hxxps://www[.]mediafire[.]com/file/s1g345cgd6nb5fa/Duck_Game_By_PoioxX[.]rar/file

Analysis

max time kernel
211s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
11/03/2023, 03:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/s1g345cgd6nb5fa/Duck_Game_By_PoioxX.rar/file

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133229816943618983"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
6848	chrome.exe
6848	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeDebugPrivilege	1260	firefox.exe
Token: SeDebugPrivilege	1260	firefox.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe
Token: SeShutdownPrivilege	644	chrome.exe
Token: SeCreatePagefilePrivilege	644	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
644	chrome.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe
1260	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 4696	644	chrome.exe	84
PID 644 wrote to memory of 4696	644	chrome.exe	84
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 2920	644	chrome.exe	85
PID 644 wrote to memory of 4304	644	chrome.exe	86
PID 644 wrote to memory of 4304	644	chrome.exe	86
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87
PID 644 wrote to memory of 4764	644	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/s1g345cgd6nb5fa/Duck_Game_By_PoioxX.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ff8a53c9758,0x7ff8a53c9768,0x7ff8a53c9778
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:2
  2⤵
  PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2144 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3156 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3124 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4748 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4956 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5284 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5156 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5664 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3312 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6108 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6256 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6268 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1720 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6404 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=904 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7048 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7208 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:6360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7400 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4612 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1060 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:7108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7632 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7596 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:6172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7980 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8088 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8292 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8472 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:6204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8640 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4616 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=9276 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:1
  2⤵
  PID:6520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7416 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9652 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:8
  2⤵
  PID:6660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8712 --field-trial-handle=1864,i,2927819098637101920,9591738362965808648,131072 /prefetch:8
  2⤵
  PID:5288

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1468
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1260.0.2065216889\987213922" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c458e54-b515-485d-9578-6741e49913b1} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" 1924 1e9e78ea558 gpu
    3⤵
    PID:5004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1260.1.612454122\1939633401" -parentBuildID 20221007134813 -prefsHandle 2308 -prefMapHandle 2304 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8b5040c-7b3f-4f33-ba03-578c9797ba0a} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" 2316 1e9da972b58 socket
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1260.2.1470827653\534785086" -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3116 -prefsLen 20996 -prefMapSize 232645 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00f2dfe7-96fc-49e7-a6c6-92b0d3094f16} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" 3132 1e9eb5f4358 tab
    3⤵
    PID:5476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1260.3.1699621075\694206037" -childID 2 -isForBrowser -prefsHandle 2356 -prefMapHandle 2956 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a868cb9b-6d73-439a-81ac-57610195391a} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" 3484 1e9ea272558 tab
    3⤵
    PID:5728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1260.4.505170206\758590992" -childID 3 -isForBrowser -prefsHandle 3980 -prefMapHandle 3976 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d21c53-07d5-46a3-b952-96ebd929fe62} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" 3992 1e9da95b858 tab
    3⤵
    PID:5784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1260.5.2055835621\1360821831" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5076 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {113e545d-8d3b-4b00-becc-222bca63ba37} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" 1616 1e9ee0b2158 tab
    3⤵
    PID:5300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1260.7.1706130450\1386500750" -childID 6 -isForBrowser -prefsHandle 5348 -prefMapHandle 5352 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4f9b9b9-7846-4e4b-80cc-e5a830b8c311} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" 5340 1e9ee0b2a58 tab
    3⤵
    PID:5680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1260.6.1518734270\265194919" -childID 5 -isForBrowser -prefsHandle 5156 -prefMapHandle 5160 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96b79505-c366-4eed-a636-f0e66ccf0a2f} 1260 "\\.\pipe\gecko-crash-server-pipe.1260" 5148 1e9ee0b1e58 tab
    3⤵
    PID:3848

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
06e40f668ea6c27d90b9406ae12804cd

SHA1
dbcaee8dbc9e88a025e041584fda26fe11aa4f26

SHA256
018bbb7baf06db13a41c1c3a752ed8bae4517d6a7459a24d2f9aa3956f7812dd

SHA512
35cb60db182a708cb72252409ad78828a04a5a1588c0ad30fdcc1062c387bc837e5d4ef634eea3ab8290033c320cdde3f62a84de649fe669d920a535083bf37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c94f0be8378041033d63b91abb257ccd

