2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e

Analysis

max time kernel
274s
max time network
301s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
06/10/2024, 01:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

AutoClicker-3.0.exe
Size

844KB
MD5

7ecfc8cd7455dd9998f7dad88f2a8a9d
SHA1

1751d9389adb1e7187afa4938a3559e58739dce6
SHA256

2e67d5e7d96aec62a9dda4c0259167a44908af863c2b3af2a019723205abba9e
SHA512

cb05e82b17c0f7444d1259b661f0c1e6603d8a959da7475f35078a851d528c630366916c17a37db1a2490af66e5346309177c9e31921d09e7e795492868e678d
SSDEEP

12288:GaWzgMg7v3qnCiWErQohh0F49CJ8lnybQg9BFg9UmTRHlM:BaHMv6CGrjBnybQg+mmhG

Score

6^/10

discovery

Malware Config

Signatures

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
167	api.ipify.org
162	api.ipify.org
164	api.ipify.org
165	api.ipify.org

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\INF\netrasa.PNF	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AutoClicker-3.0.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1100	AutoClicker-3.0.exe

Suspicious behavior: LoadsDriver 18 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
632	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeDebugPrivilege	4700	firefox.exe
Token: SeDebugPrivilege	4700	firefox.exe
Token: SeDebugPrivilege	4700	firefox.exe
Token: SeDebugPrivilege	4700	firefox.exe
Token: SeDebugPrivilege	4700	firefox.exe
Token: SeShutdownPrivilege	2188	svchost.exe
Token: SeCreatePagefilePrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeLoadDriverPrivilege	2188	svchost.exe
Token: SeDebugPrivilege	4700	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe
4700	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4492 wrote to memory of 4700	4492	firefox.exe	76
PID 4700 wrote to memory of 4732	4700	firefox.exe	77
PID 4700 wrote to memory of 4732	4700	firefox.exe	77
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 3576	4700	firefox.exe	78
PID 4700 wrote to memory of 1084	4700	firefox.exe	79
PID 4700 wrote to memory of 1084	4700	firefox.exe	79
PID 4700 wrote to memory of 1084	4700	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe
"C:\Users\Admin\AppData\Local\Temp\AutoClicker-3.0.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4492
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.0.1557861187\1775846377" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1664 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b61011b-59b5-4ee1-87f2-3c9b29eb7ede} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 1764 2a844ad7858 gpu
    3⤵
    PID:4732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.1.1008884966\1767582034" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb31d46-99b4-44bc-8ecc-c36f9441a710} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 2120 2a832771058 socket
    3⤵
    PID:3576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.2.253581616\941203824" -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2940 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c884af1f-df6f-45fa-87d1-09dac607d29b} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 2916 2a844a5f358 tab
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.3.2045817847\368569422" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 3400 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d6d8dbf-164a-44d5-8de4-7f619496a818} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 3452 2a8473e5a58 tab
    3⤵
    PID:2604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.4.346247869\1750461208" -childID 3 -isForBrowser -prefsHandle 3400 -prefMapHandle 3464 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04da59e7-0a69-4ac6-8a23-621af3de6907} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 4328 2a84abe4658 tab
    3⤵
    PID:5004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.5.843656945\1929867707" -childID 4 -isForBrowser -prefsHandle 4892 -prefMapHandle 4964 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {74582a8d-fe9e-4733-9765-b788521d55f6} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 4904 2a846192e58 tab
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.6.690709005\920500063" -childID 5 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f0d1fd2-9712-43c2-8505-4a3724770703} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5032 2a84b43e558 tab
    3⤵
    PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.7.2107151267\632657486" -childID 6 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e21fdc6-f4f0-4057-b644-a54d80746217} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5228 2a84b441558 tab
    3⤵
    PID:4776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.8.1249335225\1858202904" -childID 7 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f16fedb-e05f-4d85-b72c-88c334301487} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5264 2a844e3a558 tab
    3⤵
    PID:3436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.9.1240487593\1785283829" -childID 8 -isForBrowser -prefsHandle 5628 -prefMapHandle 5632 -prefsLen 26593 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f5ac30f-36d7-46a1-85d9-c37153186d62} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5620 2a844e38158 tab
    3⤵
    PID:3164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.10.629658906\1039907734" -parentBuildID 20221007134813 -prefsHandle 5656 -prefMapHandle 5660 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9aca7f21-bb78-4c64-ba2a-e0d0d26e1596} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5632 2a84b2ad858 rdd
    3⤵
    PID:5032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.11.435036571\461915156" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 2468 -prefMapHandle 5280 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {127cae7e-442f-4cd6-b31e-d13bbd8fd218} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5304 2a848e9da58 utility
    3⤵
    PID:5176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.12.444589674\494310624" -childID 9 -isForBrowser -prefsHandle 4892 -prefMapHandle 5432 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad67d1bd-21d3-4650-88f1-95ee6025d53e} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5428 2a84b43f758 tab
    3⤵
    PID:5208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.13.505800743\863468555" -childID 10 -isForBrowser -prefsHandle 4344 -prefMapHandle 4368 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba26f9d8-ff90-4a2a-a9ba-8eeccda34e04} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 4660 2a832769f58 tab
    3⤵
    PID:6068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.14.1804251322\339681063" -childID 11 -isForBrowser -prefsHandle 5380 -prefMapHandle 5328 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2cc08ac-9b86-4088-bdfa-40ce5160f6a9} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5344 2a84d4eba58 tab
    3⤵
    PID:5344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.15.493121307\861500725" -childID 12 -isForBrowser -prefsHandle 10292 -prefMapHandle 10400 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {741a9fb5-15f7-42a7-b266-47270c3f8121} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 10284 2a84a1b8858 tab
    3⤵
    PID:5764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.16.673554825\213732722" -childID 13 -isForBrowser -prefsHandle 4992 -prefMapHandle 5208 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33f15d0a-1499-4350-9af4-4abda0918c2c} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5156 2a84cc0b058 tab
    3⤵
    PID:5908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.17.1561593855\535124361" -childID 14 -isForBrowser -prefsHandle 6252 -prefMapHandle 5152 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {551094d9-3a16-42db-b003-029804e8d4c4} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 5184 2a84d490158 tab
    3⤵
    PID:5172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4700.18.1825934692\1491214336" -childID 15 -isForBrowser -prefsHandle 5208 -prefMapHandle 4492 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c51b28dd-d251-404a-bc7d-ac36ae5168bd} 4700 "\\.\pipe\gecko-crash-server-pipe.4700" 9876 2a84e6aa258 tab
    3⤵
    PID:1780

