Analysis Overview
SHA256
f7dbdc92a1d8c28935e36c18f2e9967735d9a82831dd86d09a6b1b0367ea0a88
Threat Level: Likely malicious
The file a44888f03675f69a357d19adbcc220ae_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Registers COM server for autorun
UPX packed file
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Checks whether UAC is enabled
Adds Run key to start application
Checks installed software on the system
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies Control Panel
Checks processor information in registry
Modifies Internet Explorer settings
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-03 19:11
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-03 19:11
Reported
2024-04-03 19:13
Platform
win10v2004-20240226-en
Max time kernel
147s
Max time network
155s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\International\Geo\Nation | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\AccessibleMarshal.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{CAA8F5E2-0024-45EC-BD76-CB446914A78C}\InProcServer32 | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAA8F5E2-0024-45EC-BD76-CB446914A78C}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\notificationserver.dll" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" | C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" | C:\Windows\CTS.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\omni.ja | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\tobedeleted\nseF708.tmp | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\pref\ | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nsz36AD.tmp | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nspB77B.tmp\ | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\libGLESv2.dll | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\libEGL.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\nss3.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\vcruntime140.dll | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\ | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\installation_telemetry.json | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\mozglue.dll | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\notificationserver.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\ | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\nssckbi.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\freebl3.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\platform.ini | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaultagent.ini | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\gkcodecs.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe.sig | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\private_browsing.exe | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nseB78D.tmp | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\xul.dll | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\locale.ini | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\plugin-container.exe | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nss3.dll | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\firefox.exe.sig | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\ | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\install.log | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\ipcclientcerts.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\platform.ini | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\vcruntime140.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\wmfclearkey.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaultagent_localized.ini | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\updater.exe | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\vcruntime140_1.dll | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\CTS.exe | C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe | N/A |
| File created | C:\Windows\CTS.exe | C:\Windows\CTS.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\Colors | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\Colors | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000\Control Panel\Colors | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\shell\open | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\ddeexec | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\ = "Firefox URL" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\FIREFOXURL-308046B0AF4A39CB\SHELL\OPEN\DDEEXEC | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\URL Protocol | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\shell\open | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\shell\open\command | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Interface | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\URL Protocol | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppUserModelId\FirefoxToast-308046B0AF4A39CB | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec\ | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,0" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ = "ISimpleDOMNode" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec\ | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\shell\open\ddeexec | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{CAA8F5E2-0024-45EC-BD76-CB446914A78C}\InProcServer32 | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,1" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\FriendlyTypeName = "Firefox URL" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\FriendlyTypeName = "Firefox Browsing Protocol" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\EditFlags = "2" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,0" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\ = "Firefox Browsing Protocol" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\shell\open\ddeexec\ | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\command | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAA8F5E2-0024-45EC-BD76-CB446914A78C}\AppID = "{CAA8F5E2-0024-45EC-BD76-CB446914A78C}" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\FirefoxPDF-308046B0AF4A39CB\ = "Firefox PDF Document" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox-private\FriendlyTypeName = "Firefox Private Browsing Protocol" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppUserModelId\FirefoxToast-308046B0AF4A39CB\DisplayName = "Mozilla Firefox" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\ = "Firefox HTML Document" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\firefox\shell\open\command | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\command | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec\ | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAA8F5E2-0024-45EC-BD76-CB446914A78C}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\notificationserver.dll" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\FirefoxPDF-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,5" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\FriendlyTypeName = "Firefox PDF Document" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\FriendlyTypeName = "Firefox HTML Document" | C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\CTS.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe
C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe
C:\Windows\CTS.exe
"C:\Windows\CTS.exe"
C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe
.\setup-stub.exe
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe
"C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe" /INI=C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\config.ini
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe
.\setup.exe /INI=C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\config.ini
C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" install
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CB
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CB
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CB
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask install
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask install
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 2236 -prefMapHandle 2276 -prefsLen 23610 -prefMapSize 244606 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e5e6ceb-41af-48e4-85fd-afcb99206a96} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2180 -parentBuildID 20240401114208 -prefsHandle 2220 -prefMapHandle 2264 -prefsLen 23610 -prefMapSize 244606 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e1d0957-677a-4f3f-b4cb-a9c307769b99} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 3196 -prefsLen 21630 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7394040-649f-46c9-8123-b299cebf13b3} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3628 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 23726 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc22fe3f-3609-4a8d-bf04-29ab7cb6f285} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3548 -childID 3 -isForBrowser -prefsHandle 4080 -prefMapHandle 3864 -prefsLen 24751 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {471ee952-91e2-4c11-8254-9acb43f26d1e} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2192 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5056 -prefMapHandle 5064 -prefsLen 29225 -prefMapSize 244606 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {035547c0-d55b-4abd-b239-92e1f1db9abe} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -parentBuildID 20240401114208 -prefsHandle 5468 -prefMapHandle 5452 -prefsLen 29225 -prefMapSize 244606 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbf15c09-0b3f-4651-9254-d5f209f17e1f} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 4 -isForBrowser -prefsHandle 5672 -prefMapHandle 5680 -prefsLen 27044 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ba5caa7-a0e4-49e7-9e66-e358665b4e99} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5868 -childID 5 -isForBrowser -prefsHandle 5876 -prefMapHandle 5476 -prefsLen 27044 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4db53e51-8559-4f2c-a703-604071c34fee} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6040 -childID 6 -isForBrowser -prefsHandle 6048 -prefMapHandle 6052 -prefsLen 27044 -prefMapSize 244606 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cfc9332-8b86-4748-ae9f-856e07c776f5} 3436 "\\.\pipe\gecko-crash-server-pipe.3436" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.97.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | product-details.mozilla.org | udp |
