eea4491a39c040b7e84d15b1ea13ef33568057533b6cea71be19162ce1be23d2

Analysis

max time kernel
258s
max time network
265s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
29-05-2024 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

-.ico
Size

12KB
MD5

63c78752e15d865d5e073ae60ecc455b
SHA1

45274846edc5c87d536057b3dc04a95f83508222
SHA256

eea4491a39c040b7e84d15b1ea13ef33568057533b6cea71be19162ce1be23d2
SHA512

53b435607f095deb600eee67f226bf98052840b2db6c395011d7579edd0a66ec4c1d35b89cb352bf23d46cce5732f3ec5de6daadac8814cb824baa02fd473f38
SSDEEP

192:SZxf4UvGnZaFeA8ILB3Es4hTxTVwAwhejRY7AKCmUXFl1/bP7xi:4x4GGnBIL5EXfTVtwhAsAKCmUz1rI

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
5712	IPTVSmartersPro-Setup-1.1.1.exe
6020	IPTVSmartersPro.exe
5084	IPTVSmartersPro.exe

Loads dropped DLL 16 IoCs

pid	Process
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
6020	IPTVSmartersPro.exe
6020	IPTVSmartersPro.exe
5084	IPTVSmartersPro.exe
5084	IPTVSmartersPro.exe
5084	IPTVSmartersPro.exe
5084	IPTVSmartersPro.exe
5084	IPTVSmartersPro.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\IPTVSmartersPro-Setup-1.1.1.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\AppData\Local\iptvsmarterspro-updater\installer.exe\:Zone.Identifier:$DATA	IPTVSmartersPro-Setup-1.1.1.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe
5712	IPTVSmartersPro-Setup-1.1.1.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeDebugPrivilege	1944	firefox.exe
Token: SeDebugPrivilege	1944	firefox.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeSecurityPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	5712	IPTVSmartersPro-Setup-1.1.1.exe
Token: SeDebugPrivilege	1944	firefox.exe
Token: SeDebugPrivilege	1944	firefox.exe
Token: SeDebugPrivilege	1944	firefox.exe
Token: SeDebugPrivilege	1944	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe
1944	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 4520 wrote to memory of 1944	4520	firefox.exe	83
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 2388	1944	firefox.exe	84
PID 1944 wrote to memory of 408	1944	firefox.exe	85
PID 1944 wrote to memory of 408	1944	firefox.exe	85
PID 1944 wrote to memory of 408	1944	firefox.exe	85
PID 1944 wrote to memory of 408	1944	firefox.exe	85
PID 1944 wrote to memory of 408	1944	firefox.exe	85
PID 1944 wrote to memory of 408	1944	firefox.exe	85
PID 1944 wrote to memory of 408	1944	firefox.exe	85
PID 1944 wrote to memory of 408	1944	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\-.ico
1⤵
PID:4892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2254ce6a-f162-412e-be36-03ed994425c6} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" gpu
    3⤵
    PID:2388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 25491 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89398b19-0175-4521-86bf-4c059dd4b658} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" socket
    3⤵
    PID:408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 25632 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc401aca-b9a0-4394-8416-78ae9a9a5991} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:1392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3020 -childID 2 -isForBrowser -prefsHandle 3060 -prefMapHandle 2664 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55f820ee-bd2d-4ec7-a5d7-f68fe20a7e7a} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4696 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4664 -prefMapHandle 4624 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02f811a8-ab9d-481b-b893-f3c58dcb24a0} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" utility
    3⤵
    - Checks processor information in registry
    PID:4664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 3 -isForBrowser -prefsHandle 5476 -prefMapHandle 5472 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05838663-1efc-4b73-98b4-b2cada5f4e91} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 4 -isForBrowser -prefsHandle 5560 -prefMapHandle 5564 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3b3d434-1b93-41b7-807b-f5ce42873a5f} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:4776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5832 -childID 5 -isForBrowser -prefsHandle 5752 -prefMapHandle 5756 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33e10a4c-ba15-4027-9389-29dbf8dc2426} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:2344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5072 -childID 6 -isForBrowser -prefsHandle 3752 -prefMapHandle 3728 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44331672-d691-44f3-8903-320452b9a21d} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:1764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 7 -isForBrowser -prefsHandle 6148 -prefMapHandle 6152 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {648c0277-06cd-41ba-8c5b-2034be9c2b2a} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6860 -childID 8 -isForBrowser -prefsHandle 6840 -prefMapHandle 6856 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e5411d2-ed4c-4e53-8d25-01937eed590f} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:1168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6864 -childID 9 -isForBrowser -prefsHandle 6820 -prefMapHandle 6832 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {880fff82-71fe-4b3a-a58f-eef3ddbe66e8} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6324 -childID 10 -isForBrowser -prefsHandle 6224 -prefMapHandle 5832 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1785a924-3d5a-40c1-8328-064a1c235b8a} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:3036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5932 -childID 11 -isForBrowser -prefsHandle 6292 -prefMapHandle 6308 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbdfbcc5-64d8-4e6e-baf7-0c732b2cc3bf} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:4132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7652 -childID 12 -isForBrowser -prefsHandle 5292 -prefMapHandle 7476 -prefsLen 27798 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bef7681e-39a3-47cc-a1c8-1d003c63319a} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5292 -childID 13 -isForBrowser -prefsHandle 7616 -prefMapHandle 7632 -prefsLen 27965 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eef83768-5eed-4959-9d2d-a06200c9fb73} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:5168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7876 -parentBuildID 20240401114208 -prefsHandle 7884 -prefMapHandle 7632 -prefsLen 32112 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0dacf34b-f133-4dea-90c2-c7ec7e442e11} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" rdd
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7928 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7880 -prefMapHandle 5228 -prefsLen 32112 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4315f352-146e-42a1-a3bd-882029c3e3d3} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" utility
    3⤵
    - Checks processor information in registry
    PID:5584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8268 -childID 14 -isForBrowser -prefsHandle 8260 -prefMapHandle 8256 -prefsLen 27965 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf816b20-8c37-4fea-a3bf-1b1676cee4bb} 1944 "\\.\pipe\gecko-crash-server-pipe.1944" tab
    3⤵
    PID:5780
- - C:\Users\Admin\Downloads\IPTVSmartersPro-Setup-1.1.1.exe
    "C:\Users\Admin\Downloads\IPTVSmartersPro-Setup-1.1.1.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5712

