Analysis Overview
SHA256
e93ff48a56b972395fae83b84f2d8ad1ae60864cff663813ae22ecee5f2baae5
Threat Level: Likely malicious
The file e2d1fda785669f8fb843491a5c110efc_JaffaCakes118 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Reads user/profile data of web browsers
UPX packed file
Checks computer location settings
Loads dropped DLL
Registers COM server for autorun
Checks installed software on the system
Checks whether UAC is enabled
Adds Run key to start application
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Unsigned PE
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies Control Panel
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-06 15:13
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-06 15:13
Reported
2024-04-06 15:16
Platform
win7-20240221-en
Max time kernel
150s
Max time network
126s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\me6Mjo0ObYorpyb.exe | N/A |
| N/A | N/A | C:\Windows\CTS.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe | N/A |
| N/A | N/A | C:\Windows\CTS.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\download.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8464AEB6\setup.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" | C:\Windows\CTS.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" | C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" | C:\Windows\CTS.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" | C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\default-browser-agent.exe | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.ini | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-environment-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nsd4CBE.tmp | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.exe | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nso4CAC.tmp | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\plugin-container.exe.sig | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe.sig | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaultagent.ini | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\ | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\ | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.ini | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\mozglue.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\vcruntime140.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\msvcp140.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nsd4CBC.tmp | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\omni.ja | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\locale.ini | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\ | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaultagent_localized.ini | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\pref\ | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\ | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\ | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\maintenanceservice.exe | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\IA2Marshal.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nsd4CBD.tmp\ | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\removed-files | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\ | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\tobedeleted\ | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\softokn3.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nsd4CBD.tmp | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\qipcap64.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\tobedeleted\nsd9069.tmp | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\private_browsing.exe | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nssckbi.dll | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\CTS.exe | C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe | N/A |
| File created | C:\Windows\CTS.exe | C:\Windows\CTS.exe | N/A |
| File created | C:\Windows\CTS.exe | C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe | N/A |
| File created | C:\Windows\CTS.exe | C:\Windows\CTS.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "418578361" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02a5e433588da01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c2306770000000002000000000010660000000100002000000030276504c73d97675ba00db122f261d106388661394f0bd2609b6222c7a39bff000000000e800000000200002000000023ab756c0368bef2e784bab2972d6a5f7ce6ef392f6a9ef7327fdff38448abac900000006ac15bc3cb49650533b89065da6cbe2d4703dbf1bd3a03d17840e6a85f05634cce259260d044b8eebb31e089ac0cdae59682390c38c0d265f7039970c2fec7c90638a4aef79874c72f61ac47438404baab6325a39a2d76fddf59d48b7eb8b905f8647be5055a92b0c444861e38dbd6179692a7a93dfab9297f18dca4e405b68acda914500f54b7f10923d38a90c9b688400000002644a336f161b3e57e3ec89b7331b7deb580f420fdd0af2d87b2c06fb08d84cd02af59e929c557ad7f83ad70acb896bbd5465589362fa51ef902e0ca29a4e3ff | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6AFE9B21-F428-11EE-8059-CEEE273A2359} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000c12c25e2ddfb54dbf19c8710c23067700000000020000000000106600000001000020000000d454e907ddb3a90e5d0a592b34e42c4e13b4260a04c4f392d901ec77dc1148bf000000000e80000000020000200000009de5f18afe24fb348bbb1ef0cc0f10a982346c3a48ca80be6f4ac0639cd9ec91200000008f04fc3e666bfe01b4afd5e69e3a30da692b6e60eec3ac96a702a71d6fdef59140000000c912c9d2935f457314c435e51e7bb3e94aa454dc1f479e82ef65e16720c314e05acc6e86fed9c6d007a8ac3f76a600ad413e9f64be15e0719921eca470f5a7db | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d4304000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\CTS.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\CTS.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\me6Mjo0ObYorpyb.exe
C:\Users\Admin\AppData\Local\Temp\me6Mjo0ObYorpyb.exe
C:\Windows\CTS.exe
"C:\Windows\CTS.exe"
C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe
.\setup-stub.exe
C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe
C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe
C:\Windows\CTS.exe
"C:\Windows\CTS.exe"
C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\download.exe
"C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\config.ini
C:\Users\Admin\AppData\Local\Temp\7zS8464AEB6\setup.exe
.\setup.exe /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\config.ini
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://www.mozilla.org/firefox/system-requirements/
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | download.mozilla.org | udp |
| US | 44.209.165.254:443 | download.mozilla.org | tcp |
| US | 8.8.8.8:53 | download-installer.cdn.mozilla.net | udp |
| US | 34.117.35.28:443 | download-installer.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| ES | 18.154.37.188:443 | www.mozilla.org | tcp |
| ES | 18.154.37.188:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| ES | 18.154.37.188:443 | www.mozilla.org | tcp |
| ES | 18.154.37.188:443 | www.mozilla.org | tcp |
| ES | 18.154.37.188:443 | www.mozilla.org | tcp |
| ES | 18.154.37.188:443 | www.mozilla.org | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2196-0-0x0000000001380000-0x0000000001397000-memory.dmp
memory/2196-11-0x0000000001380000-0x0000000001397000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\me6Mjo0ObYorpyb.exe
| MD5 | 78275c405670e0d9dd16481f26f5355c |
| SHA1 | 8581c6e6e7f239dbbba5083c65a76b3893515e3b |
| SHA256 | 0d5d6ea5c85bce2ae1e9dd5a777a35cfe21e9f9526630d13cf1795c4fb32eeda |
| SHA512 | 7cf9c4aa805cc0f161200e1e71f09eeb525d03d57f550062c880d63c13f7fd616613ab3630c7ba28cc84141390e55eb45bdde8e757c9fd29bbe8ddbcfe3a2d35 |
memory/2196-4-0x0000000000260000-0x00000000002A6000-memory.dmp
memory/2196-14-0x0000000001060000-0x0000000001077000-memory.dmp
C:\Windows\CTS.exe
| MD5 | 70aa23c9229741a9b52e5ce388a883ac |
| SHA1 | b42683e21e13de3f71db26635954d992ebe7119e |
| SHA256 | 9d25cc704b1c00c9d17903e25ca35c319663e997cb9da0b116790b639e9688f2 |
| SHA512 | be604a2ad5ab8a3e5edb8901016a76042ba873c8d05b4ef8eec31241377ec6b2a883b51c6912dc7640581ffa624547db334683975883ae74e62808b5ae9ab0b5 |
memory/1692-17-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2892-20-0x0000000001060000-0x0000000001077000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe
| MD5 | adb824f8f58ed0388893da04f9a1b57a |
| SHA1 | bb264f2110211abfb3cf33054b6c9f41df27b190 |
| SHA256 | 4359be2767eb11a1ae7387947c6542dfc5c5676fbf38ad8339f506b62843ae94 |
| SHA512 | be24cb9ff23eeee96158df3b3727b2c9a8ac0bddc344d17930badad2b233251d9bfea393d84cddbe5ea519c1a5f88cec06068e96db4094f922ce64dfe9b87e24 |
C:\Users\Admin\AppData\Local\Temp\7zSC96E2666\setup-stub.exe
| MD5 | 5aa572fb0291f7502da43467e0c56243 |
| SHA1 | a0675c785d8c2ecde47c5cccf958898048fe3cc2 |
| SHA256 | f367ce14664eb7f07e6cf99853697209f7c1abf470c501b30efae78c0281e5c3 |
| SHA512 | 16c3c0638b5ef21b3bfb84994365be3db3cea9ea6e4c8f04370e1ee2746b22c9ad3cf3ba6437e283a44285de46c67082fae6b6b2b4f747a05f470b2d3ed9c2b5 |
memory/1692-27-0x00000000002B0000-0x00000000002C7000-memory.dmp
memory/2068-29-0x0000000001060000-0x0000000001077000-memory.dmp
memory/2068-32-0x0000000000020000-0x0000000000037000-memory.dmp
memory/2068-34-0x0000000000020000-0x0000000000037000-memory.dmp
memory/2068-35-0x0000000000020000-0x0000000000037000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1XP9sIAGVJbevop.exe
| MD5 | 5e8603920f9fd39ecede163aab0c53c7 |
| SHA1 | 1f686ce223269087e4b036e8fdfd9214d9b8911f |
| SHA256 | f3a9cdd9ff511cd504bc5ca96e280bbc166fa1d87e749a86a5d73d05cdd1f879 |
| SHA512 | 935b7e57fa7f2798f0ba1b9a0481a43ae60339886462c9010328335e833207755046449dd97885df86ac8d4d46f471d557ea4585223765120b9401b57bf04705 |
memory/1692-50-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2520-48-0x0000000001060000-0x0000000001077000-memory.dmp
memory/2068-42-0x0000000001060000-0x0000000001077000-memory.dmp
memory/2068-41-0x0000000000140000-0x0000000000157000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\System.dll
| MD5 | 17ed1c86bd67e78ade4712be48a7d2bd |
| SHA1 | 1cc9fe86d6d6030b4dae45ecddce5907991c01a0 |
| SHA256 | bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb |
| SHA512 | 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5 |
\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\UAC.dll
| MD5 | 113c5f02686d865bc9e8332350274fd1 |
| SHA1 | 4fa4414666f8091e327adb4d81a98a0d6e2e254a |
| SHA256 | 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d |
| SHA512 | e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284 |
\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\UserInfo.dll
| MD5 | 1b446b36f5b4022d50ffdc0cf567b24a |
| SHA1 | d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9 |
| SHA256 | 2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922 |
| SHA512 | 04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8 |
memory/2648-76-0x0000000000590000-0x000000000059F000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\CityHash.dll
| MD5 | 737379945745bb94f8a0dadcc18cad8d |
| SHA1 | 6a1f497b4dc007f5935b66ec83b00e5a394332c6 |
| SHA256 | d3d7b3d7a7941d66c7f75257be90b12ac76f787af42cd58f019ce0280972598a |
| SHA512 | c4a43b3ca42483cbd117758791d4333ddf38fa45eb3377f7b71ce74ec6e4d8b5ef2bfbe48c249d4eaf57ab929f4301138e53c79e0fa4be94dcbcd69c8046bc22 |
\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\nsDialogs.dll
| MD5 | 42b064366f780c1f298fa3cb3aeae260 |
| SHA1 | 5b0349db73c43f35227b252b9aa6555f5ede9015 |
| SHA256 | c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab |
| SHA512 | 50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7 |
\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\InetBgDL.dll
| MD5 | d4f7b4f9c296308e03a55cb0896a92fc |
| SHA1 | 63065bed300926a5b39eabf6efdf9296ed46e0cc |
| SHA256 | 6b553f94ac133d8e70fac0fcaa01217fae24f85d134d3964c1beea278191cf83 |
| SHA512 | d4acc719ae29c53845ccf4778e1d7ed67f30358af30545fc744facdb9f4e3b05d8cb7dc5e72c93895259e9882471c056395ab2e6f238310841b767d6acbcd6c1 |
memory/2196-114-0x0000000001060000-0x0000000001077000-memory.dmp
\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\CertCheck.dll
| MD5 | 2979f933cbbac19cfe35b1fa02cc95a4 |
| SHA1 | 4f208c9c12199491d7ba3c1ee640fca615e11e92 |
| SHA256 | bcb6572fcb846d5b4459459a2ef9bde97628782b983eb23fadacbaec76528e6f |
| SHA512 | 61f07c54e0aaa59e23e244f3a7fd5e6a6c6a00730d55add8af338e33431ed166d156a66455a4f9321cafbce297e770abc1cb65f7410923cb2b5e5067d1768096 |
C:\Users\Admin\AppData\Local\Temp\Cab8E05.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\download.exe
| MD5 | 1e27e7745bba839a11fde43ee09614fb |
| SHA1 | 8ea7d0013e5f4327adef0384427f14adf8d2e9e6 |
| SHA256 | 3d60842520fdca462a8c9e3c998eb2e3a267dc801af1100953910038b0da0906 |
| SHA512 | bce358d57a36bc1d9326f944b7aa3b3f59c3174b8a5d4c7e2ee7b4fe90b1ac3cfb49e79ffb68564359680f6920cf32ac889252aff2a13424bc252d412504f40e |
C:\Users\Admin\AppData\Local\Temp\nsi4C3D.tmp\config.ini
| MD5 | ed23468cb20f1f37a967eb26f639faef |
| SHA1 | 5707e3d394b6a3e36e8b1e23317ec115bafa1e9c |
| SHA256 | 812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913 |
| SHA512 | 9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9 |
memory/2648-159-0x0000000003710000-0x0000000003756000-memory.dmp
memory/2520-165-0x0000000001060000-0x0000000001077000-memory.dmp
memory/1608-176-0x0000000000240000-0x0000000000286000-memory.dmp
memory/1608-194-0x0000000000400000-0x0000000000446000-memory.dmp
memory/2648-246-0x0000000003710000-0x0000000003756000-memory.dmp
memory/1608-297-0x0000000000240000-0x0000000000286000-memory.dmp
\Users\Admin\AppData\Local\Temp\7zS8464AEB6\setup.exe
| MD5 | 43947976824aa63f057de1ac7a99c377 |
| SHA1 | 5f6d978b9bd3ad7e435848090d7d53e27edcf66a |
| SHA256 | c57ccd8514fe77530c62f67b5a069afb0a912a11892e890dccfdb5a64b1f9531 |
| SHA512 | 2c812802b5c1150c406e8dae2857d13783f8aeaf2a29acdc65f8d86ba1f3e0f9164823a414a868b51a98f94f41f784659b39c0d9451deae756f93af144134ada |
\Users\Admin\AppData\Local\Temp\nsoFAA5.tmp\System.dll
| MD5 | b361682fa5e6a1906e754cfa08aa8d90 |
| SHA1 | c6701aee0c866565de1b7c1f81fd88da56b395d3 |
| SHA256 | b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04 |
| SHA512 | 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9 |
memory/1608-384-0x0000000000240000-0x000000000024D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Tar1191.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\Local\Temp\Cab117E.tmp
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aebc25814310b7546a60365999001a4e |
| SHA1 | 3f9b0c8d97f0da2a472a90a0cc67bcf1c756bec9 |
| SHA256 | 65cb09be353db6324fc4fa1a0f867aedfb7c861f8b1969c08f7062dbfecd1397 |
| SHA512 | c648c0fc9980562549bc9fdb6407325030ef6a5dbb91e5f71438db126d4f9fd8516893e92dd683e29534beb3bb893b190b57b8635419b174669ca5a22690349e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 233b87f19a5f0e36b43c03c8a4948ec0 |
| SHA1 | e43a5d5fbf0605175bb82c981bc0d45e5c13af6a |
| SHA256 | 2682266ce41964975cce46999e8aa610b898fba51a93a2a645785c797d97e0f2 |
| SHA512 | 08f89e371f20855f065f94d51ebbd2e46ce1d888a0a0ed94c9087774cc9090b8620ac8a434ab1af2754c71b5af7e74b5fb43dc59d19275af6213d612afb25cf7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6d3e08245ec9b8987b8e94dd1cd57715 |
| SHA1 | 14d593d0b2b6e6ab15708be048097faf23fc40c6 |
| SHA256 | d96a3e8c6be05dad05273c2f40bee2bf075cf2735814ede276dd326051d1a26d |
| SHA512 | 2a9ff25f8e58fc56ef792aac492746b42316ea186c559d4c94c7979c3f3291c67c4f2ede35bea73c70146649b27c8d421c4a8c4502c1d0ef068f971eedbe3743 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HQQVSTWU\favicon-196x196.59e3822720be[1].png
| MD5 | 59e3822720bedcc45ca5e6e6d3220ea9 |
| SHA1 | 8daf0eb5833154557561c419b5e44bbc6dcc70ee |
| SHA256 | 1d58e7af9c848ae3ae30c795a16732d6ebc72d216a8e63078cf4efde4beb3805 |
| SHA512 | 5bacb3be51244e724295e58314392a8111e9cab064c59f477b37b50d9b2a2ea5f4277700d493e031e60311ef0157bbd1eb2008d88ea22d880e5612cfd085da6d |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\60nmxlj\imagestore.dat
| MD5 | 58a3964f08ddc05bddc4982091830da5 |
| SHA1 | 9ae52bcf579d9d1f8a8e16aedc4abd356a2f5eb7 |
| SHA256 | c64c79db16258532d3ec5c28d6965d961fe0202b1ab99a58375a7888ff33dcc0 |
| SHA512 | ce34908adc92429f583ed40e143f1e404e03f948ca7bcc02b4dc892a6223557894a31bc579a8923f0c016bde030b4d1d68e2301693e9b112a778c9ad46a8dc8d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c8e461cd508b513c2d20410e6198847c |
| SHA1 | 88f533a548a78eab58f87e170bb70d20feffb6f1 |
| SHA256 | b38b4ce8bbf8b293f9c1d6699229e3e50b7b1203a694e31aa801cbb08c8b7850 |
| SHA512 | 79af3926ad9f9864040725adba5126d6bde854c28eb3c9d55671076eb5e2644374790fa68aedd2d0be51f550094ce927622323c351a9e46c3d84825de8a775da |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ecf62f63e6f6f79184d2358585eb93d |
| SHA1 | 18dd20f708ff5f0bce40b011e961aa0cd1753d94 |
| SHA256 | b8d0107bf9eb2225ddd95430d641b78b3f17a3df3f1b441433f1a119813172d6 |
| SHA512 | 85cba22c9bfe0a6d4f449681a5360edbc79a59fc75a34c98944340f88eff974d9debbe812c1ad7ee14e8c27c7775cbfa281fa85ecd24391fe6f46562561ba2d1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20ebbb6813dde7edb84aeecbe9e3ea99 |
| SHA1 | 10baaa8e2c91b073108c6bb35fa979edf079bb40 |
| SHA256 | bde19fec953a7e61cf23e0da483a1129ee9885606d9f3939841cf78815784d9c |
| SHA512 | b4775ffb6504d16138f071aa4f3f5d1dc119bc1f4c4d164ac75ba518ab1295f676ef9ec9f74183d80ec01e47d5aa3922888c0d7463104b5a7430294aae1c8e3e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa12d3dd0326b62839dde564942a223e |
| SHA1 | 365d034315f6e2d390a2cf42109abf0ba477f4f4 |
| SHA256 | 9e92192601cdd41c4ad0caafca4d27634eee39c22feb5e49c2d4349b970a637d |
| SHA512 | c9ac7ffd8aaacbdbd1e4fd0f0731a653334b5130c4b4c5488dda5f1e951e9f4c6788e9c7db3b4daeda314cb3aad34dce98a614f6d8b7fe12e1279cd9b4ee951f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 328ff7127642473e0c4d4b1d08916ff1 |
| SHA1 | 6665bad071c92f22b3fb98d34425707379867e70 |
| SHA256 | 578c9d058c6c6d270e8e90f6221e0235506a359173e20313a22a6f139f8c6084 |
| SHA512 | 26eb22926560884e2d2dbf65bab4e90b2a6e51c8c6e9605b0620c727682a6948171ea6ee07a786a22b48bd471aedb4707ed1424a8132a1f6a0a9161b27bad24d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e70352b7d1c338ae441d823d3f6db36b |
| SHA1 | d03835e9b6f26c582941db4bc26afd3a2270fdd3 |
| SHA256 | 8981ba0f5c7d5d9269b29237b57375ecdb80b864adc38fd5a99f01e67985ff0a |
| SHA512 | c7de7152ef377f5b231d02512248f8d2f3f4011a84353073b856e17df2116cfc26b52447e2bd069b6f3ceb6943fb0988bd9889d73cec07d59e36fc203fed8040 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5237f14c12f3d2a0c2c99547b1a1c2d0 |
| SHA1 | 0866c984473f0097c8195b5a3ce192e47fa7f7a6 |
| SHA256 | 873ebebf8a8c6673f4b793784758a96a1ddba4bbb73d8139636dab3a5bf1bd14 |
| SHA512 | a88aaa489bb736fb315575fb7013be805cb2269931bd1faf8d322b129f2869a1249f103eb167ff0d910673f0398e631a5d0185ad7289bf957cb317f99996942b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 27d38cab2daeb32d44c373d678316f63 |
| SHA1 | a87cdc650f996219ad1437a5fceff101513c8f2f |
| SHA256 | 98f58e704a6a96b436474fcef6a7a48785cd3c2af3e70d3f3a06953b687bde32 |
| SHA512 | cb33fd9e3847f1009c6f3f7b25de9a5accff86f5669164c22ab48c506d190650c533422e613d2030f8f20e2cae5afbe09c17a56c43700c570f630e1043b0d418 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | c26da2d1b231266a9f5a28eb7db561db |
| SHA1 | d079c96e775116130942e195fb82dd2d61303b47 |
| SHA256 | 96748e92d588171886d3594523e9e1df14cb8664d3b9b8db5a49c72829f5c482 |
| SHA512 | 25eabaf36dddc853cfc7911e27458185a0f50aedf9ba732c298bd0f5e983c2ecd69f8f77caf98edd665a87637e6a15126766f180686de6bba7d8eae48a7ccd72 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 83c8c221194934d6ea3f7f4f8ce7af05 |
| SHA1 | ec5286cdf40c6eb44abbc71bb20a505aa3654dd0 |
| SHA256 | e4f2d7945663b08fd2697662ef2d86922c9b9e4d3e966e7a77d6aac12e63c5ad |
| SHA512 | fb1339b14423b62dd6e0626444f73790a29a5b1273468fde4705f3e1c95fe75a5433170c92514b15e82538329da971267f33143d44a969476f415a150699778b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a3ae01630b9fc7b16b9a8c7b208fded2 |
| SHA1 | 9e8bacdbc755b12181a912e329bdfe20eae91a3e |
| SHA256 | d5831de1957c0321ff00bd2f83944dcd3217077e37c6cc027a450a60689f8c0f |
| SHA512 | 8108e2af2a440aef07439ae746ee610264f5486f0bb6894b70b048661fba8b8baaa863f453a7d6325c337952d36e61cac41703d6982f088faaeb66c0bb6b201f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e98d523fc06d5bfc2ba79a8111f5c33d |
| SHA1 | 9d12dc65cebcd9de3aa40b28afdb3e7d0b795d98 |
| SHA256 | 2e969814389fd8c38874c9669d0e526f1f9c7d4faef24fadf6b159bb5c4427c5 |
| SHA512 | 767b25e283e03e3ebb2e94fcd3d59f547b63c512b4facb48b6eed0adcbb1bf4f771719867c3af73431bdca9c09aa4c052f774bb4f152fafbcf37bbbec2e4f0e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1a93da1366f1db1d85eccfc14b8214b7 |
| SHA1 | fda33679b065233b31fdc505dc008aa7217c5cb9 |
| SHA256 | c2afca0d531250b8d941b750e46d4f5428141bbac259acd9d59f8f0c6cd42e36 |
| SHA512 | e46e050f71446a4e38be1834f28cd292ad365d59a38a0c437f738c974d33a19784adebdf8b2ff0f601d4e11a45caa445e52a53c7cf256a818046a0d17c50fcd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b274e709f390e6e9fab9eee3a065710c |
| SHA1 | 4221c18184535d6cef667d486a1fca7e771485bc |
| SHA256 | 32906e1f28768999719a5757977f4fcc1ca995de64f4f27278d524a20257bd50 |
| SHA512 | 8032e9e71aff62458978dbdd2ae66c220c4b9e942c17d6daf16ea19f0d3670df540f462dc3ea92c7c2207efee811c9cdcbf3cf4f8a3b474092fe9d3fa1d0d661 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cfcaa6e963ba55b4ba86ec3919f20f8a |
| SHA1 | ed6395218ef038f3ddd8293b3f4757476169f75d |
| SHA256 | bf1ad27b657904bf7c08092c3ee2b8410d945d3dd304eeb20540a06206caf989 |
| SHA512 | 61ce999e36b1c88b495e3de8ecac979c9b7e9403aea584644266cce90ad76994a8fde38ec9c3f195ddc98c7fccbe07f9b7a1d8d1cd8e1f0e058ea7c34b2d9cc0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1ebe074149267bc849236d8a6a9c602d |
| SHA1 | a8aa2e6ab5ddd59e0be6053985da78e3241f7ef4 |
| SHA256 | 9cf2d8335cf53bc3f3360098b1c4f815203915a484bfde84f94aadab73116be5 |
| SHA512 | f69a1fd4a37478e2b418daee2fdc9d9dd1112c4349bfe5cf81575055756df0a510e6c00e4dac570b1978d9f610d1675eeb9350dd5895200b0b75a56023b1c97c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cb87f332e1733aea1dd6751a81087b03 |
| SHA1 | 0cbab4343a051fbf6ee600ca5e80bf837f739923 |
| SHA256 | 05c98587f4ad78daecf78da01ed1fd6abca5e056091e75cb1903eb55f1ea424c |
| SHA512 | 82d41a881c978c02eb7c02bc2914556e0de14a7732e7cf6d039542b4af773a1ddabb8979eac78807eb0301f04fc5406828bdd9a5f57dc2c28ca56d80052be511 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 9e94fe798d27d91cf372d78673188eb5 |
| SHA1 | f1c862b0f465f163c772cf1005f26b563f60e8c5 |
| SHA256 | 38123618445a203f53875e7961d72c7a6f25b7f486f1bd169ec22f518b2b3c78 |
| SHA512 | 2846bd709d975c0f79be5d576d93b25a3b59a23e35a6eeaf0b50d4cfaf979a108a5b034a7c23ffa9c40ca2d75e9bdcea4c18aaeaeb2e35b3e10b21c026d59fd7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b57490106f632ac2f2a8b8fe661f5258 |
| SHA1 | 6675b04d0fd8706e8606548a0d5bb50513bd1d14 |
| SHA256 | 86683109b3e41d48fb5f3148c66374665fab1c03b3d744d755c0c1c0180b5d47 |
| SHA512 | 6175bd880f35afdc04b9ee143f7883851070e902fcf2db3166c448058c4f616313941d43b4a9dcaa40bccf0773a6101f1cdcc44b3a9d56fd1b995b341a28a574 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | df4c0ed6e597303e98e8eeff1403be3e |
| SHA1 | 4eba9484bc909b646bbb7f74a162eb6af5b169bc |
| SHA256 | 12b0425026df36ea54c23decbc9225b2888c1ef4cf75bc343b589a1d10e2791d |
| SHA512 | eb8f7986c6060830f8fbac29cef5fd1131bb84c3ec6640de85d83811cd1550cfd56c916ef7f3d084a1088f1af3e74aa435fc96710d025225247dd8985ad5f859 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | faec08626f6ec14bec7c5626d145e2a5 |
| SHA1 | 88f8ad92fd32f63ae7342708151a6b30cc06590d |
| SHA256 | 71d63e5f5f1eac3f9bc4f4c7b600b0e59fb609c27d8614441b7f051d1babac6b |
| SHA512 | be4f3997fb71371c967c77dc10c04bb4848e00a6d80280bebf6d71cd4b1bf9485bd95705d6ed6c5a076593619c6ca7b317315074debc702c4fa82412677f529f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 64e0062420874357725aa52a9ac85b7f |
| SHA1 | efd94e6bd8a7796ea8b0c396506f4a36c373a3dd |
| SHA256 | 27a8a789045503f5c02485ea9e9b73d34760959b1fb1b1ab523ed681c6adaf0e |
| SHA512 | 46b3092d64d34fd36643ad6bd623ac842dd13c5fc083e2f956df08b1cd6cafaa0df0cb3305f630e3aa5a9b7696c1ba6ba0f39ac31bf5c43d223660f7fc7a421d |
Analysis: behavioral2
Detonation Overview
Submitted
2024-04-06 15:13
Reported
2024-04-06 15:16
Platform
win10v2004-20240226-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\International\Geo\Nation | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\AccessibleMarshal.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32\ThreadingModel = "Both" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{60DE6416-DFC4-4406-B932-C9EA8CDC511C}\InProcServer32 | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{60DE6416-DFC4-4406-B932-C9EA8CDC511C}\InProcServer32\ = "C:\\Program Files\\Mozilla Firefox\\notificationserver.dll" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" | C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\CTS = "C:\\Windows\\CTS.exe" | C:\Windows\CTS.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\Mozilla Firefox\firefox.exe.sig | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\ | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\ | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\xul.dll | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaultagent.ini | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\vcruntime140_1.dll | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\freebl3.dll | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\private_browsing.exe | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.exe | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\uninstall.log | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\removed-files | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\vcruntime140.dll | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\vcruntime140.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\updater.ini | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\mozavcodec.dll | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe | C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\defaultagent.ini | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\libEGL.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaultagent_localized.ini | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\application.ini | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\locale.ini | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\installation_telemetry.json | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\freebl3.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\dependentlibs.list | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\crashreporter.exe | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\application.ini | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\libGLESv2.dll | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\[email protected] | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\libGLESv2.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\gmp-clearkey\ | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\uninstall\ | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\uninstall\uninstall.log | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\updater.exe | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\wmfclearkey.dll | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\api-ms-win-core-localization-l1-2-0.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\IA2Marshal.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\ | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\updater.ini | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\nst359C.tmp | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\omni.ja | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\mozglue.dll | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\fonts\ | C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\defaults\ | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\minidump-analyzer.exe | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\libEGL.dll | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\notificationserver.dll | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\CTS.exe | C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe | N/A |
| File created | C:\Windows\CTS.exe | C:\Windows\CTS.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\Colors | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\Colors | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000\Control Panel\Colors | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox-private\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{60DE6416-DFC4-4406-B932-C9EA8CDC511C} | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec\ | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\FirefoxPDF-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,5" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\NumMethods\ = "18" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox-private\ = "Firefox Private Browsing Protocol" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ = "ISimpleDOMText" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\NumMethods | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,1" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,5" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox\shell\open\command | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\{60DE6416-DFC4-4406-B932-C9EA8CDC511C} | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\ddeexec | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox\URL Protocol | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox-private\shell | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox-private\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -private-window \"%1\"" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32\ = "{1814CEEB-49E2-407F-AF99-FA755A7D2607}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec\ | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\FirefoxPDF-308046B0AF4A39CB | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\ddeexec | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox\EditFlags = "2" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ = "ISimpleDOMNode" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox\shell\open\ddeexec\ | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\ = "Firefox HTML Document" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\FIREFOXHTML-308046B0AF4A39CB\SHELL\OPEN\DDEEXEC | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox\ = "Firefox Browsing Protocol" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\FirefoxPDF-308046B0AF4A39CB\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\FirefoxPDF-308046B0AF4A39CB\DefaultIcon | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\FriendlyTypeName = "Firefox PDF Document" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0D68D6D0-D93D-4D08-A30D-F00DD1F45B24}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_CLASSES\FIREFOXPDF-308046B0AF4A39CB\SHELL\OPEN\DDEEXEC | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox\shell\open\ddeexec | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Interface | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E747BE5-2052-4265-8AF0-8ECAD7AAD1C0}\ProxyStubClsid32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\firefox.exe\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox-private\EditFlags = "2" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox\DefaultIcon\ = "C:\\Program Files\\Mozilla Firefox\\firefox.exe,0" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\firefox\shell\ = "open" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{60DE6416-DFC4-4406-B932-C9EA8CDC511C}\AppID = "{60DE6416-DFC4-4406-B932-C9EA8CDC511C}" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppUserModelId\FirefoxToast-308046B0AF4A39CB\CustomActivator = "{60DE6416-DFC4-4406-B932-C9EA8CDC511C}" | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1814CEEB-49E2-407F-AF99-FA755A7D2607} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxPDF-308046B0AF4A39CB\shell\open\ddeexec\ | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\FirefoxURL-308046B0AF4A39CB\shell\open\command | C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\CTS.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e2d1fda785669f8fb843491a5c110efc_JaffaCakes118.exe"
C:\Users\Admin\AppData\Local\Temp\CmLZ31nLwyihOpo.exe
C:\Users\Admin\AppData\Local\Temp\CmLZ31nLwyihOpo.exe
C:\Windows\CTS.exe
"C:\Windows\CTS.exe"
C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe
.\setup-stub.exe
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\download.exe
"C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\download.exe" /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\config.ini
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe
.\setup.exe /LaunchedFromStub /INI=C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\config.ini
C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe
"C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe"
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe" install
C:\Program Files\Mozilla Firefox\default-browser-agent.exe
"C:\Program Files\Mozilla Firefox\default-browser-agent.exe" register-task 308046B0AF4A39CB
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CB
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask defaultagent register-task 308046B0AF4A39CB
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask install
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" --backgroundtask install
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -first-startup
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2328 -parentBuildID 20240401114208 -prefsHandle 1840 -prefMapHandle 1836 -prefsLen 23610 -prefMapSize 244606 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d7c4af-bd5a-437c-bcde-b587fc25166b} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2628 -parentBuildID 20240401114208 -prefsHandle 2620 -prefMapHandle 2616 -prefsLen 23610 -prefMapSize 244606 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {888f49cf-5f92-41c3-8c20-ca0cfd85bf77} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3016 -childID 1 -isForBrowser -prefsHandle 1256 -prefMapHandle 1740 -prefsLen 21630 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54c93970-ddc6-4bfb-85c8-67bfd11f3131} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3204 -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3216 -prefsLen 23791 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d7af4e0-c5af-45e3-ac83-b92da229a604} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 3 -isForBrowser -prefsHandle 3916 -prefMapHandle 3332 -prefsLen 24751 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2202902a-f874-4baa-adc6-90feee3d604f} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4892 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4928 -prefMapHandle 4924 -prefsLen 29225 -prefMapSize 244606 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {020ec1e3-89d5-47ac-85c0-4c91ca1ffc43} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5148 -parentBuildID 20240401114208 -prefsHandle 5140 -prefMapHandle 5132 -prefsLen 29225 -prefMapSize 244606 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ace6deea-5392-4adf-a1de-35f8ad7ed346} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3224 -childID 4 -isForBrowser -prefsHandle 2980 -prefMapHandle 3060 -prefsLen 27273 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20b7ddc3-be47-4a42-bca3-905ff5881cf4} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -childID 5 -isForBrowser -prefsHandle 5800 -prefMapHandle 5808 -prefsLen 27273 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c72e4c8f-c379-4b3b-9a46-ea178bbc8b8a} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5864 -childID 6 -isForBrowser -prefsHandle 5632 -prefMapHandle 3188 -prefsLen 27273 -prefMapSize 244606 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a754e4b-4a65-483c-89c6-0669d7be37fb} 4724 "\\.\pipe\gecko-crash-server-pipe.4724" tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | product-details.mozilla.org | udp |
| ES | 18.154.41.122:443 | product-details.mozilla.org | tcp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 122.41.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.122.157.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download.mozilla.org | udp |
| US | 52.55.189.209:443 | download.mozilla.org | tcp |
| US | 8.8.8.8:53 | 224.244.67.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download-installer.cdn.mozilla.net | udp |
| US | 34.117.35.28:443 | download-installer.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 209.189.55.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.35.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | download-stats.mozilla.org | udp |
| US | 34.120.208.123:80 | download-stats.mozilla.org | tcp |
| US | 8.8.8.8:53 | 123.208.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 44.239.148.246:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.148.239.44.in-addr.arpa | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 37.158.120.34.in-addr.arpa | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:49723 | tcp | |
| N/A | 127.0.0.1:49857 | tcp | |
| N/A | 127.0.0.1:49991 | tcp | |
| N/A | 127.0.0.1:50004 | tcp | |
| US | 8.8.8.8:53 | 17.143.109.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 73.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 142.250.186.142:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| DE | 142.250.186.142:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6n6s.gvt1.com | udp |
| GB | 173.194.3.70:443 | r1---sn-aigl6n6s.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6n6s.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6n6s.gvt1.com | udp |
| GB | 173.194.3.70:443 | r1.sn-aigl6n6s.gvt1.com | udp |
| US | 8.8.8.8:53 | 142.186.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.3.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 52.24.13.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | locprod2-elb-us-west-2.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 216.13.24.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
memory/1544-0-0x00000000002B0000-0x00000000002C7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CmLZ31nLwyihOpo.exe
| MD5 | 78275c405670e0d9dd16481f26f5355c |
| SHA1 | 8581c6e6e7f239dbbba5083c65a76b3893515e3b |
| SHA256 | 0d5d6ea5c85bce2ae1e9dd5a777a35cfe21e9f9526630d13cf1795c4fb32eeda |
| SHA512 | 7cf9c4aa805cc0f161200e1e71f09eeb525d03d57f550062c880d63c13f7fd616613ab3630c7ba28cc84141390e55eb45bdde8e757c9fd29bbe8ddbcfe3a2d35 |
memory/3396-7-0x0000000000400000-0x0000000000446000-memory.dmp
memory/1544-10-0x00000000002B0000-0x00000000002C7000-memory.dmp
memory/4152-11-0x0000000000900000-0x0000000000917000-memory.dmp
C:\Windows\CTS.exe
| MD5 | 70aa23c9229741a9b52e5ce388a883ac |
| SHA1 | b42683e21e13de3f71db26635954d992ebe7119e |
| SHA256 | 9d25cc704b1c00c9d17903e25ca35c319663e997cb9da0b116790b639e9688f2 |
| SHA512 | be604a2ad5ab8a3e5edb8901016a76042ba873c8d05b4ef8eec31241377ec6b2a883b51c6912dc7640581ffa624547db334683975883ae74e62808b5ae9ab0b5 |
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
| MD5 | 06c439da0a9a5e8caa51e5ea62fe05f9 |
| SHA1 | 793c6e3d568b738f01c09ef15a1c74c5820c76da |
| SHA256 | b6770e810f5cd96d83e7042c551df1132087b4cb2f97ddb37e5ec04475c52cb8 |
| SHA512 | 361a7ed33b9d059033ffce6958d95c8436b305555a96cfaa4d86809c304e5615dff537ae89cfd22919eb2ddee67b341376d730e146fcebacc75ac69c3ae659c7 |
C:\Users\Admin\AppData\Local\Temp\7zS44D41F37\setup-stub.exe
| MD5 | 5e8603920f9fd39ecede163aab0c53c7 |
| SHA1 | 1f686ce223269087e4b036e8fdfd9214d9b8911f |
| SHA256 | f3a9cdd9ff511cd504bc5ca96e280bbc166fa1d87e749a86a5d73d05cdd1f879 |
| SHA512 | 935b7e57fa7f2798f0ba1b9a0481a43ae60339886462c9010328335e833207755046449dd97885df86ac8d4d46f471d557ea4585223765120b9401b57bf04705 |
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\System.dll
| MD5 | 17ed1c86bd67e78ade4712be48a7d2bd |
| SHA1 | 1cc9fe86d6d6030b4dae45ecddce5907991c01a0 |
| SHA256 | bd046e6497b304e4ea4ab102cab2b1f94ce09bde0eebba4c59942a732679e4eb |
| SHA512 | 0cbed521e7d6d1f85977b3f7d3ca7ac34e1b5495b69fd8c7bfa1a846baf53b0ecd06fe1ad02a3599082ffacaf8c71a3bb4e32dec05f8e24859d736b828092cd5 |
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\UserInfo.dll
| MD5 | 1b446b36f5b4022d50ffdc0cf567b24a |
| SHA1 | d9a0a99fe5ea3932cbd2774af285ddf35fcdd4f9 |
| SHA256 | 2862c7bc7f11715cebdea003564a0d70bf42b73451e2b672110e1392ec392922 |
| SHA512 | 04ab80568f6da5eef2bae47056391a5de4ba6aff15cf4a2d0a9cc807816bf565161731921c65fe5ff748d2b86d1661f6aa4311c65992350bd63a9f092019f1b8 |
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\UAC.dll
| MD5 | 113c5f02686d865bc9e8332350274fd1 |
| SHA1 | 4fa4414666f8091e327adb4d81a98a0d6e2e254a |
| SHA256 | 0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d |
| SHA512 | e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284 |
memory/1452-62-0x0000000002540000-0x000000000254F000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\CityHash.dll
| MD5 | 737379945745bb94f8a0dadcc18cad8d |
| SHA1 | 6a1f497b4dc007f5935b66ec83b00e5a394332c6 |
| SHA256 | d3d7b3d7a7941d66c7f75257be90b12ac76f787af42cd58f019ce0280972598a |
| SHA512 | c4a43b3ca42483cbd117758791d4333ddf38fa45eb3377f7b71ce74ec6e4d8b5ef2bfbe48c249d4eaf57ab929f4301138e53c79e0fa4be94dcbcd69c8046bc22 |
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\InetBgDL.dll
| MD5 | d4f7b4f9c296308e03a55cb0896a92fc |
| SHA1 | 63065bed300926a5b39eabf6efdf9296ed46e0cc |
| SHA256 | 6b553f94ac133d8e70fac0fcaa01217fae24f85d134d3964c1beea278191cf83 |
| SHA512 | d4acc719ae29c53845ccf4778e1d7ed67f30358af30545fc744facdb9f4e3b05d8cb7dc5e72c93895259e9882471c056395ab2e6f238310841b767d6acbcd6c1 |
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\nsDialogs.dll
| MD5 | 42b064366f780c1f298fa3cb3aeae260 |
| SHA1 | 5b0349db73c43f35227b252b9aa6555f5ede9015 |
| SHA256 | c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab |
| SHA512 | 50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7 |
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\CertCheck.dll
| MD5 | 2979f933cbbac19cfe35b1fa02cc95a4 |
| SHA1 | 4f208c9c12199491d7ba3c1ee640fca615e11e92 |
| SHA256 | bcb6572fcb846d5b4459459a2ef9bde97628782b983eb23fadacbaec76528e6f |
| SHA512 | 61f07c54e0aaa59e23e244f3a7fd5e6a6c6a00730d55add8af338e33431ed166d156a66455a4f9321cafbce297e770abc1cb65f7410923cb2b5e5067d1768096 |
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\download.exe
| MD5 | 8004042f7b49322c7d9d051c80ba6dfb |
| SHA1 | f74650fe271fdc0242c19c45c38c8613e597db77 |
| SHA256 | f090a655e4973acfa991963694fdacc10547c668b44694aee8664eea24941b67 |
| SHA512 | fc7a5940a0a32ac9fc45771f57e709c3180f3985d59b639b330d458cbccf829b03c3fdeb0015f43ce52605002498a76dbef2e97001b113d6651e779d653f9ea5 |
memory/3396-128-0x0000000000400000-0x0000000000446000-memory.dmp
memory/4936-155-0x0000000000400000-0x0000000000446000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\setup.exe
| MD5 | 438e90694f02ad259acaf8774d8f044b |
| SHA1 | 0eb161320a765ee7a4ae14faab38d2a88bb34039 |
| SHA256 | 7ea16cb69f17c122427481efd1a09249ccd789caa070fd354c56a25783fceb12 |
| SHA512 | ad2f4e4391c6e709907f15e326dd88f059e66c5ec3ff1eb902177547b378ea28f4d58eeb9feda1b24901b36e8cc016badefe436ab8dfa6d778a095dc4ee5c194 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\System.dll
| MD5 | b361682fa5e6a1906e754cfa08aa8d90 |
| SHA1 | c6701aee0c866565de1b7c1f81fd88da56b395d3 |
| SHA256 | b711c4f17690421c9dc8ddb9ed5a9ddc539b3a28f11e19c851e25dcfc7701c04 |
| SHA512 | 2778f91c9bcf83277d26c71118a1ccb0fb3ce50e89729f14f4915bc65dd48503a77b1e5118ce774dea72f5ce3cc8681eb9ca3c55cf90e9f61a177101ba192ae9 |
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\config.ini
| MD5 | ed23468cb20f1f37a967eb26f639faef |
| SHA1 | 5707e3d394b6a3e36e8b1e23317ec115bafa1e9c |
| SHA256 | 812217f840657b7d310c406d7224eb1c339079ad48541d922e3f15f1b2e3d913 |
| SHA512 | 9a7d3073b2d7d234eee56464df7b58be4466171c3cad47ebf0d4742c0ed05555ac890a18991ef59bf8b0751a207ea04f86a728fe3b0cb19607b9f6e4f45e76f9 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\UAC.dll
| MD5 | d23b256e9c12fe37d984bae5017c5f8c |
| SHA1 | fd698b58a563816b2260bbc50d7f864b33523121 |
| SHA256 | ec6a56d981892bf251df1439bea425a5f6c7e1c7312d44bedd5e2957f270338c |
| SHA512 | 13f284821324ffaeadafd3651f64d896186f47cf9a68735642cf37b37de777dba197067fbccd3a7411b5dc7976e510439253bd24c9be1d36c0a59d924c17ae8e |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\components.ini
| MD5 | c9b5d86a9a0f014293b24a0922837564 |
| SHA1 | 3cc73b4a30a1a0bfdc6812bbd17994f53eb5db2a |
| SHA256 | 775c85f3552754ad3794b88c0cb6d6fc43d412cd9a87a4b9e847386a5bd0a9c4 |
| SHA512 | 790f365afbe4c5a37dbb56443d38f0c439eadca002e4001d373d6db8c1d80c4adacf3749e9d210cd0316381682fbbc46616a3fa36581c7ea6f5ce69119944b62 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\options.ini
| MD5 | f50ac2442dddb1ec2bd0dd5410fcfbb4 |
| SHA1 | 13a4a1dbd6cad83aa6e5d9043b6d98e1bf4ec371 |
| SHA256 | 89b31e3fe0c4390d252a686512bacec6f53e3f4da6d1f12bca2866d4ba37d021 |
| SHA512 | 697bad94809681055d19fb03f8979c79bb948bd01888392a0fff37b30fc87f965e7f716c0c28de6df6746518a5d5c26006e3a313eecbc6f8bdbed25d39d6f8a2 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\shortcuts.ini
| MD5 | 71851e095439dfcac9099254c0881673 |
| SHA1 | d31c9dfade1d31b937872dd6a8761c4c117ef588 |
| SHA256 | 97ef03760837f339242d39927e0f9fa046669ed66b9a413b853ea8b6450ebfc4 |
| SHA512 | 1025ff9cfed7f064670b43b401f80a2a805354cdd0f3a348c3935e15e08d67d9fb05d028b259a66003403425d842d5f10aa88e9bb57563765cecb91e85ab6c18 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\defaultagent.ini
| MD5 | 7a84fd3929948b8c43fa5fdfbf59c64e |
| SHA1 | fb1ce51832cced529f785b8b4a0a6d631625abaa |
| SHA256 | 814f2e58ec2f5f33bbf365f743db28022bd141870b95febf87c0fa042b819106 |
| SHA512 | abe1f6d86bd835940f5e1cda1a7872ba27fe9be48dd53965fd9b8f5f96e1aabc0f8f931c04bb9fc7b0ac11b83cfd4661b67293025485c9cc09df0b171afeb806 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\lgpllibs.dll
| MD5 | acc604c38015a9506ecd36c535222306 |
| SHA1 | cb6ea3f2b27d0671b3aee0976c0349f618b57165 |
| SHA256 | f2aa7dde0f7178d2fc4684b3aba0489dc6e02cd385c070fa4c1024eb721f187b |
| SHA512 | f56bb190b5f01624a434ee8a891b41df64c2667b7b8b5e4d219784ef1ff70f79b17e3cf00fca8822edb86ab062e4bb21391370826fa77157094fe2e9c35614b0 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\removed-files
| MD5 | fefbfac37461bd30e05f5befaa1f7705 |
| SHA1 | 74f9024662db06184e645cab76bfecb0e6897545 |
| SHA256 | 52523da24287c4d459131c2e4818a713a732765e06e9bbba1cf353888ba34f9f |
| SHA512 | 874d6bdef28dea531c858443810d0b026a3a5667e0b9985bce84b7c5ab63d06a015487bd1da2a914d28af7b6568335b1927f9fb9656715947929cd6671ccc4b7 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\private_browsing.VisualElementsManifest.xml
| MD5 | b499ede5c9228c742578086591193efe |
| SHA1 | 18e682ec73ed8fcea99893142fa8b08ee8a32b72 |
| SHA256 | 9ea86a18d41112e25b17454044ac29b458f508d9814700a6f4c0f9370678f3ae |
| SHA512 | b99ef0e9152da3bf6adac5fef67b44738ae7a2d1ef0041786a5700b8389acde7380f1bc9bf1402c7a356f1777aca7c2b05af5ee22b7297bc879fe2e6b9741f13 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\private_browsing.exe
| MD5 | 92da8bfd3c0669c155e7a55d04ed12f4 |
| SHA1 | 5f2d2585cfbdec86880f4137e04400de1e2bffcf |
| SHA256 | c79941fd3e7bd89f2766110158eec79aa3af7620c33606a203cf82c492cc700d |
| SHA512 | cbc733576fce71fe21f21ac8db58a073574a2741205e1c28c796ad27b39ab1c388adfcfa236ddf389aadf9bc807226852202b0bc9e2353bb91406bc1380a8557 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\precomplete
| MD5 | e5cc0a1ba04481c6c564661a2ba54b66 |
| SHA1 | 2dcfc5beed8308fe6f90613a49f2332f7dc5bf68 |
| SHA256 | f2a7800d0be7e010d58c7ffd8a8e40af4314aa2002d1db80a22d8f94d36bc6cc |
| SHA512 | 50e057a3f3478b98b2988c9f2bcd79f83b89d578838db5c2339b9774adae5b1cc41d19646f643818b80cd37120c5fefd0f6e04fee5d3d50c7bdf2ba769ad5297 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\plugin-container.exe.sig
| MD5 | be706f5b8fe29f1597208c6b2ec5f9f4 |
| SHA1 | adef4ff9de574888ccc9f46464c9cc9ab872d600 |
| SHA256 | 67a1210a34f5ca2fba95b4431fad421943491767bd6edd14aefb0de19825cb1e |
| SHA512 | b34e2c2f9da5b0639d0c42d92ffc3ea2a0026f392c7cc34fdf7147aa987abfca0d1b6ac81bb5edd8f379b4ac73397ec3ee817196f08d770aa6b4f9c2a1120cfb |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\plugin-container.exe
| MD5 | 82ca21464b210f907e27075b9c43f24c |
| SHA1 | 8f7d9b07fa033072e83cf68a9bb3326c5a6d56e9 |
| SHA256 | 8e9ca7f8b64b537a324f73f392461c159ef0ae3e540977642f6ea0462b877cb0 |
| SHA512 | 2f77e5e7c8734d360fbf4870da73fb55fd3e78134f3c9c4620d5dee315cf34fc5365a3a5ccef68e52a8fbda590f9dd1ac48f4dea7ba780d8948b95e085244112 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\platform.ini
| MD5 | 1a622984199574cc7162a341f0348d57 |
| SHA1 | 54ab96c39b9da2dce2505dfe6d13a4c4fb901c5c |
| SHA256 | af70dfd1aa8fcc9cb5ccefa17a9e23d21f822fc038e90e60f95c4d53f2db4cfb |
| SHA512 | 5b1175ce4ec42ad6664dc57024850891d6dfa9e43daf5ae2f6d2553c37df12ccea7022ec5e1c1ad5894a4d43b1780381598a034ed2ba723b9e2c5b1540d602e0 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\pingsender.exe
| MD5 | 69a30d1e4195aff22f15bbc590e9b5e3 |
| SHA1 | 7547128630487c8cb3e3ae03bb58841ea848e94b |
| SHA256 | 08d8cf85c548ac664d6f39d5518bebd41e1a9e5f51153eba33ab91e3da52cea6 |
| SHA512 | c921f78620d8e8c79c82e24fa17997a6a4874b8707ad7ff42dfd22b824a9eae2e3fb43d5c136924295757b27ade4f3e625b8c77d97c91f7fa60519d67a56129b |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\osclientcerts.dll
| MD5 | cd0017e6e8286fa37d893ef0fb03848b |
| SHA1 | c19720c3386b3dec6340a5083b8eac99f1365f62 |
| SHA256 | 0cda4d44b2d1764bdf2cf9a3870aad590db3807f5ac398d5eab414450883dacd |
| SHA512 | 8625850a31ea175b026d6d98fb35b6071f2cf4bf64f6f8fe446022bd4e62ad9e572dd62707ba76c6402ae2130af588128476dc15a3d50c2d9a926e069e01791a |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\omni.ja
| MD5 | 1ee45c37aa44ab50a80aef6b5b373bf7 |
| SHA1 | 282e6eac2881dc6f474f279c1f14b5de3a0bec18 |
| SHA256 | ec10ce99a9ce2ef6223b4ef004977e9abfbd0140581e403965f4e686da4674e3 |
| SHA512 | a342bcb0bf699dc1aff6344d2fb4564d026c1de03036ae6d3b90059a7fb6fb8473ee59c98815745eee5327db0b1c8ef845022179f8634381f687f28208485659 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\nssckbi.dll
| MD5 | e96c86eba0f9fdc4582dc0e3b9b0e5b2 |
| SHA1 | 65279d8939a18620751ecf4ebf3715aeee8a5331 |
| SHA256 | 5fda066b1a6bab8a3d432a3e5e3d8a886a9488db8ed2b9f2afc55c7e0f38428f |
| SHA512 | f4212fc7b64a5f5632ddb73105334a5f43f05a65603b55bc248434ac21927942b9fb5d7af3a2e03061604e95505976e268bb6583be748e067dbd4ff3b570f135 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\nss3.dll
| MD5 | 070429099820a3995b316e8888f7a468 |
| SHA1 | 63116279af074dbdcbf71b198c3fb058a8c37fe1 |
| SHA256 | 0340a6ce301d24548dff25dd09869b73cba87c77d84ca1c5a025ea9f90df6ddc |
| SHA512 | 27d80d6c56cc9fde8268350f64d4fdb7b5181865060e80f33f0bbe71d0a0718fb5874435aaf89f02b9f5ef2163564d2ec7b1502926a84dc85ca1f3dd3f20c127 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\notificationserver.dll
| MD5 | 0970c393b8f2c2c66f54c70088a462e7 |
| SHA1 | 67b2e55fd4bb8abdae0084a608c45668289797c5 |
| SHA256 | c7ee3a3f93887c628ce555fe010bb09628710940c903cbde4f2d6faaedc7b104 |
| SHA512 | 1643de027f0f17c0cf821c18f84a546c27e8ef4a1c6fbba10c6f20f2bd64a0de6eedaf15d297b912c4de98e0218b54777b781965b8a615794846c96a69e58c85 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\msvcp140.dll
| MD5 | 0d89995cc45c7eb40e5a7e287506c1e9 |
| SHA1 | 096c27b06ee7fff2bcd290af0264cdafd04cded9 |
| SHA256 | e0a22a594e148fa55ceef3e49969bfa77011a801267a0bd7805b681b593c9d0b |
| SHA512 | 3497c2957d10fcddeec8f312fb15c53f82d770dcc3e771a94daf4f4435c3ddf323ecd33310baaf1ad56673bac7c6268a9ef921d5f32cf7e4a7c9dcb0d8aafa63 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\mozwer.dll
| MD5 | 4c178b42e7ac23c2670f9062140db18b |
| SHA1 | 1866da5ff5ac76b6d48f5cbd906969e44de254aa |
| SHA256 | b80ff8b4a8a53bb5c0b811899005923e57567823914b90c8ebf978be75db82f2 |
| SHA512 | 86147e368d86f927ea203b3dd56c20d516a3598af3e27d4a51dce9b4090f0bc159f92c7182cf2f910034ccfed1c713b7b59db8c650328f79b5783ea01ad9091a |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\mozglue.dll
| MD5 | 82958c604717fc0a15052e03a927cfa4 |
| SHA1 | 829a7eb23147c31d9746ddaa30201b7127515416 |
| SHA256 | 948818942a29cf21260ba389c2fdf3c001d77851500a7124c1f6a3290b8f826c |
| SHA512 | 70e5118dd760e7dc86f3641da57dad00f02b703e53230bc13e0e9e21fddcba75d3e70445d90d9f13988956e4ba20e7b54ebbdaaed18c3e7aa75a4214c2e2aff9 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\mozavutil.dll
| MD5 | a8c59fe48e7534b1f328c6695a3c1980 |
| SHA1 | 50888185b771136b18277d0fa01d34581c63a26f |
| SHA256 | 7bd0afa48888aeaa8c95c43ad50a7c10e569bd270a61122d8d44cfe4f95760e5 |
| SHA512 | 7b410705365c1286c457e6ef009d3232a5eadc45204e1f3a2cb9f3eff1e52dd990cbc850a9b5b377161a591ff66569c768c36336c22c69282108247d85945937 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\mozavcodec.dll
| MD5 | 982f90321a56b53fb89a10df4cebecb1 |
| SHA1 | 679421f5547c6e1c368102db3e2c644a736b3264 |
| SHA256 | 0a39ef94934e5c442c222e3ef3db8f27b40348cff72f0c2b47444f9b79947281 |
| SHA512 | 24c8e0de7404176e4ed2bde53959ed792c79c2919bc779b293b067dfd1fa9880c493a9952ac8b23a8872209b414602f437bd2275f591536fe8cc90b7610148e7 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\minidump-analyzer.exe
| MD5 | 27339083fea7fd6d8363f7fa88ca7b80 |
| SHA1 | 6582a65dc5d306964236ce560a85b6a3826ae9ee |
| SHA256 | f18e014b7127345cd9462e3da9299d3a57fd64dddd60e6c9f088b8b9c30161a7 |
| SHA512 | e9987041bc8a2ed5eadeee525db19e415cd96a19b2a7a4aca1372cbd072c88f64f8fe5ce4b1ebe4ba75f3f436de33173a363cf2a64f459500563cf529894a777 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\maintenanceservice_installer.exe
| MD5 | 6af8db25cd8020149f2185aa5d4f32d1 |
| SHA1 | cbbf719fe0d908ae61786c7ed7a7b07813f525d7 |
| SHA256 | cb1e94285ac672b4184ceecbfcd8da3bb2b535b53ecddd3f94bff702e71cae1d |
| SHA512 | f8444e1da21e8644203fb7bc6232694b0eb971ae846d15e3e79e128c96fed6530ce45b8076f032fc45e3037cf2b8aa119ed0a47f9798e34c900e0efdc3a1a065 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\maintenanceservice.exe
| MD5 | 47b61a3787718ef6e3b0f4867dfd77b6 |
| SHA1 | ca3cc47dbd686fe15a124576192aee45339f1be7 |
| SHA256 | 78d5ba607a68d835f89f6f79b2686d3fb71f6f1e414517acc8435fb02c994d84 |
| SHA512 | 10bb4ef3cb7d17e732e29821deada7fa4883cc45d154b6d28322110102404dfe3744ff79aab7159e6da604bc1c3ac77bc740e1cfd46f8d1a08c48bd7f58d4c68 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\locale.ini
| MD5 | bad74b155b8731bfddb8d54cbd1b0021 |
| SHA1 | 5a4d8b98ae81f75e362d510713e05022be64c60b |
| SHA256 | a4a030b6f430548e5bba3cfc748515d40b72c522a1345957df4ed5f88736013c |
| SHA512 | ebfab2f589390553bd93c1299db8b7a7bfb8b1ac9ac5ce3c2c8d478c79ef8b93d6193f9e739e94f662dfc026cd49b04a8f2fe3ed82dd4bd191d1cf34e1e4501a |
C:\Program Files\Mozilla Firefox\install.tmp
| MD5 | ebdbe9f303a81fe57c6e00614d49f6b8 |
| SHA1 | 59cea77f8fc790312c6e74761be94d57ed6fbab7 |
| SHA256 | a7567835dfebca8f1dbb994ff9c721bda3de3a67ad68cac0a35d54c264c07164 |
| SHA512 | 0e44d4663c530a3060d99750cb478adb00b8591a258b990fbaafdca6e13210ac2d617bc8ad9227577bdc7babf5058648775cc0e8a65604f62766d9d3455d8af8 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\libGLESv2.dll
| MD5 | b58355070a47e6e3bc71a7a599027d83 |
| SHA1 | 1e73a9f5c9c505b1cfddbb2c6ec6cf97a7948008 |
| SHA256 | 2a4d75ba4b34e2de99429a77737e80541b8f65396048cea6f901e6192d434907 |
| SHA512 | 9ba1e9ad2b54e879d97983738fc816c1de3ec683cfae183b7b269badce5ef88a0dff35dec6074ef0027e0978f1f975b7afa21f18dd9bb37ee9d04ad133bffd1c |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\libEGL.dll
| MD5 | 42fc6c25f845433398e008bf77cb4854 |
| SHA1 | cf25039a0701bc4d4e0fbffc769dbf2a514a7d24 |
| SHA256 | 192b2fbcc598e481616d6dd828d673bb54374173d70e75bd0a212278ac91793e |
| SHA512 | b395693e9d2238cb1854788a196887c5aad3da218ae6547600a94c45801b2ae88b24ba4e5a08085e2d68cc05d459fe377b7b990bf52a5f3c0d05d07045b50f2d |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\ipcclientcerts.dll
| MD5 | 0fec92b8cc50b4ec4274fc29e8e72c68 |
| SHA1 | 02bd7c081e68005cfc02d3459558f0c981b4380e |
| SHA256 | 9539d62b3888eec11a669e6777702990824409745f9166ce2bd346ad2314eec1 |
| SHA512 | 82bf1e37b44d37fba508a394f70ca9f7bf4e9920535821add189d42e4154945bb0d1c4867e13d20511dc4985db72f5f09a3a4febd6b02f1d3e93cef56ce910e5 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\gkcodecs.dll
| MD5 | 818e5d1e4e556ba76f0f0cb544d056f7 |
| SHA1 | 964b27160a945435c25929503c9f43e091af1c85 |
| SHA256 | 7e2ae1aca6a7a4f7932b52a5a12f7c751ce2e73f6760831d4075d29be846d800 |
| SHA512 | 25f6fa475ed02a3402d4d41eafc86c0dd536fb2f8db26fbf9b9455dccc96fdcad0cd8570edbac3223f3ebec2898034e58a10e4bffd4a1dcb82d5681c5fca48fa |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\freebl3.dll
| MD5 | 079f48ed995b415d79f99d7f5facacc2 |
| SHA1 | 06eff6d1482c5a35a85a82dd37660b237e5e76b6 |
| SHA256 | f5465f6b92a425a2a8e42726976a435cc5f7ce93a2dccc670dce597db26962df |
| SHA512 | 9a1366aa0c744492bd40a8b9b225946017f3db76a7f6e75dca8006dc220f78b3db7338feffa2b8f3d55a5de42b4811250297d6158270925b4baf5b10f172aad5 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\firefox.VisualElementsManifest.xml
| MD5 | 0aa43576f0420593451b10ab3b7582ec |
| SHA1 | b5f535932053591c7678faa1cd7cc3a7de680d0d |
| SHA256 | 3b25ae142729ed15f3a10ebce2621bfa07fda5e4d76850763987a064122f7ae6 |
| SHA512 | 6efb63c66f60e039cf99bfaf2e107c3c5ed4b6f319f3d5e4ef9316c1f26298b90d33c60b48b03699059d28b835fbc589417ac955fc45a2bc4c116a5200dfdc32 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\firefox.exe.sig
| MD5 | e8767315c596113a434835809e598247 |
| SHA1 | e0394ea26d12effe0510bbc01e885e80f3b14c94 |
| SHA256 | 2dddb2b97032525224c92af53a0630657e630b075ca1db60d0a9055054a25406 |
| SHA512 | 4ff532f31504a2b097deae3afb4accc55cc6932ab43f53aa67706bfb552058f09fc66ad2ea82f5d6e4d2513647174fb1bb2fa4cae494cd017d0aa4a27c12bf0b |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\firefox.exe
| MD5 | 470443e44566ecfc7ac2ddbec240a73f |
| SHA1 | 27bb8d2fc02cd2bbc184d07357aaa9903d88b425 |
| SHA256 | 006652da0745d8672ec56598368c1f8a4896cd4a0aa5b61499d574870f94b705 |
| SHA512 | 22c9bc36874abb015a7e1a28e26f186f2abbd559aad53fdcf493f2178dbc6cfe5a7324d0acadcf4a641028e61787d2f4237a8c034a3a7a6d0a7162f31e05a618 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\dependentlibs.list
| MD5 | a515bc619743c790d426780ed4810105 |
| SHA1 | 355dab227f0291b2c7f1945478eec7a4248578a0 |
| SHA256 | 612e53338b53449be39f2e9086e15edc7bb3e7aa56c9d65a9d53b9eb3c3cc77d |
| SHA512 | 48ecd83a5eb1557dfabfaf588057e86fb4b7610f6ece119d6d89a38369d1c9426027520ce5b6d1cc79a4783b9f39ac58afb360cc76e05bbe8bbbd5128c5d395b |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\default-browser-agent.exe
| MD5 | 4c6887f8c8c66f0b2db5a8b347931b70 |
| SHA1 | 1a71320873155f84de67bc16324c8ca0e503be04 |
| SHA256 | a080df509685780d81ee32d86eac7ab15b5831090678f63b5741b57fd8a9969c |
| SHA512 | 3e1cc423bcde71a24457b5f9756241c0bc0f9b1f434eafc84ec733f124bbcf6f9a1e104caf402ef2d60a96b895842a8e6b18cffc59936e6c4873a3be92cace8f |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\crashreporter.ini
| MD5 | 1b0d446f9d17c1374c81acec9d8d2406 |
| SHA1 | 016bca3d4ee9a0dbb4350ee7a1898779dced6c11 |
| SHA256 | a0cc8cc3287d54d7e23a156256a553792970df9ca57f6ad85dceed32b979da71 |
| SHA512 | 4e7de92579628cf8c31287506d6f3096bb15402ee6d694a72462cbd1f093e7d04cbcc9e13691b94408091e0c5ea8d8c528365a90885b55a126416af37be6979a |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\crashreporter.exe
| MD5 | aa9c1de3041eb75aeee90b85ff66c9dd |
| SHA1 | 83cba1e082732d95f278434fd25374104e25c668 |
| SHA256 | 57b8145816b5d189842e350fc030e5a4def3a8990e489aa68dafec2b34e50171 |
| SHA512 | fa75c0de232e497540cce6f27dc0b0457860255a0822a6db297942ae91159dffaf4d35367aabcf9b2e235766a204210afee13e2e00cd0016403956a8a63a78a2 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\application.ini
| MD5 | b88b39cc6f0db319089ce85abc86bad3 |
| SHA1 | fe60addd45fe721a0bbb79fb12b5be85a471ea21 |
| SHA256 | 52380c119d09bde2b00e375c32621aff55a676e07aaf88c604ac5c68f664ee25 |
| SHA512 | f4af28f15b8ec3b363deddf126d6e34692a74d29b8b2c908d41672e23c17925f7131401dc2efd84c6962c5e7ec9241967946dc36bfb3501edd2c79dea7d67fc5 |
C:\Users\Admin\AppData\Local\Temp\7zS843C2F57\core\AccessibleMarshal.dll
| MD5 | eb0c475124ce894398ead3733efbd451 |
| SHA1 | 5413979dcaaaff24b5d47d2ff6430f229c4abb6e |
| SHA256 | 46b72bd02816965cd29d9c50c6afcd6b75b7a7b278605a1700ecc0a1e1492766 |
| SHA512 | 2bddafc036331a89b5e4d5fce6d1d62805f04f37bdc1dc3a95b4644955a983aefde6a371b8d18f4432882473c907f2dbe55c31f6e47a54006b73070534f3644b |
C:\Program Files\Mozilla Firefox\install.tmp
| MD5 | 02640ec71b39f00ee44de768bd5e987b |
| SHA1 | f8f75865ec8682093ff31ac0349f125a6563b95e |
| SHA256 | 422d0690a397c693395e40257352fad6b257186fce053e7bbd5f785888661844 |
| SHA512 | c3a200dd24d773224f707883b60003ff21cbf196d8a5e668a8da21c0a66449bd4bfda874ebc568127ce15aba47b7e7ee192da4609502c764e529c027e571af49 |
C:\Program Files\Mozilla Firefox\install.tmp
| MD5 | 0ff20823ffe3990dbdcde9a9353eacb3 |
| SHA1 | 6c3fc784314a688022b190218b7a49dccd66a7bc |
| SHA256 | 8970d581b5e3b93ab5ac70df3a6f15c164ec4fda092083136a266354d201d9b8 |
| SHA512 | b426340767126145daca748e0757f389fb38232552c0cfb9d2974448f6bd9603be914f1c134802c0eeb606e0ef5e7494c946976cb73551bdc308e5d7f0cbe2f0 |
C:\Program Files\Mozilla Firefox\browser\features\[email protected]
| MD5 | 2f1bf72ce57bb644dd54e6376dd2fe4d |
| SHA1 | 6013cd2d3613a6b0035920f1da9ec0a4d6dc00a9 |
| SHA256 | 21ce8909c9ac4e076589ea9c8fbcf6b745b485816841131c61575ea705ba0a03 |
| SHA512 | 9fd85ab306bec919defa3454d8d5f6b13230392198174fab8a2f7cf0db67a4dc4fce61c896109a31970a0d585d4db3ce9fd0c76fc7e6359ba873d1cdfe2e26fe |
C:\Program Files\Mozilla Firefox\wmfclearkey.dll
| MD5 | 110b8aa620a7a58d0ea1b5dcae56ba1a |
| SHA1 | 7beaad4d50673adc5d3feee2a96563de54e96f86 |
| SHA256 | 2785d09d250a9a75c1b9c48cd3cc551bcccae714f022a7f04053d50d52c13c4a |
| SHA512 | 29e78a230b73bf4dd25ada528dc0e86eab9308a620fc999b30d07222119918189c4d5be4d6f4e23eab4848bfc94c057f7190f9f782f6461094231148bd847663 |
C:\Program Files\Mozilla Firefox\vcruntime140_1.dll
| MD5 | 9f4eac207cb58e8d110477e7fd19d565 |
| SHA1 | 687051b863f7a7178cabf9c06ab3b534b1e23dd3 |
| SHA256 | 7cf38d20d00b6640d510eab70171e1c6f8fa2e42040832e17c7433ab61d94a8e |
| SHA512 | 9c5c4499adfc7b61751510f52a1288ff386dd1c1aaf8e8a9660990194813394329f8123f38e026ea10c6e30b4a5506625b9060329d524db68e48f36ab2691a05 |
C:\Program Files\Mozilla Firefox\updater.ini
| MD5 | 7a6cbd521497f6dd382f7b8c6aaa1eb5 |
| SHA1 | a0bccd339f6d045f0aeb4de504398c97c3dc2be0 |
| SHA256 | 531b55d2224efa181b75ed4ceb84e4f854f26c2382dc411945515d57d8df2243 |
| SHA512 | af32b8b1e93c2fc1bb6c7ce0f371c8cedcdcb753393e8cbdf282424935db5f8f04b3468d450edc81ef28d8b4430d8941dacb2d8826d28be9065dc787c53eb553 |
C:\Program Files\Mozilla Firefox\updater.exe
| MD5 | 792c5ab789d8efb1631dfe12fb6e64fc |
| SHA1 | 9337c863c834c8f9e5fdbde04702ab4bdabaa7e4 |
| SHA256 | d3c76e6e1f3e34197d108404fc9c8b6179ab01afff6c6803713d320a3b480ede |
| SHA512 | 18d7a4f77ea238325795ff95b5af1e59104d96b71c98b44f0bc1c246bcf8c0a4389c9d4275ecb62f93bbe82bbd00067af41056bfd121ef441fb3154d51586059 |
C:\Program Files\Mozilla Firefox\update-settings.ini
| MD5 | 1413131f8cfad1e19d299667bf759087 |
| SHA1 | a0435cbf1a2817ec960c56a896d455e78adc226d |
| SHA256 | c18489344fdc21ae366b4d957a0b9f11be772483ca46f9ffab6ed0356f946513 |
| SHA512 | 590b53aff46903b1883c5fb14492ca85db2c6e0e900d0fdf62c3e6da10f1d10c3aa51224dc6db50f4eb12d42de017892f77e91d79aa16fcaefba10b27748748d |
C:\Program Files\Mozilla Firefox\uninstall\helper.exe
| MD5 | cbb81a903dc88f69ff9107f11bded306 |
| SHA1 | 4466021a5d98b59b61c7d45a8f5dd695226b9056 |
| SHA256 | 5719bb2ab3c985570662a12789a2dfd37acd6aa3bb743eb75fa271256455956f |
| SHA512 | 93e8e2e62b27686a2ca2dd4db7ae59349730e233f88ce83fd55969df1b16b9c382751987a76ba6b451bdda2dc080f7cf93a915e2517a783d16018813e3b27d13 |
C:\Program Files\Mozilla Firefox\softokn3.dll
| MD5 | 27d5e11b0d3dfc2b8ed8c2a00a3ee401 |
| SHA1 | 05e0220b0c841b7d7ecf909ae1582438f56d1261 |
| SHA256 | 327ec623b603096fb5abbdf5375bc2e5f3840b5747df2eec9ab78fb17f6decfa |
| SHA512 | c82a208d8328e3bf6c88e46275f4dc0d99ea09e2ba68c17e1a4f0ffff460e2366cbac443cd8209416d52e762455f4686385f9787998b67298527b27fcb852a5d |
C:\Program Files\Mozilla Firefox\xul.dll
| MD5 | 34d104c4f34b4cdc13a71699ee915d17 |
| SHA1 | f059f40abf3f92054665ecb3b43752b2bc399f3b |
| SHA256 | cb28e5d31a6f7a4a1e4b52c49a02236dc0067ac4af7fae33993a28893127dc18 |
| SHA512 | 5da0d21a4573c7cd25a773e3d063227cec827030d51c5ae38c5181606c129c735aa9920e1978855be4499687ca7c7b49ebb5c234da2220caca03915bb868db92 |
C:\Program Files\Mozilla Firefox\xul.dll.sig
| MD5 | aa21ae5908b9d7c99ca27e6e422610bc |
| SHA1 | a92909eac34ef5a9f4e3d13962ccc92e2da262d1 |
| SHA256 | eb86adf66e5ad18916f25d1628e5c08888038bd986dedc15c8bcaea80089a226 |
| SHA512 | c330cae1e89617fd485155a093217d7fbd0c9a96f21d4fb3e79a6a5eb16864c8bb2134883faf2121759601253d36774d46ae05f1e9f3769eef72130b7aafecf4 |
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json
| MD5 | cffdadfaeeaaf0a5a78e7f9a299aa7f1 |
| SHA1 | 7a8f06d7c91877484301ce8474dfbb1bde08a040 |
| SHA256 | ef47e83036753b53f59d079fef62bfedc749abdbcdb0fe16f448d9920f11114c |
| SHA512 | 5a11e448389326ddbd3be792d9a10ae746c66e4a41f9c96f4979ec71fde385fc4deb205a40f1b4f24415abd9d41c453ca1285f4b813005b1d12a2701f214db85 |
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig
| MD5 | 90808af995ca1107a8499baa48853f0b |
| SHA1 | 407ff7d66143751b9c7483f1cd576c94b2862eca |
| SHA256 | f4c2ac80a8625c5d2c7011fec386218646f233d6a3fedc0988b5438f6ac0cbe3 |
| SHA512 | a63d40dc6eff719feeda08e15578ce455086e140ce5119da6d54fc6a4125487bbd23c92e5368a95520359aa7af508b594824b10f00750e7aadecfa01de18926e |
C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
| MD5 | ae165d60948e59a1cad79f1379720fe9 |
| SHA1 | e5b1d608588f97665040eb01f7c9ee2629402906 |
| SHA256 | 37e59b27d822d411166ab33083c246f7409effdda18e0faaf996b4bddf20ed49 |
| SHA512 | abbdfdec889899229b670b69d4f8deb3ed58e0fef514ade2d6677369eab1be8c54bd0183b65f12fc5cca9fabdfaa79f3fbf7ff7baf2e18e1701c697ac504c0b3 |
C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf
| MD5 | aac75d901445bc0419d56e56dbc18891 |
| SHA1 | 3ada434f3a727167ce6dce3b865fa6bfb70ed86f |
| SHA256 | 6d90152ee0d29e82fe2a87793af5aa4b7ad13e6538360889e141e81ed299ee8e |
| SHA512 | 83fd92ff444ab6de18d48997247f49845abb8420a07b74ebc8a65bda8da69d28f87b6abe0f607b2fd7da398dc0f8cbe7fbf655af6d25785ad8b2f1a3afca136a |
C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js
| MD5 | 3d84d108d421f30fb3c5ef2536d2a3eb |
| SHA1 | 0f3b02737462227a9b9e471f075357c9112f0a68 |
| SHA256 | 7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b |
| SHA512 | 76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5 |
C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png
| MD5 | 1a340e565e697e63b5a4ce51f7297119 |
| SHA1 | cdb4ca85700ed81db13b15d4bd5b77d41bb20d34 |
| SHA256 | c4bb210e61cd35f9a0a54fb941ea2e3bf6abde799bea1c78d24c761c9a3bc429 |
| SHA512 | 92478fe26f9ea7454206a3106632534c5608d6940588f01fecfd799de636f11b003ffd1e5c762201f9a14f4ebb7fa6a711d99312b03914de817246a6008c7b35 |
C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png
| MD5 | 8e058139e0576b4ad8d424bb21071063 |
| SHA1 | f584d2412c935aa8a7cf73ecdfaaa6a3cf87c064 |
| SHA256 | e86ee493e89f5dfce2ce8817ac5d1c04d8ba2b07a06ff0f967c0167562510df7 |
| SHA512 | 9ce457aa516fb2d3cb7b4a08f2dd81573de301fefc6ddc877142a35851151407367605f00862fb77067d0969ba745bc6bc612a4440aa3017e508e572ec88f2fc |
C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png
| MD5 | c9ae03c43b67a4e4986518fe3fe29756 |
| SHA1 | 07221e0401f306487504ae9b3c46ef1cb5dec843 |
| SHA256 | adf41380b5ed3f73b8e5fb51f7f33b722f4db4600791cdf92033267c9971c4d5 |
| SHA512 | 0ace7c3cdc18eb1e67971a5acd0a54e1c00d37ac556f8183dccede984cb6520660c9b27064a8ef5f7b706fdabd70e5e424b7b7271ff751bffd997cf2284f9fe7 |
C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png
| MD5 | e9068cd977693bdab242de4280dda725 |
| SHA1 | 35a5c8aee11597ec7cc6adaf15e8673b713d73a9 |
| SHA256 | 1701ff395543f3ad6b25584fa7014073f74949baca0dd2552216f58131328fef |
| SHA512 | 29ebff0f99c9a8f47b8f145ee8d88877b17ae0e3eeed1bc017caa20c68a63166831f5feda768189e837d2390cc80790e3e69aa7ec26bf92da2e90b66e1be3362 |
C:\Program Files\Mozilla Firefox\browser\omni.ja
| MD5 | bf952b53408934f1d48596008f252b8d |
| SHA1 | 758d76532fdb48c4aaf09a24922333c4e1de0d01 |
| SHA256 | 2183a97932f51d5b247646985b4e667d8be45f18731c418479bbd7743c825686 |
| SHA512 | a510a96e17090ada1a107e0f6d4819787652ab3d38cd17237f255c736817c7cfcb3fd5cf25f56d5693f4923375b2ab9548e9215070e252aae25c3528b2186d99 |
C:\Program Files\Mozilla Firefox\browser\features\[email protected]
| MD5 | 9fe1653c31c6ff75c906aed024d53b32 |
| SHA1 | d2fc52a9aa47a0fe0099bee9178946210a163031 |
| SHA256 | d9f4c6e6f535d09deec1a58068713cc845b6dbbda2fcf5dc8669f6489bb63005 |
| SHA512 | 8d7fef23d0edad4e8aa64f2f400965565c70d0d1f94d0bdcd14b779fef9192de079c2547c2d80b171e6c9316ab0221a265efb49492bc90d213b64ecde46bb30c |
C:\Program Files\Mozilla Firefox\browser\features\[email protected]
| MD5 | 507739399c82ef6487da73e587423f1f |
| SHA1 | 95177d06563e55f4084504e06e88a1c0f3f52b0f |
| SHA256 | 796ba4ee5430db311dac2e45323c3e71059f23a54ec2d5bea22387f33fb92de7 |
| SHA512 | 6bd0bb547f3bbcaef5db00e554a0b9fb45a78efd01018a4d706bcc94d5566458f931cf954cea22e2674ab2065c72617e49b21f9e354f16109b4b64d4fcd0b4f6 |
C:\Program Files\Mozilla Firefox\browser\features\[email protected]
| MD5 | 3702bd7db59a2feefb35401b32876245 |
| SHA1 | 31e2e408ff9c185001513386fc346f7512effbd9 |
| SHA256 | dd5a380c7f29c8c1db6e7b2071ee550c8a93ac3321c11bda9d0912f176f8746f |
| SHA512 | 0412f029075866af6b6df95b6cc690542504c52af23cc7666b63f53893983d4d14e3729a02c1843f3bce1361d7ed5028bb5d59aa7be4403e8e6c79faf7fadd6f |
C:\Program Files\Mozilla Firefox\browser\features\[email protected]
| MD5 | 3002f01583a526323a8af2528c871719 |
| SHA1 | 468390eb0a1d93eebd2ddc303ed8a03854e99916 |
| SHA256 | 9789afb5305d211676f14025f6afd8c3e731d54edb46b0120f0f544183b223c6 |
| SHA512 | 6425e488e6cd06baec14e711b87809a451cda1429e7298ac0c8acfb9b92f852e36a97f9d459f0305bdc4119ee1517012836893ceccb5e73a9276fe23fd33b616 |
C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini
| MD5 | 9524df130a8e1ab4efdfb32b4e68a7b2 |
| SHA1 | 98593d6520ffeb0c49803dc1ada0ee3131be4c88 |
| SHA256 | 699cb7896b205018db7248a2954d0432022c63957ad3a83ae53711755ad47c8c |
| SHA512 | 9689e204f84bd1ae815a07da860fdb6613bf9c3220e301ce2395e971fca0ef6115b3fd3ab50983e48f49e5a7b2a79b951df22bf9a00a362fa274915001a9fc14 |
C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini
| MD5 | 4b8dc92a079f224935392f9b5a2dc051 |
| SHA1 | 1027fc1b3e2e8ae78c60bfb25c5c9f87f9b3cae2 |
| SHA256 | 79d1631316cd79bc5127f745aa6707b4445f7d0432b685ef2c3ec3cf3a62ecba |
| SHA512 | ad0186cfc9df574e4a3c7c209b5dc3078fb86f6b1de0008bdede6768ec08d61b20f371d7b2d01dc50aa7d094b150db816358f03fa0d9135ce26d80d8886a1704 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\ShellLink.dll
| MD5 | fa94d120efb029b43217c66bbc8c650c |
| SHA1 | 1fcf2d76adf69b403b7400681ac91d50ed20385f |
| SHA256 | 5f6f414b412c72b10f49eb92af1d368ede531b58fb200d539fd2b45e371612db |
| SHA512 | 07ed0771d5bbb651ea7421a5f6b08fa234f9cc041315d9360a7135ba12180064fc99a27725385a8ecd3ceb25bed5c00de169f7dabb3ccf6e987f45254dff8158 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\ApplicationID.dll
| MD5 | fdc0338e6faeaf6f7c271982e103473b |
| SHA1 | 9a41f7932abe8be7e32c6371f085cf14de355d00 |
| SHA256 | a9dad9fdaae93d10dc2ee346b231913445e731049554b8bb1506827e46f8a44e |
| SHA512 | a766eef11db4c94b1445d1cd70cf1d3b6141d6b3973562e9fa8d81c79195886b884dbc9b9f6952f8a6e8619534a6bf2d615d539d2cace9c8843dc19415051cc0 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
| MD5 | d7309b0a13c4c25e856c84df6a94388e |
| SHA1 | 83e969a18a53417df73469bb78b6aeea83617df1 |
| SHA256 | 9da6cb8200202717a9e87aee841e663d57287fd817434ffb382a86ba4a08867d |
| SHA512 | b2966269734a03a5ad251aea4faac657ab6cbe8d1d94438d1167aa049bd47c6be80a36b8b9aea53888508280135fc6025fcefa29d3f731adb05a87a408d0e2bc |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
| MD5 | 2aadf786e46bc7c560085d2215052843 |
| SHA1 | 6eb816d94c3eab176b9f1da6c08496fc7c916c0a |
| SHA256 | e7eadd4fb7b0783663b304488f7a0fb974511b1b77a2d3ad85e2b7f1ec354c54 |
| SHA512 | c93be9dfa97793aba8a434ba73d6a9968b1ddf575f04fabd54b1af696a6ac0720a6586748e7b8da09fdd2f0532c66fec94b512cf406fa56562c29d798b2c938f |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
| MD5 | c6718fff4b071086172b876119ea22af |
| SHA1 | 104e1663c01648bab258ed641d350fffb8ea97cc |
| SHA256 | f646b78c5296c882c27cc60a539d566b2e412fb31ba6184862ba8dafd5a77db3 |
| SHA512 | 66e113243ab708c43e344962d2b3d21e8db98ffc3e7e09ce98738fee84cc7172ff1cb3ed0d8d230efccb0e66734f67ffe89a26a764f91f645398ae9777d05478 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
| MD5 | eeead1c7fc7cd1b3b166a8f1ae77a03a |
| SHA1 | 271da2ae7489d139611680547df2a423010de4e2 |
| SHA256 | 1ac054fe9c3108e95205c5daa56badcfcd34c7b0f342685e72464efd0964c5c7 |
| SHA512 | c8e33152f13cb46b54400e533346afdf61c010f9a38780f6c788ad1b6c4cb5db7aebd6f5fd2295ccd98032856b9d394790b594d4bfa54086d8901baf90717e94 |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 467d327204150eb7bb33c95f70296b48 |
| SHA1 | 1efdbe1b812c09362dd7ceb1b890c4c55fe5dfdc |
| SHA256 | b137897e273872e857115f52bf7121703b976120ab869e7a616ac4057d619217 |
| SHA512 | cd1a3fa175f58092d9e329758fad68fab4ae7fa99b5f0490925c4e934aa9aa20b91335fe2263ab40d3ff34c07fd4abc01d6d353f1c927cc4653f26f19ffe178f |
C:\Users\Public\Desktop\Firefox.lnk
| MD5 | 3f66acb332e67c33efe1a88df785a18b |
| SHA1 | e20739e4cb97d8e6fd1ad3ee7f9c73e17ddb8800 |
| SHA256 | b7f2751ba4bf61b0bd3b069e541de8148aaf24b5c70cda45b4c4b57b500f8d62 |
| SHA512 | e0276f3ae9d689c8d6f637db09704138366a5478ab367b466ac805c2802ccc3df395fe60699b621e4be47c832598dcddd904ea4603a4a6e99be582cd42cfb8e1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\vmqlk23h.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmp
| MD5 | 780a09f4232b4bb65feb51cd88527aa5 |
| SHA1 | 354fdd19c173460c841b70f782d53c273dfc4c36 |
| SHA256 | e8883b22ca63de6751f4d9fbff6fd62b29af166e9a0486dc48f1d2bfbc5921b1 |
| SHA512 | 5626a79defa810616ff19033c49a5e82791c57054251604c43d2ad585110095131f7ad762039b1978bb4c6f46d747ddbd2262256eb59996903ef5465a87dadec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\vmqlk23h.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\db\data.safe.tmp
| MD5 | 1ea34670595488ac3613ce8c1d2f7ebe |
| SHA1 | b47504c231240d7155e5102308873ba8ea2b0d93 |
| SHA256 | 1f76c070a977b05e7ddca724e3d91a3502e8d085aa25abaf6e33d15ed4898572 |
| SHA512 | 3d03a4863f7ef03bdd0291a8abcb6f72351bdc60c6f48022068e6832b6067c5403e04c06ea4911dfcbead9ad31b0e1b5be2dfd8c2d2b811e35c859ac8d91027d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Background Tasks Profiles\vmqlk23h.MozillaBackgroundTask-308046B0AF4A39CB-defaultagent\datareporting\glean\pending_pings\03486f73-04e8-4213-970f-4eb904169d58
| MD5 | 6aac5a63425f44e361044d31eb9702dc |
| SHA1 | 902de050962ed4b5fa5df3eefd24a8fe1d66d887 |
| SHA256 | 80889401c58522798ef1c1c039c2d15cac62261beb2a312f96ace4c2e58e2088 |
| SHA512 | a34df00e591f133ecbbbec249c733bdf53c6614747a7fd9d23092864ad03d8d2e792a553e7ee5f4bb4aa4ff12a519b9e1b07e0c84aa73a95ba0057d2bff2d466 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\CityHash.dll
| MD5 | 2021acc65fa998daa98131e20c4605be |
| SHA1 | 2e8407cfe3b1a9d839ea391cfc423e8df8d8a390 |
| SHA256 | c299a0a71bf57eb241868158b4fcfe839d15d5ba607e1bdc5499fdf67b334a14 |
| SHA512 | cb96d3547bab778cbe94076be6765ed2ae07e183e4888d6c380f240b8c6708662a3b2b6b2294e38c48bc91bf2cc5fc7cfcd3afe63775151ba2fe34b06ce38948 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\nsJSON.dll
| MD5 | e832077eaee06f3b2ac9a8d2e7264567 |
| SHA1 | decbc329257c9c7fb67d3c449b4c5dfc1f87471f |
| SHA256 | 705f4947fb94254c4e5084e6a962045f6a4e790dfc1ecf59cd0fc3feb38bcbbf |
| SHA512 | c1bada98c52ee2318d23c48fe202380eb42c5e1f18226cdc017f264c8c34f548bfe4d9b6eef13caae69ba321a71b199431b249fdec65f8bb1c386810932ccf6a |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\ServicesHelper.dll
| MD5 | b9e8c2212ac8dae4b0eaf97c048529fa |
| SHA1 | 331d172323480b0518abdb0cc9e256dc7f46c357 |
| SHA256 | d6f6758adac2c073bec481e8de762af3a5574789bce3f43de02356afc9911e0f |
| SHA512 | d93aa032e27c8268a4f6883711cf41f7ee2b5d33673a26d78db24456f2c548af39b7b98ed4b4737245c278d524fffb3e4bf708b6815dc866acd371427ff6be96 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\nsExec.dll
| MD5 | 0e584c7120bd474c616013c58d51dc6b |
| SHA1 | 0bc980892341b52985d92fb3d8fbb6be77951935 |
| SHA256 | 7fb626aa05bee1095633a75aeb7895ebd816a98e0aa1581a0154e4c196de5391 |
| SHA512 | aa3a471b3f33c3ffdbe1b1e3c1e5d04367bcab3c16049396a8dd12c5a8317e4b153761f74f39b756dd4fb1806aedc4f1bb38bfbc12f16480eed3fd3087a0d157 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\liteFirewallW.dll
| MD5 | f31ba98a8d87faba153eea134968c854 |
| SHA1 | da0865cc1a86a39367f22897e1f9fbf4fb1f804f |
| SHA256 | 708fb54cffb6aea3547fc5ac745d1435ecc814df563bef59ba7a94f57d082bbb |
| SHA512 | d991a2dd5ef537b25898afd7b7e73274a3cb8e6f5fca1621af22ee2761b82baf220aecb0c84434566742e2ab00b2f57a3740ce9831e76d4e1829bac3e044c8e9 |
C:\Users\Admin\AppData\Local\Temp\nse76D7.tmp\AccessControl.dll
| MD5 | eb7a540d0d2e28f6bf524d2cdbe0f478 |
| SHA1 | 76204991c60913cffeba5595033c4f79e1e89bd8 |
| SHA256 | ef4b548b27a6edab3bcb25cff0598918c645795850d62f232909dee851e04c6d |
| SHA512 | 947132d07f7875dc99fbe8a87757f6efee0a8c6271f8a3bac6747f9f4f60ed7e203e28a588db8c55ee898ba8f3dcf640f6562c49c45d6c6d8fdbe2d2309b9984 |
C:\Users\Admin\AppData\Local\Temp\nsn3578.tmp\bgstub.jpg
| MD5 | 7c2899ce7038a456c772f45f21cf9efe |
| SHA1 | 5f9116469f2026714a7c67d39b4d3fa0ffaf5d26 |
| SHA256 | a201e838caec6eac014a6facaf3ae5b8fd625bea510c856b332c535958e4cab2 |
| SHA512 | 3d268bd2cfe2c811de766fe734f3e421cb4929b953f79cdc0556795ea92a63f5121de2609873c6dfcdacda7ef000fee27a1c86d8f3b8fdc2ada6a00a329813ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js
| MD5 | 14f34fc97ff2214eda5f7547ecc42bb7 |
| SHA1 | e601baa7253ab86403cdb7b9b483e1476566bf3d |
| SHA256 | 4da9817e7d3a9da56b1d065dea0f1526ff7c3810f4aeef6bff0ef45ff5497416 |
| SHA512 | fc83327b2effa5e3a615be175d1174b01b2403a25f3c7bed5ce0431f316bb1b34c64bc65a11190d8cf88244a727cc588e79823bb8f4276a4e2fa732e5364121c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\b5d1736e-1d20-40bc-9281-f7763285be4f
| MD5 | a02304fc2cdb04240f4c4dff4eeb6531 |
| SHA1 | 71c9fb1e9c3b3f5a9999670251dd285c7948b2d7 |
| SHA256 | 75b374e9f51ba1f8a381f1f0f2f30ca304755670efaca637947a60240e543647 |
| SHA512 | f89778375405b42ca8402dea94dee7cf68838f115135d3ccff26bf7f7bfaae6a7ed07ea22501c410f0742d8cda368061e3334194ac6840fd9b45f4a5c41fe0aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\07f02357-416b-49d6-81c8-82beec52bf9c
| MD5 | 05b5a4eaf7a82ecf61edddf886b238a5 |
| SHA1 | 05c0b50c599caba36d9edfbaa21b75df8da592b1 |
| SHA256 | a180bde19b48ef638514860a77df92367c4873649f07aa69f619f0dbaa3fa951 |
| SHA512 | 58025bbb16ff97c9ff66734fcead1b7be42c99f62209231e130ec8587bec6c25a15c52ec596a3de56ebf445270320b87384f99abceba4a0efef86538029ab21a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 692eb6c23238ce86fd2c202cb7bab1f1 |
| SHA1 | f7b0d89d037ca63985191129f5b93669806c88dd |
| SHA256 | 743adf1b10f56b7f4c6a0b4f48ac2496ce72f43624bc4be96c516529746c4c63 |
| SHA512 | 287179f2aad8c25a5e550e687ac7eee0dc4f3c5cbf48d10419c7f30dd598c7c1729f8258a47571d15ecd8229ca42e9a48786ac3f622439e9aaf3c57f45cb3458 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8cb86655936f8e29e3c360d04d1a3a87 |
| SHA1 | 7ca1fc77473b7e1ea3d0e359227b6fbfec0fc22b |
| SHA256 | 074b6de4120dda22c24dddfa24055a2fb34cae36b449d67105f7646cc188b0a5 |
| SHA512 | 733ff4426fa32c320f813f88ba5617382ff7710373fbab74f4dad7359138a35a0df053499a4d2d405e811479b260b7eb91bba17b5b8ff74d59a49e5f8e598d97 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs.js
| MD5 | c018cbf6d462b2402e8b59406e7c91a8 |
| SHA1 | 436edd3a404359674601e6078368fb2d9e9224d3 |
| SHA256 | c0283cd400223787cebad972d18e81d925ff5c1bee7b33c563fbf2b63e5a9473 |
| SHA512 | 10cf8d3e409d09e5cc79f1f44e46b8999c647693b3dfdaeeca5637588d48f2826da4ab453e134f64f9e0eb87e99315bd9d382d7cbec57741eed5e8505f6d47a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 254cd6756aac04f300b14ec7141e4850 |
| SHA1 | bde2b018f1e9568f7348abc78baef90be0645d77 |
| SHA256 | d88b836a4607bdacbfc7f9002b9e4914aeebb06bb0580d0a62ba1d12225468d0 |
| SHA512 | d2e0377c4129dc4bc4a580284e28630d0a5a9cfa52ceb31bedb306cf837f3d01878a47f12ba8e04241b5f505018aaf56c4ad6350a335da003352c66ace10ff16 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js
| MD5 | 5d403c267ef8bb52aec3d379f7f0b22f |
| SHA1 | 7c1dd34d9621ca0932f3f763473c7f9988ba58a1 |
| SHA256 | f068e05c90d6c37266b47299b6b0e057ccd4cef99ae3413f4fa311257a21e43a |
| SHA512 | 431acd5ac7a60bd0f0ff65129da2241c567a36b8ec38d24d43d426dc28aff46cb75c093e979ac87e09849aa6601639d8fcb319758b2c82d0866562958014982f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js
| MD5 | cd1498fc57e281e9c50e958b532e632d |
| SHA1 | a7a2a837fc9a99bbf26c8169c4a79242fae3af2c |
| SHA256 | 52fe27f6d99e3057c442010f2d857e951529b26398e34e62eff15358cc124543 |
| SHA512 | 90588cc2f7a8bff442ea1f84e319b8ffe1597d8b9028b1525013d5ca0f0188ea898c63384c5f1632ae129efa0c725bb6e75bb86fcd13705f1e02c4f5b2d7269c |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\extensions.json
| MD5 | d06e09c5d3c44c6267ab4a0edd06623e |
| SHA1 | 4c0b521c083cbc795ee34c751fb94e89bff9fccf |
| SHA256 | d4efeec983d8961fa10e4e4be73f46222f0887ae45d018de84228e5fe4674662 |
| SHA512 | c442dab839238083dd29c57e6ef7c949e1a86b89aa7370cebebba2528aba2511311f4e80a33e2a6a34b4ca947d8af65305c9601780b7955ec861df5bd7034039 |