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:680

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:408

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:4128

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2188

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:2788

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:5248

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:5296

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:6028

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:5612

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:5680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12602

Filesize
5KB

MD5
6ed2062ac0cecaeb3596d85b18e9cdac

SHA1
5882570f6a61b54014504f511ef0de3cd6c67beb

SHA256
57f60b34667d037778a3b4118e27072a5c9e21db445b12402ee1fd17a875a9c7

SHA512
b3937830d8058ea823ae777292d479bfd289cfa095a37b0c56a981e27620e8838122c5515e8ccaaeb1bdf523fde3ad818f6ec282ce9349c7c88f0710d2374310

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12859

Filesize
5KB

MD5
89a47f216b91b28d1aa67bbc45dc8f77

SHA1
9793b3b4d8dfe3943a6daa8628f62b3c4446c4e9

SHA256
a273d2b9becdc82ac69a45f9fa98c9ae610802797a5eea4a7835369a0b7a10f3

SHA512
4b9b0f80addfe6f923f4fae70d58cdbfd60fc376f001b7f2836ba6032a4eee41a1ae4a93e48b501d0d7cd0ba6bdafc41f86cf383d0f8c9340e516606cbeee558

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1350

Filesize
6KB

MD5
a9ebf2e21016c45e9e238e84fbcbea36

SHA1
acd9174b0f6efbbfaec04fcacb030da891504485

SHA256
9bd0e5a934121e9636201241166aac4106915a5c49a496ef84a3ddf4ac9e175e

SHA512
fc9919e63619ecaeeddb60090a6a6b15fbed1acf517f563c417bb3b0b887380a6a92927f405f585dfdf1a4032fb23de38b0ca22fe53fb3fc3d3cce75cd4dce27

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14971

Filesize
6KB

MD5
0a039d6754517a87bf3ec7334cbe21c3

SHA1
c774ce137d595083a321a41191333b66d2da2fae

SHA256
5577a24c37fabfb3da340d6b30028bfeb37db51d950887dfbdfcf6fe7304be53

SHA512
d9ac1d230587b0b07f7f5c5d0bbccf7ec13dc89515fdbed99a369972de0abbf7f6712d8ce91d2201289e24dc0ffc99547666c45822eefcbc5d24a52749ef2e92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17574