| GB | 18.245.143.32:443 | product-details.mozilla.org | tcp |
| US | 8.8.8.8:53 | 32.143.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.mozilla.org | udp |
| US | 54.163.103.50:443 | download.mozilla.org | tcp |
| US | 8.8.8.8:53 | download-installer.cdn.mozilla.net | udp |
| US | 34.117.35.28:443 | download-installer.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 50.103.163.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.35.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.33.115.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.110.86.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.122.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.108.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 8.8.8.8:53 | 123.208.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download-stats.mozilla.org | udp |
| US | 34.120.208.123:80 | download-stats.mozilla.org | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 52.10.78.57:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.78.10.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 37.158.120.34.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| N/A | 127.0.0.1:63571 | tcp | |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:63745 | tcp | |
| N/A | 127.0.0.1:63973 | tcp | |
| N/A | 127.0.0.1:64008 | tcp | |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| IT | 92.122.225.225:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.225.122.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-aigzrn7d.gvt1.com | udp |
| GB | 173.194.138.202:443 | r5---sn-aigzrn7d.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-aigzrn7d.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-aigzrn7d.gvt1.com | udp |
| US | 8.8.8.8:53 | 202.138.194.173.in-addr.arpa | udp |
| GB | 173.194.138.202:443 | r5.sn-aigzrn7d.gvt1.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 52.24.13.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 216.13.24.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.173.189.20.in-addr.arpa | udp |
Files
memory/1460-0-0x0000000000060000-0x0000000000077000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vYSocYY9xD9bpEX.exe
| MD5 | b1ec7bff4192f75a0a53608047a190e9 |
| SHA1 | 7686a580333e8d60e1806418c8467e85beab4d2a |
| SHA256 | 134e9f12545c3300eedc7a5644c28f390e00918a15fbcf2143492810ab4a5474 |
| SHA512 | 2af2d71ef3f292888adbe9836ae8bb3b1a8f99f4c95be0565515adf544c989e4ff722342721500b0aefc5f57178a1de9a916c4096c3f6722b42dcd0063cd6067 |
memory/640-5-0x0000000000400000-0x0000000000443000-memory.dmp
memory/1460-10-0x0000000000060000-0x0000000000077000-memory.dmp
C:\Windows\CTS.exe
| MD5 | 0e7e453ad39d8ea670bd958e9f9e4999 |
| SHA1 | 759a278aa63f98ea495c3f5f829f52d2b26885ba |
| SHA256 | a4bda0a7d0dbc07eb77195771d9ccdeb18d2d2e4d7c5a7e7028e771c6f567428 |
| SHA512 | 53803908c638e19b033ea1d190474a3f22c38a97b73fae77f5fd9b9287309918268522003aadfe34b42cbbc7428043712ff8f3ef191a14739031f231092e538d |
memory/4592-11-0x0000000000CD0000-0x0000000000CE7000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
| MD5 | b42e90b72182b75cd2c926f1bc05b257 |
| SHA1 | e7e5cc010bd1e3dcbe7abc5a4b887dd43f858366 |
| SHA256 | dd1512b56b176cb2c6f40f2baeda7f5521782dd1e0d90ff13eca8fb0a5aab83d |
| SHA512 | 337946d211e4a0a4bf919624b39d001b65045d7fab71c3568d24116c3285f525b3ea880c9f95adbc6a4ab645c2aa4829ffbaeefcfd45099c7543c05afc595586 |
memory/640-22-0x0000000000400000-0x0000000000443000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS0822AD67\setup-stub.exe
| MD5 | 27eba7c268114cde294ba56de94c1814 |
| SHA1 | 0a0bbce1beaadb36e92bbcd1ed7de601e79528c1 |
| SHA256 | 958aaac6fec9912ff65b7fa3ee87df665ee38ded11c90222b82efe8569847c9e |
| SHA512 | 5879384d9d22771b96db3b37ff9fb625f5c09ef3aea75919889b4450cd1efaa73c61f017d4a32802acfe8c0c90a1ed585062eec1b1331ac0cef8c45e31fffb98 |
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\System.dll
| MD5 | 17ed1c86bd67e78ade4712be48a7d2bd |
| SHA1 | 1cc9fe86d6d6030b4dae45ecddce5907991c01a0 |
| SHA256 | bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb |
| SHA512 | 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5 |
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\UAC.dll
| MD5 | 113c5f02686d865bc9e8332350274fd1 |
| SHA1 | 4fa4414666f8091e327adb4d81a98a0d6e2e254a |
| SHA256 | 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d |
| SHA512 | e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284 |
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\UserInfo.dll
| MD5 | 1b446b36f5b4022d50ffdc0cf567b24a |
| SHA1 | d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9 |
| SHA256 | 2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922 |
| SHA512 | 04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8 |
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\nsJSON.dll
| MD5 | e89c7cd9336d61bb500ac3e581601878 |
| SHA1 | 45b2563daa00ba1b747615c23c38ef04b95c5674 |
| SHA256 | 431fc2ed27d0b7a1ce80de07989595effcc3ffb1dea1af6c0e178b53f6bd2f1e |
| SHA512 | 09485a354ac4ace6084cb6fcbd92eee8488074763c8443638f78e655e45e8aa0fe40a45d4ce0dff116ed3a4bb7bc4d7d845a6ccf0e0bf35533ce81626a8db06f |
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\nsDialogs.dll
| MD5 | 42b064366f780c1f298fa3cb3aeae260 |
| SHA1 | 5b0349db73c43f35227b252b9aa6555f5ede9015 |
| SHA256 | c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab |
| SHA512 | 50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7 |
memory/640-85-0x0000000000400000-0x0000000000443000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\InetBgDL.dll
| MD5 | 73a0bec837004bc5ae5cd0a5b0d3bcf8 |
| SHA1 | 92cb463841b6adeecb8cc9cc8eb5f39a61dc7edd |
| SHA256 | 0dd38281a824298100b2bc89ee5b8a5c9cd9ec7a3b051dff42037a891fa7c534 |
| SHA512 | f7aa18261fb4ef99b66e9a16e2df6323d34444de84a5bdabd3890154b0207f8509f34f2fe115b00e2396d33df778be6456a7fd754cc00271f8189e5a4420b6d2 |
memory/3324-92-0x0000000003030000-0x000000000303B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\CertCheck.dll
| MD5 | 837429ef2393bd6f8d7ae6ab43669108 |
| SHA1 | bc1a6e461de60db2f3036778c761103c02374082 |
| SHA256 | 9e1831bf44b75980903eff8446960f21ab323b9f8249ddb49519718d873135d5 |
| SHA512 | c9b464377720799030e7303ea98acd38dc56ef0ae613ec540a5d9907d84bb7c455f6e02b38073901ee717bfdbf92137ab095aa9ce047971b6a2e6d3bc9d039d1 |
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\download.exe
| MD5 | 8004042f7b49322c7d9d051c80ba6dfb |
| SHA1 | f74650fe271fdc0242c19c45c38c8613e597db77 |
| SHA256 | f090a655e4973acfa991963694fdacc10547c668b44694aee8664eea24941b67 |
| SHA512 | fc7a5940a0a32ac9fc45771f57e709c3180f3985d59b639b330d458cbccf829b03c3fdeb0015f43ce52605002498a76dbef2e97001b113d6651e779d653f9ea5 |
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\config.ini
| MD5 | ed23468cb20f1f37a967eb26f639faef |
| SHA1 | 5707e3d394b6a3e36e8b1e23317ec115bafa1e9c |
| SHA256 | 812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913 |
| SHA512 | 9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9 |
memory/3720-163-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\setup.exe
| MD5 | 438e90694f02ad259acaf8774d8f044b |
| SHA1 | 0eb161320a765ee7a4ae14faab38d2a88bb34039 |
| SHA256 | 7ea16cb69f17c122427481efd1a09249ccd789caa070fd354c56a25783fceb12 |
| SHA512 | ad2f4e4391c6e709907f15e326dd88f059e66c5ec3ff1eb902177547b378ea28f4d58eeb9feda1b24901b36e8cc016badefe436ab8dfa6d778a095dc4ee5c194 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\System.dll
| MD5 | b361682fa5e6a1906e754cfa08aa8d90 |
| SHA1 | c6701aee0c866565de1b7c1f81fd88da56b395d3 |
| SHA256 | b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04 |
| SHA512 | 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\UAC.dll
| MD5 | d23b256e9c12fe37d984bae5017c5f8c |
| SHA1 | fd698b58a563816b2260bbc50d7f864b33523121 |
| SHA256 | ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c |
| SHA512 | 13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\components.ini
| MD5 | c9b5d86a9a0f014293b24a0922837564 |
| SHA1 | 3cc73b4a30a1a0bfdc6812bbd17994f53eb5db2a |
| SHA256 | 775c85f3552754ad3794b88c0cb6d6fc43d412cd9a87a4b9e847386a5bd0a9c4 |
| SHA512 | 790f365afbe4c5a37dbb56443d38f0c439eadca002e4001d373d6db8c1d80c4adacf3749e9d210cd0316381682fbbc46616a3fa36581c7ea6f5ce69119944b62 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\options.ini
| MD5 | f50ac2442dddb1ec2bd0dd5410fcfbb4 |
| SHA1 | 13a4a1dbd6cad83aa6e5d9043b6d98e1bf4ec371 |
| SHA256 | 89b31e3fe0c4390d252a686512bacec6f53e3f4da6d1f12bca2866d4ba37d021 |
| SHA512 | 697bad94809681055d19fb03f8979c79bb948bd01888392a0fff37b30fc87f965e7f716c0c28de6df6746518a5d5c26006e3a313eecbc6f8bdbed25d39d6f8a2 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\shortcuts.ini
| MD5 | 71851e095439dfcac9099254c0881673 |
| SHA1 | d31c9dfade1d31b937872dd6a8761c4c117ef588 |
| SHA256 | 97ef03760837f339242d39927e0f9fa046669ed66b9a413b853ea8b6450ebfc4 |
