5449706ffb9ececf4c10121f513fe62797fad35274d9b1a84eb4e3ab861af94a

Resubmissions

21-09-2024 20:46

240921-zkp6xsshqp 6

21-09-2024 20:44

240921-zjgs6ashkn 3

21-09-2024 20:28

240921-y88gqs1hra 9

21-09-2024 20:27

240921-y8mv2asbnq 1

Analysis

max time kernel
919s
max time network
929s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
21-09-2024 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PlatonWebhookSpammer.bat
Size

3KB
MD5

8bf81aa131998cd469d2c2da49367dcb
SHA1

214f0df3b2e5f6728cb3724eec9ce80d0738a70d
SHA256

5449706ffb9ececf4c10121f513fe62797fad35274d9b1a84eb4e3ab861af94a
SHA512

bac8bad76778d33915b6acdd9771f297117e4e65e0802e483f65e3bac56e5fee48aa63922aa55a361b836a31ba366405c2d16f0b65f87e4c6e2fea5429bc38ad

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 17 IoCs

Web Service

T1102

flow	ioc
117	discord.com
119	discord.com
121	discord.com
172	discord.com
173	discord.com
370	discord.com
163	discord.com
171	discord.com
340	discord.com
341	discord.com
374	discord.com
339	discord.com
375	discord.com
120	discord.com
165	discord.com
376	discord.com
377	discord.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
624	Process not Found

Suspicious use of AdjustPrivilegeToken 29 IoCs

description	pid	Process
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeShutdownPrivilege	2596	svchost.exe
Token: SeCreatePagefilePrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeLoadDriverPrivilege	2596	svchost.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeDebugPrivilege	4564	firefox.exe
Token: SeDebugPrivilege	4564	firefox.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe
4564	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 2820	4672	cmd.exe	74
PID 4672 wrote to memory of 2820	4672	cmd.exe	74
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 3648 wrote to memory of 4564	3648	firefox.exe	77
PID 4564 wrote to memory of 508	4564	firefox.exe	78
PID 4564 wrote to memory of 508	4564	firefox.exe	78
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 1816	4564	firefox.exe	79
PID 4564 wrote to memory of 4028	4564	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\PlatonWebhookSpammer.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Windows\system32\chcp.com
  chcp 65001
  2⤵
  PID:2820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.0.268171081\1254457050" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1648 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b27e932-1d91-422b-9864-932384ee2b89} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 1764 1d740c05658 gpu
    3⤵
    PID:508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.1.269767338\1486014562" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63cde0a9-9d5b-47e6-a617-79751467922b} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 2116 1d72d572558 socket
    3⤵
    PID:1816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.2.1718107791\1445641624" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a889e590-4bb8-48a4-87b2-95176e4479fe} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 2944 1d73f95f058 tab
    3⤵
    PID:4028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.3.328282344\515769722" -childID 2 -isForBrowser -prefsHandle 3452 -prefMapHandle 3448 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc1770df-eb32-4b74-b5ec-5f822dbad2c0} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 3464 1d72d561f58 tab
    3⤵
    PID:4392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.4.395855311\698335888" -childID 3 -isForBrowser -prefsHandle 4176 -prefMapHandle 4184 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de1d8c1f-e2f0-4f71-b71d-81c400f35a2f} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 4152 1d7459cf858 tab
    3⤵
    PID:792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.5.1912615127\541739393" -childID 4 -isForBrowser -prefsHandle 4840 -prefMapHandle 4824 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9cddf68-7244-4ee9-8abd-ea501ff9e80f} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 4860 1d7442d3458 tab
    3⤵
    PID:1500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.6.531939627\1781297884" -childID 5 -isForBrowser -prefsHandle 4996 -prefMapHandle 5000 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {506b59c9-c191-42f1-a5e1-a832ce897289} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 4984 1d7459cfb58 tab
    3⤵
    PID:4800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.7.1041847166\2066826803" -childID 6 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21eb22cb-9cf2-49f6-ac03-424ccd9a6c25} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 5180 1d7460fbb58 tab
    3⤵
    PID:5060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.8.193301566\106485162" -childID 7 -isForBrowser -prefsHandle 5372 -prefMapHandle 5380 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77079967-e224-4152-bdd0-20c410722389} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 5484 1d74744d558 tab
    3⤵
    PID:620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.9.1862168962\1988997941" -childID 8 -isForBrowser -prefsHandle 5816 -prefMapHandle 5812 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0593469a-22e2-4d86-8e1a-bfa5c53cc74e} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 5824 1d7475a0258 tab
    3⤵
    PID:3988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.10.1258512948\659364914" -childID 9 -isForBrowser -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {890c9ebd-06d7-4c8c-9c17-1856458d4a7e} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 5980 1d748074b58 tab
    3⤵
    PID:1116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.11.1759573129\679856639" -parentBuildID 20221007134813 -prefsHandle 6120 -prefMapHandle 6116 -prefsLen 26777 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {594c9c67-630b-4ac1-be8f-8bf3a352e5c0} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 4340 1d7484b2558 rdd
    3⤵
    PID:1552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.12.250417277\588528051" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6220 -prefMapHandle 6228 -prefsLen 26777 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e65e5cb-49a2-4169-99fe-b720bdf7c613} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 6216 1d748659458 utility
    3⤵
    PID:1948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.13.2011957029\735102510" -childID 10 -isForBrowser -prefsHandle 5468 -prefMapHandle 5696 -prefsLen 28153 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fb69f71-ebc6-463f-bbcf-1afcbc32b704} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 5104 1d74c454b58 tab
    3⤵
    PID:1632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.14.1562100046\1873690106" -childID 11 -isForBrowser -prefsHandle 6820 -prefMapHandle 6808 -prefsLen 28153 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {03334010-06bd-4409-b598-5fcd22e714aa} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 6712 1d74a53f158 tab
    3⤵
    PID:3528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.15.1431627077\847601329" -childID 12 -isForBrowser -prefsHandle 5428 -prefMapHandle 6952 -prefsLen 28153 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93ab1e37-6885-4e00-ab6d-a3d1dfcf7615} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 5116 1d72d530858 tab
    3⤵
    PID:4312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.16.950524114\1230826212" -childID 13 -isForBrowser -prefsHandle 6956 -prefMapHandle 6108 -prefsLen 28153 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {694f797c-31b2-431f-b26e-98f2860e3c6b} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 6844 1d7460fcd58 tab
    3⤵
    PID:3640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4564.17.764989947\2114210309" -childID 14 -isForBrowser -prefsHandle 6768 -prefMapHandle 6788 -prefsLen 28153 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e19b0282-c661-4c8b-8d19-7d121b004dc3} 4564 "\\.\pipe\gecko-crash-server-pipe.4564" 6728 1d746357f58 tab
    3⤵
    PID:3544

