Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/04/2024, 15:13

General

  • Target

    e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe

  • Size

    341KB

  • MD5

    e2d1fda785669f8fb843491a5c110efc

  • SHA1

    a2afe6d6e5e4cdd98d84bb2f44561dee0cf1e96f

  • SHA256

    e93ff48a56b972395fae83b84f2d8ad1ae60864cff663813ae22ecee5f2baae5

  • SHA512

    096be38c19d3a7a2ae455a0ba381b9d4de26b5ba8fd69ed10e8f1744014f8838fd6db7786b928560baedc9f5be90fcb7b1d06e59a1eff167207ee01c9e693d54

  • SSDEEP

    6144:hG1RlfGH6xTaBxS5TYl6CpDN0pZosGJHjrDxk0cAVUSBiwlqntENlxG+jCESLbw7:hYPuH6xsdl6CFN0fAyNSwwlqn8szwXr

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 24 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Registers COM server for autorun 1 TTPs 5 IoCs
  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 20 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Control Panel 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 22 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Users\Admin\AppData\Local\Temp\CmLZ31nLwyihOpo.exe
      C:\Users\Admin\AppData\Local\Temp\CmLZ31nLwyihOpo.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3396
      • C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe
        .\setup-stub.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:1452
        • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\download.exe
          "C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\config.ini
          4⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4936
          • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe
            .\setup.exe /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\config.ini
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Registers COM server for autorun
            • Drops file in Program Files directory
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:1284
            • C:\Windows\system32\regsvr32.exe
              "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
              6⤵
              • Loads dropped DLL
              • Registers COM server for autorun
              • Modifies registry class
              PID:1036
            • C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
              "C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in Program Files directory
              • Suspicious use of WriteProcessMemory
              PID:3308
              • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
                "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" install
                7⤵
                • Executes dropped EXE
                • Drops file in Program Files directory
                • Suspicious behavior: EnumeratesProcesses
                PID:536
            • C:\Program Files\Mozilla Firefox\default-browser-agent.exe
              "C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CB
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:2124
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CB
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of WriteProcessMemory
                PID:1868
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CB
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Checks whether UAC is enabled
                  • Checks processor information in registry
                  • Modifies Control Panel
                  PID:5016
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask install
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of WriteProcessMemory
              PID:3564
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask install
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Checks whether UAC is enabled
                • Checks processor information in registry
                • Modifies Control Panel
                PID:1116
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup
          4⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4092
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Checks whether UAC is enabled
            • Checks processor information in registry
            • Modifies Control Panel
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4724
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20240401114208 -prefsHandle 1840 -prefMapHandle 1836 -prefsLen 23610 -prefMapSize 244606 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d7c4af-bd5a-437c-bcde-b587fc25166b} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" gpu
              6⤵
              • Executes dropped EXE
              PID:4488
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2628 -parentBuildID 20240401114208 -prefsHandle 2620 -prefMapHandle 2616 -prefsLen 23610 -prefMapSize 244606 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {888f49cf-5f92-41c3-8c20-ca0cfd85bf77} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" socket
              6⤵
              • Executes dropped EXE
              PID:756
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3016 -childID 1 -isForBrowser -prefsHandle 1256 -prefMapHandle 1740 -prefsLen 21630 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54c93970-ddc6-4bfb-85c8-67bfd11f3131} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
              6⤵
              • Executes dropped EXE
              PID:2900
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3216 -prefsLen 23791 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d7af4e0-c5af-45e3-ac83-b92da229a604} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
              6⤵
              • Executes dropped EXE
              PID:1040
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 3 -isForBrowser -prefsHandle 3916 -prefMapHandle 3332 -prefsLen 24751 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2202902a-f874-4baa-adc6-90feee3d604f} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
              6⤵
              • Executes dropped EXE
              PID:4936
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4892 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4928 -prefMapHandle 4924 -prefsLen 29225 -prefMapSize 244606 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {020ec1e3-89d5-47ac-85c0-4c91ca1ffc43} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" utility
              6⤵
              • Executes dropped EXE
              • Checks processor information in registry
              PID:5372
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5148 -parentBuildID 20240401114208 -prefsHandle 5140 -prefMapHandle 5132 -prefsLen 29225 -prefMapSize 244606 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ace6deea-5392-4adf-a1de-35f8ad7ed346} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" rdd
              6⤵
              • Executes dropped EXE
              PID:5532
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3224 -childID 4 -isForBrowser -prefsHandle 2980 -prefMapHandle 3060 -prefsLen 27273 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20b7ddc3-be47-4a42-bca3-905ff5881cf4} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
              6⤵
              • Executes dropped EXE
              PID:388
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -childID 5 -isForBrowser -prefsHandle 5800 -prefMapHandle 5808 -prefsLen 27273 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c72e4c8f-c379-4b3b-9a46-ea178bbc8b8a} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
              6⤵
              • Executes dropped EXE
              PID:3564
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5864 -childID 6 -isForBrowser -prefsHandle 5632 -prefMapHandle 3188 -prefsLen 27273 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a754e4b-4a65-483c-89c6-0669d7be37fb} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
              6⤵
              • Executes dropped EXE
              PID:2716
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png

    Filesize

    15KB

    MD5

    e9068cd977693bdab242de4280dda725

    SHA1

    35a5c8aee11597ec7cc6adaf15e8673b713d73a9

    SHA256

    1701ff395543f3ad6b25584fa7014073f74949baca0dd2552216f58131328fef

    SHA512

    29ebff0f99c9a8f47b8f145ee8d88877b17ae0e3eeed1bc017caa20c68a63166831f5feda768189e837d2390cc80790e3e69aa7ec26bf92da2e90b66e1be3362

  • C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png

    Filesize

    5KB

    MD5

    c9ae03c43b67a4e4986518fe3fe29756

    SHA1

    07221e0401f306487504ae9b3c46ef1cb5dec843

    SHA256

    adf41380b5ed3f73b8e5fb51f7f33b722f4db4600791cdf92033267c9971c4d5

    SHA512

    0ace7c3cdc18eb1e67971a5acd0a54e1c00d37ac556f8183dccede984cb6520660c9b27064a8ef5f7b706fdabd70e5e424b7b7271ff751bffd997cf2284f9fe7

  • C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png

    Filesize

    22KB

    MD5

    8e058139e0576b4ad8d424bb21071063

    SHA1

    f584d2412c935aa8a7cf73ecdfaaa6a3cf87c064

    SHA256

    e86ee493e89f5dfce2ce8817ac5d1c04d8ba2b07a06ff0f967c0167562510df7

    SHA512

    9ce457aa516fb2d3cb7b4a08f2dd81573de301fefc6ddc877142a35851151407367605f00862fb77067d0969ba745bc6bc612a4440aa3017e508e572ec88f2fc

  • C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png

    Filesize

    8KB

    MD5

    1a340e565e697e63b5a4ce51f7297119

    SHA1

    cdb4ca85700ed81db13b15d4bd5b77d41bb20d34

    SHA256

    c4bb210e61cd35f9a0a54fb941ea2e3bf6abde799bea1c78d24c761c9a3bc429

    SHA512

    92478fe26f9ea7454206a3106632534c5608d6940588f01fecfd799de636f11b003ffd1e5c762201f9a14f4ebb7fa6a711d99312b03914de817246a6008c7b35

  • C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini

    Filesize

    787B

    MD5

    9524df130a8e1ab4efdfb32b4e68a7b2

    SHA1

    98593d6520ffeb0c49803dc1ada0ee3131be4c88

    SHA256

    699cb7896b205018db7248a2954d0432022c63957ad3a83ae53711755ad47c8c

    SHA512

    9689e204f84bd1ae815a07da860fdb6613bf9c3220e301ce2395e971fca0ef6115b3fd3ab50983e48f49e5a7b2a79b951df22bf9a00a362fa274915001a9fc14

  • C:\Program Files\Mozilla Firefox\browser\features\[email protected]

    Filesize

    127KB

    MD5

    3002f01583a526323a8af2528c871719

    SHA1

    468390eb0a1d93eebd2ddc303ed8a03854e99916

    SHA256

    9789afb5305d211676f14025f6afd8c3e731d54edb46b0120f0f544183b223c6

    SHA512

    6425e488e6cd06baec14e711b87809a451cda1429e7298ac0c8acfb9b92f852e36a97f9d459f0305bdc4119ee1517012836893ceccb5e73a9276fe23fd33b616

  • C:\Program Files\Mozilla Firefox\browser\features\[email protected]