| SHA512 | 1025ff9cfed7f064670b43b401f80a2a805354cdd0f3a348c3935e15e08d67d9fb05d028b259a66003403425d842d5f10aa88e9bb57563765cecb91e85ab6c18 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\application.ini
| MD5 | b88b39cc6f0db319089ce85abc86bad3 |
| SHA1 | fe60addd45fe721a0bbb79fb12b5be85a471ea21 |
| SHA256 | 52380c119d09bde2b00e375c32621aff55a676e07aaf88c604ac5c68f664ee25 |
| SHA512 | f4af28f15b8ec3b363deddf126d6e34692a74d29b8b2c908d41672e23c17925f7131401dc2efd84c6962c5e7ec9241967946dc36bfb3501edd2c79dea7d67fc5 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\freebl3.dll
| MD5 | 079f48ed995b415d79f99d7f5facacc2 |
| SHA1 | 06eff6d1482c5a35a85a82dd37660b237e5e76b6 |
| SHA256 | f5465f6b92a425a2a8e42726976a435cc5f7ce93a2dccc670dce597db26962df |
| SHA512 | 9a1366aa0c744492bd40a8b9b225946017f3db76a7f6e75dca8006dc220f78b3db7338feffa2b8f3d55a5de42b4811250297d6158270925b4baf5b10f172aad5 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\nssckbi.dll
| MD5 | e96c86eba0f9fdc4582dc0e3b9b0e5b2 |
| SHA1 | 65279d8939a18620751ecf4ebf3715aeee8a5331 |
| SHA256 | 5fda066b1a6bab8a3d432a3e5e3d8a886a9488db8ed2b9f2afc55c7e0f38428f |
| SHA512 | f4212fc7b64a5f5632ddb73105334a5f43f05a65603b55bc248434ac21927942b9fb5d7af3a2e03061604e95505976e268bb6583be748e067dbd4ff3b570f135 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\nss3.dll
| MD5 | 070429099820a3995b316e8888f7a468 |
| SHA1 | 63116279af074dbdcbf71b198c3fb058a8c37fe1 |
| SHA256 | 0340a6ce301d24548dff25dd09869b73cba87c77d84ca1c5a025ea9f90df6ddc |
| SHA512 | 27d80d6c56cc9fde8268350f64d4fdb7b5181865060e80f33f0bbe71d0a0718fb5874435aaf89f02b9f5ef2163564d2ec7b1502926a84dc85ca1f3dd3f20c127 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\omni.ja
| MD5 | 1ee45c37aa44ab50a80aef6b5b373bf7 |
| SHA1 | 282e6eac2881dc6f474f279c1f14b5de3a0bec18 |
| SHA256 | ec10ce99a9ce2ef6223b4ef004977e9abfbd0140581e403965f4e686da4674e3 |
| SHA512 | a342bcb0bf699dc1aff6344d2fb4564d026c1de03036ae6d3b90059a7fb6fb8473ee59c98815745eee5327db0b1c8ef845022179f8634381f687f28208485659 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\precomplete
| MD5 | e5cc0a1ba04481c6c564661a2ba54b66 |
| SHA1 | 2dcfc5beed8308fe6f90613a49f2332f7dc5bf68 |
| SHA256 | f2a7800d0be7e010d58c7ffd8a8e40af4314aa2002d1db80a22d8f94d36bc6cc |
| SHA512 | 50e057a3f3478b98b2988c9f2bcd79f83b89d578838db5c2339b9774adae5b1cc41d19646f643818b80cd37120c5fefd0f6e04fee5d3d50c7bdf2ba769ad5297 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\plugin-container.exe.sig
| MD5 | be706f5b8fe29f1597208c6b2ec5f9f4 |
| SHA1 | adef4ff9de574888ccc9f46464c9cc9ab872d600 |
| SHA256 | 67a1210a34f5ca2fba95b4431fad421943491767bd6edd14aefb0de19825cb1e |
| SHA512 | b34e2c2f9da5b0639d0c42d92ffc3ea2a0026f392c7cc34fdf7147aa987abfca0d1b6ac81bb5edd8f379b4ac73397ec3ee817196f08d770aa6b4f9c2a1120cfb |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\plugin-container.exe
| MD5 | 82ca21464b210f907e27075b9c43f24c |
| SHA1 | 8f7d9b07fa033072e83cf68a9bb3326c5a6d56e9 |
| SHA256 | 8e9ca7f8b64b537a324f73f392461c159ef0ae3e540977642f6ea0462b877cb0 |
| SHA512 | 2f77e5e7c8734d360fbf4870da73fb55fd3e78134f3c9c4620d5dee315cf34fc5365a3a5ccef68e52a8fbda590f9dd1ac48f4dea7ba780d8948b95e085244112 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\platform.ini
| MD5 | 1a622984199574cc7162a341f0348d57 |
| SHA1 | 54ab96c39b9da2dce2505dfe6d13a4c4fb901c5c |
| SHA256 | af70dfd1aa8fcc9cb5ccefa17a9e23d21f822fc038e90e60f95c4d53f2db4cfb |
| SHA512 | 5b1175ce4ec42ad6664dc57024850891d6dfa9e43daf5ae2f6d2553c37df12ccea7022ec5e1c1ad5894a4d43b1780381598a034ed2ba723b9e2c5b1540d602e0 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\pingsender.exe
| MD5 | 69a30d1e4195aff22f15bbc590e9b5e3 |
| SHA1 | 7547128630487c8cb3e3ae03bb58841ea848e94b |
| SHA256 | 08d8cf85c548ac664d6f39d5518bebd41e1a9e5f51153eba33ab91e3da52cea6 |
| SHA512 | c921f78620d8e8c79c82e24fa17997a6a4874b8707ad7ff42dfd22b824a9eae2e3fb43d5c136924295757b27ade4f3e625b8c77d97c91f7fa60519d67a56129b |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\crashreporter.exe
| MD5 | aa9c1de3041eb75aeee90b85ff66c9dd |
| SHA1 | 83cba1e082732d95f278434fd25374104e25c668 |
| SHA256 | 57b8145816b5d189842e350fc030e5a4def3a8990e489aa68dafec2b34e50171 |
| SHA512 | fa75c0de232e497540cce6f27dc0b0457860255a0822a6db297942ae91159dffaf4d35367aabcf9b2e235766a204210afee13e2e00cd0016403956a8a63a78a2 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\osclientcerts.dll
| MD5 | cd0017e6e8286fa37d893ef0fb03848b |
| SHA1 | c19720c3386b3dec6340a5083b8eac99f1365f62 |
| SHA256 | 0cda4d44b2d1764bdf2cf9a3870aad590db3807f5ac398d5eab414450883dacd |
| SHA512 | 8625850a31ea175b026d6d98fb35b6071f2cf4bf64f6f8fe446022bd4e62ad9e572dd62707ba76c6402ae2130af588128476dc15a3d50c2d9a926e069e01791a |
C:\Program Files\Mozilla Firefox\install.log
| MD5 | 6625e51c07830649386336ff4efbff91 |
| SHA1 | b6b42943e3edb03fb5bfb5510128aa6c0e8c4bbc |
| SHA256 | 54f74043b22856e151bae7bbd79b68abd0a4a57d34a0b8a9e25b51ee0e170264 |
| SHA512 | 6493ab372978f336fe5f8279776fafe6dfa46dde1cadbfaa68eb5dd60428f9bcaa548f19b5b1f56492b51bee11a8e095d09bdb5d7815f2ccfd7792e5be20d807 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\notificationserver.dll
| MD5 | 0970c393b8f2c2c66f54c70088a462e7 |
| SHA1 | 67b2e55fd4bb8abdae0084a608c45668289797c5 |
| SHA256 | c7ee3a3f93887c628ce555fe010bb09628710940c903cbde4f2d6faaedc7b104 |
| SHA512 | 1643de027f0f17c0cf821c18f84a546c27e8ef4a1c6fbba10c6f20f2bd64a0de6eedaf15d297b912c4de98e0218b54777b781965b8a615794846c96a69e58c85 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\msvcp140.dll
| MD5 | 0d89995cc45c7eb40e5a7e287506c1e9 |
| SHA1 | 096c27b06ee7fff2bcd290af0264cdafd04cded9 |
| SHA256 | e0a22a594e148fa55ceef3e49969bfa77011a801267a0bd7805b681b593c9d0b |
| SHA512 | 3497c2957d10fcddeec8f312fb15c53f82d770dcc3e771a94daf4f4435c3ddf323ecd33310baaf1ad56673bac7c6268a9ef921d5f32cf7e4a7c9dcb0d8aafa63 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\mozwer.dll
| MD5 | 4c178b42e7ac23c2670f9062140db18b |
| SHA1 | 1866da5ff5ac76b6d48f5cbd906969e44de254aa |
| SHA256 | b80ff8b4a8a53bb5c0b811899005923e57567823914b90c8ebf978be75db82f2 |
| SHA512 | 86147e368d86f927ea203b3dd56c20d516a3598af3e27d4a51dce9b4090f0bc159f92c7182cf2f910034ccfed1c713b7b59db8c650328f79b5783ea01ad9091a |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\mozglue.dll
| MD5 | 82958c604717fc0a15052e03a927cfa4 |
| SHA1 | 829a7eb23147c31d9746ddaa30201b7127515416 |
| SHA256 | 948818942a29cf21260ba389c2fdf3c001d77851500a7124c1f6a3290b8f826c |
| SHA512 | 70e5118dd760e7dc86f3641da57dad00f02b703e53230bc13e0e9e21fddcba75d3e70445d90d9f13988956e4ba20e7b54ebbdaaed18c3e7aa75a4214c2e2aff9 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\mozavutil.dll
| MD5 | a8c59fe48e7534b1f328c6695a3c1980 |
| SHA1 | 50888185b771136b18277d0fa01d34581c63a26f |
| SHA256 | 7bd0afa48888aeaa8c95c43ad50a7c10e569bd270a61122d8d44cfe4f95760e5 |
| SHA512 | 7b410705365c1286c457e6ef009d3232a5eadc45204e1f3a2cb9f3eff1e52dd990cbc850a9b5b377161a591ff66569c768c36336c22c69282108247d85945937 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\mozavcodec.dll
| MD5 | 982f90321a56b53fb89a10df4cebecb1 |
| SHA1 | 679421f5547c6e1c368102db3e2c644a736b3264 |
| SHA256 | 0a39ef94934e5c442c222e3ef3db8f27b40348cff72f0c2b47444f9b79947281 |
| SHA512 | 24c8e0de7404176e4ed2bde53959ed792c79c2919bc779b293b067dfd1fa9880c493a9952ac8b23a8872209b414602f437bd2275f591536fe8cc90b7610148e7 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\minidump-analyzer.exe
| MD5 | 27339083fea7fd6d8363f7fa88ca7b80 |
| SHA1 | 6582a65dc5d306964236ce560a85b6a3826ae9ee |
| SHA256 | f18e014b7127345cd9462e3da9299d3a57fd64dddd60e6c9f088b8b9c30161a7 |
| SHA512 | e9987041bc8a2ed5eadeee525db19e415cd96a19b2a7a4aca1372cbd072c88f64f8fe5ce4b1ebe4ba75f3f436de33173a363cf2a64f459500563cf529894a777 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\maintenanceservice_installer.exe
| MD5 | 6af8db25cd8020149f2185aa5d4f32d1 |
| SHA1 | cbbf719fe0d908ae61786c7ed7a7b07813f525d7 |
| SHA256 | cb1e94285ac672b4184ceecbfcd8da3bb2b535b53ecddd3f94bff702e71cae1d |
| SHA512 | f8444e1da21e8644203fb7bc6232694b0eb971ae846d15e3e79e128c96fed6530ce45b8076f032fc45e3037cf2b8aa119ed0a47f9798e34c900e0efdc3a1a065 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\maintenanceservice.exe
| MD5 | 47b61a3787718ef6e3b0f4867dfd77b6 |
| SHA1 | ca3cc47dbd686fe15a124576192aee45339f1be7 |
| SHA256 | 78d5ba607a68d835f89f6f79b2686d3fb71f6f1e414517acc8435fb02c994d84 |
| SHA512 | 10bb4ef3cb7d17e732e29821deada7fa4883cc45d154b6d28322110102404dfe3744ff79aab7159e6da604bc1c3ac77bc740e1cfd46f8d1a08c48bd7f58d4c68 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\locale.ini
| MD5 | bad74b155b8731bfddb8d54cbd1b0021 |
| SHA1 | 5a4d8b98ae81f75e362d510713e05022be64c60b |
| SHA256 | a4a030b6f430548e5bba3cfc748515d40b72c522a1345957df4ed5f88736013c |
| SHA512 | ebfab2f589390553bd93c1299db8b7a7bfb8b1ac9ac5ce3c2c8d478c79ef8b93d6193f9e739e94f662dfc026cd49b04a8f2fe3ed82dd4bd191d1cf34e1e4501a |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\libGLESv2.dll
| MD5 | b58355070a47e6e3bc71a7a599027d83 |
| SHA1 | 1e73a9f5c9c505b1cfddbb2c6ec6cf97a7948008 |
| SHA256 | 2a4d75ba4b34e2de99429a77737e80541b8f65396048cea6f901e6192d434907 |
| SHA512 | 9ba1e9ad2b54e879d97983738fc816c1de3ec683cfae183b7b269badce5ef88a0dff35dec6074ef0027e0978f1f975b7afa21f18dd9bb37ee9d04ad133bffd1c |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\libEGL.dll
| MD5 | 42fc6c25f845433398e008bf77cb4854 |
| SHA1 | cf25039a0701bc4d4e0fbffc769dbf2a514a7d24 |
| SHA256 | 192b2fbcc598e481616d6dd828d673bb54374173d70e75bd0a212278ac91793e |
| SHA512 | b395693e9d2238cb1854788a196887c5aad3da218ae6547600a94c45801b2ae88b24ba4e5a08085e2d68cc05d459fe377b7b990bf52a5f3c0d05d07045b50f2d |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\lgpllibs.dll
| MD5 | acc604c38015a9506ecd36c535222306 |
| SHA1 | cb6ea3f2b27d0671b3aee0976c0349f618b57165 |