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:2128

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:3808

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:4396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:1512

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2596

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:4112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\11171

Filesize
5KB

MD5
e544c6f56c65980c522de1d0f116916e

SHA1
2c33cca0d2b7b3497d20e0924a92416ec553a926

SHA256
59d6ec14000e7930ab6b70e8720b59a0c753074d6781a0865d6333308f23e48b

SHA512
e42fa5e0e16562f5d4363d0c6b1858b892b353104b1a66514b0af02069bbfb8c2f6b9be8b2199c1abf6b8f897ba278662238b9bc086a0f35a594caec44a486b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\11915

Filesize
15KB

MD5
63ca97fb4adc5643f53f2aa962ac5753

SHA1
580619a4abb85f5c8c5d769011153f93c9a7952d

SHA256
5acd04bd12fe48c8d3c5fff9ae5681e7851ed616d782de98e99222e23e871f25

SHA512
16e638f97aa921928b0ed8dbbfa88189ae827461ac7590a78dd496ed42b3e6521d7e0ff91a7a1f06bb8e332f85722a28855fc4c1543a1958f4be9616e7223f83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12704

Filesize
9KB

MD5
0793ced84d10a06a2f0b581fe32ddbef

SHA1
e7a4047610efc9fc797bc6914ee5b59f26de419a

SHA256
46443ee4594ee85e3c5a965cba4e40afc606e81ca7339ae927a19bad91f6ab20

SHA512
73be10188f0bf00fc05f9c5def645510deafb3d13e457002a0c8f81eee1e31526f64dbacbc38d25601c45ba1a6ba30d6239bcf80d5a81ccdaa918785655e0138

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\13147

Filesize
9KB

MD5
8d65c26f0746a2f0ee98bf1c1835a3e4

SHA1
3f7d381d1d5d6b2bd9c49205485037d693cae599

SHA256
669fe607979b7ddcdd8164b4211ff4b14fda4f114a6045ef6e1c2b777f355847

SHA512
5bceb78ece24a1172df294c970eaa0ca1ce62639813cb1f619d2b1450f381a531534781f6db8aad586250a4ff6767432918c0db3c122e62d0cad001f8ec26436

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\13176

Filesize
7KB

MD5
c4647f3335065d40d813c5da8eaf710b

SHA1
5087907ad576887645e2b208a453ba50a130c598

SHA256
caaba63c9cca5abc547d8abdb093a961f89376687c011ee9619df4fa53c33035

SHA512
41c880d78a7ffe514e9cef901b85bb56b6f2b0c4f41ef9c473d51dc7396346cc3b5400988d22c3c69e33415e62d2e14979fbbe827ccb080907f004a6b52985c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14062

Filesize
11KB

MD5
21e9eeace4e47f73601998761e4d8e73

SHA1
82082937c49cac04e1fc2bb1a627b075e716e6fb

SHA256
6b8cf4bef83ddc11150a6118631e8af4c49f442008cddf88ca57f28e98845c54

SHA512
ca918b60b3429a091c26ee450c5d01cffc43fbb69f41c2bafe893a5e8df72abe38f60e1bf529df9dbdbd90f8a6f905bbe95488c70588db2d134fc1cbce1b9ace

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1448

Filesize
8KB

MD5
e321a5d6b9604b96b0b5874183342ede

SHA1
716bdfdc7b8f1f8b55ff10aa5397ba12117e4aff

SHA256
fd7e4d7049ae833495ed32fba420e3aec6f930e40374d9427e89e7e9d8c050cc

SHA512
5ee891bd1217d6729ae968ec06d282b004ea689a8a7686354d70032c93840a92645df9e5e2f4cd01b68117322a9aa51fe3ba46fec6f16aa9e2efd1a3f7b32c20