    Filesize

    61KB

    MD5

    3702bd7db59a2feefb35401b32876245

    SHA1

    31e2e408ff9c185001513386fc346f7512effbd9

    SHA256

    dd5a380c7f29c8c1db6e7b2071ee550c8a93ac3321c11bda9d0912f176f8746f

    SHA512

    0412f029075866af6b6df95b6cc690542504c52af23cc7666b63f53893983d4d14e3729a02c1843f3bce1361d7ed5028bb5d59aa7be4403e8e6c79faf7fadd6f

  • C:\Program Files\Mozilla Firefox\browser\features\[email protected]

    Filesize

    168KB

    MD5

    2f1bf72ce57bb644dd54e6376dd2fe4d

    SHA1

    6013cd2d3613a6b0035920f1da9ec0a4d6dc00a9

    SHA256

    21ce8909c9ac4e076589ea9c8fbcf6b745b485816841131c61575ea705ba0a03

    SHA512

    9fd85ab306bec919defa3454d8d5f6b13230392198174fab8a2f7cf0db67a4dc4fce61c896109a31970a0d585d4db3ce9fd0c76fc7e6359ba873d1cdfe2e26fe

  • C:\Program Files\Mozilla Firefox\browser\features\[email protected]

    Filesize

    9KB

    MD5

    507739399c82ef6487da73e587423f1f

    SHA1

    95177d06563e55f4084504e06e88a1c0f3f52b0f

    SHA256

    796ba4ee5430db311dac2e45323c3e71059f23a54ec2d5bea22387f33fb92de7

    SHA512

    6bd0bb547f3bbcaef5db00e554a0b9fb45a78efd01018a4d706bcc94d5566458f931cf954cea22e2674ab2065c72617e49b21f9e354f16109b4b64d4fcd0b4f6

  • C:\Program Files\Mozilla Firefox\browser\features\[email protected]

    Filesize

    423KB

    MD5

    9fe1653c31c6ff75c906aed024d53b32

    SHA1

    d2fc52a9aa47a0fe0099bee9178946210a163031

    SHA256

    d9f4c6e6f535d09deec1a58068713cc845b6dbbda2fcf5dc8669f6489bb63005

    SHA512

    8d7fef23d0edad4e8aa64f2f400965565c70d0d1f94d0bdcd14b779fef9192de079c2547c2d80b171e6c9316ab0221a265efb49492bc90d213b64ecde46bb30c

  • C:\Program Files\Mozilla Firefox\browser\omni.ja

    Filesize

    42.1MB

    MD5

    bf952b53408934f1d48596008f252b8d

    SHA1

    758d76532fdb48c4aaf09a24922333c4e1de0d01

    SHA256

    2183a97932f51d5b247646985b4e667d8be45f18731c418479bbd7743c825686

    SHA512

    a510a96e17090ada1a107e0f6d4819787652ab3d38cd17237f255c736817c7cfcb3fd5cf25f56d5693f4923375b2ab9548e9215070e252aae25c3528b2186d99

  • C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js

    Filesize

    429B

    MD5

    3d84d108d421f30fb3c5ef2536d2a3eb

    SHA1

    0f3b02737462227a9b9e471f075357c9112f0a68

    SHA256

    7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

    SHA512

    76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

  • C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf

    Filesize

    1.4MB

    MD5

    aac75d901445bc0419d56e56dbc18891

    SHA1

    3ada434f3a727167ce6dce3b865fa6bfb70ed86f

    SHA256

    6d90152ee0d29e82fe2a87793af5aa4b7ad13e6538360889e141e81ed299ee8e

    SHA512

    83fd92ff444ab6de18d48997247f49845abb8420a07b74ebc8a65bda8da69d28f87b6abe0f607b2fd7da398dc0f8cbe7fbf655af6d25785ad8b2f1a3afca136a

  • C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll

    Filesize

    102KB

    MD5

    ae165d60948e59a1cad79f1379720fe9

    SHA1

    e5b1d608588f97665040eb01f7c9ee2629402906

    SHA256

    37e59b27d822d411166ab33083c246f7409effdda18e0faaf996b4bddf20ed49

    SHA512

    abbdfdec889899229b670b69d4f8deb3ed58e0fef514ade2d6677369eab1be8c54bd0183b65f12fc5cca9fabdfaa79f3fbf7ff7baf2e18e1701c697ac504c0b3

  • C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig

    Filesize

    1KB

    MD5

    90808af995ca1107a8499baa48853f0b

    SHA1

    407ff7d66143751b9c7483f1cd576c94b2862eca

    SHA256

    f4c2ac80a8625c5d2c7011fec386218646f233d6a3fedc0988b5438f6ac0cbe3

    SHA512

    a63d40dc6eff719feeda08e15578ce455086e140ce5119da6d54fc6a4125487bbd23c92e5368a95520359aa7af508b594824b10f00750e7aadecfa01de18926e

  • C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json

    Filesize

    229B

    MD5

    cffdadfaeeaaf0a5a78e7f9a299aa7f1

    SHA1

    7a8f06d7c91877484301ce8474dfbb1bde08a040

    SHA256

    ef47e83036753b53f59d079fef62bfedc749abdbcdb0fe16f448d9920f11114c

    SHA512

    5a11e448389326ddbd3be792d9a10ae746c66e4a41f9c96f4979ec71fde385fc4deb205a40f1b4f24415abd9d41c453ca1285f4b813005b1d12a2701f214db85

  • C:\Program Files\Mozilla Firefox\install.tmp

    Filesize

    2KB

    MD5

    ebdbe9f303a81fe57c6e00614d49f6b8

    SHA1

    59cea77f8fc790312c6e74761be94d57ed6fbab7

    SHA256

    a7567835dfebca8f1dbb994ff9c721bda3de3a67ad68cac0a35d54c264c07164

    SHA512

    0e44d4663c530a3060d99750cb478adb00b8591a258b990fbaafdca6e13210ac2d617bc8ad9227577bdc7babf5058648775cc0e8a65604f62766d9d3455d8af8

  • C:\Program Files\Mozilla Firefox\install.tmp

    Filesize

    2KB

    MD5

    02640ec71b39f00ee44de768bd5e987b

    SHA1

    f8f75865ec8682093ff31ac0349f125a6563b95e

    SHA256

    422d0690a397c693395e40257352fad6b257186fce053e7bbd5f785888661844

    SHA512

    c3a200dd24d773224f707883b60003ff21cbf196d8a5e668a8da21c0a66449bd4bfda874ebc568127ce15aba47b7e7ee192da4609502c764e529c027e571af49

  • C:\Program Files\Mozilla Firefox\install.tmp

    Filesize

    4KB

    MD5

    0ff20823ffe3990dbdcde9a9353eacb3

    SHA1

    6c3fc784314a688022b190218b7a49dccd66a7bc

    SHA256

    8970d581b5e3b93ab5ac70df3a6f15c164ec4fda092083136a266354d201d9b8

    SHA512

    b426340767126145daca748e0757f389fb38232552c0cfb9d2974448f6bd9603be914f1c134802c0eeb606e0ef5e7494c946976cb73551bdc308e5d7f0cbe2f0

  • C:\Program Files\Mozilla Firefox\softokn3.dll

    Filesize

    312KB

    MD5

    27d5e11b0d3dfc2b8ed8c2a00a3ee401

    SHA1

    05e0220b0c841b7d7ecf909ae1582438f56d1261

    SHA256

    327ec623b603096fb5abbdf5375bc2e5f3840b5747df2eec9ab78fb17f6decfa

    SHA512

    c82a208d8328e3bf6c88e46275f4dc0d99ea09e2ba68c17e1a4f0ffff460e2366cbac443cd8209416d52e762455f4686385f9787998b67298527b27fcb852a5d

  • C:\Program Files\Mozilla Firefox\uninstall\helper.exe

    Filesize

    1.2MB

    MD5

    cbb81a903dc88f69ff9107f11bded306

    SHA1

    4466021a5d98b59b61c7d45a8f5dd695226b9056

    SHA256

    5719bb2ab3c985570662a12789a2dfd37acd6aa3bb743eb75fa271256455956f

    SHA512

    93e8e2e62b27686a2ca2dd4db7ae59349730e233f88ce83fd55969df1b16b9c382751987a76ba6b451bdda2dc080f7cf93a915e2517a783d16018813e3b27d13

