Analysis

  • max time kernel
    113s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28/07/2024, 03:50

General

  • Target

    4733e0e5b18060021efc68cde49d5000N.exe

  • Size

    5.8MB

  • MD5

    4733e0e5b18060021efc68cde49d5000

  • SHA1

    ed972a3764e5096b79623cbb5caa75cc06f24b50

  • SHA256

    1ba45cd0782c5f07d93c0772a99ba3445a6e5e861c69573e390cd16f115f2e3f

  • SHA512

    9c12629d3b891def84fe88f6b1725bbe504ab84792f9e92e99a8da874eda6c27c2b18e1c64c738280318275392a0d33d64647f0297fd434f83d7679b0bff7a7f

  • SSDEEP

    98304:oGb9agIdGdUFP4PoRtG18frP3wbzWFimaI7dlo9NE:ygIo5cgbzWFimaI7dlKE

Malware Config

Signatures

  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

  • Detects Floxif payload 1 IoCs
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Program Files directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
  • Modifies registry class 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe
    "C:\Users\Admin\AppData\Local\Temp\4733e0e5b18060021efc68cde49d5000N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Enumerates connected drives
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Temp\IDMShellExt64.dll"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2604
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.internetdownloadmanager.com/support/installffextfrommozillasite.html
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3008
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.0.1392999377\1376066332" -parentBuildID 20221007134813 -prefsHandle 1240 -prefMapHandle 1200 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc94558c-f23a-444e-9310-8e7c3b2a6adc} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 1348 ebf0758 gpu
          4⤵
            PID:2748
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.1.650086198\508051027" -parentBuildID 20221007134813 -prefsHandle 1520 -prefMapHandle 1516 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf1118bb-433f-4e1f-989d-0cdf25345710} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 1532 142d0d58 socket
            4⤵
              PID:2852
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.2.1605412188\326761583" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 21811 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65f6ff9e-fc68-4e56-a315-ab492772ce4a} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 2084 1a1b0258 tab
              4⤵
                PID:2548
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.3.377670289\2067662103" -childID 2 -isForBrowser -prefsHandle 2892 -prefMapHandle 2888 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c594b3f7-b2c9-44b0-8658-4307f7007331} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 2904 1d43e158 tab
                4⤵
                  PID:1840
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.4.89993384\1886806204" -childID 3 -isForBrowser -prefsHandle 3604 -prefMapHandle 3592 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bea458fa-e102-4af7-9b0f-8ffb46cafa7a} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3612 1d43e458 tab
                  4⤵
                    PID:2516
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.5.553361415\1897592793" -childID 4 -isForBrowser -prefsHandle 3720 -prefMapHandle 3724 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abcae144-1dbe-4388-8d34-d3e62a1d7316} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3708 1e74a158 tab
                    4⤵
                      PID:1716
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.6.1749487140\2079413403" -childID 5 -isForBrowser -prefsHandle 3780 -prefMapHandle 3784 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c8670c4-5070-4166-80f2-239460f640dd} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3768 1e74aa58 tab
                      4⤵
                        PID:2488
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3008.7.1611394907\1217950870" -childID 6 -isForBrowser -prefsHandle 3944 -prefMapHandle 3948 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 908 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09acdb4a-5031-4016-9510-9e09582c7260} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" 3932 e5c158 tab
                        4⤵
                          PID:2552

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Program Files\Common Files\System\symsrv.dll.000

                          Filesize

                          175B

                          MD5

                          1130c911bf5db4b8f7cf9b6f4b457623

                          SHA1

                          48e734c4bc1a8b5399bff4954e54b268bde9d54c

                          SHA256

                          eba08cc8182f379392a97f542b350ea0dbbe5e4009472f35af20e3d857eafdf1

                          SHA512

                          94e2511ef2c53494c2aff0960266491ffc0e54e75185427d1ccedae27c286992c754ca94cbb0c9ea36e3f04cd4eb7f032c551cf2d4b309f292906303f1a75fa0

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\activity-stream.discovery_stream.json.tmp

                          Filesize

                          26KB

                          MD5

                          5bf76caf6d297a7d963e645cd2541e0d

                          SHA1

                          ede2d8701adecbb91018ed26855dcea9a1511b64

                          SHA256

                          c01b61534f282dce55c40176c7e5cdfe5680c259a6b09bb005a4850e319fb39a

                          SHA512

                          7033e8e74521fb8379546faf5f5030f21278b63420d6d47bd9a7a15c8ac83b3b4e263a60e3e2bc633b4a7186c58527c6ebde4336949c18a4a6801127040134ca

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                          Filesize

                          8.0MB

                          MD5

                          a01c5ecd6108350ae23d2cddf0e77c17

                          SHA1

                          c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                          SHA256

                          345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                          SHA512

                          b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin

                          Filesize

                          2KB

                          MD5

                          0ce28de2cc4464a974d44d689b1abe1f

                          SHA1

                          557e4395b52fc78b312c4fa418431e526450e5c2

                          SHA256

                          32f4e589330920555a5a1e2b5544c36b3d6287fe255706903ad10cbaf03e58f4

                          SHA512

                          98e2bf81acc4e886c54675e1e47cda836b1c636ee0a721d8135bbbd7264437fe86bcbacfaca25359022bdb5124047fac92b3326f4033f8052261e964c7abb101

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\656f5965-8c5b-41ea-8c95-8c22c0d7005d

                          Filesize

                          745B

                          MD5

                          335e91524e8ce72e7217ad9a792a4566

                          SHA1

                          81fd34b97708754de6f8c895068d0ce4ddaf89c8

                          SHA256

                          6009c71b89b25087757297d1f293d7f3895dfa348cab23f98ac6ffba9aaeeee6

                          SHA512

                          2d7c26e9ad11069e129fa1477dbc540631569f10c7db70f9c1dda10fb9b499e9fe265979bf925ec97864b8bb5b0baa20394cb180301ab2f32823ca9522e29797

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\b0b97f02-d3ce-4097-870e-cdfa44adfcb2

                          Filesize

                          12KB

                          MD5

                          334b0f9885de7b0e8f7dd902aef7d6ad

                          SHA1

                          60a210dae446e57c2410828d5c64dfa6d66b7d68

                          SHA256

                          4f3c0049fb7d021455f7c7325e21d2c2821cdb4a94bf04c862313d7546a30389

                          SHA512

                          25784f418a2cb16470e94bba5ca195a8dff396c475a50fa26a42acd90263b73c5e72d13b1145e3909f27667708f1abb234b854286ae8b2cce559288aa8cd50d9

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                          Filesize

                          997KB

                          MD5

                          fe3355639648c417e8307c6d051e3e37

                          SHA1

                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                          SHA256

                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                          SHA512

                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                          Filesize

                          479B

                          MD5

                          49ddb419d96dceb9069018535fb2e2fc

                          SHA1

                          62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                          SHA256

                          2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                          SHA512

                          48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                          Filesize

                          372B

                          MD5

                          8be33af717bb1b67fbd61c3f4b807e9e

                          SHA1

                          7cf17656d174d951957ff36810e874a134dd49e0

                          SHA256

                          e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                          SHA512

                          6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                          Filesize

                          11.8MB

                          MD5

                          33bf7b0439480effb9fb212efce87b13

                          SHA1

                          cee50f2745edc6dc291887b6075ca64d716f495a

                          SHA256

                          8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                          SHA512

                          d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                          Filesize

                          1KB

                          MD5

                          688bed3676d2104e7f17ae1cd2c59404

                          SHA1

                          952b2cdf783ac72fcb98338723e9afd38d47ad8e

                          SHA256

                          33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                          SHA512

                          7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                          Filesize

                          1KB

                          MD5

                          937326fead5fd401f6cca9118bd9ade9

                          SHA1

                          4526a57d4ae14ed29b37632c72aef3c408189d91

                          SHA256

                          68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                          SHA512

                          b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

                          Filesize

                          6KB

                          MD5

                          7d66915990aba4601a318ca7254eabc7

                          SHA1

                          f20269d510496a1c924756844a9735ee3246f064

                          SHA256

                          e40be38b0ef9fefe690deeea00eccd7ab28657ccb791b5739844ec08b39ef97b

                          SHA512

                          765c3c0f291eff6ee5c59317c8f3b9eb61a022a3d64ad96f65146717b53a64553e879d385d967a4c9ba5177ea43ce414b50542b3f69c4e88ce3fe36c5d14f06d

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

                          Filesize

                          7KB

                          MD5

                          2ae675cfb705d958c41e16c69817b10a

                          SHA1

                          a39983cb05e9796cc31658a7e984122ed794038c

                          SHA256

                          2b0262ed7ec1c1c751169f67f3eb150cb2cb63768f5a915e3dac502e04a3d670

                          SHA512

                          8d108f821e854c59965b46166b03a10d2f3513c53b1dadf4f1103914713a3ca9ac213976479193ba4fedaea0b5f16ab4e215df7d0d1cd8a972ce8b09b4772f37

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

                          Filesize

                          6KB

                          MD5

                          d6c198dd85236eaf7b8954deea96b9f9

                          SHA1

                          8f5fd7b8677893b06807abc7daf081bd8160cd08

                          SHA256

                          67d1a752d48b89f4094bf45589c2f3fa8f9b4738a4292f7f00c7180120338980

                          SHA512

                          2ecaaa6ade6b500435bf16939ac623d60d95d9d551d6c8fb0d02358450cb816961353116c1e4b4da1182bc2a14b73f05c49631508a05d039ba9eec4e14bfcc4a

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs.js

                          Filesize

                          6KB

                          MD5

                          3aeb15f2a7e5755d29780f221579f8d9

                          SHA1

                          a86cbb3b76f745e1c8619a5be8af0ffaff2d7c55

                          SHA256

                          5eaf0985335dbc821a2ab737dfa5948fe4a2cc386d2c3e1fbe30589474e68f09

                          SHA512

                          f95a1f4b00077a0657a3dbb80331626523cffb87678cfabfb7e5cf94d171c5e27ce9880625229ff663a31c73d48cbc73302843fc21104a6febc8885147005414

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

                          Filesize

                          3KB

                          MD5

                          c5d41ddc57bb2e7a6e04e79881852d39

                          SHA1

                          fb016db4240b67fdd2b15c8d961c7f5fd716b9dd

                          SHA256

                          a6e6f1bf7d35f8d74085069f66a728ed539a6dc5ad378becd1d31a1c56a72ea9

                          SHA512

                          bab28430bb53e291d2a3ca96d766d14fd8b337e01771ac8277dd937eb652be9dcf3d732502d20afc5018ec7a9587e97a065cca1bef69dfd266989d6b86c3ede6

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

                          Filesize

                          3KB

                          MD5

                          8f3ef00451ba52f1121641552beafb88

                          SHA1

                          6428f44a48d00f627dde4d6dbc78603ac656da85

                          SHA256

                          311945376e3534ecc5f35fe72be9fcc4ec3faf079499d913c30c1b4ed79ea10e

                          SHA512

                          47297aa3f9cc20be76706ee11f4fce732ca7663d5d7e4ef76dbcf2dd5e34809bf42c159861268d3225f466d184fd1dd38bcf3505e0f63ba559e1faeb00eaa2b4

                        • \Program Files\Common Files\System\symsrv.dll

                          Filesize

                          67KB

                          MD5

                          7574cf2c64f35161ab1292e2f532aabf

                          SHA1

                          14ba3fa927a06224dfe587014299e834def4644f

                          SHA256

                          de055a89de246e629a8694bde18af2b1605e4b9b493c7e4aef669dd67acf5085

                          SHA512

                          4db19f2d8d5bc1c7bbb812d3fa9c43b80fa22140b346d2760f090b73aed8a5177edb4bddc647a6ebd5a2db8565be5a1a36a602b0d759e38540d9a584ba5896ab

                        • \Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp

                          Filesize

                          261KB

                          MD5

                          32538be1e84c39b3cd7bbde1db6080bc

                          SHA1

                          a7d3bf1ab255c8f2e2cb297781b58f70eb183a4e

                          SHA256

                          636f839575997b1b64f06ea230a45c567ffa986c157d495a0b6748fce18067f4

                          SHA512

                          0472264f2892660f59c3dcb2162856005b6d6303ebc9244986f724f0541551e3aec121b7712c1d2425adcd335cadc1f0f7af2a781631e515675bb0cdfb39de34

                        • \Program Files\Mozilla Firefox\uninstall\helper.exe.tmp

                          Filesize

                          1.3MB

                          MD5

                          6ee45792e600ecef9312694ee07cbe22

                          SHA1

                          b8313f855f1b1e8bef7afe42ebfe3f03c7a763c4

                          SHA256

                          3d78bca92f0651aaec24738e965c0bf79298830c5481de230c924f903cfc7a1e

                          SHA512

                          a574e05833505e965881ea4bcafa747162cb6d70c0ece7bd9999886b4063aa0aa0586be75ed3ccbea3140a3b0d312cce7b3dba7afa457228d4cfd30b027e0b1f

                        • \Users\Admin\AppData\Local\Temp\A1D26E2\7159BD850C.tmp

                          Filesize

                          5.7MB

                          MD5

                          5f2a805d39fe300968d719d973e1904f

                          SHA1

                          219ff669b97fd22a9821a54916b2c8a7b8716e67

                          SHA256

                          d0c97d8f8fb30b1c041bc45925112f5d3c16e82c39a1f4c60174380e4e0fedad

                          SHA512

                          9b1735278c2d1371f1aaa7c12c9534ed12fcc558d07634e4e8a04ada91fb4192e7939aac2a0e383f0f1dae6e8d5e86f77a1166e53e9e55425ce0a2a866439bb2

                        • memory/1292-110-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB

                        • memory/1292-224-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB

                        • memory/1292-214-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB

                        • memory/1292-213-0x0000000000CD0000-0x0000000001296000-memory.dmp

                          Filesize

                          5.8MB

                        • memory/1292-13-0x0000000000CD0000-0x0000000001296000-memory.dmp

                          Filesize

                          5.8MB

                        • memory/1292-194-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB

                        • memory/1292-109-0x0000000000CD0000-0x0000000001296000-memory.dmp

                          Filesize

                          5.8MB

                        • memory/1292-3-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB

                        • memory/1292-14-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB

                        • memory/1292-310-0x0000000010000000-0x0000000010030000-memory.dmp

                          Filesize

                          192KB