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17215

Filesize
10KB

MD5
fec864190dc38a7504bd7bc84a18f6f9

SHA1
a2d7ce8d7fa8e00e64b5bf1fdc5cb3c994bc5c74

SHA256
2ac0f2c53c667b7585f0b010ad2556935f38dc9b57eea8e16ee77dba972b07b4

SHA512
3c6e9a10714ed3fcdbb33c305df992ab47f242ef5166e26cb8788b700583797db1c0c3ec9a8f1fab9a9e4af8b5df4b520fd059cb0ec52b021a5da31d274cecc6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18337

Filesize
7KB

MD5
ffb42c3176699060e0e0cb3ed4112666

SHA1
bb67983ce1afc53accd02768c574dcb568c0c5fd

SHA256
32a22f43e659e1d0bfb271729fb9171e1e077bc199dcd8dd3b3136d848cbb577

SHA512
dba1483cd877c979f60f432a8bf32fbb0e5bf78b79afe6fadac0d46f7b17913f33467e96d120fb6aa583e7cb5ae2da556e10e8248c12c3cb2a0402f747538840

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\19384

Filesize
9KB

MD5
ceccefb58502edf35fd908f3b46fc7c9

SHA1
ed5e72f43d1915ca0c31e1ab9acf8d9cc019d0a8

SHA256
73965423f41793adc738c773ba4fa93de59e38b21e8f9bc8f5d3f12b80fd29d7

SHA512
c818ae6e9305643b84906bc559599aeb5fe4b8e56a282d375c5c82b6bc6cc8454fdf60dedab7739c86c9f7008ece8a02d7250ae0fac5a5661eab9c36f3061a1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\19594

Filesize
34KB

MD5
dd5146b7777ba5088609a0a267452639

SHA1
dc35d05e0a01153ea642e1a7b8569f7be4c7fd2a

SHA256
a34b4c98c631411441684e7d4e327878c30f93a55a3a70cddd04168df8c42858

SHA512
bbd5fe2c5dfe8f98ddde491df3a860420653ecc9dd3c4c53f5d01159947a05b19d67964166cf328750903c7db5c0d8ee169f764b22d7113edad9d77cc3e10fde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\2331

Filesize
15KB

MD5
2dbb7b5c09fb1cb7d404602bf3418f73

SHA1
cc050849f8c2076a9793971dcea08a3656113f50

SHA256
2c28c5712928fe08729aaa015a21df6abd87d896bdf19ccb660ea68084316684

SHA512
e5356080dd4c0a637b47f3ca437c53f00e5e78f79e1cee6488cf3a5bf8fdd7e72c98d44555575b7f27ba1fbf168fa9376be2153f3cacf168aa24e38c89a102d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\25901

Filesize
98KB

MD5
bd18c3553cf1fbaa7f284ee842ef0f4c

SHA1
151f46fece58cde3ec7afc2ed176710312c36dd1

SHA256
45eba0f7c1d28a30a2ac728b5deda5b9ec99748cc33bf989a0cadc4e703ecddb

SHA512
38528a26332df06508ea70c011e974882ee3e21b02a20b8937e2302d550d1f005d241e95ddaf30d6497d6882052d19e7e5712bdf5a3ff952eba3f84b643a1a80

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\27484

Filesize
1.8MB

MD5
a1084097f55c6675a1a195ddab65571c

SHA1
d6d92b9bd92728e08fe25499eaf57bbf903c7559

SHA256
a00b853e98b9f8d4342b917cf62d74431989c2b48c5073b620af759ff061be42

SHA512
460aaf80cb8908c6e9f6b078dd6eb8fa1d774f7976fb489f3b64422fbd6ffac80da9cb11be8baac50d87afc42e94169330fbd638273cf9e3f91725a907b61d1f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\29629

Filesize
15KB

MD5
ef7ad41a090aaa3931952dd96e22637b

SHA1
7ab16f8c2b86b9935eac3c42d2597b38fdf920d4

SHA256
4765ce5f4ad5c9a17e1b89a5753b332a1643f13b79e35ec3a5a0a8383d3ce093

SHA512
c968efc1a35fcc04b183363fa3d2386fadebecb994811278cd9f1a0c0c7039f65c8ef7c942b7cf9d4652184805897873fcd4754abd583898d38abca5959be165

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\29769

Filesize
6KB

MD5
8e5cade573728f3ca913af797f0169f5

SHA1
67a39156ba574a361706675dea17c37b7a3c6070

SHA256
cbb5063f992c78e61659b5b2442474f3292693cd82af28788edbec2a060cdcad

SHA512
2890f01d4af6a9d653a747f1899fde14bcf0a2e91cebe6db539ac664a8faaf458d05afc35c941d46fdf8b62491902583f840dee9051861d4557d837980b3293d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\31624

Filesize
10KB

MD5
d787d229c9a16975339d5a0de49f242f

SHA1
4631eebeb1c286b4891e404793a8bd2f3499c55e

SHA256
99557e6ee21f4a38869e78fb080eea9aca49e1d4ceb6fe00bf380b478558e1cd

SHA512
db2d0ef52982ec09c6f7b4881a128d3e28873f526ad0b8692347af028c466075fd5dee46109ce01d2bcd017afe378ece8381d8a32ca8f269cf3a65946f21a1bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\3958