  • C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini

    Filesize

    222B

    MD5

    4b8dc92a079f224935392f9b5a2dc051

    SHA1

    1027fc1b3e2e8ae78c60bfb25c5c9f87f9b3cae2

    SHA256

    79d1631316cd79bc5127f745aa6707b4445f7d0432b685ef2c3ec3cf3a62ecba

    SHA512

    ad0186cfc9df574e4a3c7c209b5dc3078fb86f6b1de0008bdede6768ec08d61b20f371d7b2d01dc50aa7d094b150db816358f03fa0d9135ce26d80d8886a1704

  • C:\Program Files\Mozilla Firefox\update-settings.ini

    Filesize

    132B

    MD5

    1413131f8cfad1e19d299667bf759087

    SHA1

    a0435cbf1a2817ec960c56a896d455e78adc226d

    SHA256

    c18489344fdc21ae366b4d957a0b9f11be772483ca46f9ffab6ed0356f946513

    SHA512

    590b53aff46903b1883c5fb14492ca85db2c6e0e900d0fdf62c3e6da10f1d10c3aa51224dc6db50f4eb12d42de017892f77e91d79aa16fcaefba10b27748748d

  • C:\Program Files\Mozilla Firefox\updater.exe

    Filesize

    416KB

    MD5

    792c5ab789d8efb1631dfe12fb6e64fc

    SHA1

    9337c863c834c8f9e5fdbde04702ab4bdabaa7e4

    SHA256

    d3c76e6e1f3e34197d108404fc9c8b6179ab01afff6c6803713d320a3b480ede

    SHA512

    18d7a4f77ea238325795ff95b5af1e59104d96b71c98b44f0bc1c246bcf8c0a4389c9d4275ecb62f93bbe82bbd00067af41056bfd121ef441fb3154d51586059

  • C:\Program Files\Mozilla Firefox\updater.ini

    Filesize

    1KB

    MD5

    7a6cbd521497f6dd382f7b8c6aaa1eb5

    SHA1

    a0bccd339f6d045f0aeb4de504398c97c3dc2be0

    SHA256

    531b55d2224efa181b75ed4ceb84e4f854f26c2382dc411945515d57d8df2243

    SHA512

    af32b8b1e93c2fc1bb6c7ce0f371c8cedcdcb753393e8cbdf282424935db5f8f04b3468d450edc81ef28d8b4430d8941dacb2d8826d28be9065dc787c53eb553

  • C:\Program Files\Mozilla Firefox\vcruntime140_1.dll

    Filesize

    37KB

    MD5

    9f4eac207cb58e8d110477e7fd19d565

    SHA1

    687051b863f7a7178cabf9c06ab3b534b1e23dd3

    SHA256

    7cf38d20d00b6640d510eab70171e1c6f8fa2e42040832e17c7433ab61d94a8e

    SHA512

    9c5c4499adfc7b61751510f52a1288ff386dd1c1aaf8e8a9660990194813394329f8123f38e026ea10c6e30b4a5506625b9060329d524db68e48f36ab2691a05

  • C:\Program Files\Mozilla Firefox\wmfclearkey.dll

    Filesize

    184KB

    MD5

    110b8aa620a7a58d0ea1b5dcae56ba1a

    SHA1

    7beaad4d50673adc5d3feee2a96563de54e96f86

    SHA256

    2785d09d250a9a75c1b9c48cd3cc551bcccae714f022a7f04053d50d52c13c4a

    SHA512

    29e78a230b73bf4dd25ada528dc0e86eab9308a620fc999b30d07222119918189c4d5be4d6f4e23eab4848bfc94c057f7190f9f782f6461094231148bd847663

  • C:\Program Files\Mozilla Firefox\xul.dll

    Filesize

    128.0MB

    MD5

    34d104c4f34b4cdc13a71699ee915d17

    SHA1

    f059f40abf3f92054665ecb3b43752b2bc399f3b

    SHA256

    cb28e5d31a6f7a4a1e4b52c49a02236dc0067ac4af7fae33993a28893127dc18

    SHA512

    5da0d21a4573c7cd25a773e3d063227cec827030d51c5ae38c5181606c129c735aa9920e1978855be4499687ca7c7b49ebb5c234da2220caca03915bb868db92

  • C:\Program Files\Mozilla Firefox\xul.dll.sig

    Filesize

    1KB

    MD5

    aa21ae5908b9d7c99ca27e6e422610bc

    SHA1

    a92909eac34ef5a9f4e3d13962ccc92e2da262d1

    SHA256

    eb86adf66e5ad18916f25d1628e5c08888038bd986dedc15c8bcaea80089a226

    SHA512

    c330cae1e89617fd485155a093217d7fbd0c9a96f21d4fb3e79a6a5eb16864c8bb2134883faf2121759601253d36774d46ae05f1e9f3769eef72130b7aafecf4

  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk

    Filesize

    1KB

    MD5

    c6718fff4b071086172b876119ea22af

    SHA1

    104e1663c01648bab258ed641d350fffb8ea97cc

    SHA256

    f646b78c5296c882c27cc60a539d566b2e412fb31ba6184862ba8dafd5a77db3

    SHA512

    66e113243ab708c43e344962d2b3d21e8db98ffc3e7e09ce98738fee84cc7172ff1cb3ed0d8d230efccb0e66734f67ffe89a26a764f91f645398ae9777d05478

  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk

    Filesize

    1KB

    MD5

    eeead1c7fc7cd1b3b166a8f1ae77a03a

    SHA1

    271da2ae7489d139611680547df2a423010de4e2

    SHA256

    1ac054fe9c3108e95205c5daa56badcfcd34c7b0f342685e72464efd0964c5c7

    SHA512

    c8e33152f13cb46b54400e533346afdf61c010f9a38780f6c788ad1b6c4cb5db7aebd6f5fd2295ccd98032856b9d394790b594d4bfa54086d8901baf90717e94

  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

    Filesize

    914B

    MD5

    d7309b0a13c4c25e856c84df6a94388e

    SHA1

    83e969a18a53417df73469bb78b6aeea83617df1

    SHA256

    9da6cb8200202717a9e87aee841e663d57287fd817434ffb382a86ba4a08867d

    SHA512

    b2966269734a03a5ad251aea4faac657ab6cbe8d1d94438d1167aa049bd47c6be80a36b8b9aea53888508280135fc6025fcefa29d3f731adb05a87a408d0e2bc

  • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk

    Filesize

    1012B

    MD5

    2aadf786e46bc7c560085d2215052843

    SHA1

    6eb816d94c3eab176b9f1da6c08496fc7c916c0a

    SHA256

    e7eadd4fb7b0783663b304488f7a0fb974511b1b77a2d3ad85e2b7f1ec354c54

    SHA512

    c93be9dfa97793aba8a434ba73d6a9968b1ddf575f04fabd54b1af696a6ac0720a6586748e7b8da09fdd2f0532c66fec94b512cf406fa56562c29d798b2c938f

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

    Filesize

    352KB

    MD5

    06c439da0a9a5e8caa51e5ea62fe05f9

    SHA1

    793c6e3d568b738f01c09ef15a1c74c5820c76da

    SHA256

    b6770e810f5cd96d83e7042c551df1132087b4cb2f97ddb37e5ec04475c52cb8

    SHA512

    361a7ed33b9d059033ffce6958d95c8436b305555a96cfaa4d86809c304e5615dff537ae89cfd22919eb2ddee67b341376d730e146fcebacc75ac69c3ae659c7

  • C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe

    Filesize

    442KB

    MD5

    5e8603920f9fd39ecede163aab0c53c7

    SHA1

    1f686ce223269087e4b036e8fdfd9214d9b8911f

    SHA256

    f3a9cdd9ff511cd504bc5ca96e280bbc166fa1d87e749a86a5d73d05cdd1f879

    SHA512

    935b7e57fa7f2798f0ba1b9a0481a43ae60339886462c9010328335e833207755046449dd97885df86ac8d4d46f471d557ea4585223765120b9401b57bf04705

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\AccessibleMarshal.dll

    Filesize

    31KB

    MD5

    eb0c475124ce894398ead3733efbd451

    SHA1

    5413979dcaaaff24b5d47d2ff6430f229c4abb6e

    SHA256

    46b72bd02816965cd29d9c50c6afcd6b75b7a7b278605a1700ecc0a1e1492766

    SHA512

    2bddafc036331a89b5e4d5fce6d1d62805f04f37bdc1dc3a95b4644955a983aefde6a371b8d18f4432882473c907f2dbe55c31f6e47a54006b73070534f3644b

