Analysis Overview
SHA256
d7816ba6ddda0c4e833d9bba85864de6b1bd289246fcedae84b8a6581db3f5b6
Threat Level: Known bad
The file NetworkIsooProSetup.msi was found to be: Known bad.
Malicious Activity Summary
Remcos
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Adds Run key to start application
Modifies Windows Firewall
Enumerates connected drives
Drops file in Windows directory
Loads dropped DLL
Executes dropped EXE
System Location Discovery: System Language Discovery
Event Triggered Execution: Installer Packages
Event Triggered Execution: Netsh Helper DLL
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Checks SCSI registry key(s)
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-16 13:57
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-16 13:57
Reported
2024-08-16 14:02
Platform
win7-20240704-en
Max time kernel
299s
Max time network
292s
Command Line
Signatures
Remcos
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Active RPC Converter Suite = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Network MPluginManager\\Coolmuster PDF Image Extractor.exe" | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\f770280.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f770281.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f770281.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\f770280.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI42A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\f770283.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev3 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.ev1 | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
Loads dropped DLL
Event Triggered Execution: Installer Packages
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\DrvInst.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\NetworkIsooProSetup.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\system32\DrvInst.exe
DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "0000000000000588" "00000000000005C4"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.0.1265542512\55254930" -parentBuildID 20221007134813 -prefsHandle 1256 -prefMapHandle 1248 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae1d198a-79d3-4b3b-808b-f1dc0ef5bc01} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 1328 f7b7858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.1.119141793\755918250" -parentBuildID 20221007134813 -prefsHandle 1512 -prefMapHandle 1508 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8732a294-f073-489a-8437-2a8f76db3016} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 1524 d71658 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.2.1038546641\261116664" -childID 1 -isForBrowser -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bf89527-d6e5-467f-a707-945c27778746} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2412 d64758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.3.16759404\1030676803" -childID 2 -isForBrowser -prefsHandle 2772 -prefMapHandle 2768 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {257b1ba6-e4f3-4460-99cf-2d558bb535f2} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2784 1bca7258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.4.460897612\1856942546" -childID 3 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47317c14-52ca-4ec2-b78f-248565e3f444} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 2892 1bca5458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.5.228048729\116525053" -childID 4 -isForBrowser -prefsHandle 3840 -prefMapHandle 3848 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cd31981-08c2-43bd-b7d5-0792da1d53c2} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3860 d30258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.6.1115976028\8042862" -childID 5 -isForBrowser -prefsHandle 3968 -prefMapHandle 3972 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e41b5d1-e8f1-45a5-9083-934862e64102} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 3956 1d717e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2376.7.434012032\1348333865" -childID 6 -isForBrowser -prefsHandle 4148 -prefMapHandle 4152 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 848 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d69df9-a57c-4b23-9d1a-c3cf7eadaa8c} 2376 "\\.\pipe\gecko-crash-server-pipe.2376" 4136 1e8cf658 tab
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe
"C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe"
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Coolmuster PDF Image Extractor In Service" dir=in action=allow program="C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe" enable=yes
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Coolmuster PDF Image Extractor Out Service" dir=out action=allow program="C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe" enable=yes
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:49242 | tcp | |
| US | 8.8.8.8:53 | win-update.xml | udp |
| N/A | 127.0.0.1:49248 | tcp | |
| N/A | 127.0.0.1:49537 | tcp | |
| N/A | 127.0.0.1:49544 | tcp | |
| N/A | 127.0.0.1:49546 | tcp | |
| DE | 45.133.74.183:2404 | tcp | |
| US | 8.8.8.8:53 | geoplugin.net | udp |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| US | 8.8.8.8:53 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabE330.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarE3FE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\7420c430-3b15-4cdb-95db-1e586975c98b
| MD5 | a0085f7e5463c5912256dd96c93a667b |
| SHA1 | 8dab4a99a8ab4d422c419fc29316c48c26d95085 |
| SHA256 | 8282c73ae3b9ce9b08c816c74c40fd37b344e6762b50475abe1c6b392901a88f |
| SHA512 | e21abe49b6771b465f69d4463d915f05bd5f54cdd479611b51431bf0448c4931bda3bed3c920a3aea655b9b8e837d63f93eac4d117aff705f2acaad49853af1a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\219cf823-c4d6-421d-9279-f68ccab6c077
| MD5 | b09a16dae146a7d36f3602541dd727f9 |
| SHA1 | 9d55d323313d76892a7d129db4489e748f439939 |
| SHA256 | 5947054367aa25f64404d566781f506213b6fbb38f70601dbc150c7f1a467d19 |
| SHA512 | b7196328c387407178f97457f81634653566e49ccf994a2d1f7c68c951d9355e678beae3692389a3fdd7cdf84281ce6796510963aa872762dbbde43a953ed1cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin
| MD5 | d42b5c5980ce5ea9ecc5d9946879afd5 |
| SHA1 | aaebbaa35a3f8b0227fffc6e2f6d8f52876f3c2e |
| SHA256 | edf88fb16b4a5ecd6fe88a2f23623875ce1b3605609efa5769efd4cf3cbe4fdc |
| SHA512 | 3e01be699fd8cfdad5ffdde7499c6840a9b445ca7a1c569d5af7d2e79c14f99147b5c25089ab02037d262db1baa139c5ccd2f16bb2aa60b0c1ae4d1e1306b4b0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i7f18jmm.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 80c572651a0abfbeb2d0fdb5a2f1f051 |
| SHA1 | 92c072295b801a0b19af45e66576575f6534b6fc |
| SHA256 | 0beb6e16302292880043f4655d319068c6b54ebcca90c1b3d9d9220a64d50fb5 |