Filesize
16KB

MD5
f6ab3bef2cbb9ae0f2b4a59e332351b3

SHA1
918b159c4268e53ad5be191142f9b89c142deffd

SHA256
8c0a28152bbb0031be1dc886dc42c5f6747d6462ef16d3d07955b3b0f42bf410

SHA512
1e82b8e141dcf7d223bf5b85fa93a8354cbb738d21a6fa7ec2df9c29e436e8933ecdcb3622045e8c2a461faae6812f81d179ef944e05275ba492225edfed0e92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\5115

Filesize
6KB

MD5
1214ea72ef5b9d95eb405747cd11cba5

SHA1
8b88e118eae7c65ada7c6288a05e408deae06eed

SHA256
cfa8cc277b9b7f21a511174b3211787add1f17f686e49749ac0acbb44f70637c

SHA512
60a91c8841df9647c44cc1d2303681405bc54b6f306f9fb75343e7d10db653bdab1f395b48b99deb3ac9715cd418735946f93ed9dda7140059a254d37db2cd49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\006D3DFABB7DD236CF8A44AA7E9CD9CA8F2EB2CA

Filesize
60KB

MD5
aee071c27eb74f598fd1ba323d52a0fe

SHA1
799c04ffeac6640fade85e3847117ec24770160e

SHA256
00518fb9b74a71a92784aaee66c33d808684ed45ddf9a4835940c7460c2d5831

SHA512
ef274355d2ff57c05e2f927b8a3b316baf3439ed829b0b3fbf156cfed705846d9b7b1c475a170c5e396df38f836367dd38a30a214c6b41be68c86acb48188a0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\137C8201215F24C4BF3F9FFF4F6B7BB0A97B2565

Filesize
151KB

MD5
11e79bd160277bea866abd2f2741ca1d

SHA1
1419cb363ff2655f19b25a637fae6dd46a9d4056

SHA256
907244038d64c0b41c5d4b3743d36fd882968e2c7cdc96f01f2ffc2a7527bc03

SHA512
d842a7910df1c7711f93ef795531e035c85ce10bb21d2ac2e627c291e5c40e95cb94b2f3a771ccfdfe93f28261c38e0e3421de54fce6dbae8eca33efc4b6bf1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3C037406957C6A3957979D98A58F5D96FF6B1489

Filesize
34KB

MD5
21be20eeb27f8a114f2519f21f181e63

SHA1
11509a9032c96baff8c75bb17f6a2576c4737f22

SHA256
472ee936c1d8c552044577050f091a23388768e2c9c8462caca6bc06f3a15de4

SHA512
408a167678f3627f8e9d99f7a2819731bca3094f99e0b750e06dd7e26d5288c49b41d071f06151f159bfc134e7e5af38a3fad4c6a0f33b71cf411fa30575b8a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\BB3A620B5C31E8EB74DE0F5875C9616275F7625A

Filesize
32KB

MD5
3710c0cf445492fd24d72533240ec25e

SHA1
cbf09314e5f837d6cdc54b5341bb906e99a3b0a8

SHA256
59de8c2bc11032e9f1cd6904381cc4ec896cb87e584e95da785490d6973eecfb

SHA512
78b6a82d197fa0fc789ee77254589a6b0d15dd052a5b94bc6c103f40ba53e3904c321c0d96ef4896299c3290da511268d6475eb33c2228cf8e87b0108f54435c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FAA749CEDCE427A154C0BB6A9180421E04A0EF0F

Filesize
221KB

MD5
dfbf946a8e23ce1272da4f6c1f93cce2

SHA1
abdc0932b8563e0bb08fef6933f29cc74a7f0b1e

SHA256
eed1edfbf7c3e8b0a5afb9c6454ecf7343641b58a2eb5a92e241d9681a00aa66

SHA512
1cc863d14a66864d4e51d024390dcb597df4cda1e0ba501088ebbbd366357aa5daef926f57c8156a22c8162383483a98e93f4412e23f26815e14861cf63388f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\Iq9UEG1pMBvDgeAE39O5WQ==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
8ab22097ebe944dd627f3caa42d226ec

SHA1
bcd7997d2fe22c502fa10eaee786a5ec2a5242cf

SHA256
7d0cbea53f22ef27bf631da946d0f73623f51ed0db55e795ad18202d6944e173

SHA512
b0f8432b8150f6587c1295196aa8a8809b2f1e4ef61a8b478cf704ea63b7bafceb1e4a10f4f938a262296f335efa55527210bc07d9688653af626a3e7aad2407

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

Filesize
531B

MD5
e759f6faa43cbcff864dd665a0ab5bd5

SHA1
ab18b478979a076714866d177a886e678600fa4b

SHA256
f6eeed9c3ba59b4724a1f76431b7de55fda5b29c6765e695faac179dd6c0ba89

SHA512
8b5af5e1c4bd525ebb09551cea1f1e8aa64c6adc1d607b7d9b62f6f028e3aa5d3bad86cddb04a70dea3589f94067969a1fa46464cf2174d9eb31fa54c98b2abe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
7326e3ab677bb8de8b1a0b8886170720