Filesize
22KB

MD5
b4c6f25e6bb3df1e098fdacc561f7b18

SHA1
1168676ef269776781b983c062216670fcc41586

SHA256
8a5cd2e2f27697c5b37aea221855d5bb6e526fd0e16dfde9df148af323a6b993

SHA512
84258d388c3ca6e0e22befc9c2e64352df958b6cefe6e31c13dbe9f226467d77d7c5a04e206e1b8e78e1e65b4cdbfe95c52b52460ba25b91c11548db4e3c3ab3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17763

Filesize
35KB

MD5
3bc2f310158906e9fcc96d188a6a7878

SHA1
a9d8b16a73bd726ebdb678025a9cb4f2e0bb2749

SHA256
ce306e09541f3040dd30826c82d5f065e30a6324339e3bd8384e8b46cd93d4f3

SHA512
9c93b203e01ff410fb8e641a208540bbc76abd565fc920d24e5dafcb194aeba9fcd89633b2052ce23e950a636a8c2e4977a612be43732b76cdf14040f3da9d03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1785

Filesize
6KB

MD5
ab9a54afdb5668310052fe72ca7f713f

SHA1
aa66b2b2e77fbad16503f343356022b8d6021f43

SHA256
ae2b4d7d9ff2284b318d5851de66a331a6648e7d2d72b21ab4947901b82992c3

SHA512
7c93579d4eb59e994e1c2543863c4b7f336dd19efecee9ae2fb67ed89ab5e3d8ec869c9c6cab38e0db6ea734007bbf1b382f3bb55531ac1fd22ee84ddf86c213

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22230

Filesize
10KB

MD5
1b5ec63971f773badaabd85c489bc364

SHA1
14d53b1c29c6088051c363b6d5bb770711b5b6f9

SHA256
087184d11503f08d6f511470caded60bae2e5dfb30070a861e96f07915c4b509

SHA512
6178a12ccaf8915084435d22f3626a4df194662d61a32827605072fe715d1e9261c9239cdc62ca227564cbab5286d637980c95f91482f1e4cb4354a7765cbcaa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22499

Filesize
6KB

MD5
e10f2d5500d72fe59ebd16298b8680c0

SHA1
39d8c7c54269bb56bba8ce44284d4413859275ba

SHA256
8159da73c7b98b05243947d26fb738decc9b8efc250ee1daa43c265e86aef475

SHA512
14f25d3f5a1e7a5ecac3242afb66d452191e4e3cd6a7f3460f62f5f844bc1977376c1f5864c3a0081f66d113f659cdbfaff3707fdf8b0643e349932adf589b67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\2492

Filesize
10KB

MD5
43ddd8f139e5fccadb1fe85fdb12d8b6

SHA1
8a996a05c4da277d55667ea95dc23d529b356a9b

SHA256
e71754f7129590634bee8a84ba0a5f9942f81f86626b5ef3e7702a69f8b09fea

SHA512
2b4b9c83ed6a1de7104ce8e71562626ab4f3db39f98f09aa78a116569f65fd8b4f3f97374b863e4661ec7e1fdba98abed6416adad7c94654080a2c30f760ddcc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\26269

Filesize
21KB

MD5
c607d5ec46dc4a9a4333d8a9f4193cde

SHA1
546e0b95ba427354d133a97bc85bc0c3177b1520

SHA256
50ddc3a3af9216c58c9024e3599089115612febf4fd9b0dec3cb7c1661ef0231

SHA512
25ef26f372a4914f6802fbce965171211a444c801536dce7105b0c055b228f7113763f503925e49457153c8723097fc9053ee77d0b92e7be0762b61c7929c405

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\27930

Filesize
6KB

MD5
9d8ba87dcf8603f6e24d92366437f786

SHA1
e6c162df12d780529316d9a73f8c20f1bc4c0259

SHA256
bda6c9b46617d9ee8533183c5e709899232918962ea2281d7c146a71973f2a3f

SHA512
b0a9505d9ff67e67bb73807fb4c24e4be2550a3cb51fb24688c12fbdb6973d1ca85f9a9ff43bf521dbd21aedd87fe95a87e2eb5536f38f17edadd10ac7446f43

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\3178

Filesize
8KB

MD5
9ca0b3c2f68ef42650a3e7ddd26e9c09

SHA1
79d02d507a7704205b13577dc9cae6da620a6e49

SHA256
3600276d0e8f21a9b65c11f9296c7422dc8f58f6b40f19c377ecd50f74fc33db

SHA512
dc8ae2ae09863d1aae4ac94cdace354299e557a9f79ec21821af478f4c30398e72edbc66a8dfdbf55fb3cc5c2dc5f6f2f116bb4d056dfa7de6693378414775ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\4828

Filesize
6KB

MD5
7553cbfca4c5408abb2373d76020c50a

SHA1
710263ddad37f3f6f3176a42fbdfe7186552b693

SHA256
ef936d74ec4b071f366be894b26551e3f215d6bde40dd2e19807463caf3017c5

SHA512
20782383cdcdb3cb2be169409e7d58a8f5a4c3cd23c83280951326fcf43b28097a5ac53594d9b1c777adf89372581bf79986b0d97373cee899861d0c7aadadf1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\6531

Filesize
35KB

MD5
f357f8f99ab736f84f863b07bb5df696

SHA1
e83cef06b53b8baafc92aae826075f430c9c7b7a

SHA256
61c6cb6df3494f333f7710dee08b355a7a71fe6b7f996a04a7052df63d8e6522

SHA512
2a18f883eeeef134d5be3939f3b0e26d50d0cad8d8e8eb590832c29a8c4c8f479eb18b18eb05f0ff68b1e35011b95fbc75969e77cb90dc9ebdbb3cfabb3878e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\8516

Filesize
44KB

MD5
d1cfec30eaaea28632ae8e480901f8b9

SHA1
1ae1508c548306e52016028ddff3024a238088e1

SHA256
697efd5f8023d0505a8c060f1329fb259f9add2afa025bccba969141d1b1196c

SHA512
fc195f812f088a67959e2eef68932b753b3bed57e477e03ffbdc433d601660da43aff8ca1652f9e47ce60f8fd8100a1aa9ad4f26b6ed1487153de3a338981c6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\37E257F36656E7ABEEFBA8F5F241BA22160775A3

Filesize
105KB

MD5
6d85bda772c676544055828b24010902

SHA1
81286cb2e97289a1ea8fc56c95c98fd80af76d8d

SHA256
312ae5a079b9541f5bb62ded66c19887f13d1ec69adc31adbc2b3fb999a2c924

SHA512
d0b5f175e8479de3efcea06c4b4703c3307cc7d6bfe9ef5db907ff1b5c95e27973d3fed617ee81560b667c1dd5a1ce4b439b94087bde3cc772f5cfee3b452787

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3B0E63EA9DF83720DD0FCD5FE60D0726C2679D98

Filesize
14KB

MD5
66b8e7f5bf02819f6a0258919170e791

SHA1
02089fa0ff8d0be49e2e7dd3570a2b3316aa531d

SHA256
229c1f8624fed52326708a41bd03df81777b3ae55c3d85e7d56d7c9bc8e18d5e

SHA512
95eefeed72849b6ffcb5ab01e4871ea0c96175b6de73fc3e4121f24e540d831deded79478e300f54baa5701abb0e392b82be3c44dec654db8b6b552c667e0587

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3B0E63EA9DF83720DD0FCD5FE60D0726C2679D98

Filesize
15KB

MD5
439c21bfdfcdd7122944ab8a2bbbb4f5

SHA1
ec80b0de7627a66f685c7647f6fdef5d3440d67d

SHA256
73ad2f36687fbb456beb150c369eaa9c821ba0198c132ba58178095bda8bab44

SHA512
06e3c48aeeb8f9a5d747be0bb6059b97f42eb819c7223f29997306abf3114cd81ddef8956f3acff840330594b9cec829df7d7eb9f3010b6350333bc23209a8cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F685D6C5B2B5A655F3D7D3DF78BF6F3483EE7349

Filesize
18KB

MD5
567316adcc00109b219cbb00930c4bda

SHA1
8f9c63615a7622fc2b6fe7ddec6044be2b1044a0

SHA256
794e3080928f04461f4c33fe7ac1fab3a37ebd752e8853a6e46457d9799d8570

SHA512
2198d62824f7880fe8199d1256cda1ccb3a109229a919093490cdb7585bea9d64897bc8f6f286f65df6819f79e56bd043857bbfef7f2274bef9f7b5f8ddbc3f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
fcea4c130076d8675f39ec9da86151a7

SHA1
199ea4f2d8eed0ec7e00c44f827f87c8b8310bfb

SHA256
eeb76e930eacda856f61997811fc26077f34f555261e3764d7ae044f04989615

SHA512
d994b1b9c7966274b421cf3c0c6916996418dd44b7681c3e5acf93cf5dc3ed404a78e7c6d528ae84b547a5ec94677f3aab0d072dcb9512d406d9876c2aff0de9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
8KB

MD5
f4f6251af6b3d196862d666831e749b5

SHA1
8fb7b81ee76e32ec36f612db531ef50fe0cb82d5

SHA256
ee0422402f737a2f1c98a0dcd11ef8f4a8d26bbda2907152179b4b9e3f3e95b3

SHA512
a3448b6bb3347eaabf2182ab464eced89bcb4bd004c7892744387535b41465e7b35680a1a02e463d329e1f2ff1d64c983b6c1e13265eb3ed10281ddfca8f4c11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
af2c1708ae0ac6e782f127274952e694

SHA1
2975f0fb3604fd8d688e70c456fa42ae7c49f1f6

SHA256
3fab39fec4016a70b990f96a4a93f72ef9a175186a87636a9afac7c66babf822

SHA512
2ade35fd8e325401da6ec1202133572f83c62cecfd0cd92737829899541573dbd3dfa0807e873dc2459a24c33da648cb4713730ca151d3db59053e7e18fc16f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\0e6abcaf-6116-4c4e-92f0-df1cb3d35fda

Filesize
855B

MD5
140fd30977c7e9ab0521b8551a368e35

SHA1
75f8cc0a657c3ea812dbb7bdcb5c608b2af335f2

SHA256
4e4a9e0a30503f90d4ffed34d86a4ff3cc62093c383d74b2063e6936cba6785b

SHA512
5f914e2fc2ac83bd2ee09f978eec483b005ef79f51653d403aec1f9529e262869274e37638f11743ae1ba13ac4070c638d1c60dd009dbe4567e71cf0aa71d286

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\72315721-4c6d-4a0a-a7c5-802c96caf6d0

Filesize
734B

MD5
e95bd8d8825bd168e19b022f8da10bff

SHA1
6e1901187927a357afb3e6eb9628f6f0a135ed8f

SHA256
7726a45723351709ab765f5de850fc85597e7d0873568a760b3ed29ab242af81

SHA512
54c8cce86f3a914e18739cb542250f4759d44a6aa8483d0a2681369442de628b68015047caeec73a4f267fb259e02c6e6df034c88f39c2cfdd387abe0b4aff99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\78244126-9651-46ff-a5f4-2cc7d794ce31

Filesize
595B

MD5
debcdc9f4830d59216eec06b9ba7f7c9

SHA1
cc380a8f3ae06ba4c9647333b545c48827ef52b2

SHA256
602224d78e9c2a3ce43014ffb5d21350456a074b7fe602e59afe195b89ed533b

SHA512
0d61b3268569c09aa451f13e36335d2e013b92e86fead51cceca171cf117340871222946cf276a32f689805a901a3f46921d3fdbe4033e97ab0d1f350bcfbdf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
057f899d75ed5ec731471809b17da1d9

SHA1
99b58a3c5eb484a66a63d3d05bbca1c305a8f7bd

SHA256
7b2f13e6d0f46d7ea5f82c2930785078d330a1efdf3cd0ca1ec663f50a1061af

SHA512
7d9e92e7e41d5bc18c019e70bc529a72401eb6d540e3215a34271e5cb666032bf9ef66be21003982dafe0acc473bf61e08532e8cafa91e74fa7d60d174a2c121

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
d1d05938d7c0aa97b6ac493cc4bd3c7a

SHA1
643bced8169819c7e1d19852cf57ec5f4e19cbcc

SHA256
e1764a416bd8d6e522d89e20dc0887c08d3be2ed4c8ec0d9232b9e276f5d4d7c

SHA512
5829460b96ef4b2e8e6f2545b63497d08ced42d5cf5257d415ed589abad3b323ab7346bcc7112d4c33be6879bc90380199fd8bff35175620eedd2989a4d8c541

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
cfca3b738515df705cccdbde7b87a558

SHA1
9105f681f71e218d3fa2b797f01ed1319f232e15

SHA256
36de790a6b92b2e72bb848afaca58a872995ac1833799b205e8331c24f30907a

SHA512
b9f2cc7494123b1826bcf6386f5601aeb4b37d03620a19c9d8f27df01b96565c9fcc4cd4012a9e93b28ed1c2524ce82a3e219f614061ccecff4e32b6fefe2ea5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
f6bcd08c8ea129b4801fffa4ada8faa7

SHA1
75502e09725afb6f566b5fbb0842120ef507e7e5

SHA256
5b6fd9c21c0e8f0d3ce0bc8ab8a64d3b2b3d5e96f1b407b786abb89377ac3a6b

SHA512
f0ac6d3b9bcb7709a09ee1e8b2a5e168b44d5be08b51ece33dff4bcf26ca88b54591908b4ab8f8b0dc56d815de55772bb10427fd5e10e6b47c3c49534585d5fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
85KB

MD5
4a928bf7177aa8f21ffc16e82f3a2187

SHA1
ec53c9e04955e4156a5c527089a81cd72501cb7c

SHA256
fd85188873f5f5246151eefa3459fca263210a17b5a198152540cf356319a41a

SHA512
b81d9ed47ed7c35289caff9658601c3757b6a0bd2df720f20478cffd75cee9f55a10004156cddb1a9cb82b6d2f6ef99fff36701ffb8844bf66d430c64510e5af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
2e6fa2acdf51966614b64f7a7771ffd7

SHA1
269ff79d391153c1216ab345eac53ce6c441678f

SHA256
7d62dbcce7d7147accab2269d5d379c7973f76b42f92978faa78aa7c5dccdf32

SHA512
aa3d6b4521d42166c6b7192cda56356423a7afac5a2d42e1a6193f45a7fe48c03ca4f5f9c9fce9c484fdc62ddf3ec7a3fa59d67eb133d289f9f2464d7c8df15b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
85KB

MD5
dc7dabe4e6f97c6d2711e380e3839211

SHA1
a044677645b2e92979d58ea2a26e9a5f1483c7f6

SHA256
e40330bc6fe505fe4b7e0fb8b8099115dd5dbdf0c20711646dcddbd8240d5638

SHA512
5f1caa19a2e67387a347a1db9a93247cfbe7c9adc7dbf560934c2a9bb83204824d23eeda58d10b657fbf701476750722a38178254caa88b121c549876287805b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
85KB

MD5
5e168f77ee629a56939626fc1152f008

SHA1
3895788af520c4b0feb9b8e37197a7055bd94eed

SHA256
f60255ec6637eb4d08280afc04c7380515a88e1fb451aadca92facfc06ba40cc

SHA512
12e84359e838f6275ceb33bbaadf4afc3f009cb9c5f9693c3929919fbc9a6c8e3e6432a5ca3c2336020f7285d5a3752c7e612a9fd797e10129b60d68d4894f89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
88KB

MD5
fd5df77f9689a82381fa6ccb5f6b015a

SHA1
7f6e976967b4917464db449f343704982f0e1685

SHA256
626990a0d6a888b3011e671425ba8669830892f12385215c9c10590dc1367a14

SHA512
a954f0ac2b1b8926c7153d165574671c4975e7975bb3cf05c01fc0b6004ec64f001ae2352ce761946b86afcaf1c84c9aec3a1669f1682040f592ae7e6a9e7e07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
88KB

MD5
83505017c7e5146e72763b972f419d2c

SHA1
171fccd88051943663254cbb4437d91b90c347f6

SHA256
0bba8a0b6ec9e0f0101e2b238e16e0b5e1c59d2ec9613f4302509c19ec347773

SHA512
f55ae91e158cdaf86c77de76f101623847427fe5898c3f69654f636bfed8412ce08fe57dbc6ced3fd3d560c07866c1528267c2895a8b9b04366657c91abc3ade

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Windows\INF\netrasa.PNF

Filesize
22KB

MD5
80648b43d233468718d717d10187b68d

SHA1
a1736e8f0e408ce705722ce097d1adb24ebffc45

SHA256
8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

SHA512
eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

Download Submit