| SHA512 | 0debdf3c29fe63beead9e5199e8339e141a522e16b4792e2c4b3f10547be6798df24c2592692dd0b50d7db6f825b374774ef48122a4c7461a4747f95ef2af2d7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | 64d7418f468a1ea2d4d822bcd94d8ca7 |
| SHA1 | 9cc7c1ff7bb047840f46acf8b52ce14c81e9916e |
| SHA256 | 93b6540208adf76701ebcc479569c515bd79d9404539845f256944db5644d567 |
| SHA512 | 5d5128760f7b8608494fdf3f9d154580e031ef09ffd677a90fe1cb699f59ac1c2ecfaa77aa387f69dd5c57c7c1913e4f7886adacf1666eb187119f83ee43ee28 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3899f8106720f72519aa81c912c60f71 |
| SHA1 | fb29131c238a53440f584090480389b83d3bc9fc |
| SHA256 | 75d51b4658a0d90eee32ca2b0f73238100dc97faf752298c739afffecffd20c7 |
| SHA512 | 04cd28b8b6301bb88f9b496b7d4e7672f0785a962552961fd2dd1b8866c42a8e2401b2d08a993b0acbb967265bf0606f2aea30b765e3afb57738bca804027179 |
C:\Config.Msi\f770282.rbs
| MD5 | 736723d61dca6535dc0df2f0777d2db2 |
| SHA1 | 8831e2d724f48e9954d23353af9fa5ec7a485fda |
| SHA256 | 4a08ecaa994f1a4a7b639ce0c62c82a5575a3a45e23d5b43bb3ce4367ff20822 |
| SHA512 | da82b38402862b2006357dc9354e7575c44bc2cead6d0a68391a5b8bcabaff841ccf41c726308b40609f0e85707d422305dbcb02e3839dc5d13120ff03e052fd |
C:\Windows\Installer\f770280.msi
| MD5 | 4fff2618d8f4f571bd0fed70db95a6a2 |
| SHA1 | 0c2dc8df585ef1fb3d963820d4b9a5c5a41ad0f6 |
| SHA256 | d7816ba6ddda0c4e833d9bba85864de6b1bd289246fcedae84b8a6581db3f5b6 |
| SHA512 | b05a8627f52943f5b1beacfdbc45c49c9cc70c9a12e8a165b8587d6a7bab18edf1bb7d90231c404a4be7c0c7b73856056a5d11d642eefd83a8d2cf236636dfc8 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe
| MD5 | e11235cb041e3ae98cb17d746b45cb66 |
| SHA1 | fcaa4feab36f28bd38e71ee762cc499f731d3d47 |
| SHA256 | c7030fb23fd25fc99c39457618a3afd2b27b381d7b833d4662995493d85deaf4 |
| SHA512 | 08da0141966050864a404c413f51fada820489872da15ddff1ef8273211deab106bf912105076f24e801b88276db772cb8f8f15201b83ef35e069d0a4de63db4 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libBasic.dll
| MD5 | 4dc44d5151384fa688d01dff77e7bf97 |
| SHA1 | e538146be27b44ad54fd857a17c518ea7096a22e |
| SHA256 | f490db01d8a604117856ff993726456b6d3aa087b017c8cbc5ed1b917cd4df57 |
| SHA512 | 56933d16050765e0262bd38bc96ee9a71de4ac28c6748ad908c08955fc5463feed5966481176354570404923cfc3fc699a3d93e0470807a26613ba3ac6ad5f32 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\zlib1.dll
| MD5 | 13cd5ab2da5a98f5f76aa6f987187461 |
| SHA1 | dd2d54668258b989cc500c132d9a686babe67fa5 |
| SHA256 | 3310ca85f0cb26e07bb3d8e1168c49e572a7c50762fa8140768663a5df9823e9 |
| SHA512 | c1c0c11b9804e6d25c8b1c74a09bfd3133255fe47ab9515cde124ec73231205b11d0536a66fccc9379dd84a33bb589cc78f867ef423ff30067363fdee7d605ca |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\pthreadGC2.dll
| MD5 | 72c1ff7f3c7474850b11fc962ee1620c |
| SHA1 | b94f73a1ce848d18b38274c96e863df0636f48a7 |
| SHA256 | 3b159da9dad9afd4bd28b5b1a53dc502a2487068055ed8c30136a76cd6924890 |
| SHA512 | 1ed4b3c34dd0033ec2aa05bdacaa45041d9cd5880fdb5530ca033308ab349c09d4811bb276bbdf51a3040b7a337f9a5d33796924550962a56058203799c5bd53 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\MSVCP140.dll
| MD5 | 5ff1fca37c466d6723ec67be93b51442 |
| SHA1 | 34cc4e158092083b13d67d6d2bc9e57b798a303b |
| SHA256 | 5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062 |
| SHA512 | 4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | f24259dabe9905bf00eef0374053937b |
| SHA1 | b1949c85cfaeb2b2cdf99b51d3191e4e3bd0dd54 |
| SHA256 | f99a3f408880834ce3c762fb434cea98c87bc6df19b63d509d1093f2295bbc8e |
| SHA512 | fc46db162ba62b46106c7b5c942e2ee186b126deebb8f2e48daf9892620d4b4acaa244fb4b65e1e6f02e06072a8b61d95e49e2ecbfa676cedc361735abb34f01 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\ucrtbase.DLL
| MD5 | 6c2810f92a98551650cb268e68a12441 |
| SHA1 | 0086b73b79da608bfb969d06d72b6cb9fed948f4 |
| SHA256 | 656e7fe89e902f00e5115d23f69ffbd043d923277c5a21149f2c60e0abbb4614 |
| SHA512 | d8ed5fc3c7ca60225f4965bd097b86ea197a111655e5974690f926900ec787a103b62431b113818b1f81f9a576cc970b1b8798d30d89fa4713abdc13ffd291a3 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 2a3da8e1cd09aca0fc13be43848c7695 |
| SHA1 | 72380005fde41e6c6b37db5a46cdb0efc3d6cb08 |
| SHA256 | c3f671d3b41fffa444a33f79c0e65df7ca01e56598e4b2f90e7af18c77b97652 |
| SHA512 | e4b659aa290a6c256799a76890c296e702316094b132b9bc4b393dc6bff7640b7e62de0f05097932291db411dfb871533f7473cc6c55805f69d75562aae6dc44 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | 1f462654c1bbc1ced7e4d8e879732e14 |
| SHA1 | a56a7c4154870db07395d50f4d8d963e4cce92ab |
| SHA256 | b8e6deceacbc5f8e483ad076196df819377d2731e146eb4f48c5a59da9abdd65 |
| SHA512 | 917edfc5cbf3f82708d6cb84a2ad31c41b1b02cf44a921b6934bff614b69d0754115c35aaf4d181085a4b77ebd816fe06cb9def01addc5c68846da0850fe8cce |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-core-file-l1-2-0.dll
| MD5 | 045e4617b49e817007d8a88652af7734 |
| SHA1 | 305026109a1eabf49bf7ae6a233a4a11e2a22580 |
| SHA256 | fd387d4e358e3755db38a618066fb72cd03b17b54d058dbe3dab82065519edc7 |
| SHA512 | 7e21cf4982ce6f4aa52f0281eae101287a850152c70577b456876356201e12983c9d211d04e05d2c81f80a56bc11ab54eaefa7e492e3910af21af14ff10962cc |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | ed3a91953d5ce03d65bd90fa46c1e29d |
| SHA1 | 92cdac4071850ac96759ae77a0b3c5f6bebdc2ef |
| SHA256 | 35ea6ec01e55108182c743b47fed5be381acf295982be87d92b4588ccb71240d |
| SHA512 | edb4539b6081e73bb410668c420d437a0a746fc4aba28f7f15f7a2debc8bf8eb11e03f38957b438bfb95e86652b44c1bdb0162f449146df467ff5e1de281e56d |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-core-synch-l1-2-0.dll
| MD5 | 5a8978023b93c8c369d3696c8251b71d |
| SHA1 | 1ffc61471c2f49a80d5e3f83df2a9010d3c5a1c7 |
| SHA256 | dba254b1446808887d452bcd6c27685462c39dc2f1da181765f0898b4eb1b953 |
| SHA512 | 53ae57280e593d886b609d55c313e2ef208c3f0ce53b5d015f57aaf3cce901a192efe60b24d9e9b5c6e9ef7779c9103a951e813780a53d12a27680965e5b39ad |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-string-l1-1-0.dll
| MD5 | c04f55920b25221f81575231bbb5e4d7 |
| SHA1 | b0a65c6ee855e49a4a1d937572f7aaa7b6d9539a |
| SHA256 | c87e13d8fb07cdf07deb3222270afec1de7fc7e481a9fb22068eee74f2a60685 |
| SHA512 | 2159de09ae92d8a88feb7eb1d0072b928c726fad94a3a72d3523fb15e41a2ad9cb26affdb23cb3d6441fd2b377f29b3df5cd7e0db0ec48871c9dcdaa35a4a000 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 5f158413a85e905b0ceb5aaa1aa35f28 |
| SHA1 | 8807fa016b184ae6e8b66177bf34f1810f5d6095 |
| SHA256 | 93780b67e8ff9dd076cc67c620d1baa7b5518ecb5cf45ecc1dbf92e6bafcf646 |
| SHA512 | e20e433e45ac817f74fca61be03bb9a998adfb2038b50f4476bcb2fcaf0e09236844dc2a9fa4200724d62c646aa9ea5ad315e51fcb4aa9fbf1add1a55a735983 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 2e7fcee0944d063d8528399f22c9b2b7 |
| SHA1 | 05a68b73e778817f52885e6f27800e99125efdca |
| SHA256 | a38f46fe1a1bba3a8c7cc942bac945413c5c0e992ca599f9f09181b7f5645f52 |