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\application.ini

    Filesize

    899B

    MD5

    b88b39cc6f0db319089ce85abc86bad3

    SHA1

    fe60addd45fe721a0bbb79fb12b5be85a471ea21

    SHA256

    52380c119d09bde2b00e375c32621aff55a676e07aaf88c604ac5c68f664ee25

    SHA512

    f4af28f15b8ec3b363deddf126d6e34692a74d29b8b2c908d41672e23c17925f7131401dc2efd84c6962c5e7ec9241967946dc36bfb3501edd2c79dea7d67fc5

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\crashreporter.exe

    Filesize

    250KB

    MD5

    aa9c1de3041eb75aeee90b85ff66c9dd

    SHA1

    83cba1e082732d95f278434fd25374104e25c668

    SHA256

    57b8145816b5d189842e350fc030e5a4def3a8990e489aa68dafec2b34e50171

    SHA512

    fa75c0de232e497540cce6f27dc0b0457860255a0822a6db297942ae91159dffaf4d35367aabcf9b2e235766a204210afee13e2e00cd0016403956a8a63a78a2

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\crashreporter.ini

    Filesize

    3KB

    MD5

    1b0d446f9d17c1374c81acec9d8d2406

    SHA1

    016bca3d4ee9a0dbb4350ee7a1898779dced6c11

    SHA256

    a0cc8cc3287d54d7e23a156256a553792970df9ca57f6ad85dceed32b979da71

    SHA512

    4e7de92579628cf8c31287506d6f3096bb15402ee6d694a72462cbd1f093e7d04cbcc9e13691b94408091e0c5ea8d8c528365a90885b55a126416af37be6979a

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\default-browser-agent.exe

    Filesize

    33KB

    MD5

    4c6887f8c8c66f0b2db5a8b347931b70

    SHA1

    1a71320873155f84de67bc16324c8ca0e503be04

    SHA256

    a080df509685780d81ee32d86eac7ab15b5831090678f63b5741b57fd8a9969c

    SHA512

    3e1cc423bcde71a24457b5f9756241c0bc0f9b1f434eafc84ec733f124bbcf6f9a1e104caf402ef2d60a96b895842a8e6b18cffc59936e6c4873a3be92cace8f

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\defaultagent.ini

    Filesize

    483B

    MD5

    7a84fd3929948b8c43fa5fdfbf59c64e

    SHA1

    fb1ce51832cced529f785b8b4a0a6d631625abaa

    SHA256

    814f2e58ec2f5f33bbf365f743db28022bd141870b95febf87c0fa042b819106

    SHA512

    abe1f6d86bd835940f5e1cda1a7872ba27fe9be48dd53965fd9b8f5f96e1aabc0f8f931c04bb9fc7b0ac11b83cfd4661b67293025485c9cc09df0b171afeb806

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\dependentlibs.list

    Filesize

    55B

    MD5

    a515bc619743c790d426780ed4810105

    SHA1

    355dab227f0291b2c7f1945478eec7a4248578a0

    SHA256

    612e53338b53449be39f2e9086e15edc7bb3e7aa56c9d65a9d53b9eb3c3cc77d

    SHA512

    48ecd83a5eb1557dfabfaf588057e86fb4b7610f6ece119d6d89a38369d1c9426027520ce5b6d1cc79a4783b9f39ac58afb360cc76e05bbe8bbbd5128c5d395b

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\firefox.VisualElementsManifest.xml

    Filesize

    557B

    MD5

    0aa43576f0420593451b10ab3b7582ec

    SHA1

    b5f535932053591c7678faa1cd7cc3a7de680d0d

    SHA256

    3b25ae142729ed15f3a10ebce2621bfa07fda5e4d76850763987a064122f7ae6

    SHA512

    6efb63c66f60e039cf99bfaf2e107c3c5ed4b6f319f3d5e4ef9316c1f26298b90d33c60b48b03699059d28b835fbc589417ac955fc45a2bc4c116a5200dfdc32

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\firefox.exe

    Filesize

    655KB

    MD5

    470443e44566ecfc7ac2ddbec240a73f

    SHA1

    27bb8d2fc02cd2bbc184d07357aaa9903d88b425

    SHA256

    006652da0745d8672ec56598368c1f8a4896cd4a0aa5b61499d574870f94b705

    SHA512

    22c9bc36874abb015a7e1a28e26f186f2abbd559aad53fdcf493f2178dbc6cfe5a7324d0acadcf4a641028e61787d2f4237a8c034a3a7a6d0a7162f31e05a618

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\firefox.exe.sig

    Filesize

    1KB

    MD5

    e8767315c596113a434835809e598247

    SHA1

    e0394ea26d12effe0510bbc01e885e80f3b14c94

    SHA256

    2dddb2b97032525224c92af53a0630657e630b075ca1db60d0a9055054a25406

    SHA512

    4ff532f31504a2b097deae3afb4accc55cc6932ab43f53aa67706bfb552058f09fc66ad2ea82f5d6e4d2513647174fb1bb2fa4cae494cd017d0aa4a27c12bf0b

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\freebl3.dll

    Filesize

    893KB

    MD5

    079f48ed995b415d79f99d7f5facacc2

    SHA1

    06eff6d1482c5a35a85a82dd37660b237e5e76b6

    SHA256

    f5465f6b92a425a2a8e42726976a435cc5f7ce93a2dccc670dce597db26962df

    SHA512

    9a1366aa0c744492bd40a8b9b225946017f3db76a7f6e75dca8006dc220f78b3db7338feffa2b8f3d55a5de42b4811250297d6158270925b4baf5b10f172aad5

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\gkcodecs.dll

    Filesize

    8.5MB

    MD5

    818e5d1e4e556ba76f0f0cb544d056f7

    SHA1

    964b27160a945435c25929503c9f43e091af1c85

    SHA256

    7e2ae1aca6a7a4f7932b52a5a12f7c751ce2e73f6760831d4075d29be846d800

    SHA512

    25f6fa475ed02a3402d4d41eafc86c0dd536fb2f8db26fbf9b9455dccc96fdcad0cd8570edbac3223f3ebec2898034e58a10e4bffd4a1dcb82d5681c5fca48fa

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\ipcclientcerts.dll

    Filesize

    203KB

    MD5

    0fec92b8cc50b4ec4274fc29e8e72c68

    SHA1

    02bd7c081e68005cfc02d3459558f0c981b4380e

    SHA256

    9539d62b3888eec11a669e6777702990824409745f9166ce2bd346ad2314eec1

    SHA512

    82bf1e37b44d37fba508a394f70ca9f7bf4e9920535821add189d42e4154945bb0d1c4867e13d20511dc4985db72f5f09a3a4febd6b02f1d3e93cef56ce910e5

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\lgpllibs.dll

    Filesize

    151KB

    MD5

    acc604c38015a9506ecd36c535222306

    SHA1

    cb6ea3f2b27d0671b3aee0976c0349f618b57165

    SHA256

    f2aa7dde0f7178d2fc4684b3aba0489dc6e02cd385c070fa4c1024eb721f187b

    SHA512

    f56bb190b5f01624a434ee8a891b41df64c2667b7b8b5e4d219784ef1ff70f79b17e3cf00fca8822edb86ab062e4bb21391370826fa77157094fe2e9c35614b0

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\libEGL.dll

    Filesize

    46KB

    MD5

    42fc6c25f845433398e008bf77cb4854

    SHA1

    cf25039a0701bc4d4e0fbffc769dbf2a514a7d24

    SHA256

    192b2fbcc598e481616d6dd828d673bb54374173d70e75bd0a212278ac91793e

    SHA512

    b395693e9d2238cb1854788a196887c5aad3da218ae6547600a94c45801b2ae88b24ba4e5a08085e2d68cc05d459fe377b7b990bf52a5f3c0d05d07045b50f2d

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\libGLESv2.dll

    Filesize

    4.7MB

    MD5

    b58355070a47e6e3bc71a7a599027d83

    SHA1

    1e73a9f5c9c505b1cfddbb2c6ec6cf97a7948008

    SHA256

    2a4d75ba4b34e2de99429a77737e80541b8f65396048cea6f901e6192d434907

    SHA512

    9ba1e9ad2b54e879d97983738fc816c1de3ec683cfae183b7b269badce5ef88a0dff35dec6074ef0027e0978f1f975b7afa21f18dd9bb37ee9d04ad133bffd1c

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\locale.ini

    Filesize

    22B

    MD5

    bad74b155b8731bfddb8d54cbd1b0021

    SHA1

    5a4d8b98ae81f75e362d510713e05022be64c60b

    SHA256

    a4a030b6f430548e5bba3cfc748515d40b72c522a1345957df4ed5f88736013c

    SHA512

    ebfab2f589390553bd93c1299db8b7a7bfb8b1ac9ac5ce3c2c8d478c79ef8b93d6193f9e739e94f662dfc026cd49b04a8f2fe3ed82dd4bd191d1cf34e1e4501a