C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\IPTVSmartersPro.exe
"C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\IPTVSmartersPro.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6020
- C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\IPTVSmartersPro.exe
  "C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\IPTVSmartersPro.exe" --type=renderer --no-sandbox --primordial-pipe-token=112EB45A9C0A3A41CF2DE6577BE8B85F --lang=en-US --node-integration=true --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --mojo-channel-token=A10F1CEC13E1EAA454DCFC4145895828 --mojo-application-channel-token=112EB45A9C0A3A41CF2DE6577BE8B85F --channel="6020.0.1263005604\699895186" --mojo-platform-channel-handle=1920 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1692

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2044

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:6136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\16F02D029FCF1E8FF6C3ECF3E6782B69E96103A3

Filesize
1.1MB

MD5
0752f3253a1a19245f2639984afe77df

SHA1
8ca17c5c99c11edaa91f4b95b408382704e532a9

SHA256
b5ea09e4b1a85448b7c41dcf91bff33677d37d5cf60e6a77ac91546cec150ac0

SHA512
3240248783007d8ea58b672bfa3db35f8a176ac03bfc74c650f6d71022d0f9d3fd2f14059d27de00fef88fece8920f57759343bfb8a5313b6b527e4c5ec678cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\1F80DB625036312AD5E262105303542E04647ABC

Filesize
98KB

MD5
8d877f41974b32a21d11d0fb93f72316

SHA1
2bde456181f485dfa00d88a722a9785f8eb0bb13

SHA256
c5ff88fb5d80cc79b82a438b91af2726599e9d54953c2e0e00a48ffd511ea709

SHA512
d0f13ef4500f6eaab391c78ae08bd1881e47311839957a1f4da1b07aa53e7df7268e24fffc7dab24f264de03cee60b6d051cbb0954487a48fa9b0aca45ecee3f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\201DAAFE287F1A3906B2C7B745499AAD2C5DBF31

Filesize
23KB

MD5
230185805e3414f619e9afb8ce62bcc0

SHA1
8735adc97c3751bbe3b9e3cdd7bc68e670642ffb

SHA256
7c0c6c7c3db55282788be810909a442c5f434707771f7bf0bc27305a34876a9f

SHA512
71195b69038d0626f29690fff3ae9c81d18ac9cf7ceeee0bb02755e515141bfc9fb194eae2dcc7add0ae5ef678b2d80f9028933c93b6f2ca7aee1135c0caf2ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\3353A3B0189D5593BA4AB18D40D5B1A98C282F5B