| SHA512 | df689de14369d858412b79156acd8e2fcafeb45793eac91f1ce0cba37bcc2e88c53533934647960176c48133c1e5383f406eef859bfb5231f49730acf4320d95 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 2b20bc164f817ffbba1b547857b0da2a |
| SHA1 | c40095898cfe64c6132e81090333317563184c3c |
| SHA256 | a7a4ba2270ae7e5679ff9413d1e53ba706a95bec28c906de378ab4b1a8fbf6e7 |
| SHA512 | a760294cd9b9f3c0c9c0ec4800536df874ef7d3757cad9469da96c293187a9382867f332caf714f91c9059a90a3dda7670b265f3a5e2339b9e12ca05eb373e56 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 735d7e5ae0a53b644482f5e70efeff5d |
| SHA1 | 8e99689cf9d24aa4268a51bd377015e9d9ad7f64 |
| SHA256 | e9d88aa96743aa2ff29ac8d7930ba0c8ebb21372329a1bf5926cce59a4b39f4b |
| SHA512 | 12239d14a634b7cdaa07e39186b674bc905f73c928db5230752407650f274bd401d10487b3ac2c426cc8da708f0ca6fbaffc2a5075e299901961bd205ad7bbd8 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | f966b9ff936d60de02c37b16b9d23e4e |
| SHA1 | 7dffea259d7e5ffdf005900ac9417319acc66f33 |
| SHA256 | 90788cc217e4f5e78ec988061552fcd1c1a3ab61c6df3de132aae606383fbc27 |
| SHA512 | bc27f4871e872d76b89d7f0ba5ed7d7062a04218bdf9a741598bfce82cd788e866d2c20513594726948e1701bfdb17afc2280405b0d994aaa3cd2ebefc1c8cf7 |
\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 59bf6195153eab0d466f501bf8f14f68 |
| SHA1 | e6e156d6c3eed6b4190a266f7374cafac8ad1c07 |
| SHA256 | 28af247eca739d17fd68979b8c5067deaf85d4bf8478f480d00dc0337c06f47c |
| SHA512 | abd4e96c6e1f54e989e3167402188136aca172cd926e9910a456094bcd0fade2f0eaac97887dcd1bdef658d8b6d5606a9a493d6b0687653a0496228cf1907ecd |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libRG.dll
| MD5 | 90c5a4208aa1ac6dafb6189159cd7e10 |
| SHA1 | 7df05caa1dbbfa7d8f65abeaa2d5b3a49ac66032 |
| SHA256 | 17927ae7a1e834dd150c5c26e21f68dfa6404a813dfe1a1c33d0dad446ba3489 |
| SHA512 | e0fba99ac770a15338a6f06c94f99ce948cc9406444799bba7eed2514f122f0062dc330c2e67bd41f0235d526fca232974c9d19b40c9c1c5e0ed01e82494bdbe |
\Users\Admin\AppData\Local\Programs\Network MPluginManager\libI18n.dll
| MD5 | 602aeec43305021dcea0103bfd6167ae |
| SHA1 | 1eef22e0c1a076cf88fbe875974d0dd4d40e4d19 |
| SHA256 | 33e177db21f3f21b7d8cbe0d87e92042f3e45f892491046a26fba1e989e2c38e |
| SHA512 | 921e2b8be67b8180f0c77fb186d03c02ed3f5c3aa492618a399de3f72113161d131d081d0a34dd9ae8dc1b1218601154bf4281e5511679683389f151399a6165 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libglog.dll
| MD5 | dcda1583d25968da25b1d1bf91169680 |
| SHA1 | 10681c51922cfd06a088c6a6c75cd186f9c8d9d1 |
| SHA256 | 84a73bc173a30b2d174a66637bd075bd2c01e48e4fd97ed032dcafb2c8c0dea3 |
| SHA512 | 3df130f1a7a82f8401f7e7ec9d56b65f453ecd4cc525fe4aa196e090356951fc00fdcf9a99e776b2cde2b3ca9276af7db270bb2db4ff1b6cf3f63b648f7dca76 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\groceryc.dll
| MD5 | 5bde978a0febd4a59de0e6b835180389 |
| SHA1 | 1c522ff3fa433a2302bfa6538c4460ce04833ee6 |
| SHA256 | 74c9d82bebeaaecb50001ff0b1ee6ea129fc9de3c6a673d29d3e12615b75b3c0 |
| SHA512 | aa598c8c1a0f701c22fe38f53693e5f6c4ff855f66fd568ddfcb5f46cef058773038f947236d21442575c63e77987127f7fdb1fe2b7223109c25fd0411220318 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | e92ba8ab3be45a5fa0b0439966583d8b |
| SHA1 | 88ec890850a4d531476151ddabb6f6def5d87273 |
| SHA256 | f65bb318be803581780fed95f57d0fd7b5c1b0e070e0062a8d06e4e5dde4c9ee |
| SHA512 | 4a5d11dfb7ed1c95eb2b839c9a094f7a8cd32e78d3af9f1eefe52857d9b17cc69649638b8afd8ae581518cf9b223c352ccdf84a46990ac56b57577502a9035dc |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Module.View.dll
| MD5 | 74bc438e41c723c1389ee2484e0359c7 |
| SHA1 | 927bb7bcb50965a896757a28744887eade204337 |
| SHA256 | 6b1002b04d0334d6afcf28147918df5f284c016da605bdc36f4f2c5806950316 |
| SHA512 | 55d03871b1fc7afa9d35df978ed968be603b10754b43f3e4aa8cf89b989549e7114f183cad10b242e3ab27f85f10b8cd91207364f170c02cc8e94d24c6e6caab |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libdrive.dll
| MD5 | 1406431ed0927c24bc87045547cb7892 |
| SHA1 | 68e0710011ea9948a7a72f5bbac3a2732953f4a2 |
| SHA256 | 2a2b4cd5722f251c56ae5b7ac7671bb423b229ee30089e8723bd942aed0bf36e |
| SHA512 | 3bb4eeaf6b1181a68d9ba2351ca3212fe99d49af8d99ab7dd3e1dcf0bcfac6caa9de1828644127cea694cd66cf862eb339c705fe56a378ea625f88775961f5f8 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libxml2-2.dll
| MD5 | 72b58be0b56aa0f7bbfdfddd2554b06f |
| SHA1 | c4519063ee6cbbb8feb6c846949b1c5c81da26ba |
| SHA256 | f52724ae696b5c9e2586fd41047e6ac56541efdfc157a33ba20ad5826234bf53 |
| SHA512 | 640b747ebe5efa39ec05558a75b418bf1c60de9f503698b2e8a68afb5bfb2dc890943d13bfa3cd6366c7f9d7e293c9aa9b783c00e313aa27f6e15065937628c1 |
\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 32abf928ec4678c2bd68a894da7de229 |
| SHA1 | eccc5e68ecf49a8bc448b88a6a8887a570ce47d4 |
| SHA256 | ae60603ed90d3ce024a9c05bdac449abb34ba43251241a27298f4a717a27c249 |
| SHA512 | 0e71ba1249f65e05461c3e416876502104dc302131312d44151ebde2d95df9433b6faeea3ca0e1afe5831172d59eaf3f348735609894e5ecec3f8d31d199ab2b |
\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 281399c6a7ca9c52c6b20c78938ec2d3 |
| SHA1 | 5e76793588075edaeedab8d30297d9a8031c74b5 |
| SHA256 | 58e0f4ae04529a03bc5a453cdb891fcdaf82e4d7ec2757b3f88f5f967407fc94 |
| SHA512 | 459fe7cb8433fa23dc765894b78c1e2fd007ac3ed659d6f4fc9191a589e349107f7c4c03718e34c9a9231324fdcd970fae75e2772c153a97001933869628a7e6 |
\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | 6521cf7e6a66c747726fd09e51a1f92d |
| SHA1 | b89168c27063a2b4f81c69df4ce23f144b55bcc4 |
| SHA256 | dc8ae6136313ed0ee26aed6e9d3a192413d62e12c7c568fae5a7abb784ca4c72 |
| SHA512 | 03a63ed3c2e0be3e1e918eb01e5fb722be06d8e32179782ed3f7106048f522426bda045cd3ae605a066403bded2621923a8c33d075bf8e11b58c432a69481ac2 |
\Users\Admin\AppData\Local\Programs\Network MPluginManager\api-ms-win-core-file-l2-1-0.dll
| MD5 | adfc5bebc4a2c52023f47a1e548b0cc9 |
| SHA1 | a2562ef8534b1448409adfa6c5d7e283ad005a70 |
| SHA256 | 7de5743f68d9bd6cff0fb8021c22d4069e2e993d97735db0ef65756ff915f39c |
| SHA512 | 89665104bd17f9020a871215f03acd40294302e933e503ad22b208ec7c96dddcf5f7b1ae1aa2c3d83fbd608d525d36ff2f7ee86762e44e441153124da352a278 |
memory/1996-316-0x0000000073CF0000-0x0000000073D6B000-memory.dmp
\Users\Admin\AppData\Local\Programs\Network MPluginManager\vcruntime140.dll
| MD5 | a37ee36b536409056a86f50e67777dd7 |
| SHA1 | 1cafa159292aa736fc595fc04e16325b27cd6750 |
| SHA256 | 8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825 |
| SHA512 | 3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356 |
memory/1996-317-0x0000000003BE0000-0x0000000003D39000-memory.dmp
memory/1996-325-0x0000000003BE0000-0x0000000003D39000-memory.dmp
memory/1996-324-0x0000000003BE0000-0x0000000003D39000-memory.dmp
memory/1996-332-0x0000000062480000-0x00000000624A5000-memory.dmp
memory/1996-331-0x0000000062E80000-0x0000000062EA2000-memory.dmp
memory/1996-336-0x0000000074120000-0x00000000741A4000-memory.dmp
memory/1996-335-0x0000000073EA0000-0x00000000740F8000-memory.dmp
memory/1996-333-0x0000000070F40000-0x00000000712A4000-memory.dmp
memory/1996-334-0x00000000743D0000-0x00000000744F1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 487b84b4088dc971299f14085801c2bc |
| SHA1 | a608851199a63f33bb9fa942d5614ca4b58cf9cb |
| SHA256 | 2eb9976d5be0acbc9521ba301302590ef3bbd595c7e313f4802528280df4c12b |
| SHA512 | 1345c626534fdfdaf6942a6083d755c2edad2aecd8d91814817652e63c1eda02619d37d873ed6917ca8b4ef6c9f88ded83c1d497466c28d9bad577caf25c0f20 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js
| MD5 | 8921cb82f992fb76f8ddff38b07bf5d0 |
| SHA1 | 685dfdfb18329bf719caf8b48e6b2404135d56fb |
| SHA256 | 4d59c4eb32d890076c6db47f285fc641b2b34e0bfdd1e75f75368c26bf7072c5 |
| SHA512 | b6c6adf7fd4f6651a7fb47c7847273ec1bac1c65f815b682a030a5b43cc97561e247b7dc1f2442bfdecd98b4bbf151a6e2d4e79995421fb1b0fd63d02a144460 |
memory/1996-363-0x0000000003BE0000-0x0000000003D39000-memory.dmp
memory/1996-367-0x0000000003BE0000-0x0000000003D39000-memory.dmp
memory/1996-370-0x0000000003BE0000-0x0000000003D39000-memory.dmp
memory/1996-374-0x0000000007BC0000-0x0000000007C40000-memory.dmp
memory/1996-373-0x0000000003EE0000-0x0000000003F6E000-memory.dmp
memory/1996-376-0x0000000007BC0000-0x0000000007C40000-memory.dmp
memory/1996-372-0x0000000003BE0000-0x0000000003D39000-memory.dmp
memory/1996-381-0x0000000007BC0000-0x0000000007C40000-memory.dmp
memory/1996-382-0x0000000007BC0000-0x0000000007C40000-memory.dmp
memory/1996-378-0x0000000007BC0000-0x0000000007C40000-memory.dmp
memory/1996-369-0x0000000003BE0000-0x0000000003D39000-memory.dmp
memory/1996-383-0x0000000007BC0000-0x0000000007C40000-memory.dmp
memory/1996-384-0x0000000007BC0000-0x0000000007C40000-memory.dmp
memory/1996-385-0x0000000007BC0000-0x0000000007C40000-memory.dmp
memory/1996-394-0x0000000007BC0000-0x0000000007C40000-memory.dmp
memory/1996-395-0x0000000007BC0000-0x0000000007C40000-memory.dmp
C:\ProgramData\remcos\logs.dat
| MD5 | dff1bdc90993f369c971f1f853560995 |
| SHA1 | e69392f25947ae6643c5793782e8fd6cc096f077 |
| SHA256 | b4db878e1190c3126a95fc79b42d9885eeb6fdf074ebfc37601cd5df8b4cad86 |
| SHA512 | e2662ad5d20f7a64f6b193c9e307455b9dce37984cafd388a48c92b42264a991b680730fab8da91616b76ad4ccc393a0e9fd258bf78d76bdbe861d7f623c3cfe |
memory/1996-452-0x0000000073CF0000-0x0000000073D6B000-memory.dmp
C:\ProgramData\remcos\logs.dat
| MD5 | 8e46032c75196fc6459d6f5e720fd585 |
| SHA1 | c89b2894b5427f37881457b278a01ca9e151a548 |
| SHA256 | 2d6bc6bdcf5fd17e8da3c644f2eb84c27317d512d959a1abd87af5c12f219898 |
| SHA512 | 2ead16c91d547b7d51f4299e35b90e651499ff1bb1631ce825fafd4aca079ff2c875dc97d5ea1da691d9ee213dc644c61673225fbfb5aea2c452135685b46882 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 67068677ec3385375b2defe4b0795885 |
| SHA1 | 8270060033eebc1a668e5b546fb1c59e8c06f950 |
| SHA256 | 60f0f0ac58d8f9f22529adea5dd502da7a6b622bc7cba83e0c20e7888fc05947 |
| SHA512 | a9bf3bf094a8fa006f9ab8a564e2b7cfcdaef878673896af3d7aa349ed825609b8ffd82ecccf295e223472130b083f0ac5c01e6b2953d77f00ee9693150efe77 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-16 13:57
Reported
2024-08-16 14:02
Platform
win10v2004-20240802-en
Max time kernel
298s
Max time network
292s
Command Line
Signatures
Remcos
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Active RPC Converter Suite = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Network MPluginManager\\Coolmuster PDF Image Extractor.exe" | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\SourceHash{4A194FDC-5FC7-428C-83CA-BC4A750D530B} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIC071.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57b9bd.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57b9bb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57b9bb.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
Loads dropped DLL
Event Triggered Execution: Installer Packages
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000e7a671f193ce7b7c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000e7a671f10000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900e7a671f1000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1de7a671f1000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000e7a671f100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\vssvc.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\srtasks.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\NetworkIsooProSetup.msi
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69839079-deeb-4e97-b54b-0005155ebce6} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd34791f-303c-4531-8112-eab4f5edbda2} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 3020 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8768ae19-b85a-4e52-9c57-c4a12bf2e4f6} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3580 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75a8e785-2bd4-49b2-ba89-f591496de61a} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4268 -prefMapHandle 4260 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79cdd51f-5ebc-436c-a670-06d6c550f8b7} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5288 -childID 3 -isForBrowser -prefsHandle 5284 -prefMapHandle 5280 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2bfe31f-ce71-4e6d-be8d-68ec8488fabd} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 4 -isForBrowser -prefsHandle 5524 -prefMapHandle 5520 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dc05591-d0c6-471e-b182-5b6aeecff93f} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5644 -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5720 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54bd565d-3dfd-4e2a-89fc-191e8709a596} 3256 "\\.\pipe\gecko-crash-server-pipe.3256" tab
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe
"C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 47.249.226.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:63192 | tcp | |
| N/A | 127.0.0.1:63200 | tcp | |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | 73.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r5---sn-4g5ednsk.gvt1.com | udp |
| DE | 173.194.188.234:443 | r5---sn-4g5ednsk.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5ednsk.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5ednsk.gvt1.com | udp |
| DE | 173.194.188.234:443 | r5.sn-4g5ednsk.gvt1.com | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.188.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| DE | 45.133.74.183:2404 | tcp | |
| US | 8.8.8.8:53 | 183.74.133.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geoplugin.net | udp |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| US | 8.8.8.8:53 | 50.33.237.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| IE | 52.111.236.23:443 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tcp | |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | ae707fe59ea0a0ad13b4d267116f81f6 |
| SHA1 | 1953dd516650a261838cd25f425537afce574a84 |
| SHA256 | 65d6d727fcf0433b720b5c4b2a2a17a4667de2e0ea3fa554511591cbcca15c1e |
| SHA512 | 3ce21e4bec8f87521dfba67f8ba3ae6b4687312957305622d1855660bb1dd4ee8e253b6d641a40eb013eed4efa6a4c8f4de9d8cbe80583133b490c7bd4f161a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\853f0ae6-c1a5-40d4-8f6b-f2614e5c363a
| MD5 | b25ca3cc3300649a124ccc6477bde714 |
| SHA1 | d593fdaf567698bbf4a5f1278064c34dd752d202 |
| SHA256 | 5b74e8160a2dca1d815ab096af3df6db23025346b573c319259e020c1bdfb290 |
| SHA512 | 9287acbc26508047f4132151824edd54c42fb625c38d9c462af0a7eb20b4b86a6b57ae9d0a1668e5b427aaa5bc0fc02b6e0597f718365645624c77f03cc44525 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\95eacbc1-4987-41e8-8bcb-3938ac40a524
| MD5 | 291c1a14909269f6bb2af6a1c4c093ee |
| SHA1 | 18e47b22ae920ecbf4421a429e9088f0fed64dc7 |
| SHA256 | a84d0111b869e8e1e303e6a896a3abaf0ad200188797d61c8b1474942438761e |
| SHA512 | 046bde472500187e15f5249c7cddcd39f0b68e1e6e2e272bf2d9ec68852db7bb346913f54c67596ffa01af2eaec95b81b563d79cab851751c36f2e2cfcf87c81 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | d38d8df416cb09324d9d88133d3e7c89 |
| SHA1 | 915e115f0f5590df658bd56864164d489c4a1cfb |
| SHA256 | bb091d5aa78cab66c564d9b7656617dca11ec1ca703a13231cc8a69e56290b43 |
| SHA512 | 70f7aa64ee978cd718b6a5d0b10dc3e7d03b61712d950f673aae73791406d5349c5aa3e15cb29a06adc5f8e036b7ae91dc46e553f86422a32b75eba0ec3c6e45 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\db088d69-6e3d-421c-9b90-61cc26ecd619
| MD5 | 7cce6fabc1f4df2228cc42a6d8f0104e |
| SHA1 | e728a46066a8c31ae1d906b4773cbe1b9d921821 |
| SHA256 | 84594a8d539924f5af71cf161acb27e4a8ef23dae5581ce357d6261a98d53701 |
| SHA512 | b65e97cadb3f5d0cb8808770d8c5b1e917697996d5ca7f0c5961cef9057abe8c6ce9ddf6e71137b37abee13794fe01a87ab9af9c763f64d848faab4e39f260da |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 5a1e57134795a9f875f07f8bebb04194 |
| SHA1 | cc1fe018a03b2092b17fde778febb1c3eb9a2887 |
| SHA256 | 5220eef80b99df232ef984ce4a17a6365eddeff24d29056094c1bdb975500a55 |
| SHA512 | 2dc3445431760be2ff05387cb424bfeee21587359326227677ed34f2ba820da53958cf7c24be1b34e064363a54e41d3dbdfd2a8e94c116121215a2e993c580ca |
\??\Volume{f171a6e7-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{d1c24a9e-02ef-4c01-a446-2a9fdd7b8428}_OnDiskSnapshotProp
| MD5 | 3053e111794f5a9b04243d6bb6b2db89 |
| SHA1 | 6b1332af4e04f051b88cdb9ec00408f913cb4f19 |
| SHA256 | 68407d8ae26023fa29bd863983e2d46be9571b3a096eff86d5853dd5dadd5ad4 |
| SHA512 | de77f6f33351e4698cb2fa5defacb19aeae15807a0794005cccb6a5f615e12cc88b808b8bd94321bc7428e13813a130306a58c13cd56271efcad0737a1aa5b7e |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | 0979e08fb4dcf4eb5b6a5bb3c80e6762 |
| SHA1 | a280febe73015129200517a899a9932a1139ec25 |
| SHA256 | a321a4067f388e5bb78f7782afc4aaffa2a034d079d300b6ce58769e6004f792 |
| SHA512 | 334b43239e3354f6eeb71767a5e8d88eec9389eda020fb38eb0475dfbe04b46ae7e1394963814ec73f5371e2c89657f02a0a55bdcb9e739ff5edc808afe142d4 |
C:\Config.Msi\e57b9bc.rbs
| MD5 | daa22a79aef75e0ffb40cda52f46bc2f |
| SHA1 | 4406326dd7f669d1ad4db18e8c403a0b755bbe72 |
| SHA256 | ae19632d865b7af5cdce8141d0c10d663309610f6f7cd14c0a9d9ddabb269c08 |
| SHA512 | 3cadbb8423ffc1a185262e74171ab6769bc62240dbe426bb658eab2cfd7b988cc51e0ccbd9d8ba7a45bf39e2a4a0fd9de5db82cf0bde5bef6e9a807a6d17f6f1 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Coolmuster PDF Image Extractor.exe
| MD5 | e11235cb041e3ae98cb17d746b45cb66 |
| SHA1 | fcaa4feab36f28bd38e71ee762cc499f731d3d47 |
| SHA256 | c7030fb23fd25fc99c39457618a3afd2b27b381d7b833d4662995493d85deaf4 |
| SHA512 | 08da0141966050864a404c413f51fada820489872da15ddff1ef8273211deab106bf912105076f24e801b88276db772cb8f8f15201b83ef35e069d0a4de63db4 |
C:\Windows\Installer\e57b9bb.msi
| MD5 | 4fff2618d8f4f571bd0fed70db95a6a2 |
| SHA1 | 0c2dc8df585ef1fb3d963820d4b9a5c5a41ad0f6 |
| SHA256 | d7816ba6ddda0c4e833d9bba85864de6b1bd289246fcedae84b8a6581db3f5b6 |
| SHA512 | b05a8627f52943f5b1beacfdbc45c49c9cc70c9a12e8a165b8587d6a7bab18edf1bb7d90231c404a4be7c0c7b73856056a5d11d642eefd83a8d2cf236636dfc8 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libBasic.dll
| MD5 | 4dc44d5151384fa688d01dff77e7bf97 |
| SHA1 | e538146be27b44ad54fd857a17c518ea7096a22e |
| SHA256 | f490db01d8a604117856ff993726456b6d3aa087b017c8cbc5ed1b917cd4df57 |
| SHA512 | 56933d16050765e0262bd38bc96ee9a71de4ac28c6748ad908c08955fc5463feed5966481176354570404923cfc3fc699a3d93e0470807a26613ba3ac6ad5f32 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libUpdate.dll
| MD5 | 8254b2b4065959e64aca2c91c2fccea7 |
| SHA1 | 483591ed9e282c6c6726d0da557fa783ed9a798c |
| SHA256 | be195001a8b43dda8f6193623133e51d378e08094e5ab8f29174a35299eb4e57 |
| SHA512 | 4c1777d500cc7198e155142a9322e26a4dc7b392e21948f94a2aaf64beb1b02d3643b7aaef3f6af1bb33d324cd571fd06c3fbc672abb577cad3fd0f10fbee529 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libssl-1_1.dll
| MD5 | 55694c901f906b6234a0b89a27f0f508 |
| SHA1 | 5ba83e0bac11f952c05b85ef731b8aa3c2b1cc2f |
| SHA256 | a384deb5f6c8517852b0fa4832a373c37881855faf1ffce5b7b49ea866371393 |
| SHA512 | bf37592206fcebb6a2bdec9b57377456b0dfd56678c51c3d6f81f06f103546966a3f569390522a48917bd461dfa3404d3cce870d0db9e98a89c98d4c9653a276 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libcrypto-1_1.dll
| MD5 | f2aa84d12fcc64349f96df7ef5f6d063 |
| SHA1 | eddf2f6d54cb86b4251be168080f5e4acd4acc0a |
| SHA256 | 1a4ef4224d094e512cf7a21eb7ade8a36c0028aebbdf292f34ea6fe752793cd0 |
| SHA512 | e6ace721d6d570db247774d0d78e1f8226a1977a7e1f3ce892e58dca6556ea7324c42507de9d3ba8e7e55ca22d7329f2f91e93b4c735fd0c63fb80b319ab26e8 |
memory/6084-415-0x0000000073F10000-0x0000000073F8B000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\ImageUtility.dll
| MD5 | b3dd45104ad801bc9186c2bf5c44beaf |
| SHA1 | 6849399a9910412f4726779188dd855e17b786d3 |
| SHA256 | 1e1526e44f06f2d3f2518e4f81f3ae08eceb48a8c5fb361f9eb4489798bd62a0 |
| SHA512 | a0a1e645ef27317e692ea99124dcfd426907ced0918c0e6576f5a90594fd0df2ec338805981a972e533ea20c4d893e3a8420ddc9665a18298580f5e5e21029b9 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\containers\temp.wav
| MD5 | b2bee4ca7c5919a4dcd783301aab69f1 |
| SHA1 | e408168d5a3f7da81a3b3a235a0d9f25976a7fe3 |
| SHA256 | ae6688f5cbd92c00035cc9858743c11326a3024c5b733d3795fa052e15f1474b |
| SHA512 | ca4589482a2a5cd64525e7ab30dc6e21a7448d176f311e9f9874bdd3054e101c51d210e96d7caeedf07848823a1bb1acea9eb3a787901d3281c2f38e59e5f493 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Unrar.dll
| MD5 | 2f1c4f707f985ebf08d469e2bccef1b9 |
| SHA1 | b5a4abbceef05dae8ac53772f7f2237a7b0e2e7a |