SHA1
6d11b405bc02522abe2b0cccd974e20bf3396eee

SHA256
d8ff57615188fe90dde4aed907a15ae2e1c96ca1430beb76b52e8ace3c03bc6e

SHA512
c4341bcb77b61342160622efe9fd7330acaa8482d003aaec04957fca96cb4acd90b1e872c58556b64e51adb8d59c29853260e07e359186c68d5a47b2bc79cd68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
19KB

MD5
f161c96710a67dcf26d82ee469306a68

SHA1
fcff1b14d233faf5d5790a541dc5c5286fe981ea

SHA256
7fefda3764d33114cb412b19ee9037e1c292a742ec9b12af65b024080b7e803c

SHA512
8d46e1b8445f59e523f0d456cd468bb5350af2d3fc21592ab40c57af33210633c2256d2568755aa8f78ecefddc8409eae85544e8eddaccdeb8349786862458a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
10KB

MD5
73cb8fb14ede5cdb6a220ad1212894d9

SHA1
4aef399be1fe7ee7313b0c364885ffd710611c28

SHA256
5abc9d74c43ba1396f6102da87653a1891c483ae8d5a5d0787c13c8e23439f62

SHA512
8d064f586471cd1b6daf4112cdbab369b535682a587806cdde86168a7772176f5033a53f8f413692223b13e1aa723d7f6af8dd558458714d92981cbdfb8aa129

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0cd35a1e-44a2-4887-b210-4bd9ee7b40ca

Filesize
746B

MD5
31f9e6fc41c0df6f8bf6826830031bd2

SHA1
267083a1e2604873c6cf6689dae6a263c04cbca3

SHA256
5e7ebc4e13fe5979cd31383e9deda030a0fe18d47d1c421ace5c497e92f2dd13

SHA512
221dbc0d2fd3ba971c954231b5d5a72b49bdf921bb01fc2c8184e09dad5109a090556065e7fd27c6b708a3c47b38249e6415e1e76007374b6f3b05b982ee241b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\1b14714f-5cf7-4d0d-8027-3bccd81a121a

Filesize
1KB

MD5
f664c9280ce9d0c5e620ac186691c76d

SHA1
b36af078aae573366f35814aedee36ad93ca9253

SHA256
14e4783bae7e986b3ad16fe254ef4dd6cb402ea5fcd4cec70c9d8b8338c4a13d

SHA512
18e4d392a490d8dd2053a03e616957311c98202f581a6ac0e8502a0db96088818e8f84f2cf544c06976b06f53acf5fc8b46d79091f773161b78739b7ff37e3af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7a303b04-c772-41f8-8120-c7c6599e27c9

Filesize
774B

MD5
ff6c91882df520e92edf02fe2922ca0a

SHA1
e66cf461ab7607775b66f093bbd658672b4cfb36

SHA256
98fa1a13a0c39c8f6dbc2ad850098aa10d76b86a6147edcb1937eef4c747e241

SHA512
190d47bcfe2f049f76c07a28dc47d185986257c727f69b819b4275acd079059940e8be5c03f0618609b4738f4d7a62af2ab0a90dde26cf29f34192e37b5e77a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\9000960e-d7a5-47de-a4b8-1fdfb53cc1e6

Filesize
1KB

MD5
c9dc20a3aae222f8fefd90c8ea8345ff

SHA1
a59edfb7eddc205f6d17ba4dca09fb9d2e1bee89

SHA256
e0da82009ce06596aef4c45fc5134c341349e6db40be6007fcbd9dcbabb8216b

SHA512
1ec14b12102ce33baa07c0f865cda052992b2cf009d788744357f3d1c7d8d5ef4bf224bd404591522fe55619cbc3d82e6a75b3b5c78afe87c99edb0b44543590

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\ad245409-a3dc-47a7-a677-cd3a8b76237e

Filesize
855B

MD5
743f560c74b7645c3bb699f84f2e4118

SHA1
635043175e3823b5d9af1a32604005e7b0fecded

SHA256
cb0887fd9913ad47d85e313e80719dc1d3998426b1450b521ea215a979c1e000

SHA512
ad02aa68502b688921a62dd8420108b3958140d2bbc991b3b2755e7bc1afc05c655d93283cc0ee2f94edc4c45360f0930d4d81cf962e9912fd932cebf6842b43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\cdb85c7c-b291-4387-bbf9-1170a375d41e

Filesize
10KB

MD5
dc647b1ee2542729336873922a27969e

SHA1
3f9f09fe9fd4beeac0e4c401bc4edc1f8526ed3c

SHA256
85a2b71a5f8538b2dd41b99d4ccfcd9570e935406b51f4ea35a636e466d3611c

SHA512
39513c05150d18ecb888de0af98aae3169a776a49b520d49af12a0216a87c03dd491131515970abe85547bfe3257f1f933f66684d190f104a81c61a198a22772

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
fe2049073b4f1eede0c903da40073393

SHA1
f7e109a0573f103484a58941ca010b6562fd21c0

SHA256
9ad3b211f0bc57e9128d56c1c3f8ea81bade7f7d6e6c0191d87dc2565a905244

SHA512
2856d6b5b541b3086c362bab17ae47e23c1dbded1decd495c1919721c1394fd1214875f144afa0deed7fd7742e011d1c6e7fb8cc4b6780eda71c2c37960023e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
d39056dd18fe7c16b5fe9b9d64b1cee8