Filesize
123KB

MD5
750ac6962c6301eafdf016fd397a37e7

SHA1
575b91adbba1c95c2ed1bb9aeb7d09141991af05

SHA256
79429fe3094773b3bf3e05be15b9e4989c099a3b456fea5fd0a02d4fd17e5324

SHA512
fabe89dead5780da60400e90628f26f2f619522646aaeabe5433bb52d9c86d97027b6b46e8d7524956bb6433b4910864c18ee6051f8b9c119bbcc033654d09b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\3D51ABB87A9A1494E8BC17A084D97A827E854491

Filesize
34KB

MD5
11d574ad4dc9c66789d755a98aedff2b

SHA1
de0f39aaf087ce782a059502960b171324f9b3de

SHA256
1439ed7dfc23e1f20ea2f331dc84d5335ced79135533fb38dbb258d23fe36138

SHA512
6b57beceaa6014477bea36f955e4f0cec037ccfa39ddafbd534c369c1bf39bf5db0965816413fccbbe85933c09c462281e7d2aa73756c62df65acbfb876a0a90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\5094E77F51F04DBB6C39C211CF7D60694F42EBDC

Filesize
134KB

MD5
d8a6cfbd36349e5fea7d46c3cc8d608b

SHA1
4911765cab2ba511a7d3bdbe8644e3af0a6642dd

SHA256
d03251849ae124313763b464c1d11a2f3e87cbeb3479625b4adf847b9955846b

SHA512
b0dc781f9f6a1ba96fa70bcd5011f425dc79e6c0725c3906ee8fd12b4921fa52940483dc54979831ad8f6b9f24a0a82d78790545c4f0f8d1a3be3f18b2414193

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\7513545272EFFA6D70A724D8A532FE43D67690FE

Filesize
752KB

MD5
7888b3114cf9a99573fc8b9ef0284eae

SHA1
d015e28866daef3d46933a2a3694f86235364029

SHA256
85498512c49d11daecf764a3674bc2542293204efb0d2005a283a6debc742310

SHA512
5e618916aeba9694a7577d58e4c1c78e55eef189cd41648f0164c88ffd549450e9d9820f96ca3a3f0ab2569c5421dafd76ebad6282fd683b46dda522f98250ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\7D887B76E3D4D933CF6A01B02FD233A6EA901B0F

Filesize
13KB

MD5
cd8e375e7f9673415b898734bffedd7a

SHA1
95e81015e9ea944b1e67603344140cdc8919fe6a

SHA256
d3f3ac1d048488eeab52809bc8e7312b26edb86166e61deca55a1d2e4b75abba

SHA512
a726853362fb5aefb4c72b537ea0e2b8910656894c416b0e1bf24b800f05256e9f7d06b8d05f974c64d17f97e71b70b7ed3228b05a158073de528f07c55da85e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\9AA808E33C4F00731D705833AD096C9EE3008428

Filesize
73KB

MD5
68812b3c394ccc909ab3faa5596d8529

SHA1
9274b0aae9432be14980995565d4251ab6cde1dc

SHA256
d2389a93177f1d82799da8d3d316acb6649c436a01430d03284166a57cdafe23

SHA512
11102f3fe7532fec8e1391b6e44229589940e1362066fd407960f5e7ad1766d24a961105c970ab6dc5a40c28f3160f04c5c3e904c7c00398bcabc3160ace2dce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\9C9BAAC2C642D59B172246A8C83576F9BA642E65

Filesize
205KB

MD5
359ef8ae9d76c31ca0865fb92d271521

SHA1
14909f24637aacd7f58842853b1048dc83335b1b

SHA256
2c6720ea74c5ff4705c9313cca7563b9f94d7cb87d3e22439cb967f4482c22ee

SHA512
b17aa62bf1d77f50fc779e6280917d96dc1b0a67dc90a83d6afc6c206f90bf35b75ef46cecef059bf386ee2b5aafc4ac18fb8e8dff497a7317ff1b731b0bbeff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\BA059B1EF1284DFC8616BE0A93F6FCCB3C9945F7

Filesize
2.1MB

MD5
bbda9a52ca51860f226f950851dd6ab9

SHA1
29dbf29578d688fc802c6b2e2dd73b96c36b9821

SHA256
552719d166e9d0d3723e435d83f81149966fd7615dccb7821000a0181838fe05

SHA512
7183a7ff423bc2b684a0f83105ca141af84030299f2346900998217e721df8b9ad3b444b3c98ea1d3369dad607fbb53f6599cb4d542d588005cabbfde06e60a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\CB559AF5A5985026E1741AA121BBC06EF977EA55