SHA1
a969cf6e02d17dae6c50d03ea4d07cce1003b61b

SHA256
97e6f3cb0b9a3ecef7c112c71eff1207a642ec0f8d52d6fcece7a1ca79427757

SHA512
3f5e6bd027f4ccb85e0601a0163f81ce98841e9790ff66f45fac2bf19e31179584411fe3958178e170f38365f6b5b5428920f3bac43bf3c5df4dce35adc2aee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b97134a8d69ac77a2a23e70527604954

SHA1
f4cf1fe215ed4e439c2455f6397a9b87855242df

SHA256
67421bd0f006f90a782702a8a9938e9c85a70331bfe0269c57d3f3e8a5e2b010

SHA512
c2e715b588d1819183b5e6d6857d7e028be9e2edde3c41e6a54b15625a3a87a248014fd2cf61121cf6390c75f88f9d453d1b905b4b754c4b74d4ea426fd5bdcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\92133e9b-112c-4795-a08b-89abccb78d5c.tmp

Filesize
11KB

MD5
6164e35d4e12616738a16c4ac06dac44

SHA1
05a720ef2b38cdc4fb55d8a78ab7a9b7246d9e43

SHA256
c05dfc41e4bbec2a80bdec553b69754a7710331a3818ef0bcb2b92673abef228

SHA512
4ff7c0e10e932cca373f6daa7387d40dd8745c9a6378283dee31b5870442b4b106fa736fdedd9762011c3f5659f8aac1265a41da85806233a56dd0cf1f70cf0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
b12f0eb73dfc33c1bb4db998b10ba75e

SHA1
b21e1171441aeeb008c083a51dc91c39768f3bf3

SHA256
6b7740cec504bb0bcd3ee275f3590331ff07be88e3b56222b4eb023addd44beb

SHA512
70e0f3955dd0d8ab2f8b555b5fcd265ae6c87b9bdfbd8c641b18588e91fd0ff8a089c74e01c8e9dcf2bbb4ea4fad6dca0fc9a92d09bf5b650efb3cc45fada884

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5be5030100bcfd9e1e7a207331310711

SHA1
864f961a1f1394e09c6959ba53291b84d203f54a

SHA256
0a15599e3ec0fb2d91fd64e402356cc9c902476b407b416ea783519acf1930d7

SHA512
9b4c3565eeaef25ae66fd87e27e9d957c57fea14a53af20ba1a897c28bc081463128837b853a5af5b06b0b0051736e9cd99fc2e00ee87567c1d150883a7f3b3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7fb93dd51f83341cf8d1f8558bfa4b7f

SHA1
f3b7eba3b4be6d75941ba7b1e43abbb28dbe5e14

SHA256
9b129f13052f54f5131c757cc3fa4b44b3cea46d0c0d40178a9da60117d219cd

SHA512
c5908d344ab8bdc9e24f0686dbafdcedd61387964ffa8b655e1735a43fc2447d1394af7b0eb509afad5dd3ac88642165437576d20042d6632e406ae4dc2b5a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bdf75eb998696c60756b643c7c90e7d9

SHA1
d121f64e72d3ba95aeb23aab68dd6efc325e9751

SHA256
c1f126deeb3d029639694449260ba07292513d5e73aa335e7094c8776b1f6adf

SHA512
191e9af345a90b6a2108d032ffaa714c4b9adb7716b76ea1ecd71a4a7e06c1ec568d229ef5611ab6ca554988c89567f2083b378d3fe7e60a1ec925f3b67520ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3097f624c0edb9146c0d0110b221db7a

SHA1
a729fe8f914a0921be8ed294cc594442d640295b

SHA256
fa6e8177b400f08c529c50b79e11a21697d3d14aad39b15887894393e999ea38

SHA512
7918bc600451c2234069b367690adb56c1598aaef37c78d0b929e1eebb05fcc971a5493ede12db4a60e0c96bb993683ed42dcea8c68f12a96f8bbbc5666b5a79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\dff53586-f85a-4fa1-ba04-79f74f0c471e.tmp

Filesize
2KB

MD5
791cdb8ffd8aee6d25bca96af12e9626

SHA1
ed79894fb6773eed37a5b1da704af4e209dac69c

SHA256
0d9dffa0fa032ea8af3c1bc7efc6a1cf750bf2968b5ec055a966661eadc3c714

SHA512
868ee2e04ddf6d2b74edebd05f7af11e752d4d34952057a5d354f91178d7c27b9207ba983c39f82e157a17ef31790b703c044215dc1c0ab27e4c506576b8edf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
df2682b11756666619b3626d9fa5a08c