SHA1
9ca05552f8ad57a859065e8130d2e72908343542

SHA256
d0b5f6c309071e4f10eccb7677e6451d59a400067cb4219aa848429dca911801

SHA512
56adbac3a7261c2fe13c1721cbc207994aaa81c9edd7e42036097897bfb5e6bbc4e899622e9ef31c39833b0f6e699433e8564b012d138fee62a39be61a8f95e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
32fe02ea4c3b23a4ed19cb6adbe4cf4c

SHA1
32d3459410aec824132da4ebf94fd45fa9be71de

SHA256
a68badb69819f6cf19e64cffec5b39b4a993ac8f6ce7151db96ce67672c38008

SHA512
69d2b862691503720c71dee568a9cdbc32e596d8703ad019ae7a0b2f8f2fc9bf12a3a05fd7c3383a06b9abae33e487aeae3d8670021bd4ebca0f9e87adc0413b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
4bbe122a709cfd55a2eb23dd040107cf

SHA1
5f0b23c9d72983cea854cd63bbc3646569630a8f

SHA256
923ce035bcd0eab96452932f07437bf666a1428fc3de588f5e6e98b04f258fa1

SHA512
6dbd483ec92240a2b4b4ca666334f63454aafbe121d83a20fdcc397a17681dfb7e1d3c7fb312886aac43b4115e8514f1d5cdab0fa3384a5ec17c943d6c2d6ba1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
6b792cba9e4e053663de2e9c7739c23d

SHA1
15347f93da96fc55f27c2a1e0b32c5ae53c5a3da

SHA256
9d0dba06afc20aceeb12395053e345a039bb0fb34cfea11fa50b35b813763ff0

SHA512
dcb158dae3496e7530d12b98d9fa7fb46b8d6e04abc4b5505bb13867be4666c357ed4fbff4670aa4067da2d7f70eea6cd222e8b04dabd96bd6af03c16dcba5d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
e31ebba08bf978ebd21e7c7db6fc9c68

SHA1
e24d94c00990bc229cd4a6797fbaa682b24296ad

SHA256
4e103129308f384f914db385d2ac0952e00614cd0f3127dbd8f326c0ba2fd53a

SHA512
dde4a87a49eba36371787e31da1bc07abb5527a0379fb2fd61ecbb9606ff7f24081fe62f7100674c9e90832967c876acd07284da1e510fb70c066b021e088755

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b927477745d2cc429697217c2a74711d

SHA1
6ba02adf7d2398cc95df6daea670daedfef25ab4

SHA256
4bac3fd45972e808fc406eb6382106660f8171d35c578d32965617e340c7e50e

SHA512
c154402e671899453b22e677dd7d76afe2f1261dd743f08673cb6391a4ce4a6695b4f4e4578a300befcc6a1e307168ceac8fa6b22ee3facaa43225dc358d3471

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e2bed769c0ebfc66dc2faf2367179ffa

SHA1
2554c0adfd46274bc8355dd26678017fa0eff9c9

SHA256
07d304e8a35853fdb5e41f2744100775757830f0b1e3fc3e4758c023c205f6b3

SHA512
e11983b27eea63ee1aa2dd9889601a10d65819872a2735d707f6abde4623fe09496335095bd0e7ff2c58e122dc0770ef076ddee02deeb0a42113c87d9f01eac1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
84744f3a6ca8178e00db513fe87a7433

SHA1
d0b0a9e2a0f61aa332c17466d4fcef1fee0d8061

SHA256
f41e56cd920b3d2cd1fc5141c94797da2e906a6f67ef546e84c2164466b1decc

SHA512
1186950ecc628d0f2241904eb79d083d92f1ffdba95c8ff48320271ecb2f725afa7f458ad327491eda9b79fb94356cfff8bd7ccc0d054f4a2624344bbfc713b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3a58d2fbf57dcf979436b2fa5b60af11

SHA1
9d8ccd558bf431526191fc875155e203e22bd4f5

SHA256
82d9cbdc2190881c6b46ff9acacbc54c25bd610bd0850dc95dbf309e3dea953a

SHA512
68d30ce5fbb02c80248c8e3b605afec81f9374a731cfb15ec258442bad20bdec1e98a90242bf0926861602e76963796c77f03fe92424e69db8ab48ff8a59c5e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
7fa14fc471ba93fc6e35d2d1f72c6de0

SHA1
14697f1bc9381d904cf931d5190d5b0632475b23

SHA256
253648c54f51d8cf5501ef11397cb3c44473222110f6db1fd6bfe5088104016b

SHA512
5067a0c77151ce117a2a96a64ff7263e237844c8f001c90d2d573e36ac290ccbf3f2468d40eed432e5f0654fb79d4c1467c9023f0849b06a502655aaaa787d6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
32KB

MD5
5d3875399a94e2cd0af6ad7399d27dca

SHA1
53979d4e43fe04ebe068908c0c4d385aa21179da

SHA256
d2c731cdf9a008bfd519c4688f2bdd0db2248e0fc18c919f364451f8d90dd1c2

SHA512
12d8e7269e0c829c822ab9ab71fa7d6a1167a8bf8aa5f845c6e28caee33a13e7207f5e786726a0c8d53593b3b74c303e3336e27242241842f94d78417181fb58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
72c0c352e23c87e92b83aff71f21f4e8