Filesize
117KB

MD5
116a2f2d8856c98c0c8e67fe1ff78857

SHA1
7684b756869e0bb241b607aa5e18b1c2d12b9d0a

SHA256
7d0f0108d3b4fbb2a8e64215e7940394d5643573145b6fc90ba84b26e6c74277

SHA512
9145404ecf41d1cda1ede54bbfc3e24f158632ef86e42037cc7d2b8497680f2082ccc6d982da17c8c057336ad09ee20f5a237f501d5ac3326b2934ec3896e5f9

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\blink_image_resources_200_percent.pak

Filesize
54KB

MD5
2a8646401e34a9ad258b09cff76d498c

SHA1
7a59d4dd5e9f5ad3e6efce654621a71ad3456ee4

SHA256
38f5acd24b037f39d17a8f3c6c935cd709a2cd84e9e8dd175c04bd1d2dd24407

SHA512
8a3f1abd2d113a928cd003e15332da8b7886834426f20aceb619ce1e397adad7de863079d91c71d2429ddd89bbf88aa56df121b8f2f81102b42aba6b83b96277

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\content_resources_200_percent.pak

Filesize
15B

MD5
7c321056f805aabd5a503821fa1994cd

SHA1
9c690875c9189c66c93ebd4c0971739653bccd19

SHA256
261e6aad3ad0a5f608b5694919ee39026c4c3eb4256540068f7c1aa46be9315a

SHA512
8a5f4b3726e4513251475ac470f86f0daa0d5ae42bb750019ce96ed871cb04a7391cea2cef79e67c585e3a982041575e60d0f79b3a5bb9ad09be53362787f090

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\content_shell.pak

Filesize
9.4MB

MD5
bfdb450e909347096bea8f6427c3d960

SHA1
9b72d27d7db3721841630fefa879d7ada7794422

SHA256
ad62b146780f67c3bc35dd53eff33ef1cbd9f9351b8ecdfe2fd74555479e0f30

SHA512
8f666a9d5087213a1405cb040dcc2653fea4c4cc0a694d37093ab977eada1d52734949883d5699013f1d943f1b19511a3dead15842164f77dfe5d7f0b64bdf2b

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\ffmpeg.dll

Filesize
2.2MB

MD5
8c0576bb699509ee6e7688b93989b2a5

SHA1
785e84a4d013ad43e5e6988a70d14a31afe7733a

SHA256
549dc9535b6f8c071a976d4efb20039585627aa819c2b68b0d5a7deb73bdaa47

SHA512
9fc734fccac6f5cd4a4bd611b757a32d8d72400eefe236bdcb73b8338fe7953380ec14a1736a371de939a9d099b14822147ef6364e2b2e2f0235c3c84b6608e1

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\icudtl.dat

Filesize
9.7MB

MD5
3ed56e55ff45ab973ffc483e5d483a5a

SHA1
5d9d39c80054ed315fa4cac23cd956e3121ce5d0

SHA256
22b4b162fa9c1a35d086df4b2532485c0ddfee4649de8519cfc52a09f749b8ea

SHA512
b8998b76b2691941ea724f404c9b95bfb1593e6fb17d0d7fd57d04069b180a01eec82934357c2dfd48958b6d3d4e3489b111f7c0078134d300710d76f9ee3daf

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\locales\en-US.pak

Filesize
3KB

MD5
b591250d8394daa523ec24b83bd43ca3

SHA1
b399eda262b00e10ffc71f0dc08902219ff13106

SHA256
6f74af607a77ef220421888adc1edec46a60acc759480efa7adc3496d6b08bcf

SHA512
795d5254a8285ed4faa79dc5b126f6bad817397ec3123f0f2825580f8a21d43f4ded1d49f1cb87d89344df633f6953502dd6f14c7ea149bf688206189ac4461b

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\natives_blob.bin

Filesize
358KB

MD5
16a819fdcc843cddfaa0f1d4c7d143bd

SHA1
48d700ab8c8f22aef074d0a3c9f2b40a84a412d5

SHA256
35d85320e2908240da1dc8a577da3aad702936999336a3dcc0576b00c13e9756

SHA512
571f47911441ac31cea080a5d24a38351331dc5d8c9a09ef0ed7f61d439c4f81b27d4e25d73dbc64e192658d3e5415c42026e64cfd0885fb15cdea17cafdd9de

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\node.dll

Filesize
15.9MB

MD5
2dcd87222cc29c1e079d3f5d72fd9a7e

SHA1
15b4d95ab0207f9d1d698f2e6685232d024ec3b8

SHA256
77c89c85d4a9ffd1ca1a5ab7c1dd2b33fd621f141114372467cfe46dbd0258bb

SHA512
3bededb47ce55af8028c66577f613a871f510a720bd9e430f1879fd5bf0f108b1470f1ee3cb2f64d6feec62f336682f33c4177db6edae76a11a820ba4c7da295

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\resources\app.asar

Filesize
20.2MB

MD5
5b8af802c2dffa6f5a1cb13faed4e37b

SHA1
003f23614dd372c86e37b1aa3c97a00e73203ca2

SHA256
f2d22aa33edf6fc1410dbfd0eaeaea025b3f4a2590b6a78077c870fd3e548179

SHA512
486251626e2296a129be1e0586545df88b1315eee69b3d6ee012aedceb7d052f7c073c7b779749c1c6774025caa3b996906709ffe21b9b806397dc0041afdb5c

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\resources\electron.asar

Filesize
218KB

MD5
360e7ea118f6328e5b848aa38d4be36d

SHA1
883f3c0d8957a773b53a10999b5b92cc48f9501c

SHA256
62a1a3ff912a627537915a89ce6b8e9b184b69fea86912e8e751952a481abc54

SHA512
d8b35cdd1bbf3ff27206118c4ce9f17464f569d2f5f1ebd6662ecccc137d9e9fd5c4a9b8339a584248ad3fd46ed69df88575c49d20a587ae017f855ddc4654d4

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\resources\wcjs-prebuilt\WebChimera.js.node

Filesize
467KB

MD5
2f688722ba2a2e74eedda4540a4fed71

SHA1
1ba757adf336cacae7f93f98d913413bb04956c8

SHA256
85be7b2aae1a67ab5e611dfa364f98bb3565bf6e4a160182ea7a73a93a13bc14

SHA512
154815de038f629114b847093d4e32a91ab5200728d231b63f1dc4731006a81d340a997f14f080e252755dec3b69063ab97664fa41fc69f2887425d210663420

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\resources\wcjs-prebuilt\index.js

Filesize
50B

MD5
8ec2168ee5748f58ed5c9f5bf12e622a

SHA1
ccb68eb409e610332cfd2608c54d6269685ae942

SHA256
4ecbe8ece258439902e1e51bf25431fb13d2d88e360dd14045d7e6f1bb4ab05b

SHA512
57fc020395c88c45e81a4ccdc513692cf9acd72a9ded6803dd35807832ebfc9e72b33a9fc59bc532c450b0ba343005ee6ec1c08c64ded46778e615b28f58e0e2

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\resources\wcjs-prebuilt\libvlc.dll

Filesize
148KB

MD5
6611170457d3906ccd615f58c4c347c2

SHA1
81c2b81836cad87d1e2c6668ab6f624f86e8281b

SHA256
a9704ab856da74ea75fa024ff0ac1eb91b7c632649cf195437603af43c03a807

SHA512
0115a3392e7b95035279f9f3f24f63fb754708cdc9d13ce4055877745d18c7d6f92eb86593088d515ca5d1191764f5cf5631ecf0e993bc04cf049e392f35b602

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\resources\wcjs-prebuilt\libvlccore.dll

Filesize
2.6MB

MD5
f2cc731f9c326c49aaf51857c1f81d84

SHA1
aaa37dead4316a26955575be17dc1ce3a3e96334

SHA256
6fb53a2d94371c68b071765b37bcce0023015c524e296eb1b36725af1151b802

SHA512
cd44cd8c034f805aec3e06c1bd00cdd74edcfc01fca9665d5fbfd186c945a81c207c1ad6eab9afc5ad7378bfeff777d56f7f60a7041600be502f0d56d190f41c

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\snapshot_blob.bin

Filesize
798KB

MD5
afbd0030e302852245bbeec7ce2f9851

SHA1
1c3b85d097c0ec87ed9919303b630bad7cdbb8a4

SHA256
c67771768256d97c7e7c22d51d77633aa62aafc2a5328b6aa1d77ea1672c6898

SHA512
9530ab250ddac9ec982ce973f58c8b48efc56ddf8ce37279f07db14951df19d9615db9f794756d4840c38a26ee9d3bf0da175ce51a88e2f706e5931d69d3d6f0

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\ui_resources_200_percent.pak

Filesize
82KB

MD5
7a662d039d00e1f17778700fe84d6033

SHA1
fb2c2ab437400e7dc6517d5cc4dc4b78035bbf38

SHA256
d6130c8ffad8e50588aa8d67ad6b17e6bd5c302b96b127918447f3467823979e

SHA512
1bce59ec7f7d129b9d1da87e42af95c91f1a8cfb66e467957451ca80b5966aaea39e558d81b62063a69d1c448e2468b5ac5d483c7187ce1a3389c2e1e695861f

Download Submit
C:\Users\Admin\AppData\Local\Programs\IPTVSmartersPro\views_resources_200_percent.pak

Filesize
58KB

MD5
33bfef730b188ba8e055bffbce21e3bd

SHA1
d45712e6306a98daba38af821670565761fb414e

SHA256
1fdfb1282c34ad7e4752a8fbbf096a3b5c8e25dbc8e15c27ff9dfd3588b989a3

SHA512
d3da472546bc25184401d0584bc8f2247b1f0ab60473e61cd34b96c7b0648355314490ba622749635f4be50fa152953e42b38fef959fd2ba5b0210e6021594c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspD0E8.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspD0E8.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspD0E8.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspD0E8.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspD0E8.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nspD0E8.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\H60HZX1EJ53CT54WK21S.temp

Filesize
17KB

MD5
2191025a76ab3a10712beccb80155454

SHA1
d306eafeabeb7d8c61b3ab98b7ccfbfdd88296f3

SHA256
dd03268057b31e54e9ae581a5dcb38cd2197ee319a092d80f3c37ca9dd95a752

SHA512
a3a373d38fc04a49a9d92b05cad418b3a0ac574dedb644be9035939bffcd4728f668f360659604b89a8e728ca0d67e9913d99ec1930aa41ae019530c71337352

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin

Filesize
8KB

MD5
2123a3c6b5d305c062d1a68710a5d35b

SHA1
602af4cdda366b95f75e8a71210af620c7378047

SHA256
916efca3022981fed45c0ef0500c3c1b5b5a78e2da6a541452d8743604b8fb3d

SHA512
f657c763909797000b4abf9c40d089f6d284a4b05a113ddd8bffb2c0efbe443fa3a2e9957674a3d8789d669f78ce7d442bcdd6c8aeaa9c42dd7cc4dcfc34c579

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8901512256536b74b55b61afc6b23587

SHA1
5ffe6732f4c848e0f743128a3a6284f6b2773d67

SHA256
0b92dcb98a282c92ee063252e653d3f0cc37b3e24f9be11f140738e4dc58bb1c

SHA512
3fc021a582c22d81c0696f08dcef3c577c109c7d100c96bed316c62e45f376d7d9db6a5629412dc7e338a16d7cc9ca0ad80c4d864446f43fa780fc81df54968f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5260eb53b03e8b450b52dec91ccb46f0

SHA1
f8568b010effb9a579bb2b1b8a144f5290962bab

SHA256
af7b4dcd9ca2e3fe2b22ae7e8a2f7af8ba0967e56acee93083904d4ce6a28fde

SHA512
8db7435827b1805ff6922273a86f3c87a243eca1b8dc59ce194570d576a8d5ea186da42b56dc8819fb35eb3fb0f594640852f436cfd438c0aad5ef2ff597a720

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
9bbe3c4e2546843229e6ddcd3fe33fce

SHA1
a4b4e75ea9d646f02dc19908f07bf60aa9c422d3

SHA256
2c25e83565aa4ee598d69d217d9b88b5fa37d25a6770ffa63d424a62bf6a8cd0

SHA512
625f31eb716e320e9d152e8860e321b0bf172c53287c3d728459cc622e2085e794768a058c36327c1e5e1d8349952654e4d4e3c7e8b5cf3f455209e6fabbe3c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\40f16555-d483-46eb-84fd-c5ae6383da2b

Filesize
25KB

MD5
169f44ae9cdf4ec1bdc3cc6274d51120

SHA1
1d1ed41d28ee23b621017814aab2949635af6670

SHA256
50c32a34db23a91c5f919b610c6d2ea3a23f33f652cd3a585fe2323f35f1d496

SHA512
eefb63424a93db9717098b8e490fcd55a5ddd88fdd20e4a4a7b80df28e42d85ce04c5c737760bcac64b391192e58c73f23c497209134029ee4e03602721e1c53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\55dae6a7-96b1-4f1f-a320-91ac27dd485a

Filesize
671B

MD5
64f304ad73f658f7d9f4db214414fe11

SHA1
2fa7a1af2f305db974bb6b862b9bba58f5c20952

SHA256
13c86f9bb26b66488bea4aa2722ad555baf3b6c85fa81383e5d36e46344e74ad

SHA512
fab054a7b17d90aaf50e24ec35d54b836ecc08f64c8d575616075c15616bfa6ecf3231e6fd66bc6b5fa568646e4768b2877a15c70bda2352141d251d06bf52df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\97010236-921e-4b30-b179-ca559a59f3a9