SHA1
bcc374bb3e9f4140a6d40a6b12416e215080014f

SHA256
536f5ce524706b27a342675d1c9e1b651c9cd2e0ec99df8e449b202e7b214de9

SHA512
d928ac450cc309bbd039b9483ffd3570fb270e0b345b27c42efdb9156a29ba935cdb5d9d72f57af193d33b3efa37fbb0b7609e80b75e42d7c9b295fdd3c4a4b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ef3522d548e95ea606d2d83e3f13fd25

SHA1
6f4c087583d37b5ab5c89403efb1f57df43b57cd

SHA256
ae43b372cb181e4962cef0f5a207e1c80a873e14ca259ca52210f1c2b83256a2

SHA512
55f3d27d5f6ded1eee72b8f0dc6c55191b4513d4a75fb5b3a2b4d97de8cedaa9a882b18ff8ef5c8653990241de3adda2f15031067c92d708b93bc550be8d81e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
ed72018a7467ac8acab70f33da6325aa

SHA1
5b42365e14190011cdde78a04551907327c5eb8c

SHA256
87b58650ca1cc8b70cec1c724f617046bdddf4c18967fb3e9ee1e2b48639fe6a

SHA512
3e4e2ef3c21fe40b9cb2e57f8d45e4f64bdcef59e3af056e491330528db62ebdae7122bc7d1b1a14d540ae0fb9e908ccd38ee637dc7e392c34bd1bde2ca86555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
1ec2379b9643e7d622e122dcef02fab7

SHA1
0471fad5a27631627e5ff91091068acc5702dea2

SHA256
28cf6e753e829e4be9eb8964daf3639c7984a6c6261acbae02ff6a06a3400aa8

SHA512
6f4391a1f35e52f0b8d89e53435a984d3ec8c9b36d36e83e238f9b9c2b9ca5a9e10aa531197266c215cdfc95a84efbfed67e85c0b950c591fcb5565fb854a118

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp

Filesize
154KB

MD5
9b181b791d50cf6c522e7f7a7da2dff1

SHA1
896f01fd4e5fce7dc7e6006ee7c290eea1253914

SHA256
62e64d5d80de8657b1f6a0fee5a18473eb7e8133bfa6038f88ca38b515d0449f

SHA512
3c7b35b637b3d9e897c47c4bf5e06ce07f64dd41fd1f86147a59451b5e57db77cc40d07c9e39b46042376f94e79cc5afd77c7a882c71a765030632ccccfed7e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\2529

Filesize
9KB

MD5
cf81363a22142eec7531c06a808806e4

SHA1
ba67a1e4cc4a1f5e9a834dfffd70bcebf021c1de

SHA256
4b86c5a49a0b9af83dd981936b19d6fb6406f5465ab948a0020528c4952cc664

SHA512
4229265c8f6f82159b5710970e277b8ef05762a1c26d09031a477a68ff9da0f571e5fa4f03dd0db1d91d22ff1ab07b7ef71171ef17bcffc49e1b253a53e5322f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\184C843EA0B8CD10730CA2564A233632E40FEF45

Filesize
14KB

MD5
fb81fb2d9bd9aeff56ab364fe84cb480

SHA1
8fc4e6c2470025a9beed64fc7c1fa67268a12fd1

SHA256
9930eb2ea6281b5b739d1afab8720788fb9648b74f0f574eaaea5ba87a632000

SHA512
8a17d1a3c953da77c192ab045c4ab285c845625124f09009676e91271ad440873ec61fe2c9491c333c6381305860d3ca6bced629a80b0959940817fcae9adbd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
aff72acf8c2b64bd7edeb2d4e1db00c6

SHA1
2e4a46b1257cfa88296e93299872e80924f0930c

SHA256
5e4ce8ae7104ac4713224de2684e55ce1106aa362cb7e166e5cd1c7f8b57f518

SHA512
cfd75522de1204f0db4802da1420a21d3dddf06034eb3ede01bef1ab03f92a1e771aee3cd95a344ea4c75a30cc68da587b53c0fff5bc3cc785e809012179bbaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
703bd7d93c20899ada24dbe396bf0677