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\maintenanceservice.exe

    Filesize

    233KB

    MD5

    47b61a3787718ef6e3b0f4867dfd77b6

    SHA1

    ca3cc47dbd686fe15a124576192aee45339f1be7

    SHA256

    78d5ba607a68d835f89f6f79b2686d3fb71f6f1e414517acc8435fb02c994d84

    SHA512

    10bb4ef3cb7d17e732e29821deada7fa4883cc45d154b6d28322110102404dfe3744ff79aab7159e6da604bc1c3ac77bc740e1cfd46f8d1a08c48bd7f58d4c68

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\maintenanceservice_installer.exe

    Filesize

    183KB

    MD5

    6af8db25cd8020149f2185aa5d4f32d1

    SHA1

    cbbf719fe0d908ae61786c7ed7a7b07813f525d7

    SHA256

    cb1e94285ac672b4184ceecbfcd8da3bb2b535b53ecddd3f94bff702e71cae1d

    SHA512

    f8444e1da21e8644203fb7bc6232694b0eb971ae846d15e3e79e128c96fed6530ce45b8076f032fc45e3037cf2b8aa119ed0a47f9798e34c900e0efdc3a1a065

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\minidump-analyzer.exe

    Filesize

    751KB

    MD5

    27339083fea7fd6d8363f7fa88ca7b80

    SHA1

    6582a65dc5d306964236ce560a85b6a3826ae9ee

    SHA256

    f18e014b7127345cd9462e3da9299d3a57fd64dddd60e6c9f088b8b9c30161a7

    SHA512

    e9987041bc8a2ed5eadeee525db19e415cd96a19b2a7a4aca1372cbd072c88f64f8fe5ce4b1ebe4ba75f3f436de33173a363cf2a64f459500563cf529894a777

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\mozavcodec.dll

    Filesize

    3.0MB

    MD5

    982f90321a56b53fb89a10df4cebecb1

    SHA1

    679421f5547c6e1c368102db3e2c644a736b3264

    SHA256

    0a39ef94934e5c442c222e3ef3db8f27b40348cff72f0c2b47444f9b79947281

    SHA512

    24c8e0de7404176e4ed2bde53959ed792c79c2919bc779b293b067dfd1fa9880c493a9952ac8b23a8872209b414602f437bd2275f591536fe8cc90b7610148e7

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\mozavutil.dll

    Filesize

    530KB

    MD5

    a8c59fe48e7534b1f328c6695a3c1980

    SHA1

    50888185b771136b18277d0fa01d34581c63a26f

    SHA256

    7bd0afa48888aeaa8c95c43ad50a7c10e569bd270a61122d8d44cfe4f95760e5

    SHA512

    7b410705365c1286c457e6ef009d3232a5eadc45204e1f3a2cb9f3eff1e52dd990cbc850a9b5b377161a591ff66569c768c36336c22c69282108247d85945937

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\mozglue.dll

    Filesize

    967KB

    MD5

    82958c604717fc0a15052e03a927cfa4

    SHA1

    829a7eb23147c31d9746ddaa30201b7127515416

    SHA256

    948818942a29cf21260ba389c2fdf3c001d77851500a7124c1f6a3290b8f826c

    SHA512

    70e5118dd760e7dc86f3641da57dad00f02b703e53230bc13e0e9e21fddcba75d3e70445d90d9f13988956e4ba20e7b54ebbdaaed18c3e7aa75a4214c2e2aff9

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\mozwer.dll

    Filesize

    308KB

    MD5

    4c178b42e7ac23c2670f9062140db18b

    SHA1

    1866da5ff5ac76b6d48f5cbd906969e44de254aa

    SHA256

    b80ff8b4a8a53bb5c0b811899005923e57567823914b90c8ebf978be75db82f2

    SHA512

    86147e368d86f927ea203b3dd56c20d516a3598af3e27d4a51dce9b4090f0bc159f92c7182cf2f910034ccfed1c713b7b59db8c650328f79b5783ea01ad9091a

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\msvcp140.dll

    Filesize

    554KB

    MD5

    0d89995cc45c7eb40e5a7e287506c1e9

    SHA1

    096c27b06ee7fff2bcd290af0264cdafd04cded9

    SHA256

    e0a22a594e148fa55ceef3e49969bfa77011a801267a0bd7805b681b593c9d0b

    SHA512

    3497c2957d10fcddeec8f312fb15c53f82d770dcc3e771a94daf4f4435c3ddf323ecd33310baaf1ad56673bac7c6268a9ef921d5f32cf7e4a7c9dcb0d8aafa63

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\notificationserver.dll

    Filesize

    60KB

    MD5

    0970c393b8f2c2c66f54c70088a462e7

    SHA1

    67b2e55fd4bb8abdae0084a608c45668289797c5

    SHA256

    c7ee3a3f93887c628ce555fe010bb09628710940c903cbde4f2d6faaedc7b104

    SHA512

    1643de027f0f17c0cf821c18f84a546c27e8ef4a1c6fbba10c6f20f2bd64a0de6eedaf15d297b912c4de98e0218b54777b781965b8a615794846c96a69e58c85

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\nss3.dll

    Filesize

    2.6MB

    MD5

    070429099820a3995b316e8888f7a468

    SHA1

    63116279af074dbdcbf71b198c3fb058a8c37fe1

    SHA256

    0340a6ce301d24548dff25dd09869b73cba87c77d84ca1c5a025ea9f90df6ddc

    SHA512

    27d80d6c56cc9fde8268350f64d4fdb7b5181865060e80f33f0bbe71d0a0718fb5874435aaf89f02b9f5ef2163564d2ec7b1502926a84dc85ca1f3dd3f20c127

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\nssckbi.dll

    Filesize

    364KB

    MD5

    e96c86eba0f9fdc4582dc0e3b9b0e5b2

    SHA1

    65279d8939a18620751ecf4ebf3715aeee8a5331

    SHA256

    5fda066b1a6bab8a3d432a3e5e3d8a886a9488db8ed2b9f2afc55c7e0f38428f

    SHA512

    f4212fc7b64a5f5632ddb73105334a5f43f05a65603b55bc248434ac21927942b9fb5d7af3a2e03061604e95505976e268bb6583be748e067dbd4ff3b570f135

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\omni.ja

    Filesize

    31.9MB

    MD5

    1ee45c37aa44ab50a80aef6b5b373bf7

    SHA1

    282e6eac2881dc6f474f279c1f14b5de3a0bec18

    SHA256

    ec10ce99a9ce2ef6223b4ef004977e9abfbd0140581e403965f4e686da4674e3

    SHA512

    a342bcb0bf699dc1aff6344d2fb4564d026c1de03036ae6d3b90059a7fb6fb8473ee59c98815745eee5327db0b1c8ef845022179f8634381f687f28208485659

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\osclientcerts.dll

    Filesize

    355KB

    MD5

    cd0017e6e8286fa37d893ef0fb03848b

    SHA1

    c19720c3386b3dec6340a5083b8eac99f1365f62

    SHA256

    0cda4d44b2d1764bdf2cf9a3870aad590db3807f5ac398d5eab414450883dacd

    SHA512

    8625850a31ea175b026d6d98fb35b6071f2cf4bf64f6f8fe446022bd4e62ad9e572dd62707ba76c6402ae2130af588128476dc15a3d50c2d9a926e069e01791a

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\pingsender.exe

    Filesize

    78KB

    MD5

    69a30d1e4195aff22f15bbc590e9b5e3

    SHA1

    7547128630487c8cb3e3ae03bb58841ea848e94b

    SHA256

    08d8cf85c548ac664d6f39d5518bebd41e1a9e5f51153eba33ab91e3da52cea6

    SHA512

    c921f78620d8e8c79c82e24fa17997a6a4874b8707ad7ff42dfd22b824a9eae2e3fb43d5c136924295757b27ade4f3e625b8c77d97c91f7fa60519d67a56129b

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\platform.ini

    Filesize

    167B

    MD5

    1a622984199574cc7162a341f0348d57

    SHA1

    54ab96c39b9da2dce2505dfe6d13a4c4fb901c5c

    SHA256

    af70dfd1aa8fcc9cb5ccefa17a9e23d21f822fc038e90e60f95c4d53f2db4cfb

    SHA512

    5b1175ce4ec42ad6664dc57024850891d6dfa9e43daf5ae2f6d2553c37df12ccea7022ec5e1c1ad5894a4d43b1780381598a034ed2ba723b9e2c5b1540d602e0