| SHA256 | f2aa7dde0f7178d2fc4684b3aba0489dc6e02cd385c070fa4c1024eb721f187b |
| SHA512 | f56bb190b5f01624a434ee8a891b41df64c2667b7b8b5e4d219784ef1ff70f79b17e3cf00fca8822edb86ab062e4bb21391370826fa77157094fe2e9c35614b0 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\ipcclientcerts.dll
| MD5 | 0fec92b8cc50b4ec4274fc29e8e72c68 |
| SHA1 | 02bd7c081e68005cfc02d3459558f0c981b4380e |
| SHA256 | 9539d62b3888eec11a669e6777702990824409745f9166ce2bd346ad2314eec1 |
| SHA512 | 82bf1e37b44d37fba508a394f70ca9f7bf4e9920535821add189d42e4154945bb0d1c4867e13d20511dc4985db72f5f09a3a4febd6b02f1d3e93cef56ce910e5 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\gkcodecs.dll
| MD5 | 818e5d1e4e556ba76f0f0cb544d056f7 |
| SHA1 | 964b27160a945435c25929503c9f43e091af1c85 |
| SHA256 | 7e2ae1aca6a7a4f7932b52a5a12f7c751ce2e73f6760831d4075d29be846d800 |
| SHA512 | 25f6fa475ed02a3402d4d41eafc86c0dd536fb2f8db26fbf9b9455dccc96fdcad0cd8570edbac3223f3ebec2898034e58a10e4bffd4a1dcb82d5681c5fca48fa |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\firefox.VisualElementsManifest.xml
| MD5 | 0aa43576f0420593451b10ab3b7582ec |
| SHA1 | b5f535932053591c7678faa1cd7cc3a7de680d0d |
| SHA256 | 3b25ae142729ed15f3a10ebce2621bfa07fda5e4d76850763987a064122f7ae6 |
| SHA512 | 6efb63c66f60e039cf99bfaf2e107c3c5ed4b6f319f3d5e4ef9316c1f26298b90d33c60b48b03699059d28b835fbc589417ac955fc45a2bc4c116a5200dfdc32 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\firefox.exe.sig
| MD5 | e8767315c596113a434835809e598247 |
| SHA1 | e0394ea26d12effe0510bbc01e885e80f3b14c94 |
| SHA256 | 2dddb2b97032525224c92af53a0630657e630b075ca1db60d0a9055054a25406 |
| SHA512 | 4ff532f31504a2b097deae3afb4accc55cc6932ab43f53aa67706bfb552058f09fc66ad2ea82f5d6e4d2513647174fb1bb2fa4cae494cd017d0aa4a27c12bf0b |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\firefox.exe
| MD5 | 470443e44566ecfc7ac2ddbec240a73f |
| SHA1 | 27bb8d2fc02cd2bbc184d07357aaa9903d88b425 |
| SHA256 | 006652da0745d8672ec56598368c1f8a4896cd4a0aa5b61499d574870f94b705 |
| SHA512 | 22c9bc36874abb015a7e1a28e26f186f2abbd559aad53fdcf493f2178dbc6cfe5a7324d0acadcf4a641028e61787d2f4237a8c034a3a7a6d0a7162f31e05a618 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\dependentlibs.list
| MD5 | a515bc619743c790d426780ed4810105 |
| SHA1 | 355dab227f0291b2c7f1945478eec7a4248578a0 |
| SHA256 | 612e53338b53449be39f2e9086e15edc7bb3e7aa56c9d65a9d53b9eb3c3cc77d |
| SHA512 | 48ecd83a5eb1557dfabfaf588057e86fb4b7610f6ece119d6d89a38369d1c9426027520ce5b6d1cc79a4783b9f39ac58afb360cc76e05bbe8bbbd5128c5d395b |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\defaultagent.ini
| MD5 | 7a84fd3929948b8c43fa5fdfbf59c64e |
| SHA1 | fb1ce51832cced529f785b8b4a0a6d631625abaa |
| SHA256 | 814f2e58ec2f5f33bbf365f743db28022bd141870b95febf87c0fa042b819106 |
| SHA512 | abe1f6d86bd835940f5e1cda1a7872ba27fe9be48dd53965fd9b8f5f96e1aabc0f8f931c04bb9fc7b0ac11b83cfd4661b67293025485c9cc09df0b171afeb806 |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\default-browser-agent.exe
| MD5 | 4c6887f8c8c66f0b2db5a8b347931b70 |
| SHA1 | 1a71320873155f84de67bc16324c8ca0e503be04 |
| SHA256 | a080df509685780d81ee32d86eac7ab15b5831090678f63b5741b57fd8a9969c |
| SHA512 | 3e1cc423bcde71a24457b5f9756241c0bc0f9b1f434eafc84ec733f124bbcf6f9a1e104caf402ef2d60a96b895842a8e6b18cffc59936e6c4873a3be92cace8f |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\crashreporter.ini
| MD5 | 1b0d446f9d17c1374c81acec9d8d2406 |
| SHA1 | 016bca3d4ee9a0dbb4350ee7a1898779dced6c11 |
| SHA256 | a0cc8cc3287d54d7e23a156256a553792970df9ca57f6ad85dceed32b979da71 |
| SHA512 | 4e7de92579628cf8c31287506d6f3096bb15402ee6d694a72462cbd1f093e7d04cbcc9e13691b94408091e0c5ea8d8c528365a90885b55a126416af37be6979a |
C:\Users\Admin\AppData\Local\Temp\7zS88E738F7\core\AccessibleMarshal.dll
| MD5 | eb0c475124ce894398ead3733efbd451 |
| SHA1 | 5413979dcaaaff24b5d47d2ff6430f229c4abb6e |
| SHA256 | 46b72bd02816965cd29d9c50c6afcd6b75b7a7b278605a1700ecc0a1e1492766 |
| SHA512 | 2bddafc036331a89b5e4d5fce6d1d62805f04f37bdc1dc3a95b4644955a983aefde6a371b8d18f4432882473c907f2dbe55c31f6e47a54006b73070534f3644b |
C:\Program Files\Mozilla Firefox\install.log
| MD5 | 790bf8bf74f75d09d509da7144f3b00e |
| SHA1 | 8cb611cdd1c5e2ab8c4d57de902bc5adbe010e4d |
| SHA256 | 989662ecc5704168de14270edfe99cdced50b2b7f46837f9713c06591ec533e7 |
| SHA512 | 72fcc486f2ffee7a9bca85d0a881cabd3f5359bf5e3a3fa16b6a31c90cd53610148c28a73793bbefdab5e7ecf727e8388c9f9f79e76b3299c6f220929f88d914 |
C:\Program Files\Mozilla Firefox\browser\features\[email protected]
| MD5 | 9fe1653c31c6ff75c906aed024d53b32 |
| SHA1 | d2fc52a9aa47a0fe0099bee9178946210a163031 |
| SHA256 | d9f4c6e6f535d09deec1a58068713cc845b6dbbda2fcf5dc8669f6489bb63005 |
| SHA512 | 8d7fef23d0edad4e8aa64f2f400965565c70d0d1f94d0bdcd14b779fef9192de079c2547c2d80b171e6c9316ab0221a265efb49492bc90d213b64ecde46bb30c |
C:\Program Files\Mozilla Firefox\browser\features\[email protected]
| MD5 | 507739399c82ef6487da73e587423f1f |
| SHA1 | 95177d06563e55f4084504e06e88a1c0f3f52b0f |
| SHA256 | 796ba4ee5430db311dac2e45323c3e71059f23a54ec2d5bea22387f33fb92de7 |
| SHA512 | 6bd0bb547f3bbcaef5db00e554a0b9fb45a78efd01018a4d706bcc94d5566458f931cf954cea22e2674ab2065c72617e49b21f9e354f16109b4b64d4fcd0b4f6 |
C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js
| MD5 | 3d84d108d421f30fb3c5ef2536d2a3eb |
| SHA1 | 0f3b02737462227a9b9e471f075357c9112f0a68 |
| SHA256 | 7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b |
| SHA512 | 76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5 |
C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png
| MD5 | 1a340e565e697e63b5a4ce51f7297119 |
| SHA1 | cdb4ca85700ed81db13b15d4bd5b77d41bb20d34 |
| SHA256 | c4bb210e61cd35f9a0a54fb941ea2e3bf6abde799bea1c78d24c761c9a3bc429 |
| SHA512 | 92478fe26f9ea7454206a3106632534c5608d6940588f01fecfd799de636f11b003ffd1e5c762201f9a14f4ebb7fa6a711d99312b03914de817246a6008c7b35 |
C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png
| MD5 | 8e058139e0576b4ad8d424bb21071063 |
| SHA1 | f584d2412c935aa8a7cf73ecdfaaa6a3cf87c064 |
| SHA256 | e86ee493e89f5dfce2ce8817ac5d1c04d8ba2b07a06ff0f967c0167562510df7 |
| SHA512 | 9ce457aa516fb2d3cb7b4a08f2dd81573de301fefc6ddc877142a35851151407367605f00862fb77067d0969ba745bc6bc612a4440aa3017e508e572ec88f2fc |
C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png
| MD5 | c9ae03c43b67a4e4986518fe3fe29756 |
| SHA1 | 07221e0401f306487504ae9b3c46ef1cb5dec843 |
| SHA256 | adf41380b5ed3f73b8e5fb51f7f33b722f4db4600791cdf92033267c9971c4d5 |
| SHA512 | 0ace7c3cdc18eb1e67971a5acd0a54e1c00d37ac556f8183dccede984cb6520660c9b27064a8ef5f7b706fdabd70e5e424b7b7271ff751bffd997cf2284f9fe7 |
C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png
| MD5 | e9068cd977693bdab242de4280dda725 |
| SHA1 | 35a5c8aee11597ec7cc6adaf15e8673b713d73a9 |
| SHA256 | 1701ff395543f3ad6b25584fa7014073f74949baca0dd2552216f58131328fef |
| SHA512 | 29ebff0f99c9a8f47b8f145ee8d88877b17ae0e3eeed1bc017caa20c68a63166831f5feda768189e837d2390cc80790e3e69aa7ec26bf92da2e90b66e1be3362 |
C:\Program Files\Mozilla Firefox\browser\omni.ja
| MD5 | bf952b53408934f1d48596008f252b8d |
| SHA1 | 758d76532fdb48c4aaf09a24922333c4e1de0d01 |
| SHA256 | 2183a97932f51d5b247646985b4e667d8be45f18731c418479bbd7743c825686 |
| SHA512 | a510a96e17090ada1a107e0f6d4819787652ab3d38cd17237f255c736817c7cfcb3fd5cf25f56d5693f4923375b2ab9548e9215070e252aae25c3528b2186d99 |
C:\Program Files\Mozilla Firefox\browser\features\[email protected]
| MD5 | 2f1bf72ce57bb644dd54e6376dd2fe4d |
| SHA1 | 6013cd2d3613a6b0035920f1da9ec0a4d6dc00a9 |
| SHA256 | 21ce8909c9ac4e076589ea9c8fbcf6b745b485816841131c61575ea705ba0a03 |
| SHA512 | 9fd85ab306bec919defa3454d8d5f6b13230392198174fab8a2f7cf0db67a4dc4fce61c896109a31970a0d585d4db3ce9fd0c76fc7e6359ba873d1cdfe2e26fe |
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json
| MD5 | cffdadfaeeaaf0a5a78e7f9a299aa7f1 |
| SHA1 | 7a8f06d7c91877484301ce8474dfbb1bde08a040 |
| SHA256 | ef47e83036753b53f59d079fef62bfedc749abdbcdb0fe16f448d9920f11114c |
| SHA512 | 5a11e448389326ddbd3be792d9a10ae746c66e4a41f9c96f4979ec71fde385fc4deb205a40f1b4f24415abd9d41c453ca1285f4b813005b1d12a2701f214db85 |
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig
| MD5 | 90808af995ca1107a8499baa48853f0b |
| SHA1 | 407ff7d66143751b9c7483f1cd576c94b2862eca |
| SHA256 | f4c2ac80a8625c5d2c7011fec386218646f233d6a3fedc0988b5438f6ac0cbe3 |
| SHA512 | a63d40dc6eff719feeda08e15578ce455086e140ce5119da6d54fc6a4125487bbd23c92e5368a95520359aa7af508b594824b10f00750e7aadecfa01de18926e |
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
| MD5 | ae165d60948e59a1cad79f1379720fe9 |
| SHA1 | e5b1d608588f97665040eb01f7c9ee2629402906 |
| SHA256 | 37e59b27d822d411166ab33083c246f7409effdda18e0faaf996b4bddf20ed49 |
| SHA512 | abbdfdec889899229b670b69d4f8deb3ed58e0fef514ade2d6677369eab1be8c54bd0183b65f12fc5cca9fabdfaa79f3fbf7ff7baf2e18e1701c697ac504c0b3 |
C:\Program Files\Mozilla Firefox\xul.dll.sig
| MD5 | aa21ae5908b9d7c99ca27e6e422610bc |
| SHA1 | a92909eac34ef5a9f4e3d13962ccc92e2da262d1 |
| SHA256 | eb86adf66e5ad18916f25d1628e5c08888038bd986dedc15c8bcaea80089a226 |
| SHA512 | c330cae1e89617fd485155a093217d7fbd0c9a96f21d4fb3e79a6a5eb16864c8bb2134883faf2121759601253d36774d46ae05f1e9f3769eef72130b7aafecf4 |
C:\Program Files\Mozilla Firefox\xul.dll
| MD5 | 34d104c4f34b4cdc13a71699ee915d17 |
| SHA1 | f059f40abf3f92054665ecb3b43752b2bc399f3b |
| SHA256 | cb28e5d31a6f7a4a1e4b52c49a02236dc0067ac4af7fae33993a28893127dc18 |
| SHA512 | 5da0d21a4573c7cd25a773e3d063227cec827030d51c5ae38c5181606c129c735aa9920e1978855be4499687ca7c7b49ebb5c234da2220caca03915bb868db92 |
C:\Program Files\Mozilla Firefox\wmfclearkey.dll
| MD5 | 110b8aa620a7a58d0ea1b5dcae56ba1a |
| SHA1 | 7beaad4d50673adc5d3feee2a96563de54e96f86 |
| SHA256 | 2785d09d250a9a75c1b9c48cd3cc551bcccae714f022a7f04053d50d52c13c4a |
| SHA512 | 29e78a230b73bf4dd25ada528dc0e86eab9308a620fc999b30d07222119918189c4d5be4d6f4e23eab4848bfc94c057f7190f9f782f6461094231148bd847663 |
C:\Program Files\Mozilla Firefox\vcruntime140_1.dll
| MD5 | 9f4eac207cb58e8d110477e7fd19d565 |
| SHA1 | 687051b863f7a7178cabf9c06ab3b534b1e23dd3 |
| SHA256 | 7cf38d20d00b6640d510eab70171e1c6f8fa2e42040832e17c7433ab61d94a8e |
| SHA512 | 9c5c4499adfc7b61751510f52a1288ff386dd1c1aaf8e8a9660990194813394329f8123f38e026ea10c6e30b4a5506625b9060329d524db68e48f36ab2691a05 |
C:\Program Files\Mozilla Firefox\updater.ini
| MD5 | 7a6cbd521497f6dd382f7b8c6aaa1eb5 |
| SHA1 | a0bccd339f6d045f0aeb4de504398c97c3dc2be0 |
| SHA256 | 531b55d2224efa181b75ed4ceb84e4f854f26c2382dc411945515d57d8df2243 |
| SHA512 | af32b8b1e93c2fc1bb6c7ce0f371c8cedcdcb753393e8cbdf282424935db5f8f04b3468d450edc81ef28d8b4430d8941dacb2d8826d28be9065dc787c53eb553 |
C:\Program Files\Mozilla Firefox\updater.exe
| MD5 | 792c5ab789d8efb1631dfe12fb6e64fc |
| SHA1 | 9337c863c834c8f9e5fdbde04702ab4bdabaa7e4 |
| SHA256 | d3c76e6e1f3e34197d108404fc9c8b6179ab01afff6c6803713d320a3b480ede |
| SHA512 | 18d7a4f77ea238325795ff95b5af1e59104d96b71c98b44f0bc1c246bcf8c0a4389c9d4275ecb62f93bbe82bbd00067af41056bfd121ef441fb3154d51586059 |
C:\Program Files\Mozilla Firefox\update-settings.ini
| MD5 | 1413131f8cfad1e19d299667bf759087 |
| SHA1 | a0435cbf1a2817ec960c56a896d455e78adc226d |
| SHA256 | c18489344fdc21ae366b4d957a0b9f11be772483ca46f9ffab6ed0356f946513 |
| SHA512 | 590b53aff46903b1883c5fb14492ca85db2c6e0e900d0fdf62c3e6da10f1d10c3aa51224dc6db50f4eb12d42de017892f77e91d79aa16fcaefba10b27748748d |
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
| MD5 | cbb81a903dc88f69ff9107f11bded306 |
| SHA1 | 4466021a5d98b59b61c7d45a8f5dd695226b9056 |
| SHA256 | 5719bb2ab3c985570662a12789a2dfd37acd6aa3bb743eb75fa271256455956f |
| SHA512 | 93e8e2e62b27686a2ca2dd4db7ae59349730e233f88ce83fd55969df1b16b9c382751987a76ba6b451bdda2dc080f7cf93a915e2517a783d16018813e3b27d13 |
C:\Program Files\Mozilla Firefox\softokn3.dll
| MD5 | 27d5e11b0d3dfc2b8ed8c2a00a3ee401 |
| SHA1 | 05e0220b0c841b7d7ecf909ae1582438f56d1261 |
| SHA256 | 327ec623b603096fb5abbdf5375bc2e5f3840b5747df2eec9ab78fb17f6decfa |
| SHA512 | c82a208d8328e3bf6c88e46275f4dc0d99ea09e2ba68c17e1a4f0ffff460e2366cbac443cd8209416d52e762455f4686385f9787998b67298527b27fcb852a5d |
C:\Program Files\Mozilla Firefox\removed-files
| MD5 | fefbfac37461bd30e05f5befaa1f7705 |
| SHA1 | 74f9024662db06184e645cab76bfecb0e6897545 |
| SHA256 | 52523da24287c4d459131c2e4818a713a732765e06e9bbba1cf353888ba34f9f |
| SHA512 | 874d6bdef28dea531c858443810d0b026a3a5667e0b9985bce84b7c5ab63d06a015487bd1da2a914d28af7b6568335b1927f9fb9656715947929cd6671ccc4b7 |
C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml
| MD5 | b499ede5c9228c742578086591193efe |
| SHA1 | 18e682ec73ed8fcea99893142fa8b08ee8a32b72 |
| SHA256 | 9ea86a18d41112e25b17454044ac29b458f508d9814700a6f4c0f9370678f3ae |
| SHA512 | b99ef0e9152da3bf6adac5fef67b44738ae7a2d1ef0041786a5700b8389acde7380f1bc9bf1402c7a356f1777aca7c2b05af5ee22b7297bc879fe2e6b9741f13 |
C:\Program Files\Mozilla Firefox\private_browsing.exe
| MD5 | 92da8bfd3c0669c155e7a55d04ed12f4 |
| SHA1 | 5f2d2585cfbdec86880f4137e04400de1e2bffcf |
| SHA256 | c79941fd3e7bd89f2766110158eec79aa3af7620c33606a203cf82c492cc700d |
| SHA512 | cbc733576fce71fe21f21ac8db58a073574a2741205e1c28c796ad27b39ab1c388adfcfa236ddf389aadf9bc807226852202b0bc9e2353bb91406bc1380a8557 |
C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf
| MD5 | aac75d901445bc0419d56e56dbc18891 |
| SHA1 | 3ada434f3a727167ce6dce3b865fa6bfb70ed86f |
| SHA256 | 6d90152ee0d29e82fe2a87793af5aa4b7ad13e6538360889e141e81ed299ee8e |
| SHA512 | 83fd92ff444ab6de18d48997247f49845abb8420a07b74ebc8a65bda8da69d28f87b6abe0f607b2fd7da398dc0f8cbe7fbf655af6d25785ad8b2f1a3afca136a |
C:\Program Files\Mozilla Firefox\browser\features\[email protected]
| MD5 | 3702bd7db59a2feefb35401b32876245 |
| SHA1 | 31e2e408ff9c185001513386fc346f7512effbd9 |
| SHA256 | dd5a380c7f29c8c1db6e7b2071ee550c8a93ac3321c11bda9d0912f176f8746f |
| SHA512 | 0412f029075866af6b6df95b6cc690542504c52af23cc7666b63f53893983d4d14e3729a02c1843f3bce1361d7ed5028bb5d59aa7be4403e8e6c79faf7fadd6f |
C:\Program Files\Mozilla Firefox\browser\features\[email protected]
| MD5 | 3002f01583a526323a8af2528c871719 |
| SHA1 | 468390eb0a1d93eebd2ddc303ed8a03854e99916 |
| SHA256 | 9789afb5305d211676f14025f6afd8c3e731d54edb46b0120f0f544183b223c6 |
| SHA512 | 6425e488e6cd06baec14e711b87809a451cda1429e7298ac0c8acfb9b92f852e36a97f9d459f0305bdc4119ee1517012836893ceccb5e73a9276fe23fd33b616 |
C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini
| MD5 | 9524df130a8e1ab4efdfb32b4e68a7b2 |
| SHA1 | 98593d6520ffeb0c49803dc1ada0ee3131be4c88 |
| SHA256 | 699cb7896b205018db7248a2954d0432022c63957ad3a83ae53711755ad47c8c |
| SHA512 | 9689e204f84bd1ae815a07da860fdb6613bf9c3220e301ce2395e971fca0ef6115b3fd3ab50983e48f49e5a7b2a79b951df22bf9a00a362fa274915001a9fc14 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\ShellLink.dll
| MD5 | fa94d120efb029b43217c66bbc8c650c |
| SHA1 | 1fcf2d76adf69b403b7400681ac91d50ed20385f |
| SHA256 | 5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db |
| SHA512 | 07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158 |
C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini
| MD5 | 4b8dc92a079f224935392f9b5a2dc051 |
| SHA1 | 1027fc1b3e2e8ae78c60bfb25c5c9f87f9b3cae2 |
| SHA256 | 79d1631316cd79bc5127f745aa6707b4445f7d0432b685ef2c3ec3cf3a62ecba |
| SHA512 | ad0186cfc9df574e4a3c7c209b5dc3078fb86f6b1de0008bdede6768ec08d61b20f371d7b2d01dc50aa7d094b150db816358f03fa0d9135ce26d80d8886a1704 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\ApplicationID.dll
| MD5 | fdc0338e6faeaf6f7c271982e103473b |
| SHA1 | 9a41f7932abe8be7e32c6371f085cf14de355d00 |
| SHA256 | a9dad9fdaae93d10dc2ee346b231913445e731049554b8bb1506827e46f8a44e |
| SHA512 | a766eef11db4c94b1445d1cd70cf1d3b6141d6b3973562e9fa8d81c79195886b884dbc9b9f6952f8a6e8619534a6bf2d615d539d2cace9c8843dc19415051cc0 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
| MD5 | 0e7266054d4d65aa8cd5edcf46c3e85a |
| SHA1 | 91454902a025e85c268b321d6996f133529a6659 |
| SHA256 | 1d27b2fa7dc2886d68a1f625f4c0f40da72371beee33abfc7914e981fc01c778 |
| SHA512 | 0e4a5839ec671c83b0d08509fad2d46c848c793639149eac0827e16bbd423763be87af8a4e2daeb25bec12c6d5459be5f6a3a241b916f09448a85b4632faa3de |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
| MD5 | f8f9bbbd1db431d594481a329abbd20e |
| SHA1 | 5c60933f9bf3c76852e31e9623f8dfd820a26efb |
| SHA256 | b65512c87cdaf9beec98ba2ba023e537f74b1fa3944a6ca7db925a1433f9bd64 |
| SHA512 | 0bb634f5c79fd85890dc85b7359cc4236e54ee745ec8db9802196e7ffa3cc927cce29800f4fe95a2686733702d8603c18bd5868253e134f69db701ee82596f38 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
| MD5 | dc40cff9d424c662e83264742381f587 |
| SHA1 | 1c77e6c399cfd887c53bc88dc59e5d9a5ac40699 |
| SHA256 | bb5c1a19575ce286568007d3b954108989a5c24e75fc8d7cfea8c8814798662b |
| SHA512 | 486d754b2e06e2894dc7928a2ae58a2040c5d79838431351d778541d6c25d98e7ec322c8b09f94a1893c9cd1abcaf29bf567a94c00ef2398629e89a08ca90d45 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
| MD5 | 5435316c84f0ec13ce7f068a3ac08304 |
| SHA1 | 5c7e3b3fd6db4c4ccffe8acff8870b41238687ba |
| SHA256 | 8751afd3f3b5baa89824332dca235a5334b336efc23693f69ed913c244b7a649 |
| SHA512 | dcb4710344ace2b4a06aa69f8894ebd763534e3f6c4b97ea94c7023a1b4e8a68d1e4ee6767d5e483db525d0af7e2293d769341170f5f876e89acd59ba959f756 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 96776c00d1e858154ad92da350cfc1f0 |
| SHA1 | 2a90d2aeb670297d714cdd5ae8e41a43bb727474 |
| SHA256 | 124e3194fdb3fb0c63e77c272698591bad164709e77c6783352cc4e0dc07cabb |
| SHA512 | 88a81be04a8494be559ed5c0625937544f8e4794f1d92709fa730c66527b65975579e0adf178a7308457a45b0681fa321ccb9cee45a2e9e79952314cdd7b1012 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | b3651554bb13eeb66af545b57524bbb5 |
| SHA1 | 078f6dc52d03264a8cc65c1a1d8e78c1f3a9be57 |
| SHA256 | 763c6e974ef4b243449528622174d74dd405fc02e465f412bc3dedfd07a06d0a |
| SHA512 | 821825484b595bd83c38e109c8820e0785c979b45738dc5b6686803b127f0734ebe7346c3e293bff6000096fe28307a81e24909bf459c948d788beb15b50abd0 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\fx3y1w2p.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmp
| MD5 | f5f716a69fad93e83f8b6ad38be38456 |
| SHA1 | 00662edbabd1eeac681856375853718898b229ff |
| SHA256 | 091f68fad1fc9b0170aa3ba11ed3ae3a9deb1a392e89c8c7946571ae83846bb5 |
| SHA512 | 77e703a051b9c0d90a606923a52f2eb029b53fd520df1bc9994a729d6286ecdcf7b202fd73ca32946df14716131472c9727c349d97ee19a862a57a3acb611646 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\fx3y1w2p.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmp
| MD5 | fff031c1721915bc9e1111fa65199e0e |
| SHA1 | b8038204092bb786309b39207260b5fa6a3a6197 |
| SHA256 | f842923055682aa026e0328577a4f09563ec9d4bbfa3a87d7e2d0994c4a44f24 |
| SHA512 | 7940c348bd42812c3fdf8be6c5b18d21b2967122abf28a5332746b837a716e9561a9e02a9a81b52962a47907a55a427ecbe0a00e8cb891f1ef3715852de36b15 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\fx3y1w2p.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\pending_pings\d259e2ea-683a-4d44-a2a2-92191d2dcfce
| MD5 | 80f181dc4fff56ce4fd4f9502d5d9c2f |
| SHA1 | 4d447a39bf9f8d509501c30c07c6fb8dd2ba8a3f |
| SHA256 | d099bf26fca06684f6fd1e3cde1aafc11bd236e5a9c2f8ca0dcec818860f4779 |
| SHA512 | 3625893a13a9df92e4cd3d608e5f10029cb83586ce45a30176ae657d72cb184519db518da22eeb2c0af49c5d4360157473c6e2dc8cd12935613ed8a0aa173979 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\AppAssocReg.dll
| MD5 | 012461cad43cc5a871bb2019a461a2e4 |
| SHA1 | 75617dce95008117b5b1bd602bbbe58dfda4e6d8 |
| SHA256 | eeed86addbf5989fe54e862e68e9a287eeaad11b209c26de67ab660b21445e15 |
| SHA512 | f1c42d0703e5c4fafae2fab90a7c23499e8b72f9e04ecc10602d1c48ca08781000cda36af86577b3e2380684ca442db54668f390822f3590b6dca6507e80fa2e |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\AccessControl.dll
| MD5 | eb7a540d0d2e28f6bf524d2cdbe0f478 |
| SHA1 | 76204991c60913cffeba5595033c4f79e1e89bd8 |
| SHA256 | ef4b548b27a6edab3bcb25cff0598918c645795850d62f232909dee851e04c6d |
| SHA512 | 947132d07f7875dc99fbe8a87757f6efee0a8c6271f8a3bac6747f9f4f60ed7e203e28a588db8c55ee898ba8f3dcf640f6562c49c45d6c6d8fdbe2d2309b9984 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\liteFirewallW.dll
| MD5 | f31ba98a8d87faba153eea134968c854 |
| SHA1 | da0865cc1a86a39367f22897e1f9fbf4fb1f804f |
| SHA256 | 708fb54cffb6aea3547fc5ac745d1435ecc814df563bef59ba7a94f57d082bbb |
| SHA512 | d991a2dd5ef537b25898afd7b7e73274a3cb8e6f5fca1621af22ee2761b82baf220aecb0c84434566742e2ab00b2f57a3740ce9831e76d4e1829bac3e044c8e9 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\nsExec.dll
| MD5 | 0e584c7120bd474c616013c58d51dc6b |
| SHA1 | 0bc980892341b52985d92fb3d8fbb6be77951935 |
| SHA256 | 7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391 |
| SHA512 | aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\ServicesHelper.dll
| MD5 | b9e8c2212ac8dae4b0eaf97c048529fa |
| SHA1 | 331d172323480b0518abdb0cc9e256dc7f46c357 |
| SHA256 | d6f6758adac2c073bec481e8de762af3a5574789bce3f43de02356afc9911e0f |
| SHA512 | d93aa032e27c8268a4f6883711cf41f7ee2b5d33673a26d78db24456f2c548af39b7b98ed4b4737245c278d524fffb3e4bf708b6815dc866acd371427ff6be96 |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\nsJSON.dll
| MD5 | e832077eaee06f3b2ac9a8d2e7264567 |
| SHA1 | decbc329257c9c7fb67d3c449b4c5dfc1f87471f |
| SHA256 | 705f4947fb94254c4e5084e6a962045f6a4e790dfc1ecf59cd0fc3feb38bcbbf |
| SHA512 | c1bada98c52ee2318d23c48fe202380eb42c5e1f18226cdc017f264c8c34f548bfe4d9b6eef13caae69ba321a71b199431b249fdec65f8bb1c386810932ccf6a |
C:\Users\Admin\AppData\Local\Temp\nsu368D.tmp\CityHash.dll
| MD5 | 2021acc65fa998daa98131e20c4605be |
| SHA1 | 2e8407cfe3b1a9d839ea391cfc423e8df8d8a390 |
| SHA256 | c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14 |
| SHA512 | cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948 |
C:\Users\Admin\AppData\Local\Temp\nseB73B.tmp\bgstub.jpg
| MD5 | 49de6374f83191fde6836418fc489837 |
| SHA1 | 7662e9717a996101559db15c16573a81e99de833 |
| SHA256 | 04009456682876f46abfec45f629f1d85dd518f05a84d8d4700b56f2060fd071 |
| SHA512 | 0a272b0b73da08069793398e6e36b45f8e3c7cd8e2b62dafb42e79c194041df8b4fee1c312cea76c86a51c7557ffe8cb2f4b6b110c6e70ee66112d76ae5fbe81 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c933a43c1d6b70235898ddf52a88ebee |
| SHA1 | 408ff037333666f6024aa70434c3b3843a3385d2 |
| SHA256 | 54f69be880c530c91845fe663894c02393f10178f7aca995b6d83d1770b9eba9 |
| SHA512 | 94bb3f82b482cd1e2c9021736b790a480a4982a9382eac4e0418bbe199d962a320a386585523b4c09a82cdc8dadccb2ee8e3f3712e32b4e962461f5c894c1270 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs.js
| MD5 | a1b87238cbe1560bdbd640b39d290210 |
| SHA1 | 2842e7f9ea0e5729a98c963af116571a8d0cf5ca |
| SHA256 | 7bccbf773659527354a49f2382ebcf6813f9070fcc7caa4c88a2464e2db15632 |
| SHA512 | e6ee487d6b7d119ec55191199c03aba596a842cdd922355193466d5cbd7ca8790ad5c6e27bfe761640f7456d152d4e74b67b74b4dcce15f0ccc39c98c46c2a3a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\SiteSecurityServiceState.bin
| MD5 | 62cadebcb5671909c9a695bc86e3458f |
| SHA1 | 2c0cd4cbd4075f6119515a8816f89469554b978c |
| SHA256 | a315b4fe3027ab8756df3ef34377b11129022c18be42a54dd8edfc2607138c0d |
| SHA512 | 2033716caec117795119ab6dafb5133066cb34f7446aa7e82263024d04c8b8816d1bd56d06e7596996b1de724ff5dab5f560bce2c1b2151278f58a6a77e3afb3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\5062e3b6-032a-4ec8-80eb-2918bce7352c
| MD5 | f4ca2f45c5bfdbbb3adc32ebee9f45e7 |
| SHA1 | e0087cb6d3243f6023a3d70312ddc0b2e1877f3c |
| SHA256 | 3734bd0d350ac79dd04efc9d0362f25e5755306c78a0081bdc04baae9b6d3b73 |
| SHA512 | 74c7e20592c86110b38faca6ea7586470dcb49cf5f5e01fbe58950f091e2fd6255460080593e5209f9f4cda53b036cdca05c58e0936774f71d6b77bc088b57ed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\caed78bd-73ad-487d-80e2-b45c43ec9924
| MD5 | c10e0394d7a2e2c5ab8e833a8745b6d0 |
| SHA1 | 35cf4a8708a2086c7d50caddf98e0a6d14d2971b |
| SHA256 | 4258973956816f019186e3a9d0d9be5836449b4204ed52de02f361c04a04f10d |
| SHA512 | a1261b9fb057a4b8fcb1777a1b3cbfc211844df96b05425810b7cd377565932b8bcfe1b0a03e82b135042a91a2d122715ac5832c90ebef1ebaa000e2762f467c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 3c106007357dad2257eacf148d2726ba |
| SHA1 | 1020e17cce8351ae8f6a5ab438383d4840b1bb6e |
| SHA256 | fd3195cf47e24f27abe4de6c601df6a88badb59a501fb4318c5743d9b53bf469 |
| SHA512 | 8b08ef653d0a466eda7fac9156595e94db77395e64b79198d5492d96116e2a6f9a3d6f15e1b92f4355c56f252063103841f50f7254258f8cc6c93bae6c281ccf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 22df744d8c5be26828393271bdd61ded |
| SHA1 | ea597487ec0dac4473edae6d34889c467a043508 |
| SHA256 | fc7a370b9b853c1308bb66cffb7adc1a86de611298f563a897b4857bcdedd087 |
| SHA512 | 3732937e2e4a5f8e1a50b700025ad16cbda284629606796b30c237c71c7b0243f083e406b3451258b820df771d99a932acc6ba0dec4c1b85dfc0dd7f782c92fa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5286b4f520990be877ab1b7c96488576 |
| SHA1 | 00bd85c22a1a993097592401ddb45607d9eb228d |
| SHA256 | bc5d478ad9ad8448c89b121ec625de7f01f2598fa7b19b67d0fe67ee7f7761b3 |
| SHA512 | 116010807d0a94ada61c46fa31d8faece4d7b9565558a155f75f19a8691e2955caf8252801d04507f3df7378b06e2e66ecdb5f692009eda471314d4779689e9a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js
| MD5 | 05177bb961ab4b96f2ba8212c26393d6 |
| SHA1 | 999a195a03f58cc570e777b7504d8fa077725fbd |
| SHA256 | 7920d2458141b7d218ac52eb472bf98109db501f5cadcb71f28c26bc3a3663ca |
| SHA512 | 2b5e7ada34089511494d74de7c71a572a27e3f9744392b8ec01bbc1df2b0486e0f5ed707bbb5dc6fc69c5e4e6bc129d961511dc28e99ff028076d76ec34811a2 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js
| MD5 | bd8e51d970eb09e182ba728fcc36c247 |
| SHA1 | 0282a741940b37481b689554000b916496c7849c |
| SHA256 | 9c2a8f0bdf1b7f61567fd388d95028af9b0fe2579ed586dc234917eeabbe5d38 |
| SHA512 | 4884fbe15e870b52226fa245b47b65d917d1511af8b067f90694ba5a732ac3ef247328efb8402da0f60e6812f1bafe5126b53e17f897d92ffb18ed2526377890 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\extensions.json
| MD5 | e497012e371990db1eabb96526438b3e |
| SHA1 | 25c3e87fe2969cf2725ce35d5fca89fb160b8ba7 |
| SHA256 | 73670e8ef60adcbf86b4d70fea92025056b4c703c5c9a5dac36613d620674fcd |
| SHA512 | cf3988d7d733ea29088da8c706442cc31af1053e5e2b590c0934eeb4feb290ee33bcf1bbea3812a49b3ed679d0e01c7b89c17ca21dcf70a47add939db103b389 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-03 19:11
Reported
2024-04-03 19:13
Platform
win7-20240319-en
Max time kernel
150s
Max time network
124s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe | N/A |
| N/A | N/A | C:\Windows\CTS.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" | C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" | C:\Windows\CTS.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\Accessible.tlb | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\ | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.ini | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\removed-files | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\mozavcodec.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\osclientcerts.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nst3641.tmp\ | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\omni.ja | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\minidump-analyzer.exe | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\application.ini | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nst3640.tmp | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\mozglue.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\lgpllibs.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nst3642.tmp | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\msvcp140.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\mozwer.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\libGLESv2.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\AccessibleHandler.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\install.log | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\helper.exe | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\ipcclientcerts.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaultagent_localized.ini | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\pref\ | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nss3.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe.sig | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\mozavutil.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\ | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nst363F.tmp\ | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\tobedeleted\nsj66E5.tmp | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\ | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\ | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nssckbi.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\dependentlibs.list | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.ini | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\IA2Marshal.dll | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.exe | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\pingsender.exe | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\CTS.exe | C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe | N/A |
| File created | C:\Windows\CTS.exe | C:\Windows\CTS.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a529a2e22ae42f4084bf8a2f7b0415b2000000000200000000001066000000010000200000001aa7fd43e1f9ab31d2256b2236f4e0ac5fb29c5784340ebb8f142cab04fcf296000000000e800000000200002000000095d074ce56df61afa63a03cb676345411a4ab21437ea483d85b808b0998a809e90000000be9f51daa51fbd892e747f1c4386368297778a4b725b9580b1563a72d915f9b7d5b427e4a6a18dba809278b0437c5ceb1cc616e0eb2ec68e18fe80dc43848c17ba939e251207895aef7d5d43ca406cbc4dad5e755e0222346aa82026fb2fb09fd3eec468dbdaac948e1e010b63351dc26c8082fc17b65d7b8c371454eea332bb655eb65265e1b77c47ca4d9dd44d4238400000004ab8e96c5e1cf7fc6ad38db0b08a554344580a3c3179403282680aa9ced1b733c4159e78f3d33fdce2564ebcc13c4e53f11b854204a8900fb418a9a51e6f80c9 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70b133dafa85da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a529a2e22ae42f4084bf8a2f7b0415b200000000020000000000106600000001000020000000a3b9cb0792b0cf5803f40cba4e8efdf859e1ff40387120960b0877c8f97230f5000000000e800000000200002000000046c7744dc67087496bab75f70f4701c8bdec7019a98939f9241a8f50d161982520000000c6ccaac5fee01baca4def92cfcb9b4cb058eddff941ab0ba6529e6ac3089d3b140000000e142755a6fe86175a7c10c164f45c6ab9b9dd6610e4c1dd4a15827bd519c42b8c600d372ce06d304f430dba48e6e0f111e3a6c5415baa9d90cec39890e1b3a11 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{03B6DBD1-F1EE-11EE-B33F-663D173F3824} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418333375" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2610426812-2871295383-373749122-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\CTS.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a44888f03675f69a357d19adbcc220ae_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe
C:\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe
C:\Windows\CTS.exe
"C:\Windows\CTS.exe"
C:\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe
.\setup-stub.exe
C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe
"C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe" /INI=C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\config.ini
C:\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe
.\setup.exe /INI=C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\config.ini
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.mozilla.org/firefox/system-requirements/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | product-details.mozilla.org | udp |
| GB | 18.245.143.32:443 | product-details.mozilla.org | tcp |
| US | 8.8.8.8:53 | download.mozilla.org | udp |
| US | 44.209.165.254:443 | download.mozilla.org | tcp |
| US | 8.8.8.8:53 | download-installer.cdn.mozilla.net | udp |
| US | 34.117.35.28:443 | download-installer.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| GB | 143.204.72.186:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2972-0-0x00000000011C0000-0x00000000011D7000-memory.dmp
\Users\Admin\AppData\Local\Temp\F4pUjWsrtzpIGKV.exe
| MD5 | b1ec7bff4192f75a0a53608047a190e9 |
| SHA1 | 7686a580333e8d60e1806418c8467e85beab4d2a |
| SHA256 | 134e9f12545c3300eedc7a5644c28f390e00918a15fbcf2143492810ab4a5474 |
| SHA512 | 2af2d71ef3f292888adbe9836ae8bb3b1a8f99f4c95be0565515adf544c989e4ff722342721500b0aefc5f57178a1de9a916c4096c3f6722b42dcd0063cd6067 |
memory/2972-12-0x00000000011C0000-0x00000000011D7000-memory.dmp
memory/1680-14-0x0000000000400000-0x0000000000443000-memory.dmp
C:\Windows\CTS.exe
| MD5 | 0e7e453ad39d8ea670bd958e9f9e4999 |
| SHA1 | 759a278aa63f98ea495c3f5f829f52d2b26885ba |
| SHA256 | a4bda0a7d0dbc07eb77195771d9ccdeb18d2d2e4d7c5a7e7028e771c6f567428 |
| SHA512 | 53803908c638e19b033ea1d190474a3f22c38a97b73fae77f5fd9b9287309918268522003aadfe34b42cbbc7428043712ff8f3ef191a14739031f231092e538d |
memory/1896-20-0x0000000000200000-0x0000000000217000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS096DE926\setup-stub.exe
| MD5 | 27eba7c268114cde294ba56de94c1814 |
| SHA1 | 0a0bbce1beaadb36e92bbcd1ed7de601e79528c1 |
| SHA256 | 958aaac6fec9912ff65b7fa3ee87df665ee38ded11c90222b82efe8569847c9e |
| SHA512 | 5879384d9d22771b96db3b37ff9fb625f5c09ef3aea75919889b4450cd1efaa73c61f017d4a32802acfe8c0c90a1ed585062eec1b1331ac0cef8c45e31fffb98 |
memory/2972-17-0x00000000000B0000-0x00000000000C7000-memory.dmp
memory/2972-6-0x00000000000B0000-0x00000000000F3000-memory.dmp
\Users\Admin\AppData\Local\Temp\nst35F0.tmp\System.dll
| MD5 | 17ed1c86bd67e78ade4712be48a7d2bd |
| SHA1 | 1cc9fe86d6d6030b4dae45ecddce5907991c01a0 |
| SHA256 | bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb |
| SHA512 | 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5 |
\Users\Admin\AppData\Local\Temp\nst35F0.tmp\UAC.dll
| MD5 | 113c5f02686d865bc9e8332350274fd1 |
| SHA1 | 4fa4414666f8091e327adb4d81a98a0d6e2e254a |
| SHA256 | 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d |
| SHA512 | e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284 |
\Users\Admin\AppData\Local\Temp\nst35F0.tmp\UserInfo.dll
| MD5 | 1b446b36f5b4022d50ffdc0cf567b24a |
| SHA1 | d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9 |
| SHA256 | 2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922 |
| SHA512 | 04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8 |
\Users\Admin\AppData\Local\Temp\nst35F0.tmp\nsJSON.dll
| MD5 | e89c7cd9336d61bb500ac3e581601878 |
| SHA1 | 45b2563daa00ba1b747615c23c38ef04b95c5674 |
| SHA256 | 431fc2ed27d0b7a1ce80de07989595effcc3ffb1dea1af6c0e178b53f6bd2f1e |
| SHA512 | 09485a354ac4ace6084cb6fcbd92eee8488074763c8443638f78e655e45e8aa0fe40a45d4ce0dff116ed3a4bb7bc4d7d845a6ccf0e0bf35533ce81626a8db06f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3B0B.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eba1aada17d2146250ae58125122c3ec |
| SHA1 | fb70af0a13cf533429cecd0b082bd8a17348a590 |
| SHA256 | 06832822139e5b1ad229fa77580de520f3ab68210f753391cb7d33e0e093ae32 |
| SHA512 | 40022b2ac8f7d3d4ac2441a66b83ca586732f205812bb9b29579bf2bbdb30e4f04ba24db2060cfa49cc39b5ef249bf21be0f7052eb071d456a03639510888856 |
\Users\Admin\AppData\Local\Temp\nst35F0.tmp\nsDialogs.dll
| MD5 | 42b064366f780c1f298fa3cb3aeae260 |
| SHA1 | 5b0349db73c43f35227b252b9aa6555f5ede9015 |
| SHA256 | c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab |
| SHA512 | 50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7 |
memory/2520-218-0x0000000002870000-0x000000000287B000-memory.dmp
\Users\Admin\AppData\Local\Temp\nst35F0.tmp\InetBgDL.dll
| MD5 | 73a0bec837004bc5ae5cd0a5b0d3bcf8 |
| SHA1 | 92cb463841b6adeecb8cc9cc8eb5f39a61dc7edd |
| SHA256 | 0dd38281a824298100b2bc89ee5b8a5c9cd9ec7a3b051dff42037a891fa7c534 |
| SHA512 | f7aa18261fb4ef99b66e9a16e2df6323d34444de84a5bdabd3890154b0207f8509f34f2fe115b00e2396d33df778be6456a7fd754cc00271f8189e5a4420b6d2 |
\Users\Admin\AppData\Local\Temp\nst35F0.tmp\CertCheck.dll
| MD5 | 837429ef2393bd6f8d7ae6ab43669108 |
| SHA1 | bc1a6e461de60db2f3036778c761103c02374082 |
| SHA256 | 9e1831bf44b75980903eff8446960f21ab323b9f8249ddb49519718d873135d5 |
| SHA512 | c9b464377720799030e7303ea98acd38dc56ef0ae613ec540a5d9907d84bb7c455f6e02b38073901ee717bfdbf92137ab095aa9ce047971b6a2e6d3bc9d039d1 |
memory/1680-238-0x0000000000400000-0x0000000000443000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\download.exe
| MD5 | 1e27e7745bba839a11fde43ee09614fb |
| SHA1 | 8ea7d0013e5f4327adef0384427f14adf8d2e9e6 |
| SHA256 | 3d60842520fdca462a8c9e3c998eb2e3a267dc801af1100953910038b0da0906 |
| SHA512 | bce358d57a36bc1d9326f944b7aa3b3f59c3174b8a5d4c7e2ee7b4fe90b1ac3cfb49e79ffb68564359680f6920cf32ac889252aff2a13424bc252d412504f40e |
C:\Users\Admin\AppData\Local\Temp\nst35F0.tmp\config.ini
| MD5 | ed23468cb20f1f37a967eb26f639faef |
| SHA1 | 5707e3d394b6a3e36e8b1e23317ec115bafa1e9c |
| SHA256 | 812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913 |
| SHA512 | 9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9 |
memory/2520-282-0x0000000002B90000-0x0000000002BD6000-memory.dmp
memory/2972-312-0x00000000000B0000-0x00000000000C7000-memory.dmp
memory/1416-315-0x0000000000400000-0x0000000000446000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS885AF046\setup.exe
| MD5 | 43947976824aa63f057de1ac7a99c377 |
| SHA1 | 5f6d978b9bd3ad7e435848090d7d53e27edcf66a |
| SHA256 | c57ccd8514fe77530c62f67b5a069afb0a912a11892e890dccfdb5a64b1f9531 |
| SHA512 | 2c812802b5c1150c406e8dae2857d13783f8aeaf2a29acdc65f8d86ba1f3e0f9164823a414a868b51a98f94f41f784659b39c0d9451deae756f93af144134ada |
\Users\Admin\AppData\Local\Temp\nsjB388.tmp\System.dll
| MD5 | b361682fa5e6a1906e754cfa08aa8d90 |
| SHA1 | c6701aee0c866565de1b7c1f81fd88da56b395d3 |
| SHA256 | b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04 |
| SHA512 | 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9 |
memory/2520-433-0x0000000002B90000-0x0000000002BD6000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 80bacc4bd83f10d7c0056c41902fcedc |
| SHA1 | 9792b89d2ce26dfb05d5612827ae5d1d13f20ee8 |
| SHA256 | cdc1523a762e5eb3a40afa0d582b1ce5d3ce0ca608ae1389c7061e9629617c21 |
| SHA512 | 4a8181c9107ed9a95028eb25ea02d31f6a18448272dd65d4aacb00b0f4a1103e92c72d17d592b7ffe39f4eddd2b723f835316960166768378c8e6ca3b5d23d01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 843c3f14191e19ad5156225b1cf6eda3 |
| SHA1 | b3fe680358860572270de5622abd62c90ac52d25 |
| SHA256 | 408c00cf7274bcedf69b3720a5d96bfd5dd0367e8b2bba854a2b48b9b07f0cb8 |
| SHA512 | bfa7ff0dd52fab0146810e82a839dcb23f01842ed18170a1759f8ea8ffbc9e5780bdbc65e8e7b80b1694db75873a29a30c708be6cac4ab6970e6bb2b6e892caa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 8318b67122d9b329327bf7728c45dfcb |
| SHA1 | fe72620e23cfc57f3241494ae617af2eba0ee9e5 |
| SHA256 | 30b740adea6b95d66aa2f959bae1abbeba68c99d867827f6efc0bfbbf013e52f |
| SHA512 | a284480999f29d6ddb685acce4eca5a223614f0b8323cb51cfcd58d6fbb784a2ac9dad5498d71196e7ed4c9e2f23b236ec2fb1c86ba723bd2d5c3bbdeccc7ab0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | 90e838d74e03cf142f1d3cad1eba4b49 |
| SHA1 | 2af897ab68c07e2e801a9225b425928c67436d48 |
| SHA256 | 0efbd57897767db0ecc6862d65b8f44c5d2c1d1fbc894b8b2523bc7e9345a5c3 |
| SHA512 | 35a7b349e3c1771b967a5139e9fa5072487b6c39326641a44acab49990c96f8963baedf321e1257617be56be65d0ecb29a3a90a3570cf3274d3ad4fbee07b946 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6883b1a14e763d1f8f61ce41a88bfd12 |
| SHA1 | bc9382884cada657e0baff4c8f74e1da9928dca1 |
| SHA256 | 4adae269b348768101e5b04157f569b1e62f9f3389b19ca5624085e69ac6b20d |
| SHA512 | a03080a8931be0fe0023d205df7384696ed05add974197fe88d42332c0f2b3c01145448b7afa79057178f850dcfba8eaa06ae464b5e6a86a42555cccc3005273 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BE0WTXPF\favicon-196x196.59e3822720be[1].png
| MD5 | 59e3822720bedcc45ca5e6e6d3220ea9 |
| SHA1 | 8daf0eb5833154557561c419b5e44bbc6dcc70ee |
| SHA256 | 1d58e7af9c848ae3ae30c795a16732d6ebc72d216a8e63078cf4efde4beb3805 |
| SHA512 | 5bacb3be51244e724295e58314392a8111e9cab064c59f477b37b50d9b2a2ea5f4277700d493e031e60311ef0157bbd1eb2008d88ea22d880e5612cfd085da6d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\7zh1kp3\imagestore.dat
| MD5 | e17234f39ab6cf20da3fe5531033c6fc |
| SHA1 | 230bf8450fc5f05ea49860871de86a39067477d5 |
| SHA256 | 1a02e3d2c0ec55b156ba699fd0cf62c5ede802be4bb503b2bd39ca63f4e369de |
| SHA512 | 1cacac234daef4700a024884daa45c6fd8593923906d6058f8a0711eaa8b9ade2217d869ade4ee806058c3b8e07c95329931933d04ed93d6843d78d3c01a4e12 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5e41ab187327837be0a8cfa2079cc08c |
| SHA1 | 26047c6a1ce6b2a205ce1985c127f2a050f68209 |
| SHA256 | 184ca21cca3834a9fb85b0d54abc6dadd8b9ec4df93828d89895cb2afa987918 |
| SHA512 | 66e9dad2a330c681ee990701f93cc69feb87f7547c4126a0f8342551bbde837be82e05b59a2971acae8e44d4816defc40016f4a63361889452fe492cbaed2b70 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d9b9ed11e9124f227b41f9caa56205d3 |
| SHA1 | 8ae1162cc4a206196dc5423796782373a0f2ceff |
| SHA256 | 55af53f79aa1bcb8754c956693a6dc2ca474b50de40f81b982107f33fba20de8 |
| SHA512 | 729129582dd3ea2e35b094678062ea5eacf30183f2b0e578bf8875cd9db274dafb50b74a6433ab9834c85f47fffd012c9a434045db09640656faf0fe07cfb53d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3a7e659a6bbbe27ff9f83b0539a1ac4 |
| SHA1 | 35d552c899cd6ad346f908ffa9d2d4f89d61e373 |
| SHA256 | edb912b83ff085896e81653d1f554ea04d59bb82b3fa1e435ce0e3b17373b7cc |
| SHA512 | 6518dd7f4e8d253a40838fce27215443371a80640e662c178ab098ed411b18b7587be3ac3faefef27da08adb0baf88ee57ec877742771c9fd64e0ecc97c25335 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a9f55abad66b558f1aae34a6a88437b7 |
| SHA1 | b884c80be0bfcac7936cf4d29888b4a6454a5363 |
| SHA256 | a41ec32e45c775617ef72a7616f672e09705d12f6dd1b83af1f4565c6b90968c |
| SHA512 | a11f1b70b066383faa9f59a54922128772a4b6231db40bf93649723893f71b4b4783213170b53acb498b7382a7def2805ad98b0f732224a283d6e3dcdc1b9c5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 85951d817db59e1e21c94711bb36b223 |
| SHA1 | a3e3ab15b4f5330cd310ac3f054dcdd8833eaeb0 |
| SHA256 | 37894fd1202e78d8c8a9a577ce1f1256dfedbb3c0d7223e79c8fb01bb19f6765 |
| SHA512 | 9b69caf7e84178f22dc9bc4db39b600d2cdc81addc495ee9c8ef43cd2f1baac3a206fe3ec6bc65e0ec40f00243cdf3119f24872ebfb6dcf7dd3ce61bfbd740b3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b4c5ca313a135d1cf1b049068bd88844 |
| SHA1 | e6152490d95c228536598d3455223b83ee5d7557 |
| SHA256 | 96c794da9d50dbac0139cdb3142ffd3494724585d5ff50a31159a4ee0a86dc1b |
| SHA512 | a6b34327ce516055cd93e30bbf038defaa0ded1ce0f781ffb869475a4691808ab312fbe0c7b167509a761c6c1b238f7d1757bb54bee5ca2974c537236bb3299e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bb778a7d219565be74b469850a047e44 |
| SHA1 | 6fd259b03c96e504bc33c70fd7d1db9f9d46367f |
| SHA256 | 3c832ceeb022f84f0ae92ed62542522b6feda8a31becd5de52f5c391801d1656 |
| SHA512 | 6fbd33b60e9442a85fe808c1510f46f63e1087c89679977a90e63f0c0037b86a23cdb77456a102929f515b4a2a3fffeb8b8d369f49a62b6d92aa648ad6a1a41b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 8a6f8e6405aa768bea9aa6fc75363068 |
| SHA1 | a1efe0f1c719334e0ad007b937d752af9ce750f5 |
| SHA256 | 3e1f872281b4552369ed074ff6252a68149fcb9733282a488d110bab93ffa717 |
| SHA512 | 9b4e2aad24557373024b61abd35a8fed789ce1f427a2a277b13a718879a56653c28c61acd774f674bb597bf52964222c64b054464ef3f830f9b2e15d583a185b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 462c97a3989239db46d1e03495d0da90 |
| SHA1 | 4f7e80185b1c7f71aea0514743be0ca43255fc59 |
| SHA256 | d791ae7fe1120152c559e97ff5131494e8a45839c90a052a46ddcff0ea9818bf |
| SHA512 | 8a5b74a63dfa123784022e42247d5ebd06921cb986eeba0c75db303acedb160edfa150c1c37af4cbd1c09cbfb367375021b225bedd9d6c6812601f5516c37cbd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 115383edfe9f2adb09172aa0da4f4a59 |
| SHA1 | d39471fe8b3acd7dc7caa07e9dc665cb7a0e6a4b |
| SHA256 | 44bc7eccced0c395692f42681638565efa048d59d357e599bc533cd545bbd902 |
| SHA512 | 41ab8fa579e07eb9bfeedf7881771b944dd7825c6a877c0308514d65fd2a6cf926dce18e3c9e9f290b134357676f2e33e4ac001e29e5691847a55c88842a3d97 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a3a1762ceb216806c6e4b9ca739a601 |
| SHA1 | 542a34531637b34cb44620808840e5e7c298c772 |
| SHA256 | 2f49887d8429467260138e0f93bf136eb3dfdb04fe7db3f6d56048fc57461ac2 |
| SHA512 | e1bd4b5029754babc4d6fde9094c58ab0049d8ae3bb97f94f7a4b83f150f580f035007d488e863eb05281708ac44fde6131bc19d4c1ee8591274975465106cf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bea693d6ea31b08d0e3239a8391358ca |
| SHA1 | 38e6cab37e26337ea609beeeae9b3a2151c16ece |
| SHA256 | 81abc34848bb9a92d08f0a020afcd418a4a692c8fec9e8175a7f87ce58741657 |
| SHA512 | 89df9a00ec4678df7fa44c70c612a35b6bc42dec69e9365169f97f70205b12a93694e4367efaef6dfd6f602073d3cfe7f741a60e46a2140347529b76f084b03a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dd04402aad527068034a964dd903f5b5 |
| SHA1 | ed5638b6b07e8686736765890d8cbb005439b376 |
| SHA256 | 8d16b564f90d82a6c8eb38a4d1badb891a093b7b50f879501459d1989d75a11a |
| SHA512 | 61bc331a398afcfb41c639fb7dc5ed16dc069eadb4353dc975ffab82fe249c6037b1342a5d5d576b9a01697d3ca0a4022e53ca9f36a7bf894351cb8786f8d10a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f8e610e80ebb9bcf8186d3a8de350b16 |
| SHA1 | cf96054073f843ba8efd7afaf38eb7664c014481 |
| SHA256 | 0143349baaa23223d3e571c8664671c30f60e92eb6130901579e0829d78fa167 |
| SHA512 | 9945032647279b47ff748d457f41f75c70c0b9289e8ab77c2df6beeb1e0d233b2f4504dd1189fcbc97ebc02e95813650b2c6276375fc47790310dae21e39cae5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 257c3902244f059de53bef1dfa2020fc |
| SHA1 | e93e1d922d5b5c9cc6847c4e32ecc138c8ba4716 |
| SHA256 | 2647a758ceafbb2d2525e0c74f64649a1728846088fdc055aa5a33acb5decc07 |
| SHA512 | 08a2b814e064c1047f972ef4848d6f993b4f99a09b19574f6db3677060aa2e61abe0263300893aa87b978e2a47c8789b69953ee1dee1fbea9bd1c98f49c17ac4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2d0c20a72d0e3d159cf13f926c1d1675 |
| SHA1 | fd895e9c44fa574531c6cdf3da51924f4831690b |
| SHA256 | e1daee659a9da77235ce326ce03781a514670143cb1b04bd58877f4a385e1a92 |
| SHA512 | d97a9bca52ea7dddca18ac5b459bea0dc6707d907b6ce4ec734b5dd0ecea62863ccc49c185cd0d00ac42df16533d321c7f7d88fe73aeb6caf591dbd2d0db27a4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | adf1fa346838263cb801b3ecee7059bd |
| SHA1 | ce4620de49f8cefe9b0922016be0a6a40ca60824 |
| SHA256 | 7806a1f65c52eb88eb7c45f71d2206f37fa07bff6c08094c5e54fca2e7819631 |
| SHA512 | 603410d0650e9867d76c82bdf0f2c2baf25fedb681f885d4d0bb9f71ed09edc4f714041aa86d29eee2273c7137576f460b93e0152ef4600fa7097bdcb7eaa2a5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | dc66348a87c9db9edf53214e6c711977 |
| SHA1 | 417f1ab9930e02e18217fa4afbf88347e118992c |
| SHA256 | 6827d01d6be8d0918c4ddb849e028a089935f32aa05313054eaa7824b6ee2d00 |
| SHA512 | a2f467a632aded93c9547845a5b4664b444d6739fa5341f44bde5f84f830041b6b4798e3dd0e777e7881874e6d2d8bbf491301d8eb8c6193bb3160b98f51accc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1f98d0a629ac15cb2eea5281c72326c9 |
| SHA1 | 9fe15e8abf0587b489b8f3b0914fb70b8715dfd6 |
| SHA256 | be86162bc2f69e0f1b39602e31e5f53c5eb432d69f168a0884e2bbfe4eb30948 |
| SHA512 | a120f38bea9ee29093ab6107e515b2b8760411c5c7b6becc9648c89bda243baf7632c4a1f777266c8532345e676e8514df0a8c71defb3450c916d43a5f1b6cf6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c7b640f0de6a44dff0ab1b0eaa5067a |
| SHA1 | d54ac1c662a3384c5737d9e293b0519acf607cee |
| SHA256 | ca754257b58d3ee72782eb347a1f06cb5ace2b7771b3d09da034394084057b6a |
| SHA512 | 24795d71f086137fa7d5c54006ec7ace27c6fc48c81c7bda3675732bfd4fb3d884d9eaf2fd798108f3dc6991144d1aaea5656e0d06011014e08722a9f5caeaf4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b3261b8adf16403b8de214b2be7a1c31 |
| SHA1 | 3161ec11dc1dd139f4fc1ac7d3090db422f8450d |
| SHA256 | 48e42c04e380955d267904c2605d00e0f6818ab7efe4d00d9b3d3202ac7c3aef |
| SHA512 | ab15cd15f721876e5c81271e2d6fdf1f9805c96e729456cec4b8d5b9c318715482765d6277e887d275813fcf649c273633a6763c7e52a183d74d529d82d3969d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 071f92067cd26de037af706b028addcc |
| SHA1 | daa879a4f4eea86aa4abb4c2b96d9ba7d2d0ba48 |
| SHA256 | 3f5b9dd33461b9807114c750d3869ce86eec2243d95a55db5eb0e4afd235e588 |
| SHA512 | f8145836fa021b51d825896b03cb9f7ae339d09ca3314416b02b399f46ee44fa20ee43cd6aab59d90d6ebef98d4d91992dd3644ae71f1caec41f090aa4a4d59c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 34c65c6cd8efe7c6e807da94c4a00505 |
| SHA1 | 14e86826ccb8d6afa2119709f48cee284a8a2294 |
| SHA256 | 4ed79ed5c72ee5b216c7603c1835f778cba82c82f5f5098381812c9c43a3eedc |
| SHA512 | d26b47c10a851ad52422bf6f7ae58cec7ada7a85badd4533af45216bef90b69fd115641174d8aff049491c7bd71ac6cf2bfb9198160fc2de97cb69a55d2ff232 |