SHA1
7be0b2e8f6268178c8f2c0224f1c8a18ac2290c4

SHA256
950e73f45c4a10ce9d7b3085d60c69e6b28ef3960a4c8c6e413f2903d28faf04

SHA512
2cb42d343657aa16c2e379f6e29a5e192af8095feff5edb7a074f9c3e868dd0bdf1f607d92e02c3c2a60b2dafd5d87a1490d1648629bd8f7c4c1e034f6973885

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3dd79902c4d9a83cf21be524f6124438

SHA1
2573e8e84297ef623dcc378b871b53b69799a0f9

SHA256
7efa39fccbb9af47af57a6a543acc84e8e05d1216fbbb337fdb01f5d5d0923b9

SHA512
d74191f0f8fb87856719e6409354ec541dcacaab27c9497973e4bd9d8a3ea9cc7dea669e8391a1eaf9debefbe1796240824fb61c2e42a6e7941337aab67e0492

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
6b14f22790a279f817a0a7708c79d155

SHA1
65efca6aa14cdf2bebc47c2a5ec34f6fe038ad52

SHA256
3753c1440451a96320c56260d0a32455e0d0b862923e6af11b68491109191309

SHA512
6576f863783fb5d82e86c84d6ed1bd1e26ac7a8ca4493675a6705527534e14678e5581ef3314b966cad58dda8da0713439f18c221a8e8f20864d5486cf9d7295

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
32KB

MD5
9c7a0310bd1ce268c0ea92dfdf32c41b

SHA1
003c229f40b2d8557025186eb1b1e8a626abf112

SHA256
a1c7c635fa82fe9b5349738dfd55a6faa1847ad9cf15554d074d622f91d1ed02

SHA512
03637b483798a9b7bf33af02c3a12ffca5320585341ae748c6a774bfee52e50f735ac1bd69e64dfce114b2fb9be458b10776d88cd8fff312ea9b950d79dabf60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
31KB

MD5
138326f8785c4deeb5c5facbe4c91085

SHA1
3f2513c9f41926b319b92ace401f725d30f32d5f

SHA256
bcab58af64daa8e6f81dc86ce415b0f6646555cc86d03c93232c7f08cff70c00

SHA512
e5ed6ab4faff212ae7a9fc88129f173acabda6c6b4ff6decaceb11dfd365dd4f870eeb73feee9edf65d5ac3c4885c6fcf3c95e27fe46b68433cedbdf1abc4b57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
07a07f8047c28fb67664f133849755a5

SHA1
234b72a3e513a7bbc656a13d97900ae83fa40b26

SHA256
caeeef5dd479e26fbc5ffb384b9bfc0156019eaed01960f2817c88f321abd539

SHA512
3e1530b0a01480d84157cdd1d08c9b6efbe848f0e045185f3e18dd0211e1b07f83e0b6ea99ee6c6ac4206a00504bf1fd6573da384cc852a1f9855d5a43a1cea2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4b347e332deee2388d5e692128d01577

SHA1
52580aed3f8246705581002f2190abe2d2d83757

SHA256
0e5d2036dea2b31e59dfd989643b4364917485b16c1d98fcfdcd3bdb5013f142

SHA512
a0da56705fb046061ed4f3cb9ddbd53aa73e8d6ae1e60d504b59aa7890c5d8987191f03fb3ea5754bc02087b2a675b139d330589eec4cac62581b2bb9a341c8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
32KB

MD5
159d0082bd2710bc41a1092fb75504b4

SHA1
c3e692aea69e9f602c750e265fdbfb8f35362939

SHA256
bdce4fbd4681ed45dea1fcf1769dd0958f84cac2c5e9f35d3dacb9136c81a2f9

SHA512
7b52a72aae86c31d096aad7678d5fe85b958fb13a859675871b35a0534bec1e045945219a6aa362550903bb346b4e69a5c7880f5ffa7746071ca1f385a22a910

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
34KB

MD5
005105c4741d7bcc0c97cddc4729e418

SHA1
1b1a51c72699b2007e4c7e8fdcdf0e7ab2fb76b4

SHA256
6d4b82102b195a971c76e7ccf7f86bee01db4f98b0c5c45283bc5cda9c32e4c0

SHA512
00386321219c232b33e143b54842756d7a66151b82313c678aba22ada047b467435d29675f02855f7c84cff5b2bbe8c90aae6cef2168afe69f38abe880944f3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
5759561ae96081bd8ed9c1e5cce45c91

SHA1
bcef6c491621f9a5d9a132b72eda28a6fcb66673

SHA256
c9aaf7f0dd3c7b43077e205ec73f4ae9774ac400256a0e334c1f4d923390641f

SHA512
ffa94715837239c80f4e79ab8d6ac31d380d06f50bb29b2bf2a9a7399df250e91df174494442c05fbf651e7f6505cdab3d5a8653d736899c13060c0a33ce8765