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\plugin-container.exe

    Filesize

    279KB

    MD5

    82ca21464b210f907e27075b9c43f24c

    SHA1

    8f7d9b07fa033072e83cf68a9bb3326c5a6d56e9

    SHA256

    8e9ca7f8b64b537a324f73f392461c159ef0ae3e540977642f6ea0462b877cb0

    SHA512

    2f77e5e7c8734d360fbf4870da73fb55fd3e78134f3c9c4620d5dee315cf34fc5365a3a5ccef68e52a8fbda590f9dd1ac48f4dea7ba780d8948b95e085244112

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\plugin-container.exe.sig

    Filesize

    1KB

    MD5

    be706f5b8fe29f1597208c6b2ec5f9f4

    SHA1

    adef4ff9de574888ccc9f46464c9cc9ab872d600

    SHA256

    67a1210a34f5ca2fba95b4431fad421943491767bd6edd14aefb0de19825cb1e

    SHA512

    b34e2c2f9da5b0639d0c42d92ffc3ea2a0026f392c7cc34fdf7147aa987abfca0d1b6ac81bb5edd8f379b4ac73397ec3ee817196f08d770aa6b4f9c2a1120cfb

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\precomplete

    Filesize

    2KB

    MD5

    e5cc0a1ba04481c6c564661a2ba54b66

    SHA1

    2dcfc5beed8308fe6f90613a49f2332f7dc5bf68

    SHA256

    f2a7800d0be7e010d58c7ffd8a8e40af4314aa2002d1db80a22d8f94d36bc6cc

    SHA512

    50e057a3f3478b98b2988c9f2bcd79f83b89d578838db5c2339b9774adae5b1cc41d19646f643818b80cd37120c5fefd0f6e04fee5d3d50c7bdf2ba769ad5297

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\private_browsing.VisualElementsManifest.xml

    Filesize

    559B

    MD5

    b499ede5c9228c742578086591193efe

    SHA1

    18e682ec73ed8fcea99893142fa8b08ee8a32b72

    SHA256

    9ea86a18d41112e25b17454044ac29b458f508d9814700a6f4c0f9370678f3ae

    SHA512

    b99ef0e9152da3bf6adac5fef67b44738ae7a2d1ef0041786a5700b8389acde7380f1bc9bf1402c7a356f1777aca7c2b05af5ee22b7297bc879fe2e6b9741f13

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\private_browsing.exe

    Filesize

    64KB

    MD5

    92da8bfd3c0669c155e7a55d04ed12f4

    SHA1

    5f2d2585cfbdec86880f4137e04400de1e2bffcf

    SHA256

    c79941fd3e7bd89f2766110158eec79aa3af7620c33606a203cf82c492cc700d

    SHA512

    cbc733576fce71fe21f21ac8db58a073574a2741205e1c28c796ad27b39ab1c388adfcfa236ddf389aadf9bc807226852202b0bc9e2353bb91406bc1380a8557

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\removed-files

    Filesize

    16B

    MD5

    fefbfac37461bd30e05f5befaa1f7705

    SHA1

    74f9024662db06184e645cab76bfecb0e6897545

    SHA256

    52523da24287c4d459131c2e4818a713a732765e06e9bbba1cf353888ba34f9f

    SHA512

    874d6bdef28dea531c858443810d0b026a3a5667e0b9985bce84b7c5ab63d06a015487bd1da2a914d28af7b6568335b1927f9fb9656715947929cd6671ccc4b7

  • C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe

    Filesize

    940KB

    MD5

    438e90694f02ad259acaf8774d8f044b

    SHA1

    0eb161320a765ee7a4ae14faab38d2a88bb34039

    SHA256

    7ea16cb69f17c122427481efd1a09249ccd789caa070fd354c56a25783fceb12

    SHA512

    ad2f4e4391c6e709907f15e326dd88f059e66c5ec3ff1eb902177547b378ea28f4d58eeb9feda1b24901b36e8cc016badefe436ab8dfa6d778a095dc4ee5c194

  • C:\Users\Admin\AppData\Local\Temp\CmLZ31nLwyihOpo.exe

    Filesize

    312KB

    MD5

    78275c405670e0d9dd16481f26f5355c

    SHA1

    8581c6e6e7f239dbbba5083c65a76b3893515e3b

    SHA256

    0d5d6ea5c85bce2ae1e9dd5a777a35cfe21e9f9526630d13cf1795c4fb32eeda

    SHA512

    7cf9c4aa805cc0f161200e1e71f09eeb525d03d57f550062c880d63c13f7fd616613ab3630c7ba28cc84141390e55eb45bdde8e757c9fd29bbe8ddbcfe3a2d35

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\AccessControl.dll

    Filesize

    21KB

    MD5

    eb7a540d0d2e28f6bf524d2cdbe0f478

    SHA1

    76204991c60913cffeba5595033c4f79e1e89bd8

    SHA256

    ef4b548b27a6edab3bcb25cff0598918c645795850d62f232909dee851e04c6d

    SHA512

    947132d07f7875dc99fbe8a87757f6efee0a8c6271f8a3bac6747f9f4f60ed7e203e28a588db8c55ee898ba8f3dcf640f6562c49c45d6c6d8fdbe2d2309b9984

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\ApplicationID.dll

    Filesize

    55KB

    MD5

    fdc0338e6faeaf6f7c271982e103473b

    SHA1

    9a41f7932abe8be7e32c6371f085cf14de355d00

    SHA256

    a9dad9fdaae93d10dc2ee346b231913445e731049554b8bb1506827e46f8a44e

    SHA512

    a766eef11db4c94b1445d1cd70cf1d3b6141d6b3973562e9fa8d81c79195886b884dbc9b9f6952f8a6e8619534a6bf2d615d539d2cace9c8843dc19415051cc0

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\CityHash.dll

    Filesize

    53KB

    MD5

    2021acc65fa998daa98131e20c4605be

    SHA1

    2e8407cfe3b1a9d839ea391cfc423e8df8d8a390

    SHA256

    c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14

    SHA512

    cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\ServicesHelper.dll

    Filesize

    14KB

    MD5

    b9e8c2212ac8dae4b0eaf97c048529fa

    SHA1

    331d172323480b0518abdb0cc9e256dc7f46c357

    SHA256

    d6f6758adac2c073bec481e8de762af3a5574789bce3f43de02356afc9911e0f

    SHA512

    d93aa032e27c8268a4f6883711cf41f7ee2b5d33673a26d78db24456f2c548af39b7b98ed4b4737245c278d524fffb3e4bf708b6815dc866acd371427ff6be96

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\ShellLink.dll

    Filesize

    14KB

    MD5

    fa94d120efb029b43217c66bbc8c650c

    SHA1

    1fcf2d76adf69b403b7400681ac91d50ed20385f

    SHA256

    5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db

    SHA512

    07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\System.dll

    Filesize

    22KB

    MD5

    b361682fa5e6a1906e754cfa08aa8d90

    SHA1

    c6701aee0c866565de1b7c1f81fd88da56b395d3

    SHA256

    b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04

    SHA512

    2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\UAC.dll

    Filesize

    28KB

    MD5

    d23b256e9c12fe37d984bae5017c5f8c

    SHA1

    fd698b58a563816b2260bbc50d7f864b33523121

    SHA256

    ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c

    SHA512

    13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\components.ini

    Filesize

    44B

    MD5

    c9b5d86a9a0f014293b24a0922837564

    SHA1

    3cc73b4a30a1a0bfdc6812bbd17994f53eb5db2a

    SHA256

    775c85f3552754ad3794b88c0cb6d6fc43d412cd9a87a4b9e847386a5bd0a9c4

    SHA512

    790f365afbe4c5a37dbb56443d38f0c439eadca002e4001d373d6db8c1d80c4adacf3749e9d210cd0316381682fbbc46616a3fa36581c7ea6f5ce69119944b62

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\liteFirewallW.dll

    Filesize

    19KB

    MD5

    f31ba98a8d87faba153eea134968c854

    SHA1

    da0865cc1a86a39367f22897e1f9fbf4fb1f804f

    SHA256

    708fb54cffb6aea3547fc5ac745d1435ecc814df563bef59ba7a94f57d082bbb

    SHA512

    d991a2dd5ef537b25898afd7b7e73274a3cb8e6f5fca1621af22ee2761b82baf220aecb0c84434566742e2ab00b2f57a3740ce9831e76d4e1829bac3e044c8e9