| SHA256 | 0982b342033c4715024d6baf4c9b8ec11354e68913684e9ddd1b9730dbf3693d |
| SHA512 | 6cba2ef7f30a311faf87dab40c81824369bacc423a20351b03b23b9a6300606bb6b9758ce9de98f492dccacb3053d6948f60cc73f762e6cf9be479e8c8411d15 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libdrive.dll
| MD5 | 1406431ed0927c24bc87045547cb7892 |
| SHA1 | 68e0710011ea9948a7a72f5bbac3a2732953f4a2 |
| SHA256 | 2a2b4cd5722f251c56ae5b7ac7671bb423b229ee30089e8723bd942aed0bf36e |
| SHA512 | 3bb4eeaf6b1181a68d9ba2351ca3212fe99d49af8d99ab7dd3e1dcf0bcfac6caa9de1828644127cea694cd66cf862eb339c705fe56a378ea625f88775961f5f8 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libcurl.dll
| MD5 | 5e4d6ce410e2c156c293162cef078fca |
| SHA1 | 19e8f2046683a71cdaf907120ce4c95f5339faf3 |
| SHA256 | 6e158f098213773ee2ab91c1f02ab39fbe2896947c9dfcf762aee10662a8bcd8 |
| SHA512 | 076824cc390a7ede124f6acbbf407ed7caed0cf15e5b827f0b622fc93b851eaaa3f8a1d6f2f701ccb2078b7b8a28d2383de7b71de6f560b628049394dfc29ea9 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libxml2-2.dll
| MD5 | 72b58be0b56aa0f7bbfdfddd2554b06f |
| SHA1 | c4519063ee6cbbb8feb6c846949b1c5c81da26ba |
| SHA256 | f52724ae696b5c9e2586fd41047e6ac56541efdfc157a33ba20ad5826234bf53 |
| SHA512 | 640b747ebe5efa39ec05558a75b418bf1c60de9f503698b2e8a68afb5bfb2dc890943d13bfa3cd6366c7f9d7e293c9aa9b783c00e313aa27f6e15065937628c1 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libexpat.dll
| MD5 | 8b650e64ca112a000f95eb16d698e151 |
| SHA1 | 7b6533950068eeb9aa96ebab55e524c48732b70c |
| SHA256 | cd4f37c1c978f6c7b38ae44b25f0c1dbe40f1b6cf626a08947d5808d7e34a086 |
| SHA512 | e3d9c1c0e21631697fa7bca5a76467647863430283d855a860a16f87ee9273a1bc37b9a6e5fa16e1a9ed47058738603ba12dc7276278799d1b657aa504597701 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\vcruntime140.dll
| MD5 | a37ee36b536409056a86f50e67777dd7 |
| SHA1 | 1cafa159292aa736fc595fc04e16325b27cd6750 |
| SHA256 | 8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825 |
| SHA512 | 3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Module.Helper.dll
| MD5 | 500296c19761254e94039c5e947fd4c1 |
| SHA1 | 75bd8b2f53c7af89eacd8f82561345de7f903fea |
| SHA256 | ccaf204af80f66a2254cfc8d37b4665fd158ca51ac60febef89af3683f2a65f5 |
| SHA512 | 341a227809f788f5905d90297743130d616f98bf93e50b53e27953a0227b20929146af50bb3afaed227356c1f55cac381f9cf8c15f35849dbc4a9ad01f11753e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js
| MD5 | 6a1e53f83519f32a37c579c6c1eec5f8 |
| SHA1 | 8539c0216deaa37f2055ff363c9d09cce0407cfc |
| SHA256 | 87c5088484a0d2e2726f420e92ad0ce1405ffc7d803922f7ba5b4903b264b37b |
| SHA512 | 3c2e2cf181d068aed5338632900a3378aa170226294258c005ec64815c649db773b51365b5d7df93b63ad33f0cbd06c8710f26560a77f3afdaa9a1105845922d |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Module.View.dll
| MD5 | 74bc438e41c723c1389ee2484e0359c7 |
| SHA1 | 927bb7bcb50965a896757a28744887eade204337 |
| SHA256 | 6b1002b04d0334d6afcf28147918df5f284c016da605bdc36f4f2c5806950316 |
| SHA512 | 55d03871b1fc7afa9d35df978ed968be603b10754b43f3e4aa8cf89b989549e7114f183cad10b242e3ab27f85f10b8cd91207364f170c02cc8e94d24c6e6caab |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\groceryc.dll
| MD5 | 5bde978a0febd4a59de0e6b835180389 |
| SHA1 | 1c522ff3fa433a2302bfa6538c4460ce04833ee6 |
| SHA256 | 74c9d82bebeaaecb50001ff0b1ee6ea129fc9de3c6a673d29d3e12615b75b3c0 |
| SHA512 | aa598c8c1a0f701c22fe38f53693e5f6c4ff855f66fd568ddfcb5f46cef058773038f947236d21442575c63e77987127f7fdb1fe2b7223109c25fd0411220318 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libglog.dll
| MD5 | dcda1583d25968da25b1d1bf91169680 |
| SHA1 | 10681c51922cfd06a088c6a6c75cd186f9c8d9d1 |
| SHA256 | 84a73bc173a30b2d174a66637bd075bd2c01e48e4fd97ed032dcafb2c8c0dea3 |
| SHA512 | 3df130f1a7a82f8401f7e7ec9d56b65f453ecd4cc525fe4aa196e090356951fc00fdcf9a99e776b2cde2b3ca9276af7db270bb2db4ff1b6cf3f63b648f7dca76 |
memory/6084-424-0x0000000005BB0000-0x0000000005D09000-memory.dmp
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libI18n.dll
| MD5 | 602aeec43305021dcea0103bfd6167ae |
| SHA1 | 1eef22e0c1a076cf88fbe875974d0dd4d40e4d19 |
| SHA256 | 33e177db21f3f21b7d8cbe0d87e92042f3e45f892491046a26fba1e989e2c38e |
| SHA512 | 921e2b8be67b8180f0c77fb186d03c02ed3f5c3aa492618a399de3f72113161d131d081d0a34dd9ae8dc1b1218601154bf4281e5511679683389f151399a6165 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\libRG.dll
| MD5 | 90c5a4208aa1ac6dafb6189159cd7e10 |
| SHA1 | 7df05caa1dbbfa7d8f65abeaa2d5b3a49ac66032 |
| SHA256 | 17927ae7a1e834dd150c5c26e21f68dfa6404a813dfe1a1c33d0dad446ba3489 |
| SHA512 | e0fba99ac770a15338a6f06c94f99ce948cc9406444799bba7eed2514f122f0062dc330c2e67bd41f0235d526fca232974c9d19b40c9c1c5e0ed01e82494bdbe |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\msvcp140.dll
| MD5 | 5ff1fca37c466d6723ec67be93b51442 |
| SHA1 | 34cc4e158092083b13d67d6d2bc9e57b798a303b |
| SHA256 | 5136a49a682ac8d7f1ce71b211de8688fce42ed57210af087a8e2dbc8a934062 |
| SHA512 | 4802ef62630c521d83a1d333969593fb00c9b38f82b4d07f70fbd21f495fea9b3f67676064573d2c71c42bc6f701992989742213501b16087bb6110e337c7546 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\zlib1.dll
| MD5 | 13cd5ab2da5a98f5f76aa6f987187461 |
| SHA1 | dd2d54668258b989cc500c132d9a686babe67fa5 |
| SHA256 | 3310ca85f0cb26e07bb3d8e1168c49e572a7c50762fa8140768663a5df9823e9 |
| SHA512 | c1c0c11b9804e6d25c8b1c74a09bfd3133255fe47ab9515cde124ec73231205b11d0536a66fccc9379dd84a33bb589cc78f867ef423ff30067363fdee7d605ca |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\pthreadGC2.dll
| MD5 | 72c1ff7f3c7474850b11fc962ee1620c |
| SHA1 | b94f73a1ce848d18b38274c96e863df0636f48a7 |
| SHA256 | 3b159da9dad9afd4bd28b5b1a53dc502a2487068055ed8c30136a76cd6924890 |
| SHA512 | 1ed4b3c34dd0033ec2aa05bdacaa45041d9cd5880fdb5530ca033308ab349c09d4811bb276bbdf51a3040b7a337f9a5d33796924550962a56058203799c5bd53 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\license_En.txt
| MD5 | 707cbbb07cc3d4a379391a04a0c8e477 |
| SHA1 | 35dec34bd8189cdc1640e38413fb312936148242 |
| SHA256 | edb62536c5c814b5c66977e8cd08316f4596f6c5acc11c195a697831ed7f42a2 |
| SHA512 | ead93bdf25f806cf8a9630e1728a1d87917bc071cbc27131546619fda45562684c658ca4d1b693d5b528c98915995d7b43af6909c39cfb23e7d9ad8414720dfe |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\curl-ca-bundle.crt
| MD5 | e48e896b4c1d16f92885e580fb2a3d08 |
| SHA1 | 42272157c20f4e00a1a3797dbf7db44fa0eeb478 |
| SHA256 | 313d562594ebd07846ad6b840dd18993f22e0f8b3f275d9aacfae118f4f00fb7 |
| SHA512 | d4e6573b3bbd6c5c63c5e77ffa79b05171f59c27c0ed458ebb00b42fef300dd17e42df2c91fa8da44cc37420785ce5a4bb083487ba66d3cac9d858b129fd3745 |
C:\Users\Admin\AppData\Local\Programs\Network MPluginManager\Error.raw
| MD5 | 1cc5ef6614632b8d91bebf248c891c25 |
| SHA1 | 1b60f75ebe6d03d3d589a15758ab5aa7f430c1b0 |
| SHA256 | 05d59eb6a94e12226dc71d0b3700a69318066841485bcdc92879967db7d7d2f8 |