SHA1
995fd7d9cfeace512207c409497e81763f7d473a

SHA256
28ab0b15eac3bac3b6d6bb4d117c1d57e98cfe78091e9ae0e308fbcaa47f79fe

SHA512
3b2300d6a50744729c8c7c9991c1b89520cd6a39dbfd48216bbad4b42bb6182a3be2614fd5e60d89517ed23853f23882ba043ac2aa4aeb64794bb3875506feaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
7KB

MD5
5c762a623f0d85c8cb5b0c681b6a5d9b

SHA1
8cfe583ae344795cb5a2eedb542dc3d0c0bc8048

SHA256
e9a7725b5864550fe4f6481954327df80c6a06aecbc65ff487541b0a42ddbac9

SHA512
e39cc47ce8d68d0190e9f247e4781c767e9811d69b00fecdb6b54dd22bb344335a0f9f60a366486d8a9f839a49504668bb3a238530675d3c45616c3af2f21ce2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
9KB

MD5
4e5247d686b339ad0a374620e3732e91

SHA1
03f4f135a62ac537a90b826aff10d1af1d3f3dba

SHA256
95d6bfbd2022a07593ea7eeca16188df663c939aabbf4a62a377af7d931beaef

SHA512
b36320765ab013880c512fea7fe9fa737801312f6fae7263b18570527d4b8d41dbb3f716721a03ccdf785bf4239c024d9bafc75f5f8b1819b4a15b07088280fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
cb3d64ca7a36718610d99a4206b45873

SHA1
db6df27a1a802c206f5a0c633952b8d393205543

SHA256
6d243c95d63bfd1137b175f81ce3ee431851c0bd1338763751a3d794a2fffa77

SHA512
373feacccf769e45ae070c7d04f5425f84f54fc22eeced1408be946e93c30194350aa4991ac91def8e28c08420773fea833d1881dec3358873d6a82548d4e3a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
93e468b664793125452afdf5e4ab2630

SHA1
054c4cdcde7a4e8085e52ba1042d4c8079fe3498

SHA256
b0a741909d751023b1368d2849ee6d33812165d2668f8bd89e0b3683bd1ef08a

SHA512
99cd527ced26a80886883efcd8a2025a8a17c3d826b756db0bf6d13d1b43a985af0afb0f841e15dd7b69c37a8db30c770c2ad3d5b6547604547f7eb611fdee1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
34990ebe8a46830ecbe1e3ebfcd97ada

SHA1
ef4542b655fbf7c984164a9c9f97a1edcc1506f5

SHA256
0e2bf47cde654db8c1e07c939aee2920b9ae6bf96c9bad70baf0154703f1da2b

SHA512
33b9a3dc27f3ab17229141edf1e6d4df0983a1a36b93f0f92736c539104d72cabc79e168855b41c38f8a6c3a7eef48a95b3e0edf5c843c1225369654b225bf78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js

Filesize
6KB

MD5
9971fa8fa89a208685d3e30835832fb5

SHA1
5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

SHA256
13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

SHA512
02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3a34402b76ba76c353a3cb5ea245137d

SHA1
3271c093958ba51eed8f1fef8d3a1582c6d3944e

SHA256
3db9ede156eae5a60130813cc98a94a9bfe416a8c5257683f4fc79e5bd190fe8

SHA512
bdd02c406ccbc3deda8c6bf2f6b0202af50ed9d80f62b41ee4c425b86525426846ca0aa380f15f1be0b6fe57ba088d38c965c054817bf796a74d5898526547c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ece61760c33a78e6147e24aeecbcced5

SHA1
379898e2d9f5d4f51f9d23b254f31aa9392be19f

SHA256
08d89281ca83433dcf45bc3fe8917ef682838ec83fbb2692dcfc6f2ad83808a3

SHA512
6dcedc3bb7e4feae914d80a0f3fb0ead76aaefbecb24b45a90e1a2f19413fdd5c051b77f0ab3b758c9c73d39fc6aa0984548526b2d046bc761f898bcc00cb345

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
98dac3ffdf2b508197695ba9aacd3026

SHA1
5f227d8fdbfb5fd8b714d7e5aa1363f47ec9ce7c

SHA256
b09ce5645649ab0fc929a71a435a53001eabf1398547466d65ddad3a9d89b13a

SHA512
2457c708245b14313b4920d461390e6e4a71a9be2193a16469750e7776a287ff7d023420a0a10e3e32e12131b69a3e74e470757cecd13434de1172680929131c

Download Submit