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\nsExec.dll

    Filesize

    17KB

    MD5

    0e584c7120bd474c616013c58d51dc6b

    SHA1

    0bc980892341b52985d92fb3d8fbb6be77951935

    SHA256

    7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391

    SHA512

    aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\nsJSON.dll

    Filesize

    33KB

    MD5

    e832077eaee06f3b2ac9a8d2e7264567

    SHA1

    decbc329257c9c7fb67d3c449b4c5dfc1f87471f

    SHA256

    705f4947fb94254c4e5084e6a962045f6a4e790dfc1ecf59cd0fc3feb38bcbbf

    SHA512

    c1bada98c52ee2318d23c48fe202380eb42c5e1f18226cdc017f264c8c34f548bfe4d9b6eef13caae69ba321a71b199431b249fdec65f8bb1c386810932ccf6a

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\options.ini

    Filesize

    1KB

    MD5

    f50ac2442dddb1ec2bd0dd5410fcfbb4

    SHA1

    13a4a1dbd6cad83aa6e5d9043b6d98e1bf4ec371

    SHA256

    89b31e3fe0c4390d252a686512bacec6f53e3f4da6d1f12bca2866d4ba37d021

    SHA512

    697bad94809681055d19fb03f8979c79bb948bd01888392a0fff37b30fc87f965e7f716c0c28de6df6746518a5d5c26006e3a313eecbc6f8bdbed25d39d6f8a2

  • C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\shortcuts.ini

    Filesize

    874B

    MD5

    71851e095439dfcac9099254c0881673

    SHA1

    d31c9dfade1d31b937872dd6a8761c4c117ef588

    SHA256

    97ef03760837f339242d39927e0f9fa046669ed66b9a413b853ea8b6450ebfc4

    SHA512

    1025ff9cfed7f064670b43b401f80a2a805354cdd0f3a348c3935e15e08d67d9fb05d028b259a66003403425d842d5f10aa88e9bb57563765cecb91e85ab6c18

  • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\CertCheck.dll

    Filesize

    5KB

    MD5

    2979f933cbbac19cfe35b1fa02cc95a4

    SHA1

    4f208c9c12199491d7ba3c1ee640fca615e11e92

    SHA256

    bcb6572fcb846d5b4459459a2ef9bde97628782b983eb23fadacbaec76528e6f

    SHA512

    61f07c54e0aaa59e23e244f3a7fd5e6a6c6a00730d55add8af338e33431ed166d156a66455a4f9321cafbce297e770abc1cb65f7410923cb2b5e5067d1768096

  • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\CityHash.dll

    Filesize

    43KB

    MD5

    737379945745bb94f8a0dadcc18cad8d

    SHA1

    6a1f497b4dc007f5935b66ec83b00e5a394332c6

    SHA256

    d3d7b3d7a7941d66c7f75257be90b12ac76f787af42cd58f019ce0280972598a

    SHA512

    c4a43b3ca42483cbd117758791d4333ddf38fa45eb3377f7b71ce74ec6e4d8b5ef2bfbe48c249d4eaf57ab929f4301138e53c79e0fa4be94dcbcd69c8046bc22

  • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\InetBgDL.dll

    Filesize

    7KB

    MD5

    d4f7b4f9c296308e03a55cb0896a92fc

    SHA1

    63065bed300926a5b39eabf6efdf9296ed46e0cc

    SHA256

    6b553f94ac133d8e70fac0fcaa01217fae24f85d134d3964c1beea278191cf83

    SHA512

    d4acc719ae29c53845ccf4778e1d7ed67f30358af30545fc744facdb9f4e3b05d8cb7dc5e72c93895259e9882471c056395ab2e6f238310841b767d6acbcd6c1

  • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\System.dll

    Filesize

    11KB

    MD5

    17ed1c86bd67e78ade4712be48a7d2bd

    SHA1

    1cc9fe86d6d6030b4dae45ecddce5907991c01a0

    SHA256

    bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb

    SHA512

    0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5

  • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\UAC.dll

    Filesize

    18KB

    MD5

    113c5f02686d865bc9e8332350274fd1

    SHA1

    4fa4414666f8091e327adb4d81a98a0d6e2e254a

    SHA256

    0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

    SHA512

    e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

  • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\UserInfo.dll

    Filesize

    4KB

    MD5

    1b446b36f5b4022d50ffdc0cf567b24a

    SHA1

    d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9

    SHA256

    2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922

    SHA512

    04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8

  • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\bgstub.jpg

    Filesize

    25KB

    MD5

    7c2899ce7038a456c772f45f21cf9efe

    SHA1

    5f9116469f2026714a7c67d39b4d3fa0ffaf5d26

    SHA256

    a201e838caec6eac014a6facaf3ae5b8fd625bea510c856b332c535958e4cab2

    SHA512

    3d268bd2cfe2c811de766fe734f3e421cb4929b953f79cdc0556795ea92a63f5121de2609873c6dfcdacda7ef000fee27a1c86d8f3b8fdc2ada6a00a329813ca

  • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\config.ini

    Filesize

    187B

    MD5

    ed23468cb20f1f37a967eb26f639faef

    SHA1

    5707e3d394b6a3e36e8b1e23317ec115bafa1e9c

    SHA256

    812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913

    SHA512

    9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9

  • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\download.exe

    Filesize

    60.5MB

    MD5

    8004042f7b49322c7d9d051c80ba6dfb

    SHA1

    f74650fe271fdc0242c19c45c38c8613e597db77

    SHA256

    f090a655e4973acfa991963694fdacc10547c668b44694aee8664eea24941b67

    SHA512

    fc7a5940a0a32ac9fc45771f57e709c3180f3985d59b639b330d458cbccf829b03c3fdeb0015f43ce52605002498a76dbef2e97001b113d6651e779d653f9ea5

  • C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\nsDialogs.dll

    Filesize

    9KB

    MD5

    42b064366f780c1f298fa3cb3aeae260

    SHA1

    5b0349db73c43f35227b252b9aa6555f5ede9015

    SHA256

    c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab

    SHA512

    50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7

  • C:\Users\Admin\AppData\Local\Temp\tmpaddon

    Filesize

    479KB

    MD5

    09372174e83dbbf696ee732fd2e875bb

    SHA1

    ba360186ba650a769f9303f48b7200fb5eaccee1

    SHA256

    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

    SHA512

    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

    Filesize

    13.8MB

    MD5

    0a8747a2ac9ac08ae9508f36c6d75692

    SHA1

    b287a96fd6cc12433adb42193dfe06111c38eaf0

    SHA256

    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

    SHA512

    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\vmqlk23h.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmp

    Filesize

    1KB

    MD5

    780a09f4232b4bb65feb51cd88527aa5

    SHA1

    354fdd19c173460c841b70f782d53c273dfc4c36

    SHA256

    e8883b22ca63de6751f4d9fbff6fd62b29af166e9a0486dc48f1d2bfbc5921b1

    SHA512

    5626a79defa810616ff19033c49a5e82791c57054251604c43d2ad585110095131f7ad762039b1978bb4c6f46d747ddbd2262256eb59996903ef5465a87dadec

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\vmqlk23h.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmp

    Filesize

    1KB

    MD5

    1ea34670595488ac3613ce8c1d2f7ebe

    SHA1

    b47504c231240d7155e5102308873ba8ea2b0d93

    SHA256

    1f76c070a977b05e7ddca724e3d91a3502e8d085aa25abaf6e33d15ed4898572

    SHA512

    3d03a4863f7ef03bdd0291a8abcb6f72351bdc60c6f48022068e6832b6067c5403e04c06ea4911dfcbead9ad31b0e1b5be2dfd8c2d2b811e35c859ac8d91027d

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\vmqlk23h.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\pending_pings\03486f73-04e8-4213-970f-4eb904169d58

    Filesize

    590B

    MD5

    6aac5a63425f44e361044d31eb9702dc

    SHA1

    902de050962ed4b5fa5df3eefd24a8fe1d66d887

    SHA256

    80889401c58522798ef1c1c039c2d15cac62261beb2a312f96ace4c2e58e2088

    SHA512

    a34df00e591f133ecbbbec249c733bdf53c6614747a7fd9d23092864ad03d8d2e792a553e7ee5f4bb4aa4ff12a519b9e1b07e0c84aa73a95ba0057d2bff2d466

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.tmp

    Filesize

    5KB

    MD5

    692eb6c23238ce86fd2c202cb7bab1f1

    SHA1

    f7b0d89d037ca63985191129f5b93669806c88dd

    SHA256

    743adf1b10f56b7f4c6a0b4f48ac2496ce72f43624bc4be96c516529746c4c63

    SHA512

    287179f2aad8c25a5e550e687ac7eee0dc4f3c5cbf48d10419c7f30dd598c7c1729f8258a47571d15ecd8229ca42e9a48786ac3f622439e9aaf3c57f45cb3458

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.tmp

    Filesize

    6KB

    MD5

    8cb86655936f8e29e3c360d04d1a3a87

    SHA1

    7ca1fc77473b7e1ea3d0e359227b6fbfec0fc22b

    SHA256

    074b6de4120dda22c24dddfa24055a2fb34cae36b449d67105f7646cc188b0a5

    SHA512

    733ff4426fa32c320f813f88ba5617382ff7710373fbab74f4dad7359138a35a0df053499a4d2d405e811479b260b7eb91bba17b5b8ff74d59a49e5f8e598d97

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.tmp

    Filesize

    6KB

    MD5

    254cd6756aac04f300b14ec7141e4850

    SHA1

    bde2b018f1e9568f7348abc78baef90be0645d77

    SHA256

    d88b836a4607bdacbfc7f9002b9e4914aeebb06bb0580d0a62ba1d12225468d0

    SHA512

    d2e0377c4129dc4bc4a580284e28630d0a5a9cfa52ceb31bedb306cf837f3d01878a47f12ba8e04241b5f505018aaf56c4ad6350a335da003352c66ace10ff16

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\07f02357-416b-49d6-81c8-82beec52bf9c

    Filesize

    11KB

    MD5

    05b5a4eaf7a82ecf61edddf886b238a5

    SHA1

    05c0b50c599caba36d9edfbaa21b75df8da592b1

    SHA256

    a180bde19b48ef638514860a77df92367c4873649f07aa69f619f0dbaa3fa951

    SHA512

    58025bbb16ff97c9ff66734fcead1b7be42c99f62209231e130ec8587bec6c25a15c52ec596a3de56ebf445270320b87384f99abceba4a0efef86538029ab21a

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\b5d1736e-1d20-40bc-9281-f7763285be4f

    Filesize

    806B

    MD5

    a02304fc2cdb04240f4c4dff4eeb6531

    SHA1

    71c9fb1e9c3b3f5a9999670251dd285c7948b2d7

    SHA256

    75b374e9f51ba1f8a381f1f0f2f30ca304755670efaca637947a60240e543647

    SHA512

    f89778375405b42ca8402dea94dee7cf68838f115135d3ccff26bf7f7bfaae6a7ed07ea22501c410f0742d8cda368061e3334194ac6840fd9b45f4a5c41fe0aa

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\extensions.json

    Filesize

    44KB

    MD5

    d06e09c5d3c44c6267ab4a0edd06623e

    SHA1

    4c0b521c083cbc795ee34c751fb94e89bff9fccf

    SHA256

    d4efeec983d8961fa10e4e4be73f46222f0887ae45d018de84228e5fe4674662

    SHA512

    c442dab839238083dd29c57e6ef7c949e1a86b89aa7370cebebba2528aba2511311f4e80a33e2a6a34b4ca947d8af65305c9601780b7955ec861df5bd7034039

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

    Filesize

    1.1MB

    MD5

    842039753bf41fa5e11b3a1383061a87

    SHA1

    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

    SHA256

    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

    SHA512

    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

    Filesize

    116B

    MD5

    2a461e9eb87fd1955cea740a3444ee7a

    SHA1

    b10755914c713f5a4677494dbe8a686ed458c3c5

    SHA256

    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

    SHA512

    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

    Filesize

    372B

    MD5

    bf957ad58b55f64219ab3f793e374316

    SHA1

    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

    SHA256

    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

    SHA512

    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

    Filesize

    17.8MB

    MD5

    daf7ef3acccab478aaa7d6dc1c60f865

    SHA1

    f8246162b97ce4a945feced27b6ea114366ff2ad

    SHA256

    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

    SHA512

    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

    Filesize

    8KB

    MD5

    5d403c267ef8bb52aec3d379f7f0b22f

    SHA1

    7c1dd34d9621ca0932f3f763473c7f9988ba58a1

    SHA256

    f068e05c90d6c37266b47299b6b0e057ccd4cef99ae3413f4fa311257a21e43a

    SHA512

    431acd5ac7a60bd0f0ff65129da2241c567a36b8ec38d24d43d426dc28aff46cb75c093e979ac87e09849aa6601639d8fcb319758b2c82d0866562958014982f

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

    Filesize

    8KB

    MD5

    cd1498fc57e281e9c50e958b532e632d

    SHA1

    a7a2a837fc9a99bbf26c8169c4a79242fae3af2c

    SHA256

    52fe27f6d99e3057c442010f2d857e951529b26398e34e62eff15358cc124543

    SHA512

    90588cc2f7a8bff442ea1f84e319b8ffe1597d8b9028b1525013d5ca0f0188ea898c63384c5f1632ae129efa0c725bb6e75bb86fcd13705f1e02c4f5b2d7269c

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js

    Filesize

    6KB

    MD5

    14f34fc97ff2214eda5f7547ecc42bb7

    SHA1

    e601baa7253ab86403cdb7b9b483e1476566bf3d

    SHA256

    4da9817e7d3a9da56b1d065dea0f1526ff7c3810f4aeef6bff0ef45ff5497416

    SHA512

    fc83327b2effa5e3a615be175d1174b01b2403a25f3c7bed5ce0431f316bb1b34c64bc65a11190d8cf88244a727cc588e79823bb8f4276a4e2fa732e5364121c

  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js

    Filesize

    6KB

    MD5

    c018cbf6d462b2402e8b59406e7c91a8

    SHA1

    436edd3a404359674601e6078368fb2d9e9224d3

    SHA256

    c0283cd400223787cebad972d18e81d925ff5c1bee7b33c563fbf2b63e5a9473

    SHA512

    10cf8d3e409d09e5cc79f1f44e46b8999c647693b3dfdaeeca5637588d48f2826da4ab453e134f64f9e0eb87e99315bd9d382d7cbec57741eed5e8505f6d47a7

  • C:\Users\Public\Desktop\Firefox.lnk

    Filesize

    902B

    MD5

    467d327204150eb7bb33c95f70296b48

    SHA1

    1efdbe1b812c09362dd7ceb1b890c4c55fe5dfdc

    SHA256

    b137897e273872e857115f52bf7121703b976120ab869e7a616ac4057d619217

    SHA512

    cd1a3fa175f58092d9e329758fad68fab4ae7fa99b5f0490925c4e934aa9aa20b91335fe2263ab40d3ff34c07fd4abc01d6d353f1c927cc4653f26f19ffe178f

  • C:\Users\Public\Desktop\Firefox.lnk

    Filesize

    1000B

    MD5

    3f66acb332e67c33efe1a88df785a18b

    SHA1

    e20739e4cb97d8e6fd1ad3ee7f9c73e17ddb8800

    SHA256

    b7f2751ba4bf61b0bd3b069e541de8148aaf24b5c70cda45b4c4b57b500f8d62

    SHA512

    e0276f3ae9d689c8d6f637db09704138366a5478ab367b466ac805c2802ccc3df395fe60699b621e4be47c832598dcddd904ea4603a4a6e99be582cd42cfb8e1

  • C:\Windows\CTS.exe

    Filesize

    29KB

    MD5

    70aa23c9229741a9b52e5ce388a883ac

    SHA1

    b42683e21e13de3f71db26635954d992ebe7119e

    SHA256

    9d25cc704b1c00c9d17903e25ca35c319663e997cb9da0b116790b639e9688f2

    SHA512

    be604a2ad5ab8a3e5edb8901016a76042ba873c8d05b4ef8eec31241377ec6b2a883b51c6912dc7640581ffa624547db334683975883ae74e62808b5ae9ab0b5

  • memory/1452-62-0x0000000002540000-0x000000000254F000-memory.dmp

    Filesize

    60KB

  • memory/1544-0-0x00000000002B0000-0x00000000002C7000-memory.dmp

    Filesize

    92KB

  • memory/1544-10-0x00000000002B0000-0x00000000002C7000-memory.dmp

    Filesize

    92KB

  • memory/3396-128-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

  • memory/3396-7-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB

  • memory/4152-11-0x0000000000900000-0x0000000000917000-memory.dmp

    Filesize

    92KB

  • memory/4936-155-0x0000000000400000-0x0000000000446000-memory.dmp

    Filesize

    280KB