925f7131401dc2efd84c6962c5e7ec9241967946dc36bfb3501edd2c79dea7d67fc5

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\freebl3.dll

MD5 079f48ed995b415d79f99d7f5facacc2
SHA1 06eff6d1482c5a35a85a82dd37660b237e5e76b6
SHA256 f5465f6b92a425a2a8e42726976a435cc5f7ce93a2dccc670dce597db26962df
SHA512 9a1366aa0c744492bd40a8b9b225946017f3db76a7f6e75dca8006dc220f78b3db7338feffa2b8f3d55a5de42b4811250297d6158270925b4baf5b10f172aad5

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\nssckbi.dll

MD5 e96c86eba0f9fdc4582dc0e3b9b0e5b2
SHA1 65279d8939a18620751ecf4ebf3715aeee8a5331
SHA256 5fda066b1a6bab8a3d432a3e5e3d8a886a9488db8ed2b9f2afc55c7e0f38428f
SHA512 f4212fc7b64a5f5632ddb73105334a5f43f05a65603b55bc248434ac21927942b9fb5d7af3a2e03061604e95505976e268bb6583be748e067dbd4ff3b570f135

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\nss3.dll

MD5 070429099820a3995b316e8888f7a468
SHA1 63116279af074dbdcbf71b198c3fb058a8c37fe1
SHA256 0340a6ce301d24548dff25dd09869b73cba87c77d84ca1c5a025ea9f90df6ddc
SHA512 27d80d6c56cc9fde8268350f64d4fdb7b5181865060e80f33f0bbe71d0a0718fb5874435aaf89f02b9f5ef2163564d2ec7b1502926a84dc85ca1f3dd3f20c127

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\omni.ja

MD5 1ee45c37aa44ab50a80aef6b5b373bf7
SHA1 282e6eac2881dc6f474f279c1f14b5de3a0bec18
SHA256 ec10ce99a9ce2ef6223b4ef004977e9abfbd0140581e403965f4e686da4674e3
SHA512 a342bcb0bf699dc1aff6344d2fb4564d026c1de03036ae6d3b90059a7fb6fb8473ee59c98815745eee5327db0b1c8ef845022179f8634381f687f28208485659

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\precomplete

MD5 e5cc0a1ba04481c6c564661a2ba54b66
SHA1 2dcfc5beed8308fe6f90613a49f2332f7dc5bf68
SHA256 f2a7800d0be7e010d58c7ffd8a8e40af4314aa2002d1db80a22d8f94d36bc6cc
SHA512 50e057a3f3478b98b2988c9f2bcd79f83b89d578838db5c2339b9774adae5b1cc41d19646f643818b80cd37120c5fefd0f6e04fee5d3d50c7bdf2ba769ad5297

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\plugin-container.exe.sig

MD5 be706f5b8fe29f1597208c6b2ec5f9f4
SHA1 adef4ff9de574888ccc9f46464c9cc9ab872d600
SHA256 67a1210a34f5ca2fba95b4431fad421943491767bd6edd14aefb0de19825cb1e
SHA512 b34e2c2f9da5b0639d0c42d92ffc3ea2a0026f392c7cc34fdf7147aa987abfca0d1b6ac81bb5edd8f379b4ac73397ec3ee817196f08d770aa6b4f9c2a1120cfb

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\plugin-container.exe

MD5 82ca21464b210f907e27075b9c43f24c
SHA1 8f7d9b07fa033072e83cf68a9bb3326c5a6d56e9
SHA256 8e9ca7f8b64b537a324f73f392461c159ef0ae3e540977642f6ea0462b877cb0
SHA512 2f77e5e7c8734d360fbf4870da73fb55fd3e78134f3c9c4620d5dee315cf34fc5365a3a5ccef68e52a8fbda590f9dd1ac48f4dea7ba780d8948b95e085244112

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\platform.ini

MD5 1a622984199574cc7162a341f0348d57
SHA1 54ab96c39b9da2dce2505dfe6d13a4c4fb901c5c
SHA256 af70dfd1aa8fcc9cb5ccefa17a9e23d21f822fc038e90e60f95c4d53f2db4cfb
SHA512 5b1175ce4ec42ad6664dc57024850891d6dfa9e43daf5ae2f6d2553c37df12ccea7022ec5e1c1ad5894a4d43b1780381598a034ed2ba723b9e2c5b1540d602e0

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\pingsender.exe

MD5 69a30d1e4195aff22f15bbc590e9b5e3
SHA1 7547128630487c8cb3e3ae03bb58841ea848e94b
SHA256 08d8cf85c548ac664d6f39d5518bebd41e1a9e5f51153eba33ab91e3da52cea6
SHA512 c921f78620d8e8c79c82e24fa17997a6a4874b8707ad7ff42dfd22b824a9eae2e3fb43d5c136924295757b27ade4f3e625b8c77d97c91f7fa60519d67a56129b

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\crashreporter.exe

MD5 aa9c1de3041eb75aeee90b85ff66c9dd
SHA1 83cba1e082732d95f278434fd25374104e25c668
SHA256 57b8145816b5d189842e350fc030e5a4def3a8990e489aa68dafec2b34e50171
SHA512 fa75c0de232e497540cce6f27dc0b0457860255a0822a6db297942ae91159dffaf4d35367aabcf9b2e235766a204210afee13e2e00cd0016403956a8a63a78a2

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\osclientcerts.dll

MD5 cd0017e6e8286fa37d893ef0fb03848b
SHA1 c19720c3386b3dec6340a5083b8eac99f1365f62
SHA256 0cda4d44b2d1764bdf2cf9a3870aad590db3807f5ac398d5eab414450883dacd
SHA512 8625850a31ea175b026d6d98fb35b6071f2cf4bf64f6f8fe446022bd4e62ad9e572dd62707ba76c6402ae2130af588128476dc15a3d50c2d9a926e069e01791a

C:\Program Files\Mozilla Firefox\install.log

MD5 6625e51c07830649386336ff4efbff91
SHA1 b6b42943e3edb03fb5bfb5510128aa6c0e8c4bbc
SHA256 54f74043b22856e151bae7bbd79b68abd0a4a57d34a0b8a9e25b51ee0e170264
SHA512 6493ab372978f336fe5f8279776fafe6dfa46dde1cadbfaa68eb5dd60428f9bcaa548f19b5b1f56492b51bee11a8e095d09bdb5d7815f2ccfd7792e5be20d807

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\notificationserver.dll

MD5 0970c393b8f2c2c66f54c70088a462e7
SHA1 67b2e55fd4bb8abdae0084a608c45668289797c5
SHA256 c7ee3a3f93887c628ce555fe010bb09628710940c903cbde4f2d6faaedc7b104
SHA512 1643de027f0f17c0cf821c18f84a546c27e8ef4a1c6fbba10c6f20f2bd64a0de6eedaf15d297b912c4de98e0218b54777b781965b8a615794846c96a69e58c85

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\msvcp140.dll

MD5 0d89995cc45c7eb40e5a7e287506c1e9
SHA1 096c27b06ee7fff2bcd290af0264cdafd04cded9
SHA256 e0a22a594e148fa55ceef3e49969bfa77011a801267a0bd7805b681b593c9d0b
SHA512 3497c2957d10fcddeec8f312fb15c53f82d770dcc3e771a94daf4f4435c3ddf323ecd33310baaf1ad56673bac7c6268a9ef921d5f32cf7e4a7c9dcb0d8aafa63

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\mozwer.dll

MD5 4c178b42e7ac23c2670f9062140db18b
SHA1 1866da5ff5ac76b6d48f5cbd906969e44de254aa
SHA256 b80ff8b4a8a53bb5c0b811899005923e57567823914b90c8ebf978be75db82f2
SHA512 86147e368d86f927ea203b3dd56c20d516a3598af3e27d4a51dce9b4090f0bc159f92c7182cf2f910034ccfed1c713b7b59db8c650328f79b5783ea01ad9091a

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\mozglue.dll

MD5 82958c604717fc0a15052e03a927cfa4
SHA1 829a7eb23147c31d9746ddaa30201b7127515416
SHA256 948818942a29cf21260ba389c2fdf3c001d77851500a7124c1f6a3290b8f826c
SHA512 70e5118dd760e7dc86f3641da57dad00f02b703e53230bc13e0e9e21fddcba75d3e70445d90d9f13988956e4ba20e7b54ebbdaaed18c3e7aa75a4214c2e2aff9

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\mozavutil.dll

MD5 a8c59fe48e7534b1f328c6695a3c1980
SHA1 50888185b771136b18277d0fa01d34581c63a26f
SHA256 7bd0afa48888aeaa8c95c43ad50a7c10e569bd270a61122d8d44cfe4f95760e5
SHA512 7b410705365c1286c457e6ef009d3232a5eadc45204e1f3a2cb9f3eff1e52dd990cbc850a9b5b377161a591ff66569c768c36336c22c69282108247d85945937

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\mozavcodec.dll

MD5 982f90321a56b53fb89a10df4cebecb1
SHA1 679421f5547c6e1c368102db3e2c644a736b3264
SHA256 0a39ef94934e5c442c222e3ef3db8f27b40348cff72f0c2b47444f9b79947281
SHA512 24c8e0de7404176e4ed2bde53959ed792c79c2919bc779b293b067dfd1fa9880c493a9952ac8b23a8872209b414602f437bd2275f591536fe8cc90b7610148e7

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\minidump-analyzer.exe

MD5 27339083fea7fd6d8363f7fa88ca7b80
SHA1 6582a65dc5d306964236ce560a85b6a3826ae9ee
SHA256 f18e014b7127345cd9462e3da9299d3a57fd64dddd60e6c9f088b8b9c30161a7
SHA512 e9987041bc8a2ed5eadeee525db19e415cd96a19b2a7a4aca1372cbd072c88f64f8fe5ce4b1ebe4ba75f3f436de33173a363cf2a64f459500563cf529894a777

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\maintenanceservice_installer.exe

MD5 6af8db25cd8020149f2185aa5d4f32d1
SHA1 cbbf719fe0d908ae61786c7ed7a7b07813f525d7
SHA256 cb1e94285ac672b4184ceecbfcd8da3bb2b535b53ecddd3f94bff702e71cae1d
SHA512 f8444e1da21e8644203fb7bc6232694b0eb971ae846d15e3e79e128c96fed6530ce45b8076f032fc45e3037cf2b8aa119ed0a47f9798e34c900e0efdc3a1a065

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\maintenanceservice.exe

MD5 47b61a3787718ef6e3b0f4867dfd77b6
SHA1 ca3cc47dbd686fe15a124576192aee45339f1be7
SHA256 78d5ba607a68d835f89f6f79b2686d3fb71f6f1e414517acc8435fb02c994d84
SHA512 10bb4ef3cb7d17e732e29821deada7fa4883cc45d154b6d28322110102404dfe3744ff79aab7159e6da604bc1c3ac77bc740e1cfd46f8d1a08c48bd7f58d4c68

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\locale.ini

MD5 bad74b155b8731bfddb8d54cbd1b0021
SHA1 5a4d8b98ae81f75e362d510713e05022be64c60b
SHA256 a4a030b6f430548e5bba3cfc748515d40b72c522a1345957df4ed5f88736013c
SHA512 ebfab2f589390553bd93c1299db8b7a7bfb8b1ac9ac5ce3c2c8d478c79ef8b93d6193f9e739e94f662dfc026cd49b04a8f2fe3ed82dd4bd191d1cf34e1e4501a

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\libGLESv2.dll

MD5 b58355070a47e6e3bc71a7a599027d83
SHA1 1e73a9f5c9c505b1cfddbb2c6ec6cf97a7948008
SHA256 2a4d75ba4b34e2de99429a77737e80541b8f65396048cea6f901e6192d434907
SHA512 9ba1e9ad2b54e879d97983738fc816c1de3ec683cfae183b7b269badce5ef88a0dff35dec6074ef0027e0978f1f975b7afa21f18dd9bb37ee9d04ad133bffd1c

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\libEGL.dll

MD5 42fc6c25f845433398e008bf77cb4854
SHA1 cf25039a0701bc4d4e0fbffc769dbf2a514a7d24
SHA256 192b2fbcc598e481616d6dd828d673bb54374173d70e75bd0a212278ac91793e
SHA512 b395693e9d2238cb1854788a196887c5aad3da218ae6547600a94c45801b2ae88b24ba4e5a08085e2d68cc05d459fe377b7b990bf52a5f3c0d05d07045b50f2d

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\lgpllibs.dll

MD5 acc604c38015a9506ecd36c535222306
SHA1 cb6ea3f2b27d0671b3aee0976c0349f618b57165
SHA256 f2aa7dde0f7178d2fc4684b3aba0489dc6e02cd385c070fa4c1024eb721f187b
SHA512 f56bb190b5f01624a434ee8a891b41df64c2667b7b8b5e4d219784ef1ff70f79b17e3cf00fca8822edb86ab062e4bb21391370826fa77157094fe2e9c35614b0

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\ipcclientcerts.dll

MD5 0fec92b8cc50b4ec4274fc29e8e72c68
SHA1 02bd7c081e68005cfc02d3459558f0c981b4380e
SHA256 9539d62b3888eec11a669e6777702990824409745f9166ce2bd346ad2314eec1
SHA512 82bf1e37b44d37fba508a394f70ca9f7bf4e9920535821add189d42e4154945bb0d1c4867e13d20511dc4985db72f5f09a3a4febd6b02f1d3e93cef56ce910e5

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\gkcodecs.dll

MD5 818e5d1e4e556ba76f0f0cb544d056f7
SHA1 964b27160a945435c25929503c9f43e091af1c85
SHA256 7e2ae1aca6a7a4f7932b52a5a12f7c751ce2e73f6760831d4075d29be846d800
SHA512 25f6fa475ed02a3402d4d41eafc86c0dd536fb2f8db26fbf9b9455dccc96fdcad0cd8570edbac3223f3ebec2898034e58a10e4bffd4a1dcb82d5681c5fca48fa

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\firefox.VisualElementsManifest.xml

MD5 0aa43576f0420593451b10ab3b7582ec
SHA1 b5f535932053591c7678faa1cd7cc3a7de680d0d
SHA256 3b25ae142729ed15f3a10ebce2621bfa07fda5e4d76850763987a064122f7ae6
SHA512 6efb63c66f60e039cf99bfaf2e107c3c5ed4b6f319f3d5e4ef9316c1f26298b90d33c60b48b03699059d28b835fbc589417ac955fc45a2bc4c116a5200dfdc32

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\firefox.exe.sig

MD5 e8767315c596113a434835809e598247
SHA1 e0394ea26d12effe0510bbc01e885e80f3b14c94
SHA256 2dddb2b97032525224c92af53a0630657e630b075ca1db60d0a9055054a25406
SHA512 4ff532f31504a2b097deae3afb4accc55cc6932ab43f53aa67706bfb552058f09fc66ad2ea82f5d6e4d2513647174fb1bb2fa4cae494cd017d0aa4a27c12bf0b

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\firefox.exe

MD5 470443e44566ecfc7ac2ddbec240a73f
SHA1 27bb8d2fc02cd2bbc184d07357aaa9903d88b425
SHA256 006652da0745d8672ec56598368c1f8a4896cd4a0aa5b61499d574870f94b705
SHA512 22c9bc36874abb015a7e1a28e26f186f2abbd559aad53fdcf493f2178dbc6cfe5a7324d0acadcf4a641028e61787d2f4237a8c034a3a7a6d0a7162f31e05a618

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\dependentlibs.list

MD5 a515bc619743c790d426780ed4810105
SHA1 355dab227f0291b2c7f1945478eec7a4248578a0
SHA256 612e53338b53449be39f2e9086e15edc7bb3e7aa56c9d65a9d53b9eb3c3cc77d
SHA512 48ecd83a5eb1557dfabfaf588057e86fb4b7610f6ece119d6d89a38369d1c9426027520ce5b6d1cc79a4783b9f39ac58afb360cc76e05bbe8bbbd5128c5d395b

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\defaultagent.ini

MD5 7a84fd3929948b8c43fa5fdfbf59c64e
SHA1 fb1ce51832cced529f785b8b4a0a6d631625abaa
SHA256 814f2e58ec2f5f33bbf365f743db28022bd141870b95febf87c0fa042b819106
SHA512 abe1f6d86bd835940f5e1cda1a7872ba27fe9be48dd53965fd9b8f5f96e1aabc0f8f931c04bb9fc7b0ac11b83cfd4661b67293025485c9cc09df0b171afeb806

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\default-browser-agent.exe

MD5 4c6887f8c8c66f0b2db5a8b347931b70
SHA1 1a71320873155f84de67bc16324c8ca0e503be04
SHA256 a080df509685780d81ee32d86eac7ab15b5831090678f63b5741b57fd8a9969c
SHA512 3e1cc423bcde71a24457b5f9756241c0bc0f9b1f434eafc84ec733f124bbcf6f9a1e104caf402ef2d60a96b895842a8e6b18cffc59936e6c4873a3be92cace8f

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\crashreporter.ini

MD5 1b0d446f9d17c1374c81acec9d8d2406
SHA1 016bca3d4ee9a0dbb4350ee7a1898779dced6c11
SHA256 a0cc8cc3287d54d7e23a156256a553792970df9ca57f6ad85dceed32b979da71
SHA512 4e7de92579628cf8c31287506d6f3096bb15402ee6d694a72462cbd1f093e7d04cbcc9e13691b94408091e0c5ea8d8c528365a90885b55a126416af37be6979a

C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\AccessibleMarshal.dll

MD5 eb0c475124ce894398ead3733efbd451
SHA1 5413979dcaaaff24b5d47d2ff6430f229c4abb6e
SHA256 46b72bd02816965cd29d9c50c6afcd6b75b7a7b278605a1700ecc0a1e1492766
SHA512 2bddafc036331a89b5e4d5fce6d1d62805f04f37bdc1dc3a95b4644955a983aefde6a371b8d18f4432882473c907f2dbe55c31f6e47a54006b73070534f3644b

C:\Program Files\Mozilla Firefox\install.log

MD5 790bf8bf74f75d09d509da7144f3b00e
SHA1 8cb611cdd1c5e2ab8c4d57de902bc5adbe010e4d
SHA256 989662ecc5704168de14270edfe99cdced50b2b7f46837f9713c06591ec533e7
SHA512 72fcc486f2ffee7a9bca85d0a881cabd3f5359bf5e3a3fa16b6a31c90cd53610148c28a73793bbefdab5e7ecf727e8388c9f9f79e76b3299c6f220929f88d914

C:\Program Files\Mozilla Firefox\browser\features\[email protected]

MD5 9fe1653c31c6ff75c906aed024d53b32
SHA1 d2fc52a9aa47a0fe0099bee9178946210a163031
SHA256 d9f4c6e6f535d09deec1a58068713cc845b6dbbda2fcf5dc8669f6489bb63005
SHA512 8d7fef23d0edad4e8aa64f2f400965565c70d0d1f94d0bdcd14b779fef9192de079c2547c2d80b171e6c9316ab0221a265efb49492bc90d213b64ecde46bb30c

C:\Program Files\Mozilla Firefox\browser\features\[email protected]

MD5 507739399c82ef6487da73e587423f1f
SHA1 95177d06563e55f4084504e06e88a1c0f3f52b0f
SHA256 796ba4ee5430db311dac2e45323c3e71059f23a54ec2d5bea22387f33fb92de7
SHA512 6bd0bb547f3bbcaef5db00e554a0b9fb45a78efd01018a4d706bcc94d5566458f931cf954cea22e2674ab2065c72617e49b21f9e354f16109b4b64d4fcd0b4f6

C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js

MD5 3d84d108d421f30fb3c5ef2536d2a3eb
SHA1 0f3b02737462227a9b9e471f075357c9112f0a68
SHA256 7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b
SHA512 76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png

MD5 1a340e565e697e63b5a4ce51f7297119
SHA1 cdb4ca85700ed81db13b15d4bd5b77d41bb20d34
SHA256 c4bb210e61cd35f9a0a54fb941ea2e3bf6abde799bea1c78d24c761c9a3bc429
SHA512 92478fe26f9ea7454206a3106632534c5608d6940588f01fecfd799de636f11b003ffd1e5c762201f9a14f4ebb7fa6a711d99312b03914de817246a6008c7b35

C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png

MD5 8e058139e0576b4ad8d424bb21071063
SHA1 f584d2412c935aa8a7cf73ecdfaaa6a3cf87c064
SHA256 e86ee493e89f5dfce2ce8817ac5d1c04d8ba2b07a06ff0f967c0167562510df7
SHA512 9ce457aa516fb2d3cb7b4a08f2dd81573de301fefc6ddc877142a35851151407367605f00862fb77067d0969ba745bc6bc612a4440aa3017e508e572ec88f2fc

C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png

MD5 c9ae03c43b67a4e4986518fe3fe29756
SHA1 07221e0401f306487504ae9b3c46ef1cb5dec843
SHA256 adf41380b5ed3f73b8e5fb51f7f33b722f4db4600791cdf92033267c9971c4d5
SHA512 0ace7c3cdc18eb1e67971a5acd0a54e1c00d37ac556f8183dccede984cb6520660c9b27064a8ef5f7b706fdabd70e5e424b7b7271ff751bffd997cf2284f9fe7

C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png

MD5 e9068cd977693bdab242de4280dda725
SHA1 35a5c8aee11597ec7cc6adaf15e8673b713d73a9
SHA256 1701ff395543f3ad6b25584fa7014073f74949baca0dd2552216f58131328fef
SHA512 29ebff0f99c9a8f47b8f145ee8d88877b17ae0e3eeed1bc017caa20c68a63166831f5feda768189e837d2390cc80790e3e69aa7ec26bf92da2e90b66e1be3362

C:\Program Files\Mozilla Firefox\browser\omni.ja

MD5 bf952b53408934f1d48596008f252b8d
SHA1 758d76532fdb48c4aaf09a24922333c4e1de0d01
SHA256 2183a97932f51d5b247646985b4e667d8be45f18731c418479bbd7743c825686
SHA512 a510a96e17090ada1a107e0f6d4819787652ab3d38cd17237f255c736817c7cfcb3fd5cf25f56d5693f4923375b2ab9548e9215070e252aae25c3528b2186d99

C:\Program Files\Mozilla Firefox\browser\features\[email protected]

MD5 2f1bf72ce57bb644dd54e6376dd2fe4d
SHA1 6013cd2d3613a6b0035920f1da9ec0a4d6dc00a9
SHA256 21ce8909c9ac4e076589ea9c8fbcf6b745b485816841131c61575ea705ba0a03
SHA512 9fd85ab306bec919defa3454d8d5f6b13230392198174fab8a2f7cf0db67a4dc4fce61c896109a31970a0d585d4db3ce9fd0c76fc7e6359ba873d1cdfe2e26fe

C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json

MD5 cffdadfaeeaaf0a5a78e7f9a299aa7f1
SHA1 7a8f06d7c91877484301ce8474dfbb1bde08a040
SHA256 ef47e83036753b53f59d079fef62bfedc749abdbcdb0fe16f448d9920f11114c
SHA512 5a11e448389326ddbd3be792d9a10ae746c66e4a41f9c96f4979ec71fde385fc4deb205a40f1b4f24415abd9d41c453ca1285f4b813005b1d12a2701f214db85

C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig

MD5 90808af995ca1107a8499baa48853f0b
SHA1 407ff7d66143751b9c7483f1cd576c94b2862eca
SHA256 f4c2ac80a8625c5d2c7011fec386218646f233d6a3fedc0988b5438f6ac0cbe3
SHA512 a63d40dc6eff719feeda08e15578ce455086e140ce5119da6d54fc6a4125487bbd23c92e5368a95520359aa7af508b594824b10f00750e7aadecfa01de18926e

C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll

MD5 ae165d60948e59a1cad79f1379720fe9
SHA1 e5b1d608588f97665040eb01f7c9ee2629402906
SHA256 37e59b27d822d411166ab33083c246f7409effdda18e0faaf996b4bddf20ed49
SHA512 abbdfdec889899229b670b69d4f8deb3ed58e0fef514ade2d6677369eab1be8c54bd0183b65f12fc5cca9fabdfaa79f3fbf7ff7baf2e18e1701c697ac504c0b3

C:\Program Files\Mozilla Firefox\xul.dll.sig

MD5 aa21ae5908b9d7c99ca27e6e422610bc
SHA1 a92909eac34ef5a9f4e3d13962ccc92e2da262d1
SHA256 eb86adf66e5ad18916f25d1628e5c08888038bd986dedc15c8bcaea80089a226
SHA512 c330cae1e89617fd485155a093217d7fbd0c9a96f21d4fb3e79a6a5eb16864c8bb2134883faf2121759601253d36774d46ae05f1e9f3769eef72130b7aafecf4

C:\Program Files\Mozilla Firefox\xul.dll

MD5 34d104c4f34b4cdc13a71699ee915d17
SHA1 f059f40abf3f92054665ecb3b43752b2bc399f3b
SHA256 cb28e5d31a6f7a4a1e4b52c49a02236dc0067ac4af7fae33993a28893127dc18
SHA512 5da0d21a4573c7cd25a773e3d063227cec827030d51c5ae38c5181606c129c735aa9920e1978855be4499687ca7c7b49ebb5c234da2220caca03915bb868db92

C:\Program Files\Mozilla Firefox\wmfclearkey.dll

MD5 110b8aa620a7a58d0ea1b5dcae56ba1a
SHA1 7beaad4d50673adc5d3feee2a96563de54e96f86
SHA256 2785d09d250a9a75c1b9c48cd3cc551bcccae714f022a7f04053d50d52c13c4a
SHA512 29e78a230b73bf4dd25ada528dc0e86eab9308a620fc999b30d07222119918189c4d5be4d6f4e23eab4848bfc94c057f7190f9f782f6461094231148bd847663

C:\Program Files\Mozilla Firefox\vcruntime140_1.dll

MD5 9f4eac207cb58e8d110477e7fd19d565
SHA1 687051b863f7a7178cabf9c06ab3b534b1e23dd3
SHA256 7cf38d20d00b6640d510eab70171e1c6f8fa2e42040832e17c7433ab61d94a8e
SHA512 9c5c4499adfc7b61751510f52a1288ff386dd1c1aaf8e8a9660990194813394329f8123f38e026ea10c6e30b4a5506625b9060329d524db68e48f36ab2691a05

C:\Program Files\Mozilla Firefox\updater.ini

MD5 7a6cbd521497f6dd382f7b8c6aaa1eb5
SHA1 a0bccd339f6d045f0aeb4de504398c97c3dc2be0
SHA256 531b55d2224efa181b75ed4ceb84e4f854f26c2382dc411945515d57d8df2243
SHA512 af32b8b1e93c2fc1bb6c7ce0f371c8cedcdcb753393e8cbdf282424935db5f8f04b3468d450edc81ef28d8b4430d8941dacb2d8826d28be9065dc787c53eb553

C:\Program Files\Mozilla Firefox\updater.exe

MD5 792c5ab789d8efb1631dfe12fb6e64fc
SHA1 9337c863c834c8f9e5fdbde04702ab4bdabaa7e4
SHA256 d3c76e6e1f3e34197d108404fc9c8b6179ab01afff6c6803713d320a3b480ede
SHA512 18d7a4f77ea238325795ff95b5af1e59104d96b71c98b44f0bc1c246bcf8c0a4389c9d4275ecb62f93bbe82bbd00067af41056bfd121ef441fb3154d51586059

C:\Program Files\Mozilla Firefox\update-settings.ini

MD5 1413131f8cfad1e19d299667bf759087
SHA1 a0435cbf1a2817ec960c56a896d455e78adc226d
SHA256 c18489344fdc21ae366b4d957a0b9f11be772483ca46f9ffab6ed0356f946513
SHA512 590b53aff46903b1883c5fb14492ca85db2c6e0e900d0fdf62c3e6da10f1d10c3aa51224dc6db50f4eb12d42de017892f77e91d79aa16fcaefba10b27748748d

C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MD5 cbb81a903dc88f69ff9107f11bded306
SHA1 4466021a5d98b59b61c7d45a8f5dd695226b9056
SHA256 5719bb2ab3c985570662a12789a2dfd37acd6aa3bb743eb75fa271256455956f
SHA512 93e8e2e62b27686a2ca2dd4db7ae59349730e233f88ce83fd55969df1b16b9c382751987a76ba6b451bdda2dc080f7cf93a915e2517a783d16018813e3b27d13

C:\Program Files\Mozilla Firefox\softokn3.dll

MD5 27d5e11b0d3dfc2b8ed8c2a00a3ee401
SHA1 05e0220b0c841b7d7ecf909ae1582438f56d1261
SHA256 327ec623b603096fb5abbdf5375bc2e5f3840b5747df2eec9ab78fb17f6decfa
SHA512 c82a208d8328e3bf6c88e46275f4dc0d99ea09e2ba68c17e1a4f0ffff460e2366cbac443cd8209416d52e762455f4686385f9787998b67298527b27fcb852a5d

C:\Program Files\Mozilla Firefox\removed-files

MD5 fefbfac37461bd30e05f5befaa1f7705
SHA1 74f9024662db06184e645cab76bfecb0e6897545
SHA256 52523da24287c4d459131c2e4818a713a732765e06e9bbba1cf353888ba34f9f
SHA512 874d6bdef28dea531c858443810d0b026a3a5667e0b9985bce84b7c5ab63d06a015487bd1da2a914d28af7b6568335b1927f9fb9656715947929cd6671ccc4b7

C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml

MD5 b499ede5c9228c742578086591193efe
SHA1 18e682ec73ed8fcea99893142fa8b08ee8a32b72
SHA256 9ea86a18d41112e25b17454044ac29b458f508d9814700a6f4c0f9370678f3ae
SHA512 b99ef0e9152da3bf6adac5fef67b44738ae7a2d1ef0041786a5700b8389acde7380f1bc9bf1402c7a356f1777aca7c2b05af5ee22b7297bc879fe2e6b9741f13

C:\Program Files\Mozilla Firefox\private_browsing.exe

MD5 92da8bfd3c0669c155e7a55d04ed12f4
SHA1 5f2d2585cfbdec86880f4137e04400de1e2bffcf
SHA256 c79941fd3e7bd89f2766110158eec79aa3af7620c33606a203cf82c492cc700d
SHA512 cbc733576fce71fe21f21ac8db58a073574a2741205e1c28c796ad27b39ab1c388adfcfa236ddf389aadf9bc807226852202b0bc9e2353bb91406bc1380a8557

C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf

MD5 aac75d901445bc0419d56e56dbc18891
SHA1 3ada434f3a727167ce6dce3b865fa6bfb70ed86f
SHA256 6d90152ee0d29e82fe2a87793af5aa4b7ad13e6538360889e141e81ed299ee8e
SHA512 83fd92ff444ab6de18d48997247f49845abb8420a07b74ebc8a65bda8da69d28f87b6abe0f607b2fd7da398dc0f8cbe7fbf655af6d25785ad8b2f1a3afca136a

C:\Program Files\Mozilla Firefox\browser\features\[email protected]

MD5 3702bd7db59a2feefb35401b32876245
SHA1 31e2e408ff9c185001513386fc346f7512effbd9
SHA256 dd5a380c7f29c8c1db6e7b2071ee550c8a93ac3321c11bda9d0912f176f8746f
SHA512 0412f029075866af6b6df95b6cc690542504c52af23cc7666b63f53893983d4d14e3729a02c1843f3bce1361d7ed5028bb5d59aa7be4403e8e6c79faf7fadd6f

C:\Program Files\Mozilla Firefox\browser\features\[email protected]

MD5 3002f01583a526323a8af2528c871719
SHA1 468390eb0a1d93eebd2ddc303ed8a03854e99916
SHA256 9789afb5305d211676f14025f6afd8c3e731d54edb46b0120f0f544183b223c6
SHA512 6425e488e6cd06baec14e711b87809a451cda1429e7298ac0c8acfb9b92f852e36a97f9d459f0305bdc4119ee1517012836893ceccb5e73a9276fe23fd33b616

C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini

MD5 9524df130a8e1ab4efdfb32b4e68a7b2
SHA1 98593d6520ffeb0c49803dc1ada0ee3131be4c88
SHA256 699cb7896b205018db7248a2954d0432022c63957ad3a83ae53711755ad47c8c
SHA512 9689e204f84bd1ae815a07da860fdb6613bf9c3220e301ce2395e971fca0ef6115b3fd3ab50983e48f49e5a7b2a79b951df22bf9a00a362fa274915001a9fc14

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\ShellLink.dll

MD5 fa94d120efb029b43217c66bbc8c650c
SHA1 1fcf2d76adf69b403b7400681ac91d50ed20385f
SHA256 5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db
SHA512 07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158

C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini

MD5 4b8dc92a079f224935392f9b5a2dc051
SHA1 1027fc1b3e2e8ae78c60bfb25c5c9f87f9b3cae2
SHA256 79d1631316cd79bc5127f745aa6707b4445f7d0432b685ef2c3ec3cf3a62ecba
SHA512 ad0186cfc9df574e4a3c7c209b5dc3078fb86f6b1de0008bdede6768ec08d61b20f371d7b2d01dc50aa7d094b150db816358f03fa0d9135ce26d80d8886a1704

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\ApplicationID.dll

MD5 fdc0338e6faeaf6f7c271982e103473b
SHA1 9a41f7932abe8be7e32c6371f085cf14de355d00
SHA256 a9dad9fdaae93d10dc2ee346b231913445e731049554b8bb1506827e46f8a44e
SHA512 a766eef11db4c94b1445d1cd70cf1d3b6141d6b3973562e9fa8d81c79195886b884dbc9b9f6952f8a6e8619534a6bf2d615d539d2cace9c8843dc19415051cc0

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

MD5 0e7266054d4d65aa8cd5edcf46c3e85a
SHA1 91454902a025e85c268b321d6996f133529a6659
SHA256 1d27b2fa7dc2886d68a1f625f4c0f40da72371beee33abfc7914e981fc01c778
SHA512 0e4a5839ec671c83b0d08509fad2d46c848c793639149eac0827e16bbd423763be87af8a4e2daeb25bec12c6d5459be5f6a3a241b916f09448a85b4632faa3de

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

MD5 f8f9bbbd1db431d594481a329abbd20e
SHA1 5c60933f9bf3c76852e31e9623f8dfd820a26efb
SHA256 b65512c87cdaf9beec98ba2ba023e537f74b1fa3944a6ca7db925a1433f9bd64
SHA512 0bb634f5c79fd85890dc85b7359cc4236e54ee745ec8db9802196e7ffa3cc927cce29800f4fe95a2686733702d8603c18bd5868253e134f69db701ee82596f38

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk

MD5 dc40cff9d424c662e83264742381f587
SHA1 1c77e6c399cfd887c53bc88dc59e5d9a5ac40699
SHA256 bb5c1a19575ce286568007d3b954108989a5c24e75fc8d7cfea8c8814798662b
SHA512 486d754b2e06e2894dc7928a2ae58a2040c5d79838431351d778541d6c25d98e7ec322c8b09f94a1893c9cd1abcaf29bf567a94c00ef2398629e89a08ca90d45

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk

MD5 5435316c84f0ec13ce7f068a3ac08304
SHA1 5c7e3b3fd6db4c4ccffe8acff8870b41238687ba
SHA256 8751afd3f3b5baa89824332dca235a5334b336efc23693f69ed913c244b7a649
SHA512 dcb4710344ace2b4a06aa69f8894ebd763534e3f6c4b97ea94c7023a1b4e8a68d1e4ee6767d5e483db525d0af7e2293d769341170f5f876e89acd59ba959f756

C:\Users\Public\Desktop\Firefox.lnk

MD5 96776c00d1e858154ad92da350cfc1f0
SHA1 2a90d2aeb670297d714cdd5ae8e41a43bb727474
SHA256 124e3194fdb3fb0c63e77c272698591bad164709e77c6783352cc4e0dc07cabb
SHA512 88a81be04a8494be559ed5c0625937544f8e4794f1d92709fa730c66527b65975579e0adf178a7308457a45b0681fa321ccb9cee45a2e9e79952314cdd7b1012

C:\Users\Public\Desktop\Firefox.lnk

MD5 b3651554bb13eeb66af545b57524bbb5
SHA1 078f6dc52d03264a8cc65c1a1d8e78c1f3a9be57
SHA256 763c6e974ef4b243449528622174d74dd405fc02e465f412bc3dedfd07a06d0a
SHA512 821825484b595bd83c38e109c8820e0785c979b45738dc5b6686803b127f0734ebe7346c3e293bff6000096fe28307a81e24909bf459c948d788beb15b50abd0

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\fx3y1w2p.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmp

MD5 f5f716a69fad93e83f8b6ad38be38456
SHA1 00662edbabd1eeac681856375853718898b229ff
SHA256 091f68fad1fc9b0170aa3ba11ed3ae3a9deb1a392e89c8c7946571ae83846bb5
SHA512 77e703a051b9c0d90a606923a52f2eb029b53fd520df1bc9994a729d6286ecdcf7b202fd73ca32946df14716131472c9727c349d97ee19a862a57a3acb611646

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\fx3y1w2p.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmp

MD5 fff031c1721915bc9e1111fa65199e0e
SHA1 b8038204092bb786309b39207260b5fa6a3a6197
SHA256 f842923055682aa026e0328577a4f09563ec9d4bbfa3a87d7e2d0994c4a44f24
SHA512 7940c348bd42812c3fdf8be6c5b18d21b2967122abf28a5332746b837a716e9561a9e02a9a81b52962a47907a55a427ecbe0a00e8cb891f1ef3715852de36b15

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\fx3y1w2p.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\pending_pings\d259e2ea-683a-4d44-a2a2-92191d2dcfce

MD5 80f181dc4fff56ce4fd4f9502d5d9c2f
SHA1 4d447a39bf9f8d509501c30c07c6fb8dd2ba8a3f
SHA256 d099bf26fca06684f6fd1e3cde1aafc11bd236e5a9c2f8ca0dcec818860f4779
SHA512 3625893a13a9df92e4cd3d608e5f10029cb83586ce45a30176ae657d72cb184519db518da22eeb2c0af49c5d4360157473c6e2dc8cd12935613ed8a0aa173979

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\AppAssocReg.dll

MD5 012461cad43cc5a871bb2019a461a2e4
SHA1 75617dce95008117b5b1bd602bbbe58dfda4e6d8
SHA256 eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15
SHA512 f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\AccessControl.dll

MD5 eb7a540d0d2e28f6bf524d2cdbe0f478
SHA1 76204991c60913cffeba5595033c4f79e1e89bd8
SHA256 ef4b548b27a6edab3bcb25cff0598918c645795850d62f232909dee851e04c6d
SHA512 947132d07f7875dc99fbe8a87757f6efee0a8c6271f8a3bac6747f9f4f60ed7e203e28a588db8c55ee898ba8f3dcf640f6562c49c45d6c6d8fdbe2d2309b9984

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\liteFirewallW.dll

MD5 f31ba98a8d87faba153eea134968c854
SHA1 da0865cc1a86a39367f22897e1f9fbf4fb1f804f
SHA256 708fb54cffb6aea3547fc5ac745d1435ecc814df563bef59ba7a94f57d082bbb
SHA512 d991a2dd5ef537b25898afd7b7e73274a3cb8e6f5fca1621af22ee2761b82baf220aecb0c84434566742e2ab00b2f57a3740ce9831e76d4e1829bac3e044c8e9

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\nsExec.dll

MD5 0e584c7120bd474c616013c58d51dc6b
SHA1 0bc980892341b52985d92fb3d8fbb6be77951935
SHA256 7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391
SHA512 aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\ServicesHelper.dll

MD5 b9e8c2212ac8dae4b0eaf97c048529fa
SHA1 331d172323480b0518abdb0cc9e256dc7f46c357
SHA256 d6f6758adac2c073bec481e8de762af3a5574789bce3f43de02356afc9911e0f
SHA512 d93aa032e27c8268a4f6883711cf41f7ee2b5d33673a26d78db24456f2c548af39b7b98ed4b4737245c278d524fffb3e4bf708b6815dc866acd371427ff6be96

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\nsJSON.dll

MD5 e832077eaee06f3b2ac9a8d2e7264567
SHA1 decbc329257c9c7fb67d3c449b4c5dfc1f87471f
SHA256 705f4947fb94254c4e5084e6a962045f6a4e790dfc1ecf59cd0fc3feb38bcbbf
SHA512 c1bada98c52ee2318d23c48fe202380eb42c5e1f18226cdc017f264c8c34f548bfe4d9b6eef13caae69ba321a71b199431b249fdec65f8bb1c386810932ccf6a

C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\CityHash.dll

MD5 2021acc65fa998daa98131e20c4605be
SHA1 2e8407cfe3b1a9d839ea391cfc423e8df8d8a390
SHA256 c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14
SHA512 cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\bgstub.jpg

MD5 49de6374f83191fde6836418fc489837
SHA1 7662e9717a996101559db15c16573a81e99de833
SHA256 04009456682876f46abfec45f629f1d85dd518f05a84d8d4700b56f2060fd071
SHA512 0a272b0b73da08069793398e6e36b45f8e3c7cd8e2b62dafb42e79c194041df8b4fee1c312cea76c86a51c7557ffe8cb2f4b6b110c6e70ee66112d76ae5fbe81

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.tmp

MD5 c933a43c1d6b70235898ddf52a88ebee
SHA1 408ff037333666f6024aa70434c3b3843a3385d2
SHA256 54f69be880c530c91845fe663894c02393f10178f7aca995b6d83d1770b9eba9
SHA512 94bb3f82b482cd1e2c9021736b790a480a4982a9382eac4e0418bbe199d962a320a386585523b4c09a82cdc8dadccb2ee8e3f3712e32b4e962461f5c894c1270

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs.js

MD5 a1b87238cbe1560bdbd640b39d290210
SHA1 2842e7f9ea0e5729a98c963af116571a8d0cf5ca
SHA256 7bccbf773659527354a49f2382ebcf6813f9070fcc7caa4c88a2464e2db15632
SHA512 e6ee487d6b7d119ec55191199c03aba596a842cdd922355193466d5cbd7ca8790ad5c6e27bfe761640f7456d152d4e74b67b74b4dcce15f0ccc39c98c46c2a3a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\SiteSecurityServiceState.bin

MD5 62cadebcb5671909c9a695bc86e3458f
SHA1 2c0cd4cbd4075f6119515a8816f89469554b978c
SHA256 a315b4fe3027ab8756df3ef34377b11129022c18be42a54dd8edfc2607138c0d
SHA512 2033716caec117795119ab6dafb5133066cb34f7446aa7e82263024d04c8b8816d1bd56d06e7596996b1de724ff5dab5f560bce2c1b2151278f58a6a77e3afb3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\5062e3b6-032a-4ec8-80eb-2918bce7352c

MD5 f4ca2f45c5bfdbbb3adc32ebee9f45e7
SHA1 e0087cb6d3243f6023a3d70312ddc0b2e1877f3c
SHA256 3734bd0d350ac79dd04efc9d0362f25e5755306c78a0081bdc04baae9b6d3b73
SHA512 74c7e20592c86110b38faca6ea7586470dcb49cf5f5e01fbe58950f091e2fd6255460080593e5209f9f4cda53b036cdca05c58e0936774f71d6b77bc088b57ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\caed78bd-73ad-487d-80e2-b45c43ec9924

MD5 c10e0394d7a2e2c5ab8e833a8745b6d0
SHA1 35cf4a8708a2086c7d50caddf98e0a6d14d2971b
SHA256 4258973956816f019186e3a9d0d9be5836449b4204ed52de02f361c04a04f10d
SHA512 a1261b9fb057a4b8fcb1777a1b3cbfc211844df96b05425810b7cd377565932b8bcfe1b0a03e82b135042a91a2d122715ac5832c90ebef1ebaa000e2762f467c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.tmp

MD5 3c106007357dad2257eacf148d2726ba
SHA1 1020e17cce8351ae8f6a5ab438383d4840b1bb6e
SHA256 fd3195cf47e24f27abe4de6c601df6a88badb59a501fb4318c5743d9b53bf469
SHA512 8b08ef653d0a466eda7fac9156595e94db77395e64b79198d5492d96116e2a6f9a3d6f15e1b92f4355c56f252063103841f50f7254258f8cc6c93bae6c281ccf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.tmp

MD5 22df744d8c5be26828393271bdd61ded
SHA1 ea597487ec0dac4473edae6d34889c467a043508
SHA256 fc7a370b9b853c1308bb66cffb7adc1a86de611298f563a897b4857bcdedd087
SHA512 3732937e2e4a5f8e1a50b700025ad16cbda284629606796b30c237c71c7b0243f083e406b3451258b820df771d99a932acc6ba0dec4c1b85dfc0dd7f782c92fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.tmp

MD5 5286b4f520990be877ab1b7c96488576
SHA1 00bd85c22a1a993097592401ddb45607d9eb228d
SHA256 bc5d478ad9ad8448c89b121ec625de7f01f2598fa7b19b67d0fe67ee7f7761b3
SHA512 116010807d0a94ada61c46fa31d8faece4d7b9565558a155f75f19a8691e2955caf8252801d04507f3df7378b06e2e66ecdb5f692009eda471314d4779689e9a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

MD5 05177bb961ab4b96f2ba8212c26393d6
SHA1 999a195a03f58cc570e777b7504d8fa077725fbd
SHA256 7920d2458141b7d218ac52eb472bf98109db501f5cadcb71f28c26bc3a3663ca
SHA512 2b5e7ada34089511494d74de7c71a572a27e3f9744392b8ec01bbc1df2b0486e0f5ed707bbb5dc6fc69c5e4e6bc129d961511dc28e99ff028076d76ec34811a2

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

MD5 bd8e51d970eb09e182ba728fcc36c247
SHA1 0282a741940b37481b689554000b916496c7849c
SHA256 9c2a8f0bdf1b7f61567fd388d95028af9b0fe2579ed586dc234917eeabbe5d38
SHA512 4884fbe15e870b52226fa245b47b65d917d1511af8b067f90694ba5a732ac3ef247328efb8402da0f60e6812f1bafe5126b53e17f897d92ffb18ed2526377890

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\extensions.json

MD5 e497012e371990db1eabb96526438b3e
SHA1 25c3e87fe2969cf2725ce35d5fca89fb160b8ba7
SHA256 73670e8ef60adcbf86b4d70fea92025056b4c703c5c9a5dac36613d620674fcd
SHA512 cf3988d7d733ea29088da8c706442cc31af1053e5e2b590c0934eeb4feb290ee33bcf1bbea3812a49b3ed679d0e01c7b89c17ca21dcf70a47add939db103b389

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-03 19:11

Reported

2024-04-03 19:13

Platform

win7-20240319-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe"

Signatures

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" C:\Windows\CTS.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\Accessible.tlb C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\updater.ini C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\removed-files C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\mozavcodec.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\osclientcerts.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nst3641.tmp\ C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\omni.ja C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\application.ini C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nst3640.tmp C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\mozglue.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\lgpllibs.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nst3642.tmp C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\msvcp140.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\mozwer.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\libGLESv2.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\AccessibleHandler.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\install.log C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\ipcclientcerts.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\defaultagent_localized.ini C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\defaults\pref\ C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nss3.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe.sig C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\mozavutil.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\omni.ja C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\defaults\ C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nst363F.tmp\ C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\tobedeleted\nsj66E5.tmp C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\ C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\features\ C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\nssckbi.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\dependentlibs.list C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.ini C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\IA2Marshal.dll C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\updater.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\CTS.exe C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe N/A
File created C:\Windows\CTS.exe C:\Windows\CTS.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a529a2e22ae42f4084bf8a2f7b0415b2000000000200000000001066000000010000200000001aa7fd43e1f9ab31d2256b2236f4e0ac5fb29c5784340ebb8f142cab04fcf296000000000e800000000200002000000095d074ce56df61afa63a03cb676345411a4ab21437ea483d85b808b0998a809e90000000be9f51daa51fbd892e747f1c4386368297778a4b725b9580b1563a72d915f9b7d5b427e4a6a18dba809278b0437c5ceb1cc616e0eb2ec68e18fe80dc43848c17ba939e251207895aef7d5d43ca406cbc4dad5e755e0222346aa82026fb2fb09fd3eec468dbdaac948e1e010b63351dc26c8082fc17b65d7b8c371454eea332bb655eb65265e1b77c47ca4d9dd44d4238400000004ab8e96c5e1cf7fc6ad38db0b08a554344580a3c3179403282680aa9ced1b733c4159e78f3d33fdce2564ebcc13c4e53f11b854204a8900fb418a9a51e6f80c9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70b133dafa85da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a529a2e22ae42f4084bf8a2f7b0415b200000000020000000000106600000001000020000000a3b9cb0792b0cf5803f40cba4e8efdf859e1ff40387120960b0877c8f97230f5000000000e800000000200002000000046c7744dc67087496bab75f70f4701c8bdec7019a98939f9241a8f50d161982520000000c6ccaac5fee01baca4def92cfcb9b4cb058eddff941ab0ba6529e6ac3089d3b140000000e142755a6fe86175a7c10c164f45c6ab9b9dd6610e4c1dd4a15827bd519c42b8c600d372ce06d304f430dba48e6e0f111e3a6c5415baa9d90cec39890e1b3a11 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03B6DBD1-F1EE-11EE-B33F-663D173F3824} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418333375" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\CTS.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2972 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe
PID 2972 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe
PID 2972 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe
PID 2972 wrote to memory of 1680 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe
PID 2972 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Windows\CTS.exe
PID 2972 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Windows\CTS.exe
PID 2972 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Windows\CTS.exe
PID 2972 wrote to memory of 1896 N/A C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe C:\Windows\CTS.exe
PID 1680 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe
PID 1680 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe
PID 1680 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe
PID 1680 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe
PID 1680 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe
PID 1680 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe
PID 1680 wrote to memory of 2520 N/A C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe
PID 2520 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe
PID 2520 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe
PID 2520 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe
PID 2520 wrote to memory of 1416 N/A C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe
PID 1416 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe
PID 1416 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe
PID 1416 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe
PID 1416 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe
PID 1416 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe
PID 1416 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe
PID 1416 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe
PID 1060 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1060 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1060 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 1060 wrote to memory of 2604 N/A C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2604 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2604 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2604 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2604 wrote to memory of 2632 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe

"C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe"

C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe

C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe

C:\Windows\CTS.exe

"C:\Windows\CTS.exe"

C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe

.\setup-stub.exe

C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe

"C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe" /INI=C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\config.ini

C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe

.\setup.exe /INI=C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\config.ini

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://www.mozilla.org/firefox/system-requirements/

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 product-details.mozilla.org udp
GB 18.245.143.32:443 product-details.mozilla.org tcp
US 8.8.8.8:53 download.mozilla.org udp
US 44.209.165.254:443 download.mozilla.org tcp
US 8.8.8.8:53 download-installer.cdn.mozilla.net udp
US 34.117.35.28:443 download-installer.cdn.mozilla.net tcp
US 8.8.8.8:53 www.mozilla.org udp
GB 143.204.72.186:443 www.mozilla.org tcp
GB 143.204.72.186:443 www.mozilla.org tcp
GB 143.204.72.186:443 www.mozilla.org tcp
GB 143.204.72.186:443 www.mozilla.org tcp
GB 143.204.72.186:443 www.mozilla.org tcp
GB 143.204.72.186:443 www.mozilla.org tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2972-0-0x00000000011C0000-0x00000000011D7000-memory.dmp

\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe

MD5 b1ec7bff4192f75a0a53608047a190e9
SHA1 7686a580333e8d60e1806418c8467e85beab4d2a
SHA256 134e9f12545c3300eedc7a5644c28f390e00918a15fbcf2143492810ab4a5474
SHA512 2af2d71ef3f292888adbe9836ae8bb3b1a8f99f4c95be0565515adf544c989e4ff722342721500b0aefc5f57178a1de9a916c4096c3f6722b42dcd0063cd6067

memory/2972-12-0x00000000011C0000-0x00000000011D7000-memory.dmp

memory/1680-14-0x0000000000400000-0x0000000000443000-memory.dmp

C:\Windows\CTS.exe

MD5 0e7e453ad39d8ea670bd958e9f9e4999
SHA1 759a278aa63f98ea495c3f5f829f52d2b26885ba
SHA256 a4bda0a7d0dbc07eb77195771d9ccdeb18d2d2e4d7c5a7e7028e771c6f567428
SHA512 53803908c638e19b033ea1d190474a3f22c38a97b73fae77f5fd9b9287309918268522003aadfe34b42cbbc7428043712ff8f3ef191a14739031f231092e538d

memory/1896-20-0x0000000000200000-0x0000000000217000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe

MD5 27eba7c268114cde294ba56de94c1814
SHA1 0a0bbce1beaadb36e92bbcd1ed7de601e79528c1
SHA256 958aaac6fec9912ff65b7fa3ee87df665ee38ded11c90222b82efe8569847c9e
SHA512 5879384d9d22771b96db3b37ff9fb625f5c09ef3aea75919889b4450cd1efaa73c61f017d4a32802acfe8c0c90a1ed585062eec1b1331ac0cef8c45e31fffb98

memory/2972-17-0x00000000000B0000-0x00000000000C7000-memory.dmp

memory/2972-6-0x00000000000B0000-0x00000000000F3000-memory.dmp

\Users\Admin\AppData\Local\Temp\nst35F0.tmp\System.dll

MD5 17ed1c86bd67e78ade4712be48a7d2bd
SHA1 1cc9fe86d6d6030b4dae45ecddce5907991c01a0
SHA256 bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb
SHA512 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

\Users\Admin\AppData\Local\Temp\nst35F0.tmp\UAC.dll

MD5 113c5f02686d865bc9e8332350274fd1
SHA1 4fa4414666f8091e327adb4d81a98a0d6e2e254a
SHA256 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d
SHA512 e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

\Users\Admin\AppData\Local\Temp\nst35F0.tmp\UserInfo.dll

MD5 1b446b36f5b4022d50ffdc0cf567b24a
SHA1 d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9
SHA256 2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922
SHA512 04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

\Users\Admin\AppData\Local\Temp\nst35F0.tmp\nsJSON.dll

MD5 e89c7cd9336d61bb500ac3e581601878
SHA1 45b2563daa00ba1b747615c23c38ef04b95c5674
SHA256 431fc2ed27d0b7a1ce80de07989595effcc3ffb1dea1af6c0e178b53f6bd2f1e
SHA512 09485a354ac4ace6084cb6fcbd92eee8488074763c8443638f78e655e45e8aa0fe40a45d4ce0dff116ed3a4bb7bc4d7d845a6ccf0e0bf35533ce81626a8db06f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar3B0B.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eba1aada17d2146250ae58125122c3ec
SHA1 fb70af0a13cf533429cecd0b082bd8a17348a590
SHA256 06832822139e5b1ad229fa77580de520f3ab68210f753391cb7d33e0e093ae32
SHA512 40022b2ac8f7d3d4ac2441a66b83ca586732f205812bb9b29579bf2bbdb30e4f04ba24db2060cfa49cc39b5ef249bf21be0f7052eb071d456a03639510888856

\Users\Admin\AppData\Local\Temp\nst35F0.tmp\nsDialogs.dll

MD5 42b064366f780c1f298fa3cb3aeae260
SHA1 5b0349db73c43f35227b252b9aa6555f5ede9015
SHA256 c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab
SHA512 50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

memory/2520-218-0x0000000002870000-0x000000000287B000-memory.dmp

\Users\Admin\AppData\Local\Temp\nst35F0.tmp\InetBgDL.dll

MD5 73a0bec837004bc5ae5cd0a5b0d3bcf8
SHA1 92cb463841b6adeecb8cc9cc8eb5f39a61dc7edd
SHA256 0dd38281a824298100b2bc89ee5b8a5c9cd9ec7a3b051dff42037a891fa7c534
SHA512 f7aa18261fb4ef99b66e9a16e2df6323d34444de84a5bdabd3890154b0207f8509f34f2fe115b00e2396d33df778be6456a7fd754cc00271f8189e5a4420b6d2

\Users\Admin\AppData\Local\Temp\nst35F0.tmp\CertCheck.dll

MD5 837429ef2393bd6f8d7ae6ab43669108
SHA1 bc1a6e461de60db2f3036778c761103c02374082
SHA256 9e1831bf44b75980903eff8446960f21ab323b9f8249ddb49519718d873135d5
SHA512 c9b464377720799030e7303ea98acd38dc56ef0ae613ec540a5d9907d84bb7c455f6e02b38073901ee717bfdbf92137ab095aa9ce047971b6a2e6d3bc9d039d1

memory/1680-238-0x0000000000400000-0x0000000000443000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe

MD5 1e27e7745bba839a11fde43ee09614fb
SHA1 8ea7d0013e5f4327adef0384427f14adf8d2e9e6
SHA256 3d60842520fdca462a8c9e3c998eb2e3a267dc801af1100953910038b0da0906
SHA512 bce358d57a36bc1d9326f944b7aa3b3f59c3174b8a5d4c7e2ee7b4fe90b1ac3cfb49e79ffb68564359680f6920cf32ac889252aff2a13424bc252d412504f40e

C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\config.ini

MD5 ed23468cb20f1f37a967eb26f639faef
SHA1 5707e3d394b6a3e36e8b1e23317ec115bafa1e9c
SHA256 812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913
SHA512 9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9

memory/2520-282-0x0000000002B90000-0x0000000002BD6000-memory.dmp

memory/2972-312-0x00000000000B0000-0x00000000000C7000-memory.dmp

memory/1416-315-0x0000000000400000-0x0000000000446000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe

MD5 43947976824aa63f057de1ac7a99c377
SHA1 5f6d978b9bd3ad7e435848090d7d53e27edcf66a
SHA256 c57ccd8514fe77530c62f67b5a069afb0a912a11892e890dccfdb5a64b1f9531
SHA512 2c812802b5c1150c406e8dae2857d13783f8aeaf2a29acdc65f8d86ba1f3e0f9164823a414a868b51a98f94f41f784659b39c0d9451deae756f93af144134ada

\Users\Admin\AppData\Local\Temp\nsjB388.tmp\System.dll

MD5 b361682fa5e6a1906e754cfa08aa8d90
SHA1 c6701aee0c866565de1b7c1f81fd88da56b395d3
SHA256 b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04
SHA512 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

memory/2520-433-0x0000000002B90000-0x0000000002BD6000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 80bacc4bd83f10d7c0056c41902fcedc
SHA1 9792b89d2ce26dfb05d5612827ae5d1d13f20ee8
SHA256 cdc1523a762e5eb3a40afa0d582b1ce5d3ce0ca608ae1389c7061e9629617c21
SHA512 4a8181c9107ed9a95028eb25ea02d31f6a18448272dd65d4aacb00b0f4a1103e92c72d17d592b7ffe39f4eddd2b723f835316960166768378c8e6ca3b5d23d01

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 843c3f14191e19ad5156225b1cf6eda3
SHA1 b3fe680358860572270de5622abd62c90ac52d25
SHA256 408c00cf7274bcedf69b3720a5d96bfd5dd0367e8b2bba854a2b48b9b07f0cb8
SHA512 bfa7ff0dd52fab0146810e82a839dcb23f01842ed18170a1759f8ea8ffbc9e5780bdbc65e8e7b80b1694db75873a29a30c708be6cac4ab6970e6bb2b6e892caa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 8318b67122d9b329327bf7728c45dfcb
SHA1 fe72620e23cfc57f3241494ae617af2eba0ee9e5
SHA256 30b740adea6b95d66aa2f959bae1abbeba68c99d867827f6efc0bfbbf013e52f
SHA512 a284480999f29d6ddb685acce4eca5a223614f0b8323cb51cfcd58d6fbb784a2ac9dad5498d71196e7ed4c9e2f23b236ec2fb1c86ba723bd2d5c3bbdeccc7ab0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 90e838d74e03cf142f1d3cad1eba4b49
SHA1 2af897ab68c07e2e801a9225b425928c67436d48
SHA256 0efbd57897767db0ecc6862d65b8f44c5d2c1d1fbc894b8b2523bc7e9345a5c3
SHA512 35a7b349e3c1771b967a5139e9fa5072487b6c39326641a44acab49990c96f8963baedf321e1257617be56be65d0ecb29a3a90a3570cf3274d3ad4fbee07b946

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6883b1a14e763d1f8f61ce41a88bfd12
SHA1 bc9382884cada657e0baff4c8f74e1da9928dca1
SHA256 4adae269b348768101e5b04157f569b1e62f9f3389b19ca5624085e69ac6b20d
SHA512 a03080a8931be0fe0023d205df7384696ed05add974197fe88d42332c0f2b3c01145448b7afa79057178f850dcfba8eaa06ae464b5e6a86a42555cccc3005273

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BE0WTXPF\favicon-196x196.59e3822720be[1].png

MD5 59e3822720bedcc45ca5e6e6d3220ea9
SHA1 8daf0eb5833154557561c419b5e44bbc6dcc70ee
SHA256 1d58e7af9c848ae3ae30c795a16732d6ebc72d216a8e63078cf4efde4beb3805
SHA512 5bacb3be51244e724295e58314392a8111e9cab064c59f477b37b50d9b2a2ea5f4277700d493e031e60311ef0157bbd1eb2008d88ea22d880e5612cfd085da6d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\7zh1kp3\imagestore.dat

MD5 e17234f39ab6cf20da3fe5531033c6fc
SHA1 230bf8450fc5f05ea49860871de86a39067477d5
SHA256 1a02e3d2c0ec55b156ba699fd0cf62c5ede802be4bb503b2bd39ca63f4e369de
SHA512 1cacac234daef4700a024884daa45c6fd8593923906d6058f8a0711eaa8b9ade2217d869ade4ee806058c3b8e07c95329931933d04ed93d6843d78d3c01a4e12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e41ab187327837be0a8cfa2079cc08c
SHA1 26047c6a1ce6b2a205ce1985c127f2a050f68209
SHA256 184ca21cca3834a9fb85b0d54abc6dadd8b9ec4df93828d89895cb2afa987918
SHA512 66e9dad2a330c681ee990701f93cc69feb87f7547c4126a0f8342551bbde837be82e05b59a2971acae8e44d4816defc40016f4a63361889452fe492cbaed2b70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9b9ed11e9124f227b41f9caa56205d3
SHA1 8ae1162cc4a206196dc5423796782373a0f2ceff
SHA256 55af53f79aa1bcb8754c956693a6dc2ca474b50de40f81b982107f33fba20de8
SHA512 729129582dd3ea2e35b094678062ea5eacf30183f2b0e578bf8875cd9db274dafb50b74a6433ab9834c85f47fffd012c9a434045db09640656faf0fe07cfb53d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3a7e659a6bbbe27ff9f83b0539a1ac4
SHA1 35d552c899cd6ad346f908ffa9d2d4f89d61e373
SHA256 edb912b83ff085896e81653d1f554ea04d59bb82b3fa1e435ce0e3b17373b7cc
SHA512 6518dd7f4e8d253a40838fce27215443371a80640e662c178ab098ed411b18b7587be3ac3faefef27da08adb0baf88ee57ec877742771c9fd64e0ecc97c25335

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9f55abad66b558f1aae34a6a88437b7
SHA1 b884c80be0bfcac7936cf4d29888b4a6454a5363
SHA256 a41ec32e45c775617ef72a7616f672e09705d12f6dd1b83af1f4565c6b90968c
SHA512 a11f1b70b066383faa9f59a54922128772a4b6231db40bf93649723893f71b4b4783213170b53acb498b7382a7def2805ad98b0f732224a283d6e3dcdc1b9c5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85951d817db59e1e21c94711bb36b223
SHA1 a3e3ab15b4f5330cd310ac3f054dcdd8833eaeb0
SHA256 37894fd1202e78d8c8a9a577ce1f1256dfedbb3c0d7223e79c8fb01bb19f6765
SHA512 9b69caf7e84178f22dc9bc4db39b600d2cdc81addc495ee9c8ef43cd2f1baac3a206fe3ec6bc65e0ec40f00243cdf3119f24872ebfb6dcf7dd3ce61bfbd740b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4c5ca313a135d1cf1b049068bd88844
SHA1 e6152490d95c228536598d3455223b83ee5d7557
SHA256 96c794da9d50dbac0139cdb3142ffd3494724585d5ff50a31159a4ee0a86dc1b
SHA512 a6b34327ce516055cd93e30bbf038defaa0ded1ce0f781ffb869475a4691808ab312fbe0c7b167509a761c6c1b238f7d1757bb54bee5ca2974c537236bb3299e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb778a7d219565be74b469850a047e44
SHA1 6fd259b03c96e504bc33c70fd7d1db9f9d46367f
SHA256 3c832ceeb022f84f0ae92ed62542522b6feda8a31becd5de52f5c391801d1656
SHA512 6fbd33b60e9442a85fe808c1510f46f63e1087c89679977a90e63f0c0037b86a23cdb77456a102929f515b4a2a3fffeb8b8d369f49a62b6d92aa648ad6a1a41b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a6f8e6405aa768bea9aa6fc75363068
SHA1 a1efe0f1c719334e0ad007b937d752af9ce750f5
SHA256 3e1f872281b4552369ed074ff6252a68149fcb9733282a488d110bab93ffa717
SHA512 9b4e2aad24557373024b61abd35a8fed789ce1f427a2a277b13a718879a56653c28c61acd774f674bb597bf52964222c64b054464ef3f830f9b2e15d583a185b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 462c97a3989239db46d1e03495d0da90
SHA1 4f7e80185b1c7f71aea0514743be0ca43255fc59
SHA256 d791ae7fe1120152c559e97ff5131494e8a45839c90a052a46ddcff0ea9818bf
SHA512 8a5b74a63dfa123784022e42247d5ebd06921cb986eeba0c75db303acedb160edfa150c1c37af4cbd1c09cbfb367375021b225bedd9d6c6812601f5516c37cbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 115383edfe9f2adb09172aa0da4f4a59
SHA1 d39471fe8b3acd7dc7caa07e9dc665cb7a0e6a4b
SHA256 44bc7eccced0c395692f42681638565efa048d59d357e599bc533cd545bbd902
SHA512 41ab8fa579e07eb9bfeedf7881771b944dd7825c6a877c0308514d65fd2a6cf926dce18e3c9e9f290b134357676f2e33e4ac001e29e5691847a55c88842a3d97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a3a1762ceb216806c6e4b9ca739a601
SHA1 542a34531637b34cb44620808840e5e7c298c772
SHA256 2f49887d8429467260138e0f93bf136eb3dfdb04fe7db3f6d56048fc57461ac2
SHA512 e1bd4b5029754babc4d6fde9094c58ab0049d8ae3bb97f94f7a4b83f150f580f035007d488e863eb05281708ac44fde6131bc19d4c1ee8591274975465106cf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bea693d6ea31b08d0e3239a8391358ca
SHA1 38e6cab37e26337ea609beeeae9b3a2151c16ece
SHA256 81abc34848bb9a92d08f0a020afcd418a4a692c8fec9e8175a7f87ce58741657
SHA512 89df9a00ec4678df7fa44c70c612a35b6bc42dec69e9365169f97f70205b12a93694e4367efaef6dfd6f602073d3cfe7f741a60e46a2140347529b76f084b03a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dd04402aad527068034a964dd903f5b5
SHA1 ed5638b6b07e8686736765890d8cbb005439b376
SHA256 8d16b564f90d82a6c8eb38a4d1badb891a093b7b50f879501459d1989d75a11a
SHA512 61bc331a398afcfb41c639fb7dc5ed16dc069eadb4353dc975ffab82fe249c6037b1342a5d5d576b9a01697d3ca0a4022e53ca9f36a7bf894351cb8786f8d10a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8e610e80ebb9bcf8186d3a8de350b16
SHA1 cf96054073f843ba8efd7afaf38eb7664c014481
SHA256 0143349baaa23223d3e571c8664671c30f60e92eb6130901579e0829d78fa167
SHA512 9945032647279b47ff748d457f41f75c70c0b9289e8ab77c2df6beeb1e0d233b2f4504dd1189fcbc97ebc02e95813650b2c6276375fc47790310dae21e39cae5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 257c3902244f059de53bef1dfa2020fc
SHA1 e93e1d922d5b5c9cc6847c4e32ecc138c8ba4716
SHA256 2647a758ceafbb2d2525e0c74f64649a1728846088fdc055aa5a33acb5decc07
SHA512 08a2b814e064c1047f972ef4848d6f993b4f99a09b19574f6db3677060aa2e61abe0263300893aa87b978e2a47c8789b69953ee1dee1fbea9bd1c98f49c17ac4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d0c20a72d0e3d159cf13f926c1d1675
SHA1 fd895e9c44fa574531c6cdf3da51924f4831690b
SHA256 e1daee659a9da77235ce326ce03781a514670143cb1b04bd58877f4a385e1a92
SHA512 d97a9bca52ea7dddca18ac5b459bea0dc6707d907b6ce4ec734b5dd0ecea62863ccc49c185cd0d00ac42df16533d321c7f7d88fe73aeb6caf591dbd2d0db27a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adf1fa346838263cb801b3ecee7059bd
SHA1 ce4620de49f8cefe9b0922016be0a6a40ca60824
SHA256 7806a1f65c52eb88eb7c45f71d2206f37fa07bff6c08094c5e54fca2e7819631
SHA512 603410d0650e9867d76c82bdf0f2c2baf25fedb681f885d4d0bb9f71ed09edc4f714041aa86d29eee2273c7137576f460b93e0152ef4600fa7097bdcb7eaa2a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc66348a87c9db9edf53214e6c711977
SHA1 417f1ab9930e02e18217fa4afbf88347e118992c
SHA256 6827d01d6be8d0918c4ddb849e028a089935f32aa05313054eaa7824b6ee2d00
SHA512 a2f467a632aded93c9547845a5b4664b444d6739fa5341f44bde5f84f830041b6b4798e3dd0e777e7881874e6d2d8bbf491301d8eb8c6193bb3160b98f51accc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f98d0a629ac15cb2eea5281c72326c9
SHA1 9fe15e8abf0587b489b8f3b0914fb70b8715dfd6
SHA256 be86162bc2f69e0f1b39602e31e5f53c5eb432d69f168a0884e2bbfe4eb30948
SHA512 a120f38bea9ee29093ab6107e515b2b8760411c5c7b6becc9648c89bda243baf7632c4a1f777266c8532345e676e8514df0a8c71defb3450c916d43a5f1b6cf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c7b640f0de6a44dff0ab1b0eaa5067a
SHA1 d54ac1c662a3384c5737d9e293b0519acf607cee
SHA256 ca754257b58d3ee72782eb347a1f06cb5ace2b7771b3d09da034394084057b6a
SHA512 24795d71f086137fa7d5c54006ec7ace27c6fc48c81c7bda3675732bfd4fb3d884d9eaf2fd798108f3dc6991144d1aaea5656e0d06011014e08722a9f5caeaf4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3261b8adf16403b8de214b2be7a1c31
SHA1 3161ec11dc1dd139f4fc1ac7d3090db422f8450d
SHA256 48e42c04e380955d267904c2605d00e0f6818ab7efe4d00d9b3d3202ac7c3aef
SHA512 ab15cd15f721876e5c81271e2d6fdf1f9805c96e729456cec4b8d5b9c318715482765d6277e887d275813fcf649c273633a6763c7e52a183d74d529d82d3969d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 071f92067cd26de037af706b028addcc
SHA1 daa879a4f4eea86aa4abb4c2b96d9ba7d2d0ba48
SHA256 3f5b9dd33461b9807114c750d3869ce86eec2243d95a55db5eb0e4afd235e588
SHA512 f8145836fa021b51d825896b03cb9f7ae339d09ca3314416b02b399f46ee44fa20ee43cd6aab59d90d6ebef98d4d91992dd3644ae71f1caec41f090aa4a4d59c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34c65c6cd8efe7c6e807da94c4a00505
SHA1 14e86826ccb8d6afa2119709f48cee284a8a2294
SHA256 4ed79ed5c72ee5b216c7603c1835f778cba82c82f5f5098381812c9c43a3eedc
SHA512 d26b47c10a851ad52422bf6f7ae58cec7ada7a85badd4533af45216bef90b69fd115641174d8aff049491c7bd71ac6cf2bfb9198160fc2de97cb69a55d2ff232