| SHA512 | d4a333413ad69813b5fbe3fa3270e9156cea5a01f84c98b2cad8546ceb19631281ee643c67a7a11efdf1d24d1132e806365e3c83b0968099ff301eff59249752 |
memory/6084-432-0x0000000005BB0000-0x0000000005D09000-memory.dmp
memory/6084-434-0x0000000005BB0000-0x0000000005D09000-memory.dmp
memory/6084-452-0x0000000062E80000-0x0000000062EA2000-memory.dmp
memory/6084-451-0x0000000062480000-0x00000000624A5000-memory.dmp
memory/6084-455-0x0000000074740000-0x0000000074998000-memory.dmp
memory/6084-456-0x00000000746B0000-0x0000000074734000-memory.dmp
memory/6084-453-0x0000000070F40000-0x00000000712A4000-memory.dmp
memory/6084-454-0x00000000750F0000-0x0000000075211000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c0d65d9b86d89ea0025d9dc9b24fd32f |
| SHA1 | 1b19e5b6e757e4e0c58b6c8408665f22ffee2403 |
| SHA256 | c0e4ee46dd7526ace7447b79bb3c8fd7d4dbc5ab3b459d0954f1e87cfc6f2c2b |
| SHA512 | 4cd925e95923f1831a78dd2e112682ba6d0e53a70131da56637162a0918529def388bfbdb8015b74bf0e14c997b762f6bdd384d0b979ad3a34f86368494bc5ad |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
| MD5 | e87fa7c2c69c3efb84abcec4f8d81b94 |
| SHA1 | d5f0a5833edd48d005b270f70bfb47638c58af0c |
| SHA256 | d7c75744bb137e3070ef029d4003e4882d14aa8470149546b69bcf66ae88c353 |
| SHA512 | e8023963c8dfe21c432b980e456b6ffc14d0179c1573e04b565eeffe44a11af6937c3a7e301d34cf06d75fdeb92e6829f0fd9224e2c951ed13e0d701ba30d006 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js
| MD5 | 64657ca8c4bbf213e53eb021bcf4379e |
| SHA1 | 434e843c18215cb467425e11cfb9efb33ebeadab |
| SHA256 | 01a0f53abe0ebabc1c654a120ce690ccc0e1ac77626d6b1a741f0ae44ea1b085 |
| SHA512 | f366d2f5e19ad29c0caae87de27b3d7cbe95dc3918914d37e8070ef7a0ba354f970eb90caf4f8761aeed87a2d7271ad044c3198047ed638ecdcd12da92fe3653 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 069c9a49e68484c01f49e127b91b27a7 |
| SHA1 | ffb0045c4f7e43d499233f395571b858ee1dcc32 |
| SHA256 | 923b8a8dbb134acce8bd5d3170fd35bc388094c44fce354923e765672fefaa83 |
| SHA512 | 9711beb0b9000cb56afc0e9a695be93e58c209c7e7fa4799708439f8f34533e5a9d1872d4a469748dc025a1381541b56c7ee4d9c1812038b6359916615ddbdad |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin
| MD5 | 211f5f8243144e67e8076375c752dff7 |
| SHA1 | 48dd29294990bb970f309ebd79b550efe774cfb0 |
| SHA256 | 47fb92dbdecba0498c9ece0b43b0dbfd4371cfb332b5e2c649c5fa9d0e80ba36 |
| SHA512 | 01c2b49b2bc42e281dbd8e6cb6fd04f916279c6984862965c1af5dab7f01236c82214b27e2b707eff2b8ff59730a5b0eadbb2e41ed1e27cc5af50fd268fb5f4b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | c7ca990c14a832a255b91928c0010dcc |
| SHA1 | 37bdce843e8acce7718d2ebadd3c781dfdd33e72 |
| SHA256 | 6f4bb1385e9a56ef20302f1af3e8f3eb158eba6e4170deadf11edc3750549bac |
| SHA512 | 9c86d8deaff7bad2108cd946ec20d29186fde4f21d7051b01b1a5da9ec3ea7aac521639db2223923db9da1453d0e61680c557075a202126b61e6ffb90923a6ae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | adf1f39ff9ce91637e55155f5b512036 |
| SHA1 | 30258950914ec6b461a40ca9e10aee3d9b881953 |
| SHA256 | 44200a423eeccf75a9de87254902e655459f7a4109990c3d82164dd6c78a0b13 |
| SHA512 | fe6b1fea6263dfd501e4d47b605da7d4db5fd2b44e0de6f025cc0df603b3bf6487976ac2fadb4a750942ff96b31b37dc4c334c18cd9f00b00dd1ef7e0c04e497 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js
| MD5 | 45252097ec678d2af7ab7f7133018c72 |
| SHA1 | 4553e9f564135b457ab0b33da39832195ed17672 |
| SHA256 | d9ccaf785d7b95934334a141ca4c9b48a17695a6ae5d8886daf69169f3a24a74 |
| SHA512 | da67642459f1ea6d425ff21b8d33ff543b1e4c3c97b24e008691b67ca746963bfccc71241ab212e1c9e82a6e31167b1e108c03648194c1ea4232809711068888 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
memory/6084-1648-0x0000000005BB0000-0x0000000005D09000-memory.dmp
memory/6084-1665-0x0000000005BB0000-0x0000000005D09000-memory.dmp
memory/6084-1668-0x0000000006BD0000-0x0000000006C50000-memory.dmp
memory/6084-1667-0x0000000005BB0000-0x0000000005D09000-memory.dmp
memory/6084-1681-0x0000000006BD0000-0x0000000006C50000-memory.dmp
memory/6084-1680-0x0000000006BD0000-0x0000000006C50000-memory.dmp
memory/6084-1676-0x0000000006BD0000-0x0000000006C50000-memory.dmp
memory/6084-1666-0x0000000006BD0000-0x0000000006C50000-memory.dmp
memory/6084-1662-0x0000000005BB0000-0x0000000005D09000-memory.dmp
memory/6084-1658-0x0000000005BB0000-0x0000000005D09000-memory.dmp
memory/6084-1661-0x0000000006E70000-0x0000000006EF1000-memory.dmp
memory/6084-1822-0x0000000006BD0000-0x0000000006C50000-memory.dmp
memory/6084-1823-0x0000000006BD0000-0x0000000006C50000-memory.dmp
memory/6084-1832-0x0000000006BD0000-0x0000000006C50000-memory.dmp
C:\ProgramData\remcos\logs.dat
| MD5 | 33d959b39dcade081e432156ce39aed0 |
| SHA1 | f336038394c3170387c4806b5f5ae3a7dfac87c4 |
| SHA256 | c8c509f36e55673fa5fed79d1cef78880e9a93b970461326f3b2f159770249cc |
| SHA512 | fcdd81e9915036a5897a6f63cdf01a9a6b1ecd2b7ff97fb2e6ad2ebbfd2916a51b4ac864dfa27ff88a0aa1f6f6988f670afb4896a9129a83ab6cb4f25ae2644e |
memory/6084-3193-0x0000000073F10000-0x0000000073F8B000-memory.dmp
memory/1996-3199-0x0000000002590000-0x00000000025C6000-memory.dmp
memory/1996-3200-0x0000000004FA0000-0x00000000055C8000-memory.dmp
memory/1996-3201-0x0000000004CE0000-0x0000000004D02000-memory.dmp
memory/1996-3202-0x0000000004E00000-0x0000000004E66000-memory.dmp
memory/1996-3203-0x0000000004F20000-0x0000000004F86000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ejv1u132.0xe.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1996-3213-0x0000000005770000-0x0000000005AC4000-memory.dmp
memory/1996-3214-0x0000000005B80000-0x0000000005B9E000-memory.dmp
memory/1996-3215-0x0000000005BD0000-0x0000000005C1C000-memory.dmp
memory/1996-3216-0x0000000006150000-0x0000000006182000-memory.dmp
memory/1996-3217-0x000000006E890000-0x000000006E8DC000-memory.dmp
memory/1996-3227-0x0000000006190000-0x00000000061AE000-memory.dmp
memory/1996-3228-0x0000000006E20000-0x0000000006EC3000-memory.dmp
memory/1996-3229-0x0000000007550000-0x0000000007BCA000-memory.dmp
memory/1996-3230-0x0000000006BF0000-0x0000000006C0A000-memory.dmp
memory/1996-3231-0x0000000006F30000-0x0000000006F3A000-memory.dmp
memory/1996-3232-0x0000000007120000-0x00000000071B6000-memory.dmp
memory/1996-3233-0x00000000070B0000-0x00000000070C1000-memory.dmp
memory/1996-3234-0x00000000070E0000-0x00000000070EE000-memory.dmp
memory/1996-3235-0x00000000070F0000-0x0000000007104000-memory.dmp
memory/1996-3236-0x00000000071E0000-0x00000000071FA000-memory.dmp
memory/1996-3237-0x00000000071D0000-0x00000000071D8000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\recipe_attachment.json
| MD5 | be3d0f91b7957bbbf8a20859fd32d417 |
| SHA1 | fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10 |
| SHA256 | fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7 |
| SHA512 | 8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_sports.json
| MD5 | ce4e75385300f9c03fdd52420e0f822f |