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
32KB

MD5
e5470ee34850bd5c86a25801bdfc5c1c

SHA1
8889b2eb790b5830a060d14c8d018fd4b69c915b

SHA256
cd8e093ec05a170beaa0a27e954c2427649506fc52abd7c1d56c14079c4fe38f

SHA512
c09598373a2ffab1cfe4e1990eba1c1e8c323e9a9ecb8458703d709b8292c1bba8dbddbc9181d3e42cb8cd6fa08fb2bfe7940dead70385ab5b5941ff395961bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
fede6b1661b965858c97a83202fb645a

SHA1
5cf7c848a051d4872cdf9bf12f25eb0318aa66fa

SHA256
dacc1c2000416c986ba486fecf670d7bf599f67d8c721e5befc3efd42b2f3e32

SHA512
3b976a481167b373b5dc65074511d84a3af87a141a5acea2b18360963384ac1110220ebf977fb42d6cd34295e318253ab377000b7a2da6a404f275cf490c5cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
37KB

MD5
ce80ba082ba3c62e327c6696e476cbef

SHA1
651fe0092a642510ced7fac5d0326d7db639ed1a

SHA256
6bc0f0ee936eb050257965f023e571d3fb4f6a79ba4175b83ff8941bbf26cb54

SHA512
46bea90a7516210e6fea2760bd4eac265b0c9e6b6d555d11bb7b17dd4e374987b78f07f55dd19196903dbd3ce9ebc4043212383823c116d57dd298bd6ebb8df9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
63KB

MD5
32bb37aedb6e682459d4ef57b353fd3f

SHA1
63779af4a09a359674a6d4c915955c17cf932e6f

SHA256
5e01ae0d7df7f161833d03e9cda69c3df145bfa4c9df47252618520874662e50

SHA512
c55fd59718dc0e24f24f6dca4ed2a820c8e4326f1a88ddd41fc218ddd15c470ade5ea81baf59d128c6ae0979265ed2d292352f4efe6cffcf26622a3f2f0712b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
32KB

MD5
629e89f8e77deceb79546328433bdc19

SHA1
db4f362529e250764188b936a0a1d058e48a2861

SHA256
4611e88648322e135850f21073b432bafbdf90a3ccdb47e23d1866ffa5ea5f93

SHA512
125e6802a704dc5242769e6681fc9667b86006075a6cc736713fac877623e370d528dc8e3bae024366147d834b9d89c20440060929556c0c116eb214b7015bf6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
36KB

MD5
9d037920f7e6c37d123d6c3c17257369

SHA1
aeb91e2b90904c45c8575ec006681c8898f06412

SHA256
b798a805fab8b704a8fa46f3fa27652ea775335279e8dd218f73f08291abe480

SHA512
fad69bedd53de6a8edf432ae3be5778a51d457ab6ad49b82f787f412bce48d911f47ef4b760ec71bb53473b1fbf18ba3525a6002f1a9581932aa0d5d2168763f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
39KB

MD5
fbbb84eaa0764933430c4d451fe85a41

SHA1
a60a98c0b8fe8ab66f225939f7eb9592e38d09ee

SHA256
8c0a532267b415cf07ff1974eb24e209b079d23fc1dcb812c0fa81ecedf5449a

SHA512
3ac83a831406a3dfc84e7c1e824cd471829c66a4cfd81e10f9b585f1f21f7625925bf22184b3390a2c3d569328290aa60527d4b1ee722b2cbc72153db0463abf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
ecfc980b201724b3b321e3270fb8ef9f

SHA1
0bc36b98b227c10071b63fd3a3900bb0fa283b7e

SHA256
ccd36f92dd578e3e6f5fcdffd92c19eb614f9f97d5819d0d2eab7846af29fea1

SHA512
872ce798ab740d45fc1228aa555e2a321fa0e4f940879de9f65e44ece5e0ff77c3b42a6e11c59ce522c984dfbe8fb9d23f58cadbc671d69acbcb8cfd48e4efff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\indexeddb+++fx-devtools\idb\478967115deegvatroootlss--cans.sqlite

Filesize
48KB

MD5
b614147054f15a64e23912b2137b401a

SHA1
2b7af86a92dde04544a80c06bf0028465955a02a

SHA256
3de3b2c1c6e7dcd0e2d1061b87c05fa2a0fae3c9c64542bff9022d550d188fa2

SHA512
39d4d57c4d9f197ffa05558d66d6d66c0a3e0e2a4a3216d5e011960db4565139cf5a0eb189f27cfa11d59700ab870291b74174dbfc2b361c9d5cf7805651ff69

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
da1843bd78e186e0ea03b556a2fb5cc6

SHA1
220573bd78f237f2d082107c62dd0c45eb58af74

SHA256
78e01b319ee89bafb2ec273f06f6f75d685af339767c114da770d77231b8b97c

SHA512
6ccd50cd8223f69b95cbd7d4d37693b9255cd9172291d31f12b73019d7e40681a7fe19eac25dd21a0d9256451a184743157637696ae65f85ff008a5993742c3b

Download Submit
C:\Windows\INF\netsstpa.PNF

Filesize
6KB

MD5
01e21456e8000bab92907eec3b3aeea9

SHA1
39b34fe438352f7b095e24c89968fca48b8ce11c

SHA256
35ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f

SHA512
9d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads