hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqazI3SXc1Wi05dnEwQTFZTXZDZkJjQ29aWjZxQXxBQ3Jtc0ttTE90eGhIVTF6UUJUOUduME1ka3ZkWmIxd1dxalJpVFRRVEFXbUZzS3BLRkplampJM0FKSFAwdUd6SW1sS1JrQ0NuQVJiZFYwdXZ4N0xoNk5wemQxUmFXaVRsRVV0UHdVcFA2MHlmNk5KcWZLd00xaw&q=https%3A%2F%2Fgetcrackapp[.]net%2FAvastPremiumSecurity&v=XIbiGD_7xSU

Resubmissions

04-04-2023 12:05

230404-n9ekyagf3s 10

04-04-2023 12:01

230404-n7b22age9v 6

Analysis

max time kernel
123s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2023 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazI3SXc1Wi05dnEwQTFZTXZDZkJjQ29aWjZxQXxBQ3Jtc0ttTE90eGhIVTF6UUJUOUduME1ka3ZkWmIxd1dxalJpVFRRVEFXbUZzS3BLRkplampJM0FKSFAwdUd6SW1sS1JrQ0NuQVJiZFYwdXZ4N0xoNk5wemQxUmFXaVRsRVV0UHdVcFA2MHlmNk5KcWZLd00xaw&q=https%3A%2F%2Fgetcrackapp.net%2FAvastPremiumSecurity&v=XIbiGD_7xSU

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 10 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
288	api.ipify.org
191	api.ipgeolocation.io
192	api.ipgeolocation.io
195	api.ipgeolocation.io
230	www.iplocation.net
231	www.iplocation.net
188	api.ipgeolocation.io
228	www.iplocation.net
229	www.iplocation.net
289	api.ipify.org

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133250905517316071"	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings firefox.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

4364 vlc.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

5004 chrome.exe
5004 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

4364 vlc.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

5004 chrome.exe
5004 chrome.exe
5004 chrome.exe
5004 chrome.exe
5004 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	firefox.exe

pid	process
4364	vlc.exe

pid	process
4364	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe
Token: SeShutdownPrivilege	5004	chrome.exe
Token: SeCreatePagefilePrivilege	5004	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe

Suspicious use of SendNotifyMessage 49 IoCs

Processes:

chrome.exevlc.exefirefox.exe

pid	process
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
4364	vlc.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
5004	chrome.exe
808	firefox.exe
808	firefox.exe
808	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

vlc.exefirefox.exe

pid process

4364 vlc.exe
808 firefox.exe

pid	process
4364	vlc.exe
808	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5004 wrote to memory of 4292	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 4292	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 5084	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 3760	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 3760	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe
PID 5004 wrote to memory of 2196	5004	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqazI3SXc1Wi05dnEwQTFZTXZDZkJjQ29aWjZxQXxBQ3Jtc0ttTE90eGhIVTF6UUJUOUduME1ka3ZkWmIxd1dxalJpVFRRVEFXbUZzS3BLRkplampJM0FKSFAwdUd6SW1sS1JrQ0NuQVJiZFYwdXZ4N0xoNk5wemQxUmFXaVRsRVV0UHdVcFA2MHlmNk5KcWZLd00xaw&q=https%3A%2F%2Fgetcrackapp.net%2FAvastPremiumSecurity&v=XIbiGD_7xSU
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9ab99758,0x7ffd9ab99768,0x7ffd9ab99778
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:2
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:8
2⤵
PID:3760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:8
2⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:1
2⤵
PID:3608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3112 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:1
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:8
2⤵
PID:4104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:8
2⤵
PID:3784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4900 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:1
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3224 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:1
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5560 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:1
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5760 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:8
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5888 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:8
2⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:8
2⤵
PID:5160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4696 --field-trial-handle=1816,i,15318647092163058773,7030691512644115498,131072 /prefetch:2
2⤵
PID:5484

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3612

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2488

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\StopRemove.M2TS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:808

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.0.1685260890\1692251625" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4de53bf-6fee-482c-b6e9-4cc4dbc7a5ab} 808 "\\.\pipe\gecko-crash-server-pipe.808" 1936 1e3114ea758 gpu
3⤵
PID:5008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.1.1784699582\499951693" -parentBuildID 20221007134813 -prefsHandle 2324 -prefMapHandle 2320 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb32c0c1-171e-40e8-a210-d76251f5e0fc} 808 "\\.\pipe\gecko-crash-server-pipe.808" 2336 1e31140c258 socket
3⤵
PID:828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.2.1440412514\867699373" -childID 1 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 20931 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ef09e5c-0a6c-4c9f-a072-05c7a665a94e} 808 "\\.\pipe\gecko-crash-server-pipe.808" 3476 1e315220558 tab
3⤵
PID:4220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.3.1568241142\1576665424" -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 3784 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb27b73d-7807-447f-9c21-c26883a8ae51} 808 "\\.\pipe\gecko-crash-server-pipe.808" 1448 1e30455ca58 tab
3⤵
PID:3632

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.4.1893689703\927918963" -childID 3 -isForBrowser -prefsHandle 4212 -prefMapHandle 4208 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32ae462f-f913-4999-a844-8063160f8741} 808 "\\.\pipe\gecko-crash-server-pipe.808" 4220 1e3165b3858 tab
3⤵
PID:1984

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.5.336088446\1515488893" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 4840 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6df6b6d5-1ddc-4501-811f-b5ad8f52783c} 808 "\\.\pipe\gecko-crash-server-pipe.808" 5000 1e316ab2958 tab
3⤵
PID:5316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.7.1463657146\1649334521" -childID 6 -isForBrowser -prefsHandle 5176 -prefMapHandle 5044 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05e892b0-c0b2-4ad0-91bb-09d8c0d74a37} 808 "\\.\pipe\gecko-crash-server-pipe.808" 5264 1e317d75b58 tab
3⤵
PID:5332

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.6.1481416945\1568543078" -childID 5 -isForBrowser -prefsHandle 5008 -prefMapHandle 5004 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddd1e3ce-4739-4f70-8eaa-e9770120360b} 808 "\\.\pipe\gecko-crash-server-pipe.808" 5044 1e317793858 tab
3⤵
PID:5324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.8.1967507914\1430147386" -childID 7 -isForBrowser -prefsHandle 3836 -prefMapHandle 3848 -prefsLen 26754 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5331f06-9ef9-49d1-8ceb-426b3f5c2dfc} 808 "\\.\pipe\gecko-crash-server-pipe.808" 3824 1e304571958 tab
3⤵
PID:6112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.9.745276911\2112986401" -childID 8 -isForBrowser -prefsHandle 5116 -prefMapHandle 5132 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e171fa5f-68f3-48b5-95e4-75b6f522d261} 808 "\\.\pipe\gecko-crash-server-pipe.808" 5412 1e319317458 tab
3⤵
PID:5872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.10.541588570\683947167" -childID 9 -isForBrowser -prefsHandle 4860 -prefMapHandle 4868 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bff272b9-3ddc-406d-923e-04f98ddef218} 808 "\\.\pipe\gecko-crash-server-pipe.808" 3088 1e319a67a58 tab
3⤵
PID:5308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.11.1291356551\1815008650" -childID 10 -isForBrowser -prefsHandle 5032 -prefMapHandle 5616 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71b5a41b-9a23-435d-928d-6b9c6d1a9e46} 808 "\\.\pipe\gecko-crash-server-pipe.808" 5544 1e312ca9c58 tab
3⤵
PID:3288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.12.794790352\990091694" -childID 11 -isForBrowser -prefsHandle 9608 -prefMapHandle 9700 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04b2799f-ab8a-4b0f-adc8-9dccca5f6ce6} 808 "\\.\pipe\gecko-crash-server-pipe.808" 9568 1e316181658 tab
3⤵
PID:716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.13.1324644479\1565633769" -childID 12 -isForBrowser -prefsHandle 9396 -prefMapHandle 9540 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89d0b615-b839-40d1-b433-7be0e204ad39} 808 "\\.\pipe\gecko-crash-server-pipe.808" 9800 1e31ad4e958 tab
3⤵
PID:5400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.16.231667463\1121177519" -childID 15 -isForBrowser -prefsHandle 8916 -prefMapHandle 8912 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bac88704-fe49-42be-bb66-20cddb1ab4bf} 808 "\\.\pipe\gecko-crash-server-pipe.808" 9800 1e31aebdb58 tab
3⤵
PID:5764

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.15.551784539\1332148401" -childID 14 -isForBrowser -prefsHandle 9244 -prefMapHandle 9240 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78161623-52df-4959-8cfa-3596ec3988e7} 808 "\\.\pipe\gecko-crash-server-pipe.808" 8620 1e31aebd858 tab
3⤵
PID:5744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.14.1301102325\1053838966" -childID 13 -isForBrowser -prefsHandle 8600 -prefMapHandle 8596 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e576e908-5432-4498-846c-1c56ad4f8cec} 808 "\\.\pipe\gecko-crash-server-pipe.808" 8608 1e31ad4f858 tab
3⤵
PID:5644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.17.444697370\358670019" -childID 16 -isForBrowser -prefsHandle 3736 -prefMapHandle 3728 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c082d01-275f-4c02-8f7f-430632080002} 808 "\\.\pipe\gecko-crash-server-pipe.808" 8740 1e31a635258 tab
3⤵
PID:4732

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.18.1749835415\1244863747" -childID 17 -isForBrowser -prefsHandle 7388 -prefMapHandle 7384 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e56a5924-2f0f-4516-862e-75dca795d461} 808 "\\.\pipe\gecko-crash-server-pipe.808" 7404 1e31ad51d58 tab
3⤵
PID:5328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.19.1380413554\1010390251" -childID 18 -isForBrowser -prefsHandle 2992 -prefMapHandle 7412 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6ebf974-8616-4898-84cd-b820db7c8f6f} 808 "\\.\pipe\gecko-crash-server-pipe.808" 8248 1e31c22ab58 tab
3⤵
PID:1960

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.20.896327623\1230176405" -childID 19 -isForBrowser -prefsHandle 8148 -prefMapHandle 8152 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45ad3e7d-6890-4807-bd0e-d8919e1a470f} 808 "\\.\pipe\gecko-crash-server-pipe.808" 8136 1e31c44c858 tab
3⤵
PID:6176

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.22.1525212052\1915242700" -childID 21 -isForBrowser -prefsHandle 7812 -prefMapHandle 7808 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91df8947-13e1-4c90-baea-e6c751cfc9a6} 808 "\\.\pipe\gecko-crash-server-pipe.808" 7820 1e31c4f1f58 tab
3⤵
PID:6196

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.21.159543572\412966778" -childID 20 -isForBrowser -prefsHandle 5416 -prefMapHandle 8128 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c49abd43-a15f-4fd3-a7fe-36ffa7198817} 808 "\\.\pipe\gecko-crash-server-pipe.808" 8160 1e31c22d558 tab
3⤵
PID:6188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.23.1292060412\77736695" -childID 22 -isForBrowser -prefsHandle 7032 -prefMapHandle 7028 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5df28aea-e265-44df-8b14-12211d478579} 808 "\\.\pipe\gecko-crash-server-pipe.808" 7040 1e31c22d858 tab
3⤵
PID:6232

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.24.1925342943\1426537594" -childID 23 -isForBrowser -prefsHandle 5628 -prefMapHandle 5892 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7abcc947-6372-42d5-a214-43adda2efdc6} 808 "\\.\pipe\gecko-crash-server-pipe.808" 5092 1e30456ab58 tab
3⤵
PID:6716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.26.2004510211\1061445866" -childID 25 -isForBrowser -prefsHandle 4912 -prefMapHandle 5392 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4569d38a-e10b-4f5c-8582-b831a2ff3ad9} 808 "\\.\pipe\gecko-crash-server-pipe.808" 6700 1e31b2ea158 tab
3⤵
PID:6464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.28.156681359\247712654" -childID 27 -isForBrowser -prefsHandle 6432 -prefMapHandle 6428 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55acb968-02e6-4cd6-a77c-a6416a2dbf3e} 808 "\\.\pipe\gecko-crash-server-pipe.808" 6284 1e31a997758 tab
3⤵
PID:6516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.27.85849557\245748464" -childID 26 -isForBrowser -prefsHandle 6544 -prefMapHandle 6540 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ee569f8-4168-4a30-a18f-b9f333352498} 808 "\\.\pipe\gecko-crash-server-pipe.808" 6552 1e31aec0558 tab
3⤵
PID:6480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.25.1806550235\1051810586" -childID 24 -isForBrowser -prefsHandle 6740 -prefMapHandle 7808 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b268f00d-ba39-4c28-80f9-2ed60155d2cc} 808 "\\.\pipe\gecko-crash-server-pipe.808" 5728 1e31ae13858 tab
3⤵
PID:6436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.29.1408181519\1564734545" -childID 28 -isForBrowser -prefsHandle 5288 -prefMapHandle 5392 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dc9d0df-72d1-4a28-949c-131891c284f0} 808 "\\.\pipe\gecko-crash-server-pipe.808" 4436 1e31ab2bf58 tab
3⤵
PID:6508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.30.969373813\398423984" -childID 29 -isForBrowser -prefsHandle 5400 -prefMapHandle 4372 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed0f1cae-69cc-4ed0-95fb-ac71ae1c4003} 808 "\\.\pipe\gecko-crash-server-pipe.808" 2168 1e31292a458 tab
3⤵
PID:7528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.32.1629502252\1652884887" -childID 31 -isForBrowser -prefsHandle 4436 -prefMapHandle 9420 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aac2d842-387f-49e7-b3d0-e02b0e87e481} 808 "\\.\pipe\gecko-crash-server-pipe.808" 9936 1e314738b58 tab
3⤵
PID:7560

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="808.31.1903259639\53003843" -childID 30 -isForBrowser -prefsHandle 4536 -prefMapHandle 4652 -prefsLen 27036 -prefMapSize 232645 -jsInitHandle 1472 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {964963e3-bab2-47f4-a3a9-b58af24cfadc} 808 "\\.\pipe\gecko-crash-server-pipe.808" 5608 1e314738558 tab
3⤵
PID:7540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault6a8f4d5dh84f4h4ee2h90b3hf6dfccac94a9
1⤵
PID:7728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd9b7146f8,0x7ffd9b714708,0x7ffd9b714718
2⤵
PID:7712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3538695528689059339,7309442050277409490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3538695528689059339,7309442050277409490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
2⤵
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3538695528689059339,7309442050277409490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
2⤵
PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5988

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
49322a350cd377e70ab8449210d32d13

SHA1
0ea3eb4e319f28eb9d044751609b92f868c95843

SHA256
78256fd8dbaf1a3dcc493a9ec44f07d715dfe8ef8e478b1423e8711df11ab022

SHA512
e50f32fb3cfe08b4399b68e87b91a5ba9b714fbee5fbd5624c073f1ed7908a5a6865608a0875c3aa3bba0a4eef064dca2838fc4997e1ea0df9534ca9295906bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
3e2f402c7cff55d7aa4c0ccf695f7669

SHA1
8c00fd91064e05c338a685562850676f2c8dbbf6

SHA256
d61e48b3a01a691f7ce6db6949508db3d9961547a32d1559536ccec8875de314

SHA512
5d557e2b5e2108232a49f316437e82d015a61e648d49021669ea7577173601dd9f16b3e4de81d49e945620e9f4e934da6d610b3eb9ec6cd68b1ffa81ef43ab21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
e8d9c42bc139e8b65ae94f289d451570

SHA1
1b8ca351e9c55b3aa374ea781bb11957afbd6c9a

SHA256
469b7d51bada6684e03b815addb274f8c1f039117fb12d71a7bbd2093cf93c6b

SHA512
880d85706a01e1881dc49055eb844b72a21122c3588e3d444b0a9c1a0aa2e793167604b614dbb7cda8894392c7db7785828e004d5fd4e30f40539a9f346ac889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
9167077988b8b0754d3d84eaf3599aea

SHA1
163497e8111967dac7cbba5364986cceb1bbe188

SHA256
aac0477d1ab09b3de4035949382228f4b72ccaf3d666cf24202f11e9dd8f7b91

SHA512
022219cf21f6d69af91693af8ce2c937bda8c6a60a7d4fcb01c53d16efca88e6f472b24cdf3ee847fe73efff01969ef964e8cc01156742fc4a3d82d26e390b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
0d758bb855dca36d413c9341cbc3642b

SHA1
e325b676b6fa38e515aef91f7b484c9248f284f6

SHA256
eab66c8caa4245bfbd3c3b9eaf041bb4eec1ed4fc533b0391227fcac16c5f716

SHA512
9123d194691220794c278d6271e88c719b12f9b06851f3b319a905b707ca1ad88a04823923e68388b428e8ebed9c138ed8c404db46a63fbf0b0e91fda697051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
8207c63d7f1156e3a1ea05d68c160a52

SHA1
bf5df9fbfd6b8e8853af2a4c350336f547e0b8fa

SHA256
baf8a1c84b606296e71f0e5a2212af9ad15ec7b02a2db3b62e6ced1125e720db

SHA512
0326b4884708bb6ed3b4fb95b08a46e5b5d36f0f5848042b2d630b922de9495ffa5202a9e82985401f4e0890d0330d5ece6141a0b0c1e0aa2166efd4e9d827af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
c46a55c82c7fe01524d017096ee18cc3

SHA1
d69648ad99df3e6b7f9a13f089f93bce4e9ac93f

SHA256
0fcf54be7b87a540452b2f0a46b8d4d6420e2c5409feba50a476de0f92ddf83c

SHA512
4f9205f6194ab82ee7b24f692cac477586c0c0bb5c7d8defb131fdc9adb449a47429442bcfbd741519fbb070046b7f3dbc85a102a67f79e6dff890fbe773f3e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
174KB

MD5
af42df44080e08b0ff67ef65579f4b98

SHA1
2de116419115a32a098b250cd6e4f32e0dade334

SHA256
09d97c1c080c2452ff0cd4399385636033a50ef8beac7e59d2ee2c8a63bf96a9

SHA512
5d7fa91d1e362ccf9c4fea81b2cd96bdb52791f82740fff2875326577c6f0a58b7068b5983aa2ac9d18925e4fe838cb56b8df0f7110fc9e55043c359b1306cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
174KB

MD5
af42df44080e08b0ff67ef65579f4b98

SHA1
2de116419115a32a098b250cd6e4f32e0dade334

SHA256
09d97c1c080c2452ff0cd4399385636033a50ef8beac7e59d2ee2c8a63bf96a9

SHA512
5d7fa91d1e362ccf9c4fea81b2cd96bdb52791f82740fff2875326577c6f0a58b7068b5983aa2ac9d18925e4fe838cb56b8df0f7110fc9e55043c359b1306cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
174KB

MD5
3357cafedd82b6121db6aabaeb265947

SHA1
4dce852cca1a1b49d41f816b42add152d1d6180b

SHA256
7442235aafe90f9ddd96888b014eddd50005d3b051907f2fc090467f20a859bd

SHA512
9cf6aeabf480dfa1b4b9e3b366bed16a1b37e9ef146838d8a79198950e05e34377532535a57c9f94648586c224d7aa3d84dc59c5a7436c04332852e4c1593f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
c1408ec91e69383cb830c710ea32ce10

SHA1
da9f9b1d0a98e770708f99c19308ea72f9e0dbf0

SHA256
48dfa14960a8f9ac0053deb324b3fd98a78f5b4d2f0fac8c67b42afc76539567

SHA512
2cec0cd3eb4eb4b2973e0f95935050b9cbdeab49d639ce624a99b75fadee64ff1ace8682e97697bb731080fe0f3a2ddab6e7897ba66f0b6d23d69575d59d25a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
3KB

MD5
08682dc2c88e50b7a4eee64d5ee4b0ae

SHA1
cd4e774f50fa19aaeae05f4014abcb27c5eca851

SHA256
792a87f64f3aaaa7be9ac9fae5b045ecbd862a8477a04245770f1e6111dd301d

SHA512
e6ff5a63c97d3b23d366286666d9b9cc21a6d051f6ecc10484884a7903757c0031efe9fa787586af2af93e7f47fa32d5219ae76b802aa3250a361b1037251393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
bb5c6e228a17c176f4e12718b2a24594

SHA1
7f3d657cef481080b9851f2a0acea38c488cf220

SHA256
4ec9c16319bd6bcec1a4119c47e12a3c528df09ef30387068be7224410649272

SHA512
baeb5d3a67725476b9eb05eaa0cd3ccdf669262173c14ba0f958a50dbda2edb6fbbc6379942d4f2c9ac460ac95301ad9db889495f28cc450f9cbba8eaa585491

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp
Filesize
154KB

MD5
e0ab5f58115a6f6dcb9b9328e9940b95

SHA1
c0ec404f3ed7f5b5639ee6f8a94f64005102f5df

SHA256
e779e7d525c3daae75fc26f8193698c3631565b3a473c350aca1bc7d60ba0b6b

SHA512
763fb7c3a6b9655dd21cd8edf36dd8762296cdbe0efad808c40ce7c287f039641e4043f95eafc55478c28aadc137c4f975dcfc79bf13914402c377ac5499326c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\11541
Filesize
14KB

MD5
355ea1abaaf6efb6e7eef59c016e1f5d

SHA1
4ee48fe2a4a493fb492fbc0150ffa6802173efa4

SHA256
0c4b55b8b0d33f5e6f6269c4b25083107e72087f2687296db49caf8b3d2b89f4

SHA512
b0a7da3e78bd8b97197b5ec2a43ad930ffe416ae652c7078fc8234fd20448dcd70e12946ebbeaef02e3849e321ca7d1ca4e2ac4655d26e5573c016e0400058d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\17013
Filesize
20KB

MD5
2f9c0eb44632bc0bb10e8714c8d1a931

SHA1
f44296710af2995f3c37becf6688b38174667512

SHA256
a5b650f9c9e0fac2999b5398ed19b83e942558e93e722db75d1b1b034befb47c

SHA512
62d0912d86b67bdf8e17e74b97fd2ff80bb4d6f40c0d4dde578a0fbf71a7843b8445386a87d2f32fe6ef42edb8ce9a0de3d7645c633d1448960f271d593bbd2c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\18006
Filesize
14KB

MD5
58bf169f93edc3212af6950f7191cf58

SHA1
e612e9214563c33ee60aa8ba6b3289cb4b9a6339

SHA256
2c812083f85b12919b6a6044f674e5ce09e518111665b445a4d97c43c301298c

SHA512
01a3f8a2bb456639090dbf3c48a0114f3c876c7f21f4fb1f95feab009a037d31c781ba6a6704ba04d042350ad633d4ad77807e11e53c56d3817f18a44c448406

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\18221
Filesize
68KB

MD5
c17ff31c3a5946eb1d67effb74ffaa7a

SHA1
d44f79550840810b52a66865c87b806e9c249330

SHA256
f2026b5bfdd43766cbe1a5bc5eaaf1cdb51f55e63575d75569a4113daf0fc690

SHA512
7e90bb3583cc2ec5a453f3d712a08f598a30c4455038d5e351a5b454be898552d933423bf002775b1b56ba018f3a088384d5c6666cf71ec24b12ac8b26eff4d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\24676
Filesize
56KB

MD5
c6f0611128ae2fbbd299e64cd9173060

SHA1
afa0b8c25310ada660a5a1f4ea1994f6b34ecc85

SHA256
b8ed485901e4b1a4110eeb108021d88ff45ba539a3e5fb1460f8ce9fec9bfc88

SHA512
0e5fc374a75c6f8831ebba4d390981a24336d95d5ebab44410b740260813a07c882795e37a0805f70c1bdd57d8f024f037a1f68b947bfee167d757e1c2e3d45d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\25239
Filesize
15KB

MD5
4bb7dc32d7b24560fdb7e6b92dc993dd

SHA1
ac434e92b02c8c78c25a9efabac1aafcfc149915

SHA256
88988439a88eb21e1584dd274f943c8cedb3f7b5191afd991cc6b9721f74dcf2

SHA512
5411641ad8a129a6d70ab429d67f65ce162a0e85e3fb0c72cf8bd84434ba93641730f0ca5f014768139f079d1125e2d641fee487112fe5ab2e286e3bdd48dd2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\28859
Filesize
14KB

MD5
52bb578a8761530333a0169ffbcf2e31

SHA1
90f53e6de2efa99e3185758ebc61b3626aff7698

SHA256
ce56bfa7535f10e4a2b3ff4df4e49e2675a39bdbbebbb6317947c470584cfea3

SHA512
3ecb0e0708bd773cb03a47407cbfb20dac2e8ccd79174699c82f0b5995decd40c619bbec5c4d8a50d43bde1beb7f0605734e32df5f5ade7fd0e0b5a52830c88d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\31658
Filesize
15KB

MD5
6a2af3d40ef6118eeb010373e5a96450

SHA1
42c817584fc8d1fdf8ef6571df0dd4e513f0448f

SHA256
5e2e2b18e617315619b1663b3e930c304088123bece07b31ad7e31f3fe113eaa

SHA512
8c84233862de16f0593f8aa7f2fb6c03504f64eb06bd4e16d27aeaa00be4416667e58f389186eb6cbce895d4a956ee7e2873d4dee5aff895e17f9802416944bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\564
Filesize
15KB

MD5
41784f023026576e7f39dccb64f1c420

SHA1
e33dd0add6e26b88c0da9c84f7ea1aeede1dc90c

SHA256
271d2ef5ac4c5e48280836c0502da45512cf31dc6abe29db8d111d01309d953d

SHA512
0f439c4def561868480ae4229399d0ea7d62fbaefe1eec20e4b82d359fa25b8c589490aacb48eec11eaed06358225ec1949ab61dd469fa52d56bd50b43a89da8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\9173
Filesize
20KB

MD5
2315b58c4782eff74da3e8ed228dc391

SHA1
5144d03fc1a85485f32cf99c99cbd9b912926731

SHA256
17e43be5f224ce494486ef74d759780a2aa158e23d6eb1f24a8fdb6b8e1ac295

SHA512
651aa0296689c81ae85c20b0a09e2457020da58a3a862fa7668504a34f2885cfc75d42a7a3929629bf7fdf3757fb00d6e03bb1b56c5765399367420f154a20bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\10E68E492426A22B4D188D3BEAAF6F8E3B59DB89
Filesize
4.7MB

MD5
139e6a71e9ae9928295ed82898da00bb

SHA1
069f6ab0b01de3e9041decf8f68cd8fad94d72ad

SHA256
96dbe170ed1ab7a16215313581a94e29cf8ee54fc8d4d6e5e57e9a214cb9062a

SHA512
ccfbf157dbc5cc6e9645b8b841ad03c8755d2b979725cabafa3a21362fab5dea35cddc7ab36a841496296021c16f34f80219cd1ea2c7b4a21b4859ec4da88be0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\19ACA13AE7B1F7FF0148E2B80A37039BCA88C0DC
Filesize
14KB

MD5
30842080566fb0bf2b53c4848b768cdd

SHA1
97aead60b282eee95cb832a034ed4ba4ee9de687

SHA256
4e683811cec4d73fb16ba37b01abbe6aa85ee355b3dc74c779d51955360deab0

SHA512
c00e072fd44c565be261a7f5b7ff424918cba990f053dbbc461767a35cb6bb73689b6368df5cf97e8f77c4473368d4170fe1b100ef753c6b712ae56480969b09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\4DB49AD4D8C39ABB1B93C43C38582FE4A4A4E3FC
Filesize
806KB

MD5
7c1f980f5da7ee8519966b278209d9fe

SHA1
dd0b9824a64c2feb1315dabb0f580251b5d16880

SHA256
144c527eba58e45cbae9876df06a317fb58132f308749b20cc3aa75e98fd8d49

SHA512
9664adb840ff8d875755f89e33f27f014970ad397f925b51edc8b4ec6eaf1e21f903ae19ad2865c10eab2133aa23897493754d805cce7f8a48a44e6e37444ca9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\86D907A7A02E68DF27AB8DD8BE09BAF3E01176DA
Filesize
912KB

MD5
2a1e95afb6993198dac41584006a5e73

SHA1
0e00f9acc8a3b0f974d754141e1d95b3446d51d6

SHA256
2c4f488a0790cff0c12261dd138dcf2af1b46f1474050f468bd17833d0bc1996

SHA512
38e2b2132550ed2455c131f3e359c8ffe9633258f3485e2a46a8c00700d0c92553abc908e600b7474634d890ec641eab354120cd35a613c6a64354d16abc5611

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\91E5B65191102084666F8F538A0B00C27780A27E
Filesize
54KB

MD5
5f237deb5c5ce4ddb7a3c973f49d5fe7

SHA1
552ca7ae6ac37374140a8497ab6d055cf1cd0513

SHA256
21b6f79ce4642521e7313a13795a4bbc717df0563ef6936b61b0c63171904563

SHA512
3dbb82c719e6b7588225f72f69712e4be1de049362cb6f9dd7480b232e1c503c344accbb18795395713c967ece97159fbb3f4fdeb68f76c1ed5478e37c7cd617

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\93D521205A549AC66ACD87C2939E20704415E8C3
Filesize
97KB

MD5
a44820600e4cda12ab16e387d202f1d1

SHA1
0cb52e941ff92041f9bfa185794ada436f2bf649

SHA256
278adb92328fc25a4f4e6de142236301107f41d00c1339b4ce1de0f59c0d4984

SHA512
27a31f152e7c2f61c51fcb091b999d2faed1e8048a62947ab16a93f8161121794eb7df9cda549592254b156eaed1c46435f08dca2bc7da4384b2db5acee11efa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\A3D6A16A26B1D7399736688127F90A7DF9933EEE
Filesize
46KB

MD5
5855f2b9b0b5e10c5ab7070da94ebe16

SHA1
5680c34333a05ed907e8b6dfc78c4d0cb6a1cae1

SHA256
9483c85ca23d386a208cca0d22e183f188f323b4de7799e31d39a1eb9513f08c

SHA512
053264017c15e5b4f84f3341aa5878b829bdab2b8080620eeece2be37daa66e7a638c7b7f42939f77e3ca01328253ef6928aa7bc0617c1fc5c66e96556f08f84

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\FEE08543691BFC7B4DEAE6A48105271DD3F4232C
Filesize
34KB

MD5
135551c3105d96c44118b845e08f9f0e

SHA1
45a8f036f42c45274616f6619dddb9f5e0d690c6

SHA256
8df98dfacdd5734850179ccf84fdef00d233ac2f67d43f757203b14e3653bf30

SHA512
312cb6e89030401cbc315e6b033d6618f92b0c658fcb51c84d6b7af0141a047ba410e131f0a6b3966434c5ec5d65998383b3e4d595b62b8965880008a3146a7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
0451819056052c0ff096ccae8038683f

SHA1
8b85fd93a46bc18a8e5c68fbf27d73ff5d9a6d17

SHA256
551f0bd70d6e014ef950fa5b209e6e4fdc6456c64648fbd8f97d00940e6f32eb

SHA512
4a48c58a8a89060c80697dfb618c2580bb146a79c40f3a50091eb26352649d95506cc29fe103525a6d394054941127a29cd473ac5137f42683adb03f58c3bec2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
d32680b1f900104798f558606e978ec1

SHA1
73b762921b10384bb386182509062bb49845c552

SHA256
0b4f96d7ecd8444620a5284896fbfca101fb9f41154c2969fc470d4dbc65248a

SHA512
931008a38d7c798453424cc4011b0bf6144f3b246f711408461209c01c1eac86f8d88bac3c4b72eb480c3efdca34cff13b73e2059ca389f6d8265f72ec987685

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
ecb0b770208f45d0dfaa4a04b836e8ca

SHA1
574a1e36510da447e2b591452cfeb36ed04bbc30

SHA256
3ff04d4ae094fb93b4b0633857edfd2a309784314be0f45356eb2c5b1c5c6692

SHA512
767a0a85eab8d9b48e4a54a8c13c41e2821ef8f9a260280d4444de537edbe2014edaf244bc773b58db9bc53aed3b5184fb39418a886951da5ec1f98c1beb34c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js
Filesize
6KB

MD5
b0ae897429ee67e80f700aa1c7da3c70

SHA1
3e0253407531ad087f2ba3c87aa775db8ae73951

SHA256
ca33223e79d2a120cb492ed84b210d86b904f63b124801ca339af81a6cfa2db5

SHA512
6c5814db0eadb027e79c5dea5df711c30f3dd69ff255f12d585f7cec6bd491e77b269bcec30aff536d9f29dafec5f08314f295dc7ac3790edd7230ccec6c6381

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js
Filesize
6KB

MD5
9971fa8fa89a208685d3e30835832fb5

SHA1
5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

SHA256
13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

SHA512
02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
deecadb82ef68aed3833f802dcb6d564

SHA1
eed4ae3e040255797f0d22b2e786f03d0f335207

SHA256
5faf4092b0608f8c33dcb7af1fde0605dc294cd00e0ec32f8f2be00beec2ef9d

SHA512
2b1fc0ac8d20a5ec39a67a244a50444c4d0dc6809f3acfa454766e63ee81c9e2eab52b0b648236abf58add44752738dffeb54195df5a6181f91df224dc9f8777

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
bbcf3b4de0fce304701bfd91e37e40ea

SHA1
7cfc046bff01da971d260f63448110c9b8d764d0

SHA256
0403c374d316f492afc838eb9a7fe53643babaace7b42ab11be8d8839dfcf6d8

SHA512
f47037cecacd09c0a9ab214d7e3f8442ea3cc0309256784358e7805c4aec0723c663935e32d557fd98043c883f1621c6ac424153a5b8f7ffe128df03c958774b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore.jsonlz4
Filesize
8KB

MD5
ca8a4431d422f2b1b631737ab5e3afd9

SHA1
4657925357bec9855c87cb61505ebdd2a06ef922

SHA256
54157265301808b935ce3c3ee2ce6d75f65210f2607dedfa82fc4dc8959d268e

SHA512
3ada0433bb60076830428c5e363a13eff3d552c31f7c621a11fb349c93b4059413a5ce15352b8628f6b14173f692ff84dfb89b277d7f418b469b4f998cf541b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\xulstore.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
Filesize
77B

MD5
5e861816cfbd3980f582a015fad058cd

SHA1
80db7a2f5f208bcdbfb65d8df570e1c6e6264cc5

SHA256
97faa3441fa5ebe07f9118be6d5a32ae6fe7f6ba1d23eee9fd29fc63e856a362

SHA512
42a8faa4b204b9fd110caa5d9fc0db532c316a44ddca636bb3d07413002a94c43d081358f73fa1a3d13666211d5837a338ba478a08e7090477e02b3e713738ec

Download Submit
\??\pipe\LOCAL\crashpad_7728_MPBJGFLKKYMDOWMP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_5004_GGJUBIJVMPPEOJHG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4364-247-0x00007FFD95C90000-0x00007FFD95CC0000-memory.dmp

Filesize
192KB

Download
memory/4364-265-0x00007FFD95A10000-0x00007FFD95A31000-memory.dmp

Filesize
132KB

Download
memory/4364-275-0x00007FFD95320000-0x00007FFD95551000-memory.dmp

Filesize
2.2MB

Download
memory/4364-276-0x00007FFD95200000-0x00007FFD95312000-memory.dmp

Filesize
1.1MB

Download
memory/4364-277-0x00007FFD94FD0000-0x00007FFD95005000-memory.dmp

Filesize
212KB

Download
memory/4364-279-0x00007FFD94FB0000-0x00007FFD94FC1000-memory.dmp

Filesize
68KB

Download
memory/4364-280-0x00007FFD94F40000-0x00007FFD94FA1000-memory.dmp

Filesize
388KB

Download
memory/4364-278-0x00007FFD95040000-0x00007FFD95065000-memory.dmp

Filesize
148KB

Download
memory/4364-282-0x00007FFD94F00000-0x00007FFD94F12000-memory.dmp

Filesize
72KB

Download
memory/4364-283-0x00007FFD94EE0000-0x00007FFD94EF3000-memory.dmp

Filesize
76KB

Download
memory/4364-274-0x00007FFD95560000-0x00007FFD95572000-memory.dmp

Filesize
72KB

Download
memory/4364-285-0x00007FFD94E40000-0x00007FFD94EDF000-memory.dmp

Filesize
636KB

Download
memory/4364-291-0x00007FFD94E20000-0x00007FFD94E31000-memory.dmp

Filesize
68KB

Download
memory/4364-294-0x00007FFD94D10000-0x00007FFD94E12000-memory.dmp

Filesize
1.0MB

Download
memory/4364-295-0x00007FFD94CF0000-0x00007FFD94D01000-memory.dmp

Filesize
68KB

Download
memory/4364-296-0x00007FFD94CD0000-0x00007FFD94CE1000-memory.dmp

Filesize
68KB

Download
memory/4364-297-0x00007FFD94CB0000-0x00007FFD94CC1000-memory.dmp

Filesize
68KB

Download
memory/4364-298-0x00007FFD94C90000-0x00007FFD94CA2000-memory.dmp

Filesize
72KB

Download
memory/4364-281-0x00007FFD94F20000-0x00007FFD94F31000-memory.dmp

Filesize
68KB

Download
memory/4364-303-0x00007FF7AC730000-0x00007FF7AC828000-memory.dmp

Filesize
992KB

Download
memory/4364-304-0x00007FFD97B20000-0x00007FFD97B54000-memory.dmp

Filesize
208KB

Download
memory/4364-306-0x00007FFD96870000-0x00007FFD96B24000-memory.dmp

Filesize
2.7MB

Download
memory/4364-308-0x00007FFD83170000-0x00007FFD8421B000-memory.dmp

Filesize
16.7MB

Download
memory/4364-314-0x00007FFD95200000-0x00007FFD95312000-memory.dmp

Filesize
1.1MB

Download
memory/4364-272-0x00007FFD95620000-0x00007FFD95631000-memory.dmp

Filesize
68KB

Download
memory/4364-271-0x00007FFD95640000-0x00007FFD9569C000-memory.dmp

Filesize
368KB

Download
memory/4364-270-0x00007FFD956A0000-0x00007FFD95852000-memory.dmp

Filesize
1.7MB

Download
memory/4364-269-0x00007FFD95860000-0x00007FFD9588C000-memory.dmp

Filesize
176KB

Download
memory/4364-268-0x00007FFD95890000-0x00007FFD959CB000-memory.dmp

Filesize
1.2MB

Download
memory/4364-267-0x00007FFD959D0000-0x00007FFD959E2000-memory.dmp

Filesize
72KB

Download
memory/4364-266-0x00007FFD959F0000-0x00007FFD95A03000-memory.dmp

Filesize
76KB

Download
memory/4364-273-0x00007FFD95580000-0x00007FFD95617000-memory.dmp

Filesize
604KB

Download
memory/4364-264-0x00007FFD95A40000-0x00007FFD95A52000-memory.dmp

Filesize
72KB

Download
memory/4364-263-0x00007FFD95A60000-0x00007FFD95A71000-memory.dmp

Filesize
68KB

Download
memory/4364-262-0x00007FFD95A80000-0x00007FFD95AA3000-memory.dmp

Filesize
140KB

Download
memory/4364-251-0x00007FFD95B90000-0x00007FFD95BA1000-memory.dmp

Filesize
68KB

Download
memory/4364-255-0x00007FFD95AB0000-0x00007FFD95AC7000-memory.dmp

Filesize
92KB

Download
memory/4364-254-0x00007FFD95AD0000-0x00007FFD95AF4000-memory.dmp

Filesize
144KB

Download
memory/4364-253-0x00007FFD95B00000-0x00007FFD95B28000-memory.dmp

Filesize
160KB

Download
memory/4364-252-0x00007FFD95B30000-0x00007FFD95B86000-memory.dmp

Filesize
344KB

Download
memory/4364-250-0x00007FFD95BB0000-0x00007FFD95C1F000-memory.dmp

Filesize
444KB

Download
memory/4364-249-0x00007FFD95C20000-0x00007FFD95C87000-memory.dmp

Filesize
412KB

Download
memory/4364-248-0x00007FFD83170000-0x00007FFD8421B000-memory.dmp

Filesize
16.7MB

Download
memory/4364-246-0x00007FFD95CC0000-0x00007FFD95CD8000-memory.dmp

Filesize
96KB

Download
memory/4364-245-0x00007FFD95CE0000-0x00007FFD95CF1000-memory.dmp

Filesize
68KB

Download
memory/4364-240-0x00007FFD95D80000-0x00007FFD95D98000-memory.dmp

Filesize
96KB

Download
memory/4364-243-0x00007FFD95D20000-0x00007FFD95D31000-memory.dmp

Filesize
68KB

Download
memory/4364-244-0x00007FFD95D00000-0x00007FFD95D1B000-memory.dmp

Filesize
108KB

Download
memory/4364-242-0x00007FFD95D40000-0x00007FFD95D51000-memory.dmp

Filesize
68KB

Download
memory/4364-241-0x00007FFD95D60000-0x00007FFD95D71000-memory.dmp

Filesize
68KB

Download
memory/4364-239-0x00007FFD95DA0000-0x00007FFD95DC1000-memory.dmp

Filesize
132KB

Download
memory/4364-230-0x00007FFD97B00000-0x00007FFD97B18000-memory.dmp

Filesize
96KB

Download
memory/4364-238-0x00007FFD95DD0000-0x00007FFD95E0F000-memory.dmp

Filesize
252KB

Download
memory/4364-237-0x000001A11AA60000-0x000001A11AC60000-memory.dmp

Filesize
2.0MB

Download
memory/4364-236-0x000001A11A8D0000-0x000001A11A8E1000-memory.dmp

Filesize
68KB

Download
memory/4364-235-0x00007FFD96030000-0x00007FFD9604D000-memory.dmp

Filesize
116KB

Download
memory/4364-234-0x00007FFD96050000-0x00007FFD96061000-memory.dmp

Filesize
68KB

Download
memory/4364-233-0x00007FFD96070000-0x00007FFD96087000-memory.dmp

Filesize
92KB

Download
memory/4364-232-0x00007FFD96090000-0x00007FFD960A1000-memory.dmp

Filesize
68KB

Download
memory/4364-231-0x00007FFD97AE0000-0x00007FFD97AF7000-memory.dmp

Filesize
92KB

Download
memory/4364-229-0x00007FFD96870000-0x00007FFD96B24000-memory.dmp

Filesize
2.7MB

Download
memory/4364-228-0x00007FFD97B20000-0x00007FFD97B54000-memory.dmp

Filesize
208KB

Download
memory/4364-227-0x00007FF7AC730000-0x00007FF7AC828000-memory.dmp

Filesize
992KB

Download