| SHA1 | 85c34648c253e4c88161d09dd1e25439b763628c |
| SHA256 | 44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14 |
| SHA512 | d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json
| MD5 | 6ccd943214682ac8c4ec08b7ec6dbcbd |
| SHA1 | 18417647f7c76581d79b537a70bf64f614f60fa2 |
| SHA256 | ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b |
| SHA512 | e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_science.json
| MD5 | 7a8fd079bb1aeb4710a285ec909c62b9 |
| SHA1 | 8429335e5866c7c21d752a11f57f76399e5634b6 |
| SHA256 | 9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32 |
| SHA512 | 8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json
| MD5 | 2d69892acde24ad6383082243efa3d37 |
| SHA1 | d8edc1c15739e34232012bb255872991edb72bc7 |
| SHA256 | 29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a |
| SHA512 | da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_real_estate.json
| MD5 | 9899942e9cd28bcb9bf5074800eae2d0 |
| SHA1 | 15e5071e5ed58001011652befc224aed06ee068f |
| SHA256 | efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a |
| SHA512 | 9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_shopping.json
| MD5 | 97d4a0fd003e123df601b5fd205e97f8 |
| SHA1 | a802a515d04442b6bde60614e3d515d2983d4c00 |
| SHA256 | bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6 |
| SHA512 | 111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_people_and_society.json
| MD5 | b1bd26cf5575ebb7ca511a05ea13fbd2 |
| SHA1 | e83d7f64b2884ea73357b4a15d25902517e51da8 |
| SHA256 | 4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0 |
| SHA512 | edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json
| MD5 | 39b73a66581c5a481a64f4dedf5b4f5c |
| SHA1 | 90e4a0883bb3f050dba2fee218450390d46f35e2 |
| SHA256 | 022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17 |
| SHA512 | cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json
| MD5 | 36689de6804ca5af92224681ee9ea137 |
| SHA1 | 729d590068e9c891939fc17921930630cd4938dd |
| SHA256 | e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52 |
| SHA512 | 1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json
| MD5 | 5b26aca80818dd92509f6a9013c4c662 |
| SHA1 | 31e322209ba7cc1abd55bbb72a3c15bc2e4a895f |
| SHA256 | dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671 |
| SHA512 | 29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_online_communities.json
| MD5 | 37a74ab20e8447abd6ca918b6b39bb04 |
| SHA1 | b50986e6bb542f5eca8b805328be51eaa77e6c39 |
| SHA256 | 11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f |
| SHA512 | 49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json
| MD5 | df96946198f092c029fd6880e5e6c6ec |
| SHA1 | 9aee90b66b8f9656063f9476ff7b87d2d267dcda |
| SHA256 | df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996 |
| SHA512 | 43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_games.json
| MD5 | 4182a69a05463f9c388527a7db4201de |
| SHA1 | 5a0044aed787086c0b79ff0f51368d78c36f76bc |
| SHA256 | 35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85 |
| SHA512 | 40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json
| MD5 | 0ed0473b23b5a9e7d1116e8d4d5ca567 |
| SHA1 | 4eb5e948ac28453c4b90607e223f9e7d901301c4 |
| SHA256 | eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b |
| SHA512 | 464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_finance.json
| MD5 | e95c2d2fc654b87e77b0a8a37aaa7fcf |
| SHA1 | b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc |
| SHA256 | 384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e |
| SHA512 | 9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json
| MD5 | 6c651609d367b10d1b25ef4c5f2b3318 |
| SHA1 | 0abcc756ea415abda969cd1e854e7e8ebeb6f2d4 |
| SHA256 | 960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9 |
| SHA512 | 3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_law_and_government.json
| MD5 | 80c49b0f2d195f702e5707ba632ae188 |
| SHA1 | e65161da245318d1f6fdc001e8b97b4fd0bc50e7 |
| SHA256 | 257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63 |
| SHA512 | 972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_health.json
| MD5 | 11711337d2acc6c6a10e2fb79ac90187 |
| SHA1 | 5583047c473c8045324519a4a432d06643de055d |
| SHA256 | 150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565 |
| SHA512 | c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json
| MD5 | a92a0fffc831e6c20431b070a7d16d5a |
| SHA1 | da5bbe65f10e5385cbe09db3630ae636413b4e39 |
| SHA256 | 8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c |
| SHA512 | 31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json
| MD5 | 70ba02dedd216430894d29940fc627c2 |
| SHA1 | f0c9aa816c6b0e171525a984fd844d3a8cabd505 |
| SHA256 | 905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34 |
| SHA512 | 3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_reference.json
| MD5 | 567eaa19be0963b28b000826e8dd6c77 |
| SHA1 | 7e4524c36113bbbafee34e38367b919964649583 |
| SHA256 | 3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49 |
| SHA512 | 6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json
| MD5 | 250acc54f92176775d6bdd8412432d9f |
| SHA1 | a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65 |
| SHA256 | 19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54 |
| SHA512 | a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json
| MD5 | c82700fcfcd9b5117176362d25f3e6f6 |
| SHA1 | a7ad40b40c7e8e5e11878f4702952a4014c5d22a |
| SHA256 | c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780 |
| SHA512 | d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json
| MD5 | bb45971231bd3501aba1cd07715e4c95 |
| SHA1 | ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a |
| SHA256 | 47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d |
| SHA512 | 74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\personality-provider\nb_model_build_attachment_travel.json
| MD5 | 48139e5ba1c595568f59fe880d6e4e83 |
| SHA1 | 5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78 |
| SHA256 | 4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa |
| SHA512 | 57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 63569dc778045b7f20f21db7cece8183 |
| SHA1 | ad2ff5f29328d360ebea3363584002c8081e577c |
| SHA256 | 583c48cc7e7be5f9e7af8aa4596f015224d6a7d9c0992db6296ecb29c2f34d75 |
| SHA512 | 84468b9b5a073ad040b8320965e0cc3d0c7ec3d10bee254f809d943b1410ebf19f1aa448f4c42976e4d1e0b7bfa46f659543e595637d37cc73793822de7d29b1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\bookmarkbackups\bookmarks-2024-08-16_11_uNm-M3VlkLyAUUDOcdm6Dg==.jsonlz4
| MD5 | d8fa487910321381e19c303cb2579f92 |
| SHA1 | cdc0a8edfde2b40d3dc12db4565ba38e57308b65 |
| SHA256 | 324baf2d9007b3f41730cb6c4905065f2f163370b1dcbdb06ad93614ea3684bd |
| SHA512 | bdd5b01e976717ba2f29e5d18c46d37b97c635ac281eac6e08e1d31f5e53c60f90066e8899c0297b5c276d08ccafbc85322ab3facba0d7c88e758257b031677e |