Filesize
982B

MD5
37e53ed31a45e390d455e2e011158be1

SHA1
6ffbc45f6484e44bd68c505fa6e833a0fa6f7364

SHA256
6c9fc7d35f1949def7211472ba001f1be1b2bf6a30ce119a1e956d940221cd35

SHA512
60c6c917a2c1fb9b943a720de9b068041c96528df02a850bcf5919c17cc25313feba073f9e0c263242dd0eb826c548cc9019a8b6bc5433319f2a9066a3666f0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
9KB

MD5
3edc14e39f58e81d79cb5a779635b549

SHA1
afc03df3845bbe7b9bdeebc9a7d8acb6feda2962

SHA256
52c7dd7e54103a2bf8b63f7f48befc66d14884a3b3628423eb677c286ae75f09

SHA512
fd66c0dfd1e52b73d912754aa20fca7e97d2e4794422f6df628f1fc79b4e1b8e1a644c37f71a9f7d516e802ea1a904d0ffbf767391d8f6ecf1290c5117569485

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
9KB

MD5
29be7f4fe5713368c32ef3606b3a8595

SHA1
8be09d9b8a112be4601ee1b309842eba91ef28f6

SHA256
8859e8beab1bd6e6c74956246603d78af4bead0142197f07b28e6c45e3564477

SHA512
de776f9cfb4d0e8da8526fe6746d7c1db892db9c6062f6dcda8b8192b3e1d5c4dcf52822691bbb88f5e66c233285a96695a7cf17d350660b0f1a397002727975

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
8KB

MD5
d22d511850b825558611e434c873d1b2

SHA1
c247c6a0990438f4667052f2a24ab74f489555b9

SHA256
1b920184d8b456e896cf0330e1687eacc1ccacb26f9ed1612bd6bf76e8342d75

SHA512
9dd91284f986d949200e5243344254bc1fe3db965bbfb009cc027a0338adb7dc8c7a93d7dded29e0d1786a2a9c7f48474e5450a8b0c061adca326824a7aa85a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
8KB

MD5
9fa81c0ad2e5062b591679c2a03d96b1

SHA1
c71da1db91607aaf820170a9820cf19a334abd68

SHA256
af11d7aecf1638fbd12b1201756d53514140a04763dfdbf05c3fc101acc490a7

SHA512
9a370235eedfca154be9adff40e62b0a9ed6a7a00b1a8bfcb4230785346336d4c2f4515535b92d4235f0fd34d6acc51c2406329e4b74c7bcf32548d471ab0aee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
8KB

MD5
11e32e02f82a59bc0cceae40fa8420c9

SHA1
8b432159be426ceaf0bb496d662fff27976c4faf

SHA256
826e16c1359dca8aa1f5ab664b1c65712bd87f2b22b3cd327c26f79bb60177a8

SHA512
d5ce320c262005a3d585e07ac2b0fd5992a766e07882edd556067dcaa8ff500e110c06ab35681a23534bd7d69e8ff5e965df3d308c9c022e66462c4619807cc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
8KB

MD5
31ad88004f37361b1d3f3478ca3210de

SHA1
da4e3f2a30aeac78e0b440d75f25eaf28903c788

SHA256
6c78f5f23e5efd66f34f761cbb79c9d4a48176d3120098b66c3fd29019ed1065

SHA512
c3a78eea1dec89c6f1091fb9366598c24e673442dfff7354032c1c9c042ba8ba63927f644b4181b2861b7efedc6c1bd0490833dddfe1e184c2bc5be4030cdcba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
e40412c7162efdefebf9fab227d30faa

SHA1
b69f49e0e755a84b42d3fc0a393873cc26c4396c

SHA256
32389d684d169b8d28ba0a349a1306f9f3e4c3370cc22040f81a9fcb891ac0a5

SHA512
5f7d98529edc6dd4f88f4df6a9a287e38c4089105b7ca7d5dcdd492d25ce4f7e9d457ab2fbcbb710382a48b265731402f3359f524e0c273d33a47492f389531a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
c5dd3eda20c5f29f78216064a997eebe

SHA1
0a6bcd06739e5950c2ee41ee26463ec6df0c5fe2

SHA256
2f04a590d1c5363a1daf0acfca37da66a534384945eb9b3b17cff63501fd9a20

SHA512
9dcbe8499441fcd5d0a9b72c6bee6a25fb92bd121cea2c4d42ccd5fa17b6531daaa01fe27c25c15eb76fff18bc0c276767b12bc61ee21e7eb3e9af73efdd8ba7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
69084ce42777745ec70e5e6e810d4569

SHA1
9a92da01731f9f94c3a1ccc0fa80a829669df7e9

SHA256
41107864b892be4d0aa36a14d3943e7f19fd6221cfc461958b68c230ba365cd6

SHA512
bf1d428d4746176c14e3d96c559fcbc69840d218b122896fd455640d4ee3c43c8686e9764d13e7d9ac4ecc8846991b9417a39d54d543973beae7ace86f7db180

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
1a20929755db465d60a89fd5eedd9929

SHA1
d44f3083f5938f861e0c472cc430f542d2ee914f

SHA256
17b1410f70e2e7e48b5d78b13b28372237c8f2841300fef64697ecebf5ecd929

SHA512
66edab3d17e54d503fb860ae053a3e2fc8482a42d1b1cb9766b007e4d7c99708b4c3963b79abe1f53b5756119ff1ec12446c520097803c4298a192b0a85dfe6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
9e09fc9e0ceac7ce5d1ebeb948bc7cb2

SHA1
1233edb858796569b40814668948f48fc2ef7d79

SHA256
c33efc969e2a1f7b89b73506ee5df8d1d965e41e7c6b541aad08baed0d031b8d

SHA512
e72c995da688960f0e39850d5102fc062be33c92290482143346797c08370ace4e7a5a44e6a93b0a4645607b02b576dcbf3f281a65ba7fc9a979fa9da108e3c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
340eb38f078fc20a176aa241d140dfd9

SHA1
8c04f628db550796b3f19831ff9de766504810ab

SHA256
718b78274243f6139687c66882574ae69fc8c436ccdb4468fff7c1ec20a942b6

SHA512
fd7fda41415838bf658cf4b4dcb346d666fc12f3ec4ca9e073fdaeb57157360142ac689775ea2b7df9641fc4cf23cb6b112ca56f51d38f50ceb963506312f965

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
39d0562897d266c9d416fc7f3d61b6f7

SHA1
537b02a0b333f0a5ea50c7d50abf0b48c3423530

SHA256
0c2c710017bfddaaf4298b30c92110cf3b646aae2d9ebbbd87927ee96df3e363

SHA512
cdbb8eaed9cc4dbb000b649b42d669b71862b10c481fc00810c7082a6c8d3616e79dad374fdde7e3157f86dbea675ec39eecc57601992652f2d64d34c93b9469

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\default\http+++webtv-new.iptvsmarters.com\idb\2926346687feisraebbaatsaed--hte.sqlite

Filesize
48KB

MD5
cdfe73bcd5fb98ce6fb8e6a9ed82eb12

SHA1
28c9231d3de6f0dce575295cc5af9333c27da639

SHA256
4113ec7e4bd11e40dbd297cdae155bb47ba77be43285148e3ffbdb10a4d4863c

SHA512
1a098de00e9ab6cb7a126a7e5c85e06009bddc932c00ccea0e29f571cd12701fe1a13bf92c97e4f8c8b8b67913d47baa89ad8f402ce302e7ed8dabc8360c044b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
200KB

MD5
25e4300c801bfbb00dae8ba999e0d755

SHA1
06700161a74442f11b6b0950118dd670cdef8f44

SHA256
5292592931a8ccf65291aaee6db2f9ed380219dcb864f297df87cdd8c7668f90

SHA512
8cad74782f2e338bf1ba5dc907c4a031e86728d4d54d8efd6e3516c2c95b8b3ea5aea2c2b30e38447256dffe3038e7e5a119793f4d62281d9e719f1ff9775a36

Download Submit
C:\Users\Admin\Downloads\IPTVSmartersPro-Setup-1.1.1.exe:Zone.Identifier

Filesize
96B

MD5
194720b72ada14745e0caf35cc43e095

SHA1
4540eb8ff841ffaa4d2682a9e4ea5fba8809c373

SHA256
14a4f06d713f133da783eac36de889a9f902e718a250972f778caa96efa9dcaa

SHA512
f31e0b7546d09cf8570155bc89617fc50a1f49e59acdade8f19bde96056784cb77eabc5720e2732f0160fbec08589c62cfd8bff965a61518f865220b27f00cbe

Download Submit
memory/5084-2183-0x000000006A820000-0x000000006AACD000-memory.dmp

Filesize
2.7MB

Download
memory/5084-2182-0x000000006AAD0000-0x000000006AAFE000-memory.dmp

Filesize
184KB

Download