hxxps://github[.]com

max time kernel
736s
max time network
1008s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1268	Xenos.exe

Loads dropped DLL 12 IoCs

pid	Process
1196	Process not Found
1196	Process not Found
1196	Process not Found
1196	Process not Found
772	Xenos64.exe
772	Xenos64.exe
772	Xenos64.exe
772	Xenos64.exe
772	Xenos64.exe
772	Xenos64.exe
772	Xenos64.exe
772	Xenos64.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 772 set thread context of 2432	772	Xenos64.exe	82

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\setupact.log	mmc.exe
File opened for modification	C:\Windows\setuperr.log	mmc.exe
File opened for modification	C:\Windows\INF\setupapi.app.log	mmc.exe
File opened for modification	C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe	Xenos64.exe
File opened for modification	\??\c:\windows\installer\{ac76ba86-7ad7-1033-7b44-a90000000001}\sc_reader.exe	Xenos64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	mmc.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5CEAAC91-A545-11EE-9840-CE9B5D0C5DE4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000012995a74ad902361938deca3d012d185191bce5a35aeb4fb0d0f2646af3ffac5000000000e8000000002000020000000b1e9118744e34500cf03253b0b1d8551d2f84a7c492ed234c2f23bd41d1ab2a620000000aaa900febf9f6bb297a53a83cb0c2cf97dd8dd5dbcd44f22346cf5224ba20f804000000003b4fbb5baca7d9548eb539ed851b1e3caf05e0672c8ced850627d5d4d3d6499cdb67ddfef443f5539270337607efea1d145a45188316612ce3151355220531a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10ee48335239da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000065bc236ca914f6e718538ab3ef686aae3cadb16f5b4dbb054bd76a977ba68c3e000000000e800000000200002000000042ee47374140cfb97f972fa6c6f6638aa49c4ba2d0abbb78c0230deaa75fb7ec900000000dd319ca1b9e87c9fb3b8071f418008967c7254929b30232e8aa22dedfbf51cc138c77ac679d4852b222c129a00409c91fc9dd14c6c3f539f52f60a72e0ec5dad521540c22edc2a6b807ce2c265ff88bd1ac0186afe1082e2ea65c60018cf85244676183327646e9d8b301300a20a62e74c88b44364ed0fe30a665fe52e9fcb72a45a415bce34d8f7f063613c131eae8400000002271c9634119b6584ce061c8a2ba6f27372c3db96e58c07f2cf493f2d081c1845eb42c321ab2072d0f7c5f7b228c076302e0bd1608340e7baa3a955519d6579c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Modifies registry class 53 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Run\command	Xenos.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	Xenos64.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Xenos64.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Xenos64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\shell\Edit\command\ = "C:\\Users\\Admin\\Desktop\\Xenos64.exe --load %1"	Xenos64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Xenos64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell	Xenos.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Xenos64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xpr\ = "XenosProfile"	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\ = "Xenos 64-bit injection profile"	Xenos64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\shell\Edit	Xenos64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	Xenos64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xpr64\Content Type = "Application/xml"	Xenos64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64	Xenos64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\shell\Run	Xenos64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Xenos64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Run\command\ = "C:\\Users\\Admin\\Desktop\\Xenos.exe --run %1"	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\shell	Xenos64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\shell\ = "Run"	Xenos64.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	Xenos64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xpr	Xenos.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	Xenos64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Edit\command\ = "C:\\Users\\Admin\\Desktop\\Xenos.exe --load %1"	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\DefaultIcon	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Xenos.exe,-135"	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Xenos64.exe,-135"	Xenos64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Xenos64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0c00000050000000a66a63283d95d211b5d600c04fd918d00b0000007800000030f125b7ef471a10a5f102608c9eebac0e00000078000000	Xenos64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Xenos64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xpr\Content Type = "Application/xml"	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile	Xenos.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings	Xenos64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xpr64	Xenos64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\DefaultIcon	Xenos64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	Xenos64.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	Xenos64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\ = "Xenos injection profile"	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Edit	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\shell\Run\command	Xenos64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Xenos64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\shell\Run\command\ = "C:\\Users\\Admin\\Desktop\\Xenos64.exe --run %1"	Xenos64.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	Xenos64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Xenos64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\ = "Run"	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Edit\command	Xenos.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile\shell\Run	Xenos.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xpr64\ = "XenosProfile64"	Xenos64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	Xenos64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Xenos64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\XenosProfile64\shell\Edit\command	Xenos64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "6"	Xenos64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Xenos64.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\GTA-Cheats-main.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Akutiobw-project-main.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2600	chrome.exe
2600	chrome.exe
1268	Xenos.exe
1268	Xenos.exe
1268	Xenos.exe
1268	Xenos.exe
772	Xenos64.exe
772	Xenos64.exe
772	Xenos64.exe
772	Xenos64.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe
3640	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
772	Xenos64.exe
3640	taskmgr.exe
1000	mmc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe
Token: SeShutdownPrivilege	2420	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe
2420	chrome.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
2232	iexplore.exe
2232	iexplore.exe
3580	IEXPLORE.EXE
3580	IEXPLORE.EXE
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
1528	firefox.exe
772	Xenos64.exe
772	Xenos64.exe
772	Xenos64.exe
1000	mmc.exe
1000	mmc.exe
1000	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2360	2420	chrome.exe	28
PID 2420 wrote to memory of 2360	2420	chrome.exe	28
PID 2420 wrote to memory of 2360	2420	chrome.exe	28
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2696	2420	chrome.exe	30
PID 2420 wrote to memory of 2704	2420	chrome.exe	31
PID 2420 wrote to memory of 2704	2420	chrome.exe	31
PID 2420 wrote to memory of 2704	2420	chrome.exe	31
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32
PID 2420 wrote to memory of 3028	2420	chrome.exe	32

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6dd9758,0x7fef6dd9768,0x7fef6dd9778
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:2
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1992 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1396 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:2
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3620 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3648 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3984 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3144 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3852 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3900 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4004 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2548 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=1144 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2488 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3772 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3940 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3888 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3904 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3520 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1392 --field-trial-handle=1132,i,5599579214127697804,10407513105853433593,131072 /prefetch:8
  2⤵
  PID:2648

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:772

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1600

C:\Windows\System32\control.exe
"C:\Windows\System32\control.exe" SYSTEM
1⤵
PID:1704

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2364

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1752

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2508
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.0.1138196786\747076225" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1228 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34e3b400-734f-4b40-aa7c-4b2f8a942a45} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 1324 f0b6558 gpu
    3⤵
    PID:756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.1.701908798\1693338537" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2517b1c-f31e-4bc4-85ef-baf5e460afc2} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 1500 d71958 socket
    3⤵
    PID:988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.2.938235646\652228817" -childID 1 -isForBrowser -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23aa8887-ff84-4d5b-8cd6-ef675da6632f} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 1936 18254258 tab
    3⤵
    PID:2500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.3.2086877771\1296851022" -childID 2 -isForBrowser -prefsHandle 2592 -prefMapHandle 2588 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0251311-dbf2-4439-902e-872932375b81} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 2604 d67b58 tab
    3⤵
    PID:532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.4.1199928020\630138303" -childID 3 -isForBrowser -prefsHandle 3372 -prefMapHandle 3348 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb533846-2039-4180-ba93-6b99a1c8fd09} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 3412 1df57958 tab
    3⤵
    PID:1756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.5.1874216033\1269843502" -childID 4 -isForBrowser -prefsHandle 3748 -prefMapHandle 1020 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff8b9905-939f-4633-a12f-2b24317b9f0b} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 3764 1f0d2558 tab
    3⤵
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.6.835944163\1391925037" -childID 5 -isForBrowser -prefsHandle 3876 -prefMapHandle 3880 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d0270c5-f40f-4ca9-b7ef-42ffd30b4d0e} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 3864 1f0d1f58 tab
    3⤵
    PID:3160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.7.1856869771\359939155" -childID 6 -isForBrowser -prefsHandle 4064 -prefMapHandle 4068 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b278107b-1959-4cc6-bd3f-6519dfcc65c8} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 4052 1f0d2858 tab
    3⤵
    PID:3176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.8.74410718\188924960" -parentBuildID 20221007134813 -prefsHandle 1060 -prefMapHandle 2076 -prefsLen 26251 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a25962a-2c35-491b-8469-d52dfce4f203} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 1048 2208db58 rdd
    3⤵
    PID:3776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.9.144418051\1603879774" -childID 7 -isForBrowser -prefsHandle 4420 -prefMapHandle 4344 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5d07247-2279-4687-b67c-611ce54c45f5} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 4424 2208de58 tab
    3⤵
    PID:3944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.10.846665318\530903312" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 1612 -prefMapHandle 1616 -prefsLen 27382 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73f27036-daea-4fa0-ab3d-6d4986f58f1e} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 2748 232f0558 utility
    3⤵
    PID:3748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1528.11.1361178365\1163888554" -childID 8 -isForBrowser -prefsHandle 3208 -prefMapHandle 1020 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 796 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a24b226b-7122-4643-96a1-1dfae01e0ff3} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" 3908 1bb11958 tab
    3⤵
    PID:2892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1d8
1⤵
PID:3632

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap7711:74:7zEvent10412
1⤵
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6dd9758,0x7fef6dd9768,0x7fef6dd9778
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:2
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:8
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2100 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:1
  2⤵
  PID:268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1940 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1488 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1344 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3336 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3576 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1436 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3560 --field-trial-handle=1380,i,6897866499967615102,4632369809461350921,131072 /prefetch:8
  2⤵
  PID:3960

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3040

C:\Users\Admin\Desktop\Launcher.exe
"C:\Users\Admin\Desktop\Launcher.exe"
1⤵
PID:1268
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=6.0.23&gui=true
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2232
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3580

C:\Users\Admin\Desktop\Xenos.exe
"C:\Users\Admin\Desktop\Xenos.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1268

C:\Users\Admin\Desktop\Xenos64.exe
"C:\Users\Admin\Desktop\Xenos64.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:772

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
PID:2844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6dd9758,0x7fef6dd9768,0x7fef6dd9778
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1528 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2288 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2296 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1424 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3248 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3388 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3612 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:8
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3300 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:8
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3232 --field-trial-handle=1328,i,4849116388046286817,5520227403826400947,131072 /prefetch:8
  2⤵
  PID:1056

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3616

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
1⤵
PID:3192

C:\Windows\System32\BitLockerWizardElev.exe
"C:\Windows\System32\BitLockerWizardElev.exe" F:\ T
1⤵
PID:1592
- C:\Windows\system32\fveNotify.exe
  "C:\Windows\system32\fveNotify.exe" \\?\Volume{aef3d101-9b4f-11ee-ab8c-ce9b5d0c5de4}\ 368 227 931 527 0
  2⤵
  PID:1312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2aa4e203172faad8b8cee782078f0d8

SHA1
7e8830a9e67813958f167a40fa5485c60f51cc8d

SHA256
1fe01388a40f80974160ae5a869d1a47f0904b0afdf5efcd32418ca860fd81ac

SHA512
ed7b80ef2909ba84dee440c2cc1827ebc8c79ac3c60be7f972808ce1e8b9e9ad47f43442960840e8ab4a5ad51940e88bcac724d837231a988577a9181e8edd97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f39ccee622141489e7b254bd08608b7b

SHA1
6c283551e520760d390915b59913bcaa3653a7e0

SHA256
9b02252877a0d6165e51e3e7324894ce003475f0af2a391ec38b5c7e393ffdf5

SHA512
70111b47f8c0d8e51a6927b38fc6929a5244668b9f271b927cfdf8a7e5c2739932b35cf73c16ade951e4fa4f944db0cf21c120a656ad767e47264cc7b17de57b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f263b11206db88cc6d749c330f4ed99

SHA1
c1175a06ab9022c687a96e4e3677d94143adf929

SHA256
25cc5cfa4ea49f340e757418e8fa9c550b0eec5e44ce4061b4b013d43f3adfd3

SHA512
642cba5333bc40d7ed3591a541dfa8639a73de10919ee9886ad1995ce4612eb2dce88010b9c3ec5a4990bead59a6b2341e0e547c214861e0532bb9f760a09967

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db5756f19ac7a697813854c5f0d2fad0

SHA1
2e5652b44e6018a00380360adb99dd7ea8981fc0

SHA256
ed18c2507b58755aee444487943193360cbeeed2024b4c81edc7803c34d32975

SHA512
73314aaf25daaccdc669dd3ceaf0754979c835951ae7bffc8c23c602f1bbbb251a9fa33c75c57cf98a2c7c38d01082c85453bd1bdd35e69597d9e65a5bfa9baf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb037f752fc7ce13a0902f13d5ce5c67

SHA1
88024efec02045a8e33995dda212e24c60052a63

SHA256
df31c10e6e3015404f965dfb8b5424f74fc8d5132f092abad296358abe1a08cc

SHA512
b7af66d34a075774f6d5013d52240f0d5fa79aee6f5878de56853dcd0a8fd39eccbfe059ec89644cae5e9c627a908175c411347b0b739a0573d3cc6822290db0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b788fa1dc31034d7850f1ec51968e49a

SHA1
56dd354fa78eb794c2456c0e96e5729abdb2f310

SHA256
a8314d7d88b1a49e02689a763ad73bbff546a14a731a14b349c7d81dfc021e2d

SHA512
39a46e63e5b14aef7c3c93cc163f687f2f4944b871dbf2ea77427e109361a2ba1d5c4cb45d50006b6f5d36335fac612cee347059204457fed43a0e05bf7f949f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a78393e57eb59a7a9e6779f0146e0736

SHA1
9dd509d831db2e76f77f52968f99379e5e81e883

SHA256
f5d20f7c6ebb19ffc16a06ab57555d90cee5c60d25af025dcc51f5f4c7a82e19

SHA512
11aaf126bfb1cbadb90f5b1686ce1a786bf0bc8ce9fd24ed2595ab064a7fe9e51a71aca0d7e76d0a35470a33defcb798e79c91606c679d7a9c0787ce8e0b24cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
997a254a5cc4610e7361de7d4e5a664a

SHA1
abc1fe18551a6624a105dfcea873ef716a4fb8b7

SHA256
71d8bd590845c5801fe4fff1bc76e0eb1eadc0390d6821c78113ccd3fcf088b2

SHA512
b809ed3dd4b501e0db80952f3acc81343be349fb1bcffb339377d8358ae199bf0638c476a4b563e609471333f07ffce218517f88fbe45757b7a68732ad5cccf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
875fec276912e27c64256cedaee383f1

SHA1
4ecbd3987f2d22b1d528d07e1fa587c8e8548070

SHA256
5b68b5509f8b90c74692ff4ff4d9afb2752cbc1514c38c1c688fed4884859c65

SHA512
236a5649271bd7281ca8d748babd72cdf5e42c70c2ed593f8c46ab3f02642e49be6eb80e10063bf175b3443cbcc8be097d3794b2da3c9cba28a944dd60b02dfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5e9af83cdbd2ec469d64a182918950af

SHA1
19f6de72e4a4ea5152bcb0d67e81066bd90fe1cc

SHA256
9f1567db660886c30de3cbdee961233b5f7aa8ae6c17b4ad820bac847e5caea5

SHA512
df33ad92e0daef79d5e606d516da10148df401a2607168095bd16cf05118300b6304fc1df89b53586f3eaff03a2656de2e84e090ef34691d7c4f90fc1b7abf01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79ff1c3ab48b714d0e0f83354b2776b5

SHA1
3f92b1c14403b9962afa8766eecd187ced5bfe6d

SHA256
cbd1b73a5654091cd79e572d4026a7cdff74e1f2b2ce2bbd7b893d030ac94221

SHA512
da8fc909a889737c92ce710de73661cbc2e75ac4c263ccda9154525ed8ec27a0fec966ede1da53e13d6329d6d24453740ce59b01396124d09e08e4f74d7869b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
61bd8cc293f3f1be8e35d1df099d5daf

SHA1
282884c6dbc24fbafcb9c6fd279fd207a7329db0

SHA256
e3ec3e539c5c011350849818b68148af7037d2f74cefcc2a487054e56bd079b2

SHA512
43de9d16f16f31f3aaa4b8f554c74f68d6ca824c889409a763a7544ed8d03dce0d48d6a78b22c923ad53dc615288b86128c2a6621e1e5378b520192e65b00326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1fde0b4b09b1cda8e80bc65e5c93fac1

SHA1
c63287c97129dd9d883680a7bb580fc71d4698d2

SHA256
26287e6f28ce4a8b8f1ff89e0ba4fe477f29987c146df14d3fb73a4b950d9ce3

SHA512
71f5240dab1943140ccf54f8c03e21c58f6efec6a980f03fe0dc93fd913b332529e7bab4c1b4c3bf268b1d0c716726c3bd603935ef418053809cf6226a5ecfb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
79b6d59ebb4bf515f0d60891827def53

SHA1
29785e0f87fa4e26d2c0b35e478c863e660eddbb

SHA256
82878492b52b3f5eb71410676e76de962a4dcaf4b5d934304b31fbbd9966d280

SHA512
bfbc2c8d5ad48c917bb9af1b09b232568d73a2c2a991717b6fb4dcf16e44fbaa35ff9b122764a0881c19ef3eb9cea345a9e3d653c273bb8af67e647e7631a417

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\544cc5e7-13f0-4a7b-944b-072ebeea07c0.tmp

Filesize
114KB

MD5
fecd8ed553caa1447f4cab8b4e122998

SHA1
af630bb98751209ddde9bd8c564327c7d8c943f8

SHA256
3909072fcd52a08725769ee9a55ba19aee16973e6501a787569c2b08875dd5d2

SHA512
a7a9f0729092e0f237af692364bceaf8c1d4fe90fdc79961afe19c002cd552cb368f3e6c49f53507f87c3f8caec58ce48f84989aa7ffec925855c7b3262eaf0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7e0756d0-33d1-4bc4-a5ea-00ecf8ebb747.tmp

Filesize
224KB

MD5
709c67b1e4892b3eafbb3e102b43b879

SHA1
8479a0ed8bbdda1800642aa3a5d9cac5ced49470

SHA256
9009a40a30346b53297f6b8adb22bfed6bd03e40772739fc1b39cf56205dbcc9

SHA512
a7d1d7bbc94c6b9a3d5fecc3b147a2fd02f22cd32f721ac91bec0d65e30ffb913f28e421b59cd99eac910b3f076af036494506f7fb4aaa858018654fa312c7ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6ceed0c88ffab51ae4b831f53ba82b6a

SHA1
3f6500fa70a8f4fa4506551868ba008b23e3d6e4

SHA256
6efbe2390fb6d125e1d4d26f2c4ac6f9130a3dfbff7da0e60f31a9e11d697ef9

SHA512
0bd942ee8e7ca33fff6611e6658001480b707137cac3932ef73de61912caa26eea6479aeb64f9b87eaf306c3dbcabd07d1528b16e11524dec4b3dba7e3c2b2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
1843441b626ac36e33590bd48dfdb490

SHA1
f8686ca66f5cf668f3fa202dc5e831c998e305e6

SHA256
8b98eb378144b30d466e228836d67a30e2c2448f12153430dd4fabe47252dc23

SHA512
9eb5bac74b3b9b50130e8cac67b55b1a41dc820f007e473f290e14c3929ebe5ab971f4fbd6a0bd7575207790d20398de02db9be3a1e5668117f160b503f4a5d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
762d3f18d07c587b3110ac7d64d34dc9

SHA1
0cca3bbb6c7d2f180b65ade0c5c6fcbc56fec5b5

SHA256
94070d4438a2e0753543c5fbb3985b76ba4737f8bc672a61a2aa01e56d73ed5b

SHA512
4b8015f198bcfaf5d22765b81f97cab5cb0e1273437de79f6aa056b5bc9bde0e7d5a440b8e6b760e70635a8049d0e1dd434f0965d03eb6e628c9a30bbb5d4cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
010a5e72f52f9acc6a0b677a3d49336a

SHA1
9952371a6941f0830a54bf7c4c57bc60e84f7d6a

SHA256
f40f993d866cab0460fa94987166308b93a9da83dfab2e0b1989e9d73ec95574

SHA512
0122a38c35e68962b71c4bb86052134bf6f3d2d48846bf850abc11d50d773f7cdcabdb37878f833d207f3a9b7ba792761a34bbfc43e9de10c011b45a46734b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7a641d597f2ad2ead369dcafac4bf087

SHA1
3dee4abcd416bc1a7b8828b074ffd6fa6e700c3a

SHA256
2c3a6aba51b21a3450ee5f9a33d591db0a648d9251215140be5bbdcbc63121a7

SHA512
a6b15678aa9fd408fcd39f9a0ab81dcca8da19c8f090abb74ab6fb9326c806db14c1bd2d17139472f99a808fa218f3605acaa134dde9b7bca42b95c7e67225f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
511886f69b5486f76fd894fc9bde79e0

SHA1
0b34962d03570ad6983a6843017ee4375ed49510

SHA256
f4e3a108da9fa62df6ac9e991f56a2ca061837e42bbccfbcd4fd319c2fbf56d1

SHA512
7782dda2667392d898bc7889e1ae92235bc9d936123165ed131b441b16763c2492349968973e02ae9ef88e1431c0b6fc5b9f7915bcbbf491fffaf4ea021771e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
0ef0693878aa6cbb145e33df977b0041

SHA1
b71b1535b49cbce8827ecd0cffdf0d8846ab1b21

SHA256
6ea7e8a3320ed0c5625abbaf0777d82d6c21f01889bb009e86f1115256fc53a5

SHA512
77d95991101cf6a11b8324622609365e1b722a1fa16d56404c03fc19f3038d689dc17358d8e302a0c7dcaba0a9a9cc92ea9ae4da1c79e777900d4d1f2aee537f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
3cb340858952392d728a6393694356b7

SHA1
0a6130ae4681831026f2c05a53725bc266091757

SHA256
6a57b258c92ead3cb414ceefd4408b16db284db49368578533335af85f5daf5c

SHA512
abd327755e2b7d06c66e96b0dd86c94fa040e956da84f8446d9dfcc2829cbc7e60ff335f0988ae04dd533046de2dfc6f23f86096392cc6e10e108b8e446e3700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fa41b49f2465dd6e1f4477b171c913ac

SHA1
6fb9f446ffeb26e4a73689b4398d4964768a2987

SHA256
370c1bee8cc58f2259c3224b7ed5831094276421c4bdb01a3696b3d188953c66

SHA512
cd2b24a631c48d3885909f93f540e363ec02168a3f0c0ce000de5a8e63826148d635bf1f0febe87f1ff40bd1ab8d63c2f4fc40c3e397c78d41acf94963aeea48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
56a448a6c63ab2cb49439a2bb90a3ab9

SHA1
be007d5a43dc94c4e9265b881337046fb0051f6b

SHA256
df0af13cb247325e3e950fee25ed4d1a8cf8e0e55c2716f8e118808e12c3587b

SHA512
80017aa27a788e5dbc4cab421a8b04491d01a3e5b138cea99ee4bba9688691c5f3137b8dc94e1d52d60da1b9e682688b9c21a2e44ab3b6256c690302cca83d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
a2149e71221f7b6843e60647e26bb899

SHA1
138b8c5657e32713ab2fc487d982b817784a06dc

SHA256
55c8fb7adccd57ed1c13b21644f6b8f01f641eafac89b9b4d52bb1912dbe5986

SHA512
9b965304662ea7940d52aa271bb20660fb76fbe3555a0338cb0bb47f59833b86aded3b3f1168223823edc346f1d9921487e55c84f72676c6470d2ad9a2fd27dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f05de90a1a1af48c90563e52f745fd52

SHA1
1ce160632fac27b5f8b1b7c53010c3a22f838e71

SHA256
0b7bceac59d71c070e7ff13f786c5602fa4a5ea095ad3d854f2e9b31c21b692e

SHA512
f9b83451a5f2011b5438bd05c22f7c9309244ffc92a4180a24b4163d595dda64e8711740372a6b781e4e32a073091ca234300f04c9e2e7e518341e27eb64d77e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4cc52b3b0822e67e07801998b39c5df4

SHA1
15395f0cf89704c4e68fe5e52aa6d022ef945e80

SHA256
5c4d7ee6c47b44ca8c7d63c2863dee44c5b2ff7f0b3dc68ef2734b54ac2fc7fd

SHA512
5eb5fa976b8df859e7473e85a6a5034915d3ecbeea9e0b2035b28f9647e44898902ceb5f002e28cf93ecbcde2ecfc090f8f7bef558617977c4dd0a80ec852f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a85514ebae4229c41564e0daf5c840f8

SHA1
2880fd2bd848b8eaa34a476fefdc5c9e33be4660

SHA256
97d8e3602a62f76fae9795c5f7dd9e01f3c15c76726b6f3d46beb6c22c32d62d

SHA512
c7970ab76e3ea86d6d6e39f7fe8013f46ecd43a549564173a58d28a941df8b37a5c79aa8f5511eef2a869509c3c26b0ffaec09e51c611733632bc97b14a97b3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13348216148071200

Filesize
4KB

MD5
bab383f39b1294b954f8a62460a23deb

SHA1
d532f55ae81bb5881c403f64d5b148d04ccf6bc2

SHA256
70fba6d1a04fbbbec7060323537dcb8dc17476e36260447b1dd1a1de08542160

SHA512
e59f7c66d9914be1a421f639aeea50e11d34abe4279c91e2ad26fbb51c4b7709d1c9d8d52eff962456aed2e7ff1251d53bd939fb100813d4318c95461828c6d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000011.dbtmp

Filesize
16B

MD5
6de46ed1e4e3a2ca9cf0c6d2c5bb98ca

SHA1
e45e85d3d91d58698f749c321a822bcccd2e5df7

SHA256
a197cc479c3bc03ef7b8d2b228f02a9bfc8c7cc6343719c5e26bebc0ca4ecf06

SHA512
710620a671c13935820ed0f3f78269f6975c05cf5f00542ebc855498ae9f12278da85feef14774206753771a4c876ae11946f341bb6c4d72ebcd99d7cff20dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
dfc15e9b2cb2258488265cfe70b9a4d4

SHA1
34eac85b01edf4bd81b1679905694565bdaa8325

SHA256
da50ff3124726eb0ae9e55e8cf5dc571c1d270ccd9be43ae3ebf89cc68f8e193

SHA512
53bed8439553b4d513a082528f592c41aedad9ed433083c53d63bc7638e80c7383e81bdc25a521a35dbc07683444a4df32e1510f3c9126b90295b5c8db22a6be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
136B

MD5
7f6fd8e83d2b89c10d8b014b9607c83e

SHA1
2b2e27bd5360f6f9d90fc985fb2055abbb7635a9

SHA256
ab36d6d314a3728c07ceb4acad3e4a111d81b1977aaf5c6c3e48eed8ec5a7c57

SHA512
dc12b57fbcef3c7cc10fd790fc6267c09a8848151264874ec9d196862239ff8c2ba727aed97b834f958570574a772c6fdafe1f113e2a30e82b4ce3f3f4eb7eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
117B

MD5
2ac0494b5c4c6d605281ee87339a0cc7

SHA1
6ea0fd5480bd086ed4110d0622388574f0222666

SHA256
53161ecf97484ce07e22fbed3f642f3c1daec51a22b84be407522e5d38d2afbd

SHA512
77c6a0422b17b90dcc84094e184020613bfc7f71f07bb6fe15a68f48330e7b374c5228d65606341248983e3ec17c9b30a61e31ebdfac73f7e6abeb9d2b5f8f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Top Sites

Filesize
20KB

MD5
1b0d30942a5fefeebfc7202817973a27

SHA1
69a7f3e2d3e493d37149d0b48c637f28bc8b774e

SHA256
111aa2ff34ac35f85b8a2645393f014f1b8e4a3f7bd47728011573d61dbcec90

SHA512
cf4325a877cf835209c8403c3ceb84088b755da009f01916c6ea8ee6bae5f89f43c743ad584b5d1aabbee96a06fdbb25b6a3da2b6fba6deeb7e3df74d0e04f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
3a7f7bc24ea1dba641def707d034337f

SHA1
ce8cd4f42cdf7b01acda3c5fe2e17dffd4f2c30d

SHA256
7eb044e327d41c87b4eac00899ea6095734c3461b32f00937b4a0f03c3a99c79

SHA512
8d1e36108586524c9260d114ba9f80c10f55ca813cd461e5d2bac54b226426c7f865364240c129be1f824e6394647ea7336745df31a88e906bc7b5191d3b8a58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a4b628d0-2f8f-4551-a8d3-8599ef2994f0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
398B

MD5
b418d8ea9eed30689363cacdb528effd

SHA1
e3e3d4096844b4baf4a3eabdc95dd8e5babd0e88

SHA256
6c6a461ba391b53ca62d082b04f718c21024f64c15e3aa973eb1048cbc11457e

SHA512
f879b829c91996f96c0c8c71ba2fd81ba653010705f062be0592fa3e306bd30cb9c5cc2a3717a722b09863ddf504585b9cfd2d0fc20e440fdfa66c89eff881e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000013.dbtmp

Filesize
16B

MD5
a6813b63372959d9440379e29a2b2575

SHA1
394c17d11669e9cb7e2071422a2fd0c80e4cab76

SHA256
e6325e36f681074fccd2b1371dbf6f4535a6630e5b95c9ddff92c48ec11ce312

SHA512
3215a0b16c833b46e6be40fe8e3156e91ec0a5f5d570a5133b65c857237826053bf5d011de1fcc4a13304d7d641bcba931178f8b79ee163f97eb0db08829e711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
7788e46ea8dd35d804339da5ffe03516

SHA1
22ecfdaabae5ac8038541ec55dff35001d6ac64d

SHA256
17990fa6fef36afbac7f5eb36a69b7d1c67e147a10e314d39c9f2bf8fdde412b

SHA512
0534f5454f269b97320cbaa8a2c7fe16083197a9a9f699142b2df123a76f8fc1fa5a6dbb89902488ecba4deed7ea219411f897684287472f9f9784efd5af98b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
1c0c23649f958fa25b0407c289db12da

SHA1
5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574

SHA256
d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf

SHA512
b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
b7f8f0cfca5ba0dfb517c884dc7f9247

SHA1
14c3abc99c4641ccbcc7ae30f34496e00ee0b561

SHA256
32b91586be3494281ad944ac8f896112d7155815c764ebfb20db2dad89fe57cd

SHA512
dc9a14091e871d46952c6f088b787edca8a64fa7b21cbc4bb31ac7734b80723b0d2812392a0cec0fcffa2c5542584c671e24ee20531447c5b697312ff6bfdb8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
9d96901602fe3cb26404f53a5d31f77d

SHA1
4e180fbdffdba1428be94677fb972c4366d92509

SHA256
95e611d152cc28312233f960ea5e942e0b257f13a61eab15c2aafb9fb4fabe1b

SHA512
c587d8d12d00f9d22c7ed1ea7b863f66149de221e8c65a3a7c49523f61150d60b3851a9410c89689b2ac67eb9190d6b3d4a2611a4f3313b5b5ca57dc0055e323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
f49135760d32fb56f242714591c421bd

SHA1
e8cbc78b998b53bbc54e7163cd1785944a311c5b

SHA256
705f9a97ae977e9662622b3afa0e1f542629f2d616e57137bf9aa8933b31cc52

SHA512
32f1766d1710f0b21474d456170da3716354a9e2715b73f7995b20ecdcb5560d82f82430e3c2477ed0187b2019dfcef92cafe7660312b84d172a2f4db5e2dc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
a63de0158acecbd780dd684222e0da72

SHA1
3e884de0e6c6ee573f20b6fd733fc37b7380b5ac

SHA256
7d7b81d5e165d134015beb646a1af90802125c8529d2864360bff9f2954d6fe0

SHA512
b1222d2ce84329592494b7b6e9993e07fdcb25931f37d7c3ec39e371e5293bd559733e35f2dc9cc70601481f481e5da11a551c9f1b52d5e97f46f93a50552d28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
3107d59188f1603e732d01c96dc7de26

SHA1
45732ca46b9e76981c94fac8d4c51f5cc0b750f4

SHA256
85d6a381dd61d355c81e488589b760e216493dfc7faece7db2ce53131ba96485

SHA512
d9443e678c86954e72c5b02f4062d058a7394d2e81e7597e1220be5ba6e51987317e05f4ebe6caaac2fec836f22719e2d0b6ee539b738d25452f8f183f629a98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
69a487a889f40c45f510c871c0137cfb

SHA1
02cd3ea204ee995949201d9e162f4aa5298b7500

SHA256
cd51936eb60ca2603c90d2c384e9317b1dca3f0f16e67426eb1c0d8ecd861bb7

SHA512
ca1629e8143a2af2013c36f53751f3f7e30b28060eb8c028e06613471101d2dc0418dc831526ca26ba6c1b98f78911b7e675cba889e989b879c64185c7ba2f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\doomed\10304

Filesize
13KB

MD5
67438342dc70d255c85a99211848dfac

SHA1
0247873e515851d0081a8ca50a391aea75bcc8ea

SHA256
81357b2fbdf23078f5afcc5ace66bb534777e91e3bdcdbd74f89334eca9f16b4

SHA512
e184cbab12901da52643a4e1aeca5a357c17562f5a41aa940b0bbc61cc4764f7c85ab2e6c68e85c69d0a50116edb20ff9673d47fbe7f573c6fd85d43c796fadc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\doomed\14111

Filesize
12KB

MD5
1a9dbd4d41034cc4c6caf4b3c98c2869

SHA1
b00e078ee8e0e6e4f527197acfc2524b6a9d1274

SHA256
b59ae9b1429cb1665e6ef27550de665c07267e9f4bbbefb3612e318e41ddf368

SHA512
9531c08ce36ad1e72d00afed6ab0994addd8bcc856a82a922630b80f85974bc76908110ef2aad8136d4ecd6d76113d9944f40f01df19ed3d0b89cc7a97dd28f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\doomed\21663

Filesize
16KB

MD5
0f6e9884f5936cc8667b941d5fba8b95

SHA1
287163d8b5cadfc7edbb5fc2eaf6f48a44158fa6

SHA256
381b75cf741bacabe390c29659fae78f2dcbeec4bcbd323b79376462320b5dc4

SHA512
1ce5cc54240abf4461afe19c630513eb38540a429af10dd1ac86db1b23bf90f341fb1440369eef925c9652518d0f121c758db4c6d9a2c3ab2abebbb058648a0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\doomed\23424

Filesize
52KB

MD5
25bee10abdc842b5252a20ad29705a44

SHA1
a45a0ae26889e287367c7dda8e7d94b0565e44a1

SHA256
c0160031cd4b22de6ae9e05c14c2a84ae0467a930d92e89fb13bce3534e9cb7b

SHA512
b343e9ecdb7f3fd65598602354f7fa0f987b48ebc0bf5bfb0437a9de1790ad044c3ce13a43e79543f10afb85c256c1badc5d002073d848b2e1e384e73ba3145d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\doomed\4299

Filesize
12KB

MD5
a8e4fdd28c8fef5270a9dfb273285382

SHA1
6230cb70f092cbfa70ce47cecee08a1f38537605

SHA256
f2ed25f32c5c34614131827fe05b6936d7b43e7a91690a971884ead21ebac001

SHA512
ca5e49ea10d6c185d82ad749bef6edd2d60ffbb0627d5acac14ef0f2ead51d15b17085035ba8fd69099e74f114bf507af1e21460bcdf82dba8f12041626da8fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\137EB5EAA427C9818884A1CF193369609D0148B9

Filesize
93KB

MD5
88de91a34d62644716b94708e0d4df84

SHA1
5ce17fe32ef2c5ae8cf8cd5714c890e333386093

SHA256
06f7068cc673495b7e380bc13b630f59d3f5318b91306b5539b38ab656a57946

SHA512
42b0db9838ae8f9430e9a5217bb586163ec2156c6242b355023c7b4190ac38b501d1dd71ab221685f508421a09d30151e68648d6a553c37f64dac42921c6393d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\15222A278AE153698A8C85125589884BEFCE96EF

Filesize
48KB

MD5
19420a529337249d3425565c2c27d5c1

SHA1
ea67cdc801d0b44968686d3c0c84b2be415923dd

SHA256
2030ddc96eddcfc9ca27b447ddd112caa4de91181d4bd0671493c3b05afd48e4

SHA512
4f2ddbd7f0084aa15815a861853b35b794d3ad34d82f26203ffa34d830470b0a32cb6c2d581f9b74c6c318a156cee4ef42f165b1983860dedcfe4fb15510fb32

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\2167B505D934699C441A8E0A03DA105F9166E6A8

Filesize
111KB

MD5
513a127a414b0f992e07f187ddf2f190

SHA1
cfa718bc58ded152af561f2b82267f1305532f02

SHA256
330cb5a413937338643ee6bf5d437c715b40c3d13337d2c3fcae9ba1b8dc2e3c

SHA512
6edf054831d77fc088cef75845ca9b7e74856de3d2a210e08e4ec1a7dc33a3e742381f5f3e8f46695fb217fcb6028044dfc23ab3db3c662dc5429e1877932742

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\29E2C2ED2B685569BAD29C60F4EAC7ED9237922B

Filesize
26KB

MD5
5f5bf88190f4a03072149c8832cb909f

SHA1
3fbe148eb6cc9845c72655fea5ca5efa4e0beaee

SHA256
8abccee644905f15e9d2e23fc1330242e13a5557b71dfd36e14416ef5a553b90

SHA512
884721e4e5b447d824c3ec869e0953d8c5758ba8efba6bae67618ee38bc8005d34c94ce24a9c4c1a7bafe28272d7a61b1d4c96b4f9eb437c218bf655e1a39250

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\2B59238C2E25022682ABC10F6A0C903782C3DD8E

Filesize
149KB

MD5
8d4bf7d6523d3b0f5700ad4b9e1bd043

SHA1
48915fd9aa365123be9e036e19424b4ced7b55dc

SHA256
ce683e0c9e193e25a9ad30a5a91d482fb151e0e2a1b203732809b0397866c79c

SHA512
426bfae06a9ba3d31396abe4627faf4f141a88863ec87472ab2e7a696f074634a035e7521893bd286e2b6ace7423fe2982e369362030ccdb8d039091dd857764

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\40F2B34243AA11C7D54DA77BDE502085000E84B8

Filesize
45KB

MD5
676ce64ff7f04059f38abe2f919ff96e

SHA1
5df4743a7a1ef906abdb47b09c52c3aa39305390

SHA256
f609857ad7ff6061f96e7907deec68e9f3b06413128363c648c5471247b72ef1

SHA512
86dae658b2ea7c8a66b7baa3449aa11f12802ab1445f374a0aeb19295afd39858bbf10fcf9627f4865ae1cdb6cecbae528929159036518af6b659d2f4caa7105

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\45722AE6FD12AFDC2A70A368BA642949293F7F4E

Filesize
54KB

MD5
19f58043e51785910119326d39499efa

SHA1
0e2a647f6d9b786e27f313658b4631f0b0948267

SHA256
fd9c87054bc02be3178c77233e635e3655ea3eb89cf3b663220713de1863073e

SHA512
31e33151db9306c99933a349c6567944eb30192b881f0f8a1fee4802790479b3a0fa578bdb4f30c8e9e7bb3a98bf603e44cf7383281c4712b526bd4e6b58a7d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\48E8B68C4A71DA42FAB3920FB4F12AF8E22B8737

Filesize
79KB

MD5
07d82eca3aa6747f069fc69cdc851cc1

SHA1
291a26e99da9db90d8f66b88b1291568242a67c1

SHA256
28f871eda6943bc4225ed519161eb910b229834c600676548e3bbfe62a9b54f4

SHA512
b18c8adcd00bdc37c0d41e770106ecda0f2521e3e8b7705beed15eae6011e4b823dfcb2a5ba8f520a9c59b5ca93afb0662ff6ce4cbd90229e171a83060095337

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\4F7EF5812C41C76C040753060132BCE0BD2CB6AA

Filesize
47KB

MD5
75d0ea4ef01437a2ea69756e6a1bc923

SHA1
f36911863c02d74091a63c8341257778d2ef09c3

SHA256
ddad99a8f408d2f7013ed4c18f435d67bac2e2cf093d947512f4d22be66b29f5

SHA512
530e363ccf3594fc135376f2c6595317194b8f73c11ae5fd0318222466efc9f65567c9849facda37154c2adc9a04bfa5706e18e45250a03181ff1465ffdca728

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\599EB1AAB4980DFBC75515F606E8841BCFBC21C6

Filesize
79KB

MD5
ee02c1cefb3ed46fefe08727b17a4d38

SHA1
f6437f734dca3b310f5411f371996a6405aa6f30

SHA256
3860ba06de420d84c2222a1f8276140e23148041f5211d127670662ba522f86b

SHA512
6f0a1b50325390a3b353a0efaa7b17b85c0096b34aab62aa8bf0f64d33e51fad0e2ba275a03b9e2e5ec9bf8a8e156a4cd259eeef1130abfeacd67a839262240d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\634E16DC7AF73196290DC0EEA7EC63EF6B95A520

Filesize
40KB

MD5
861ab8aae999b6d00a5f79e714ee0a6e

SHA1
cb4e685c3fec7d5610b1edd89fb699f726b5aed8

SHA256
b0509566c67149cef42789a5c458719cdbd7cc636cbf86d10c9648d492ce8a13

SHA512
b79897970712c683956d5b36347fafc6fae5446af45ed40c76e6568accd663d925d04ef7d8af43b3e2e242ee0c0f6d6922988ffb8c592c35f3c90423ed110f28

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\64921A3FD6011B7661CCEFD820259CCFC783B78B

Filesize
83KB

MD5
7190c6bc06571263a1cd7fe3b0c943c4

SHA1
e17166655f1c132680199bb7a40b241e4141780f

SHA256
6a296456229698ac3c5c219a5b36fc5fea4cb5197540a01caedc6b6a0d7374d8

SHA512
04f22da9f4c7df2d5933ab1e169a719c09349355055dae140caf9d860ffba8e1edd421cf84fc86aa04ab9bffce9d313712502a3180ceecd70df2b571d35979ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\6B51640062BF09C499D4ECBCC36C2E52C3D7882B

Filesize
523KB

MD5
7360bb349ac8ecabaa054f9c4971e942

SHA1
2bf132fd42dd137cf028741e4fc919e0f7bda827

SHA256
83a97977d52b3fbb8cf81bba0b0fe500f8a3841c2d54d5c9f215750ea96464a9

SHA512
fb4a8a0ea433d95d26cd05f9a060726a971e027247197597cbf78aee3cf4adfdef8053b677ad677aafcae26928d5211d8dac5daa0e355784e5fd9b3e3a40f4de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\73E6E68E0F035006AE92B983F343D97A2FA8F48D

Filesize
100KB

MD5
9f5944443a82b7950cda42ba25857879

SHA1
f10e3e30e4a685e18316e9b56b4ee46a602a4333

SHA256
9781856e772d241b871a143fb6ffc7de11a72180c43069f1333462c08f3b8970

SHA512
fab2d0a9ec9e2e9bda3c1bc0182a7efc9c9e696533da6f0ebe5736af70135da1c55d2daaf1d9d92c5b63401527cef0d80935f5f9cef0d0269ccd2b23d483edb3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\791B8A8DF70047BFA15B8104F2D15B0CB898389E

Filesize
61KB

MD5
8edacdb90a52c63c902172e594009482

SHA1
a1580c51daa79b6f7f2a63bb5f21d49e6dbf10e3

SHA256
4f32d53f6e0ee478cf3ce53bbb8d146fd9246540d537078960c45be546357b2f

SHA512
764fbb5c11719286eb6cbd71f29aeaf8a364dc50e508ee8c1b6b132c877009298408adf2850f04fc2fb36de1787cc9f88deaf40ff88253a33e95aeef255edc59

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\7CFBD4857A71AFB16B02CC3BD4D3534FD96B1E07

Filesize
217KB

MD5
4ea8b21f0aede030db3a898a94cab8b7

SHA1
7aa7b7743bf3c476331dcdc4f7179c248e104f41

SHA256
f184bdaeb86a0b5cc0e37f4075e690670cf406efa3b0973b3b7f02e74975e9d5

SHA512
583af6eee20b5334e0e04ec8399a34bdfa8951bde1528e4632e03d9704687ca2eca0189066a9e72a075c4839238586bc2ab25a345224c3c6f47eed8225dc3135

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\7F24CD669B6E5345700CAF20E68D8E061062C679

Filesize
46KB

MD5
9c083562b1309f3f15d16a9bbf517854

SHA1
dc36db05e11ca9d5a22d14aaccb32dee54509929

SHA256
0356dbdbcb265d9f1c8d6d4463ea35b000e41dd42c3b5d734c4de84b25450733

SHA512
9b66902f8cc4fa1f7954caf7d9d12f110d69b7a3c9fbe7e7c488c9b5ea9946967dd369c7c7cf61d5e55a6f5d43d65d0e7927e55385360d7613cb70aea2561870

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\840CFB5A7534E6760C7ECE749F7E402BC1B16079

Filesize
126KB

MD5
f5ba6f19e8dc319a483499f38c8527cc

SHA1
c84cb781eb80f6841426d962a2b2716e2b4f5c5e

SHA256
3ab5942c78b0a1d1121df50fa1f3581c3c2550ca95976b5ef8bc4c805cf1c148

SHA512
660390f3a61dfb38d1e73fdeb4cac757635b496a4d2adac3f2ed30c9fa926820e43c04b198c668569d8a8bc96514557144d7995def80338dd52ca684cd0ab315

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\8CF0FCA8835761241FFF87CD21699A59C31B9475

Filesize
53KB

MD5
2de47b55148dd949dbea9211caab89cd

SHA1
7474221b0530285847c99feebab7d98abc76d809

SHA256
67b865616d28909c55946f2819152af949fb20e823343bd44b1118dcbee94c4a

SHA512
216fb54850a41b014b383f3c57da3bfba0b729d0fec067fe1a0bc4fdfba50ddd489449e82f08f39f5eb553feb477f2bde3990ed3515947dd0216714f71316466

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\98874637C82419E368D41A36BE8DF0A669762B55

Filesize
46KB

MD5
1e97fd128cd13c7c3c527f2cc06415a1

SHA1
5b0dbeca3de64146e0476147ac4bb1993e87fdb7

SHA256
fab503380c7ff29943d2273f875dc4ac0375d142acc7ec626275a4b190fedf5f

SHA512
92451312d9a6bdfe459b06dd47177c1b404cec39745b566ffb1f930480f6f94e1b599b170badeb57e58601809d0e54dea784bd09696a736b8071a5a2046d9195

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\994420B7D995738A9864A758D5C85A5A32A0ED47

Filesize
39KB

MD5
7748bc1fa087612cda274bd8ac706f5c

SHA1
9f1837b13e80b7752fdf9479b5cf8cbebfd92183

SHA256
66725cf760eb27582b491280d2bbed4615b6fc5b0669c5ab652a369987b88952

SHA512
1180220fec04cfa3a0b9e38cc73b8d2b33ca71f580b4cdfe6ae312684e4a3f7390af0e82db63e1a1ac010408bbe2cbe7eeb52f6dc32574f1fd901e7fbbbd31bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\9C2BBC7137762B4CA02A130A09A82F71C29112CE

Filesize
495KB

MD5
54e5244db2be6d8179bbb1df1643329f

SHA1
1533d7a6b95554fb121c64e6e09fd1206dcb9d41

SHA256
1b070e462d1c424e23d803a5af2ed5ec60bcee8d1eeee98a99fe642fea6dfd2b

SHA512
94b053aef3176d0a9b510f527832a23077defbaae5ac7888cfdb97894d3499469100e2aa20a3cd5804e4ef4c24c195690d7c929b7fc3ea0459f8f2a537b31f33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\9D7200B29009692E23307DAE2B4C8EBCEEC246F3

Filesize
62KB

MD5
d2d4bf49042061441ab554cdda2852c1

SHA1
acb0292823c65ba7b2770d4879db2d602a1a57a0

SHA256
da98d73f061f43a490d5011932c4fc9f2bfd4a1dc353f7fc2d9363d4b88087df

SHA512
a8abbd705dc38cc3b68e2dced90640d752f755e6be523df03f6b85a51a5053d9a671bb65a5553f20caa4064805f57910a02d904031392b6b46ffa47ee44e30c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\A03E71D163D42A487D82C9B7C61A4A800C62901C

Filesize
45KB

MD5
bf0268f65b2900d3cb3e88d742ca7d61

SHA1
bdd11847fb0d0d77f6c267f7fdbf463aff29ebea

SHA256
4029cf02c52333046cfc3334c1792d97655e5ee9d60b2280c97650c996af0efb

SHA512
76d638f6f81a5bf76c3fdfc3fab7d513295c221ccbcb8bcd018a4c3de9087844e0ded0a5c82175d64720b2430cae11e1889ea5443a499d89eff1bbe1c1151b8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\A85ED8EC5E18ECF08EB29171364772551DC55321

Filesize
89KB

MD5
fa02cad65794c6feee93fdc3ab192fe8

SHA1
b5189b64907b5e1a664efe6dc3becdc96f3a49ef

SHA256
435a6b4d07ebb923805e1b38b3ac5dfd5912aabd4e8a9f34c3846ac842286f77

SHA512
98a86fe0e973f98976f97cff195601a7b0cfbde628c89adc2649ec760879f4f1d8381b0cde4f2d2c2b7ddda5d0266125b4cb33b6732e4ab655c8ea4cc232ccc1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\A95F29A9219FEC69F50AF18906444691A39C0078

Filesize
50KB

MD5
751cd27ef0de5069a7979032c306684b

SHA1
8d2060c798617c1bc339ea8917d1ecc0e58b6683

SHA256
e0988d4dd057808e42e56628e76ee2ad80b13accab99dd46e40e75113b77e57e

SHA512
280274400055b765b2eadd1bba4aacbbed516a1e0a6da9ff97a467e4e23411cdca7e94a98b2278cf4611a9fc7af82c976cc0853d673fc325a2751bb179446b00

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\ABBBC4738E813F2B9AFACDDF4B86E89481DA5161

Filesize
275KB

MD5
3496dec93a142b354b4f4a9606b983fe

SHA1
c5e7e6e67e4fdc8a11ffb23e05d3bfe815a03286

SHA256
f66bebc9ea64e2ec15b4b975d591b51f493301fe0d10f70319e74e6e0b80ecd7

SHA512
41656442c47303626ba82299f462c2601fba1dcf578061673e000753e99f463159781b7f4853a145443f8034caf1921ad0819ae693f9874ac111cd19f7ac9a3c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\B514093AD97EB137639E70982E6CC2877881F842

Filesize
35KB

MD5
f0f1c5f937d7ddf7c561c654052abbd9

SHA1
3214a5c3c6d40a700942b6a8b0891d5206ce78cd

SHA256
8bda8f627d38ffb05f84af5f806a3173f74af72ee2e5f67b9bb4a3868de5c1bf

SHA512
5f2481764218681780b613f7e9d47192e3c90644cdf77bfb1c0233e0c1bd613962580bfc16c7118dd6b70b9cab33202a13b1be0a22e7c65b88fbfeb755860d90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\B610B6F51A96C8194F07261A09801FA213C38E20

Filesize
40KB

MD5
480a8749683c5d047d72f7d3115b34f6

SHA1
c0c866352f499778245b3d2a74c2e4b33179ef6c

SHA256
9a08011078dc2b914708c620bcd91c9bb546abfd988fe456d3791be2430a14fb

SHA512
7dfddfcab1154cbcab59012d3526f5b6697bda2b8e6fbb54e0447406a5da478d50eedc3ce5a035c88594eb3afa0b2ab7248ec22ee048afdfdca45b46df46ecfb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\B6DF1907316EA215D5CFFF9FD1AB06CD3E9ED87A

Filesize
78KB

MD5
57d16353848d87c157f30fb906c4ce9c

SHA1
d9df18491aa52d15d4d3a1d5e12fc3e7fcfda47b

SHA256
d1738d4c36e2ce889382138a2f7b1dbe43a59ff66b169a0d62f0ced8070d3545

SHA512
fb67c60924591f17b602987cc71785efd6471e1a04f2eae42f292013830f5cb0591425a89f8413e430efaadff15e927ed1f9746d0a624ab84e19fbf61429376b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\BB2C0D7B6B8C6DFA7C4ADE67469EA411B7C9D2B8

Filesize
46KB

MD5
f0de0360b419359d8f6a01d83156d8a7

SHA1
e4cfcf358632ba181920aa3d5ab6acf54db8f61c

SHA256
775d0ee9bf8f484ffbee2b244e6f90abfbd66d37b5a2a7b8ec41db58561c8f8d

SHA512
7581e7ce241c0629314ef8a1f882291195bfeeb9cb51414f43a932e50646d3b6157c457c7ecc8680eb471fc0a6d1203383476a9217b33744fc8ccec482bdb697

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\C01D86987297A2B996FE8B72C19CC7F7C3B31D6E

Filesize
55KB

MD5
d9a941eeeaf62d23169cc8302494de81

SHA1
f607dad4e49da4babfaba628da71dd1bfa6125f1

SHA256
fd7bd5221a0b6636769318ae33488b44b931b96e2762a2f257bdbd5f44209c29

SHA512
d3632ffe1b5754990be2a1b9e1436244d6c61fc8cfa8b34b9efcfdb9d1cbc0385272edcaeadd9431c1fd097cfdec1b0e5f83f7ca795428c0eb8b39582f467069

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\C8A0FE1473CECEF76E57A5B0E8B51E1D2DF95CF0

Filesize
45KB

MD5
e49918da65a615622870d5204331fa94

SHA1
b491f3436679b5bd45c6c74ffec918d8954f2f99

SHA256
9e4881c5357d6aadad59050697626126cf5ca25b60de4e05beeff59a1ba330be

SHA512
5d16714925f7ba229616ffc26a1cb701ab5bdf9ab43b756b53499d166420cced7dfca3e63698f6fcf56447e2cea7120a9ef5b5f0cfdb590e51af87e7d06b4b4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\D7D603BEB75028ED7AD6916628DA698F6126D879

Filesize
58KB

MD5
5ab18a7881bb47a1a6e95424e0cef838

SHA1
958abc40c3509be0afddfd71d69eb4a79563d544

SHA256
102c48c196a9b0778a516947933677c89e9a2cdcecffc97aa742a610351bd1c3

SHA512
9f2dea85181b58a6617351b27dd17bcc3338487e472f2ec91e0b26b993e978a2bbf95f3b3d2c537d078a9453586a969d4934e083e5eef6c7c21cceb6c2361e22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\DC6CB4D23713E5F558FEB0D8FBE338CC7797A724

Filesize
61KB

MD5
682ac289b93b8afd56c53644519e5977

SHA1
6690f5c4e745c4d72f183e5f5e150486da2997a5

SHA256
8ca254fa7ad8e67fff552699798890be9456e8c2574c649b9770a19ebda64bd9

SHA512
af78a30da88907e6c3f7763ba7c40497e25dc272c7f1e9dd7d15de7d1b99045b9a3e018df023dd67fdad3e184d368b50c43dc3eca738b7e0789f77ab52e8c04a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\DE46EE04856B06593A3188BEC9AD0D09C978916B

Filesize
44KB

MD5
db45cf460db5abb0fcf57faa4c839553

SHA1
3bb0ffda783b76afe20528fd4ea25085ac6ced26

SHA256
c6881b102ff558cdea8fdbdd8594e3e874ecf9a37bdbde1ac92bb9d58c9df93e

SHA512
452c8af40f0f097ac5110c201023d5ae928eaaebc9498747eae375a711903b0e5dc0970889ea580ddf2a1847e885b55fee6d32f75db3c147f921f0ee02896e48

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\EFD38084DF453526467DE817FA4BB9F05B5EC2DB

Filesize
55KB

MD5
5a8045e37b4a7bb39762f3d4b2dc5c5d

SHA1
ae5ef871f682d526ba68825a139699ae19cd1c01

SHA256
5fdbb94a263829276613f98c01a2af5a6b8f772efc832a70499d0a2169feedef

SHA512
c99d2671fd353b742fcac421e20f89c1a95fef2cdabf52383dd56da0777eee163051db736246427c88fe2c4153896a1ff9b17ec4e90ae6881ff0ec3d2d915799

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\F2FF3D7498F15A3487B1733D274B4D11ACD31E7C

Filesize
102KB

MD5
398f468a76c996931678f3d80b88c9fa

SHA1
a5930334a233b4d2fe77356c829cfc56f3f5285b

SHA256
fe3a305fdb06ffd436a4a6dfa4cac4f65047bea9b28e231e895b7a20de663eeb

SHA512
c722a0e32404149765b64e81111231f6ef0042461d40760a74ead3c2b13c215720e3fbeabd8849814f4c1ab1c5eaf4360548dc07e3a3698c361cd29c577a976a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\cache2\entries\FAF7831283380F406773DEB9DBB542CE25BEBDF3

Filesize
33KB

MD5
b651476ed8b18d2c09b1577c978278ce

SHA1
b455db7b27b4e7266287bcb5f6018026566a57a1

SHA256
a950719dd79ac5911b60950639c34edee26cfebfc185c566689395b70f265d21

SHA512
24f3bddad70d18773009e1332af5d8e6183c2f2387f7f482294350912191366dbc37bb9083682b3ecc8d23ea36ad302ca7d338f88b2a322e25a2e1889679f0f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kzcnpuah.default-release\jumpListCache\AI7ERT_zFRP0OJPLp6oxyA==.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab786D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar79E6.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
aa8a2b73d6436c8ae73973071bb3c25d

SHA1
a863dd4bdaf978b3c8570fb7a186c5967efc0084

SHA256
6cefb357aa0fbbc8d999f1464139375d08623936b1916eabe7d57655859510a9

SHA512
d4d56d49dca39bbb253679bb49c46a43a70acb8d4dc8c6d0ea87f4ecc2f9c887e5a7db27731a40dedd459b955a39b2ada1bfebf0e3fdc784e95dd57fff5f44f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2798cee4da3f40bbcf58f89326ccfb90

SHA1
67768037a9e3c0a6688835c42c138ca469e64ef7

SHA256
62dccc1dad4c5c64b67550918dfc70df9564044274990c0d62866a7490888c09

SHA512
0ee9185a8af45c3afaf8f6f1c31c23d2e389243045fa9b6e592b42c122319669cd725a62f1f388b5ede172c0283b555bc1c3210e366c21be0a6d86903c263aa9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\66ac42fb-fbe1-43dc-94c0-324a353c5598

Filesize
745B

MD5
231a04b793cda105a4ddbafa687a626f

SHA1
a343e03a1f9c09d73ce6ff85fd1a2da6231cfafb

SHA256
4edfddcbe3b33652e1242f2c7c7ffbafa561d334e260b8f0163e4a59d8590ff9

SHA512
8d52cb87dc790862a76e9b215abd3d850534ad0ee650a9357b6d5b1dc6db43e8a95febf8e930ab57fe3759f780a4a39963743b3e4e695053be63d0d7f97f1edd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\datareporting\glean\pending_pings\bcb9f74c-2d19-45fa-a5fe-9079e6b4e067

Filesize
13KB

MD5
853f101b63ccc5eb4e2d65092daaf726

SHA1
aefa54aeb663db1a70578cbaa420953c167ffa49

SHA256
087c79928d3929a8b401414326bd57ad90879dca7465222b7646c80692de5731

SHA512
7f5f233c249a28ceb8ae3c61283317259d84ef0381f65dbf15ab813075cb7a316e1e94741705176b287562f1b66745506fc861f2bb522cbbb862ee4ae642488f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

Filesize
6KB

MD5
23b119122de9df83faa746e0845e3453

SHA1
577ee075e8d98bd822e19d525239272a67ceac0d

SHA256
787d053b1abf11061993aa2ecd012203a3badff8a1c2cf7d6c027dbfadef1a02

SHA512
8c06fffed3d589a5bf752eaf36acfbcbaadc2431424209a742a382ffe5810e85c893ddfd5228827a33535ac7308938a4a258177aa03cc33aa03833b2c3f1c1fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

Filesize
6KB

MD5
166b8168b3780619fc2c87ae928aab95

SHA1
c67209bb06cf5dcd5c05cc63129d5f9ec21a98eb

SHA256
9fd9227736be0a054edf67804339e9aaee3d727209da36a3d004c8a90928fd2d

SHA512
62504f1363a23a836d7513b5dc0debc6e8480bfbbdb3097ef84f5f518bc0a5cafc9825e32244a678698e5ce668a755af152899ae5c6e895b6e7acf6b2ba5c462

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\prefs-1.js

Filesize
6KB

MD5
e2652e5a48649574d36e39466b1f1a43

SHA1
db07d6399652e837db69878ec30d7c810c5e4e9e

SHA256
0af64f73548a0a43e93318e7e06db6edee0c9f37f78ce3ca2bc2f2610359c044

SHA512
00d1468aaa0856fd67fc8072df6db6ec770b73380e09f69560d54263a8ee1553da68ecd5f9ee8a752682c36b76649f6c2ceaa2cbb2d129174c23f6c1e281bfd2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
2aeaed4ad2e77664f8ba3351a7a5e0e4

SHA1
3be995c43931ce7494bebb2cdc3abdf2a304d970

SHA256
005d45aba08bec32c5de38908f4c49d02c5936e1ef0b060c2001f782fbbc5355

SHA512
3ab1c13bbdd96f37c4b013e250a67c8492baeb39ff04f991293279e87ae9366564c172dd6362f79b41ae75cfcc3766e9333524c38aee65d918aedcd2f8948449

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
b8b1f94b8ac8af23e9af5f9d757ef02d

SHA1
c7f8b9b811b5741b7ae969406348b901026a42b9

SHA256
17641b97814457a1449bc309b53fcc7b446d56b9922787f80c7a9ae185735860

SHA512
aa22a5a21b21ea16e601e08c2589d19df87b957cdaf41fd6f3fa0afa446aafbef4fbb480f7debcdda2f376246b814075a9941a64481bfdf568817d13c35ec4b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
39bc9f43ba78b5e549977bb273eb9e9c

SHA1
14c1e29487d49c5ec1ab62a856de194f61c18de5

SHA256
682ada5167d98d3a2f05ab570bda0b6583f4532ccf1b0a9975d699fdbaaa2888

SHA512
c9e3ce3d49148d8a8a8b099ae43503e9b9a98ce45d7a0693059e9c162cc5587f46ec6bd4a95f0cc6371753bd78201703962b4df603365e644ca423098f75d96c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
13ad232f316a6e37a98e2198ef1446f7

SHA1
5dcd5d180f3807253df1edc59dbf37775e7d80b6

SHA256
306a5d9a38afbe614884b4301fcc081b73a6ffc2d450246fdbfa32a0380d378b

SHA512
68f3312c5e7c01e885f379a5d44da279f93fb86cda2a85005e999f6903eee1fc94de945836c6a8a380db1699e62ab2990b20015ca2ef7cdbcc44069d72f9b70c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
49e1af3a6802dfed9ebd237eda1ab134

SHA1
696d3b7736511911bec60c55b160fcf952b7b12d

SHA256
f83dab07af6b1ab5569e8e167028c1e808a78aa00f988de1b7d9f07e4319eb31

SHA512
3eef7dfb151cf5d080183e15ba4ec35b11bd3d1504d8a42b416ca562252c4a4231c16181c867f80dcb01ec4fb2c04585a5022b3f48d8f57422c253e75f9bcbdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
d4eb1c0fc1516e9dbbde82dc3057a165

SHA1
8f77c6f51e842a4234b8be4e06f0df215bc3ca50

SHA256
a2828def623f1fb3c77fc52c79ce7fd9aa55694c4092240b68bf0d8d1ce7bb6e

SHA512
e7df4ed000201a29e40517a2554805264a7df6a31c56b9a70bbdf4a27880d7cb3577f5aefa8f39f455243284323d0eb85d15cc2e72f84a0f50c1c1b1e936bf9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4d6a9c19864ee8c22d6c85b0ed98b1df

SHA1
d2fb72fe187dc5853e7044255b1bade7aaa782c2

SHA256
060a7e0e62bd165f466b8107cf819fb92f0d283f3d6977ce99ba41ad21f2bcbe

SHA512
c5b39a728a205e4dfde882ec77a760a46a997555f698d613123383dea452f63cb85a3af700db5df62b9896592e2c57538429d13a8dd2abe3bb3e9859d455290b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
c3b06e511acd5cc803f6bda214c791ec

SHA1
1aee685789ef33de5fd7e57d75fc904440068395

SHA256
b79e2c4fbfba9f35a18943f4554c7e18e9554afa903ca13cec216bdd04b2afb6

SHA512
a77898c6d8331d383f858dd6a56b81f19f674bfb6f7e1fda8f56585e260bc1021f2bde5caade7f7ef84b227290bbaa8469f9cc276cd29202c948a3ba31959ef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
28acb4d99768ee77c931eb79629123df

SHA1
817e200099099b787fb8fafc4130651b01ba2392

SHA256
a792f0a9faf9d122b114f4ec4af16e1b8cf0e4e4eb7442a3c606f1c9937bd2e6

SHA512
a0b2db8c21ac587d5dbd9d468f3d233c1d1a19b99f0182e73304cd7d587b606835db47c1d10ea112905f9e9a35e02de3acb908fcd49c22befde2322a8d400135

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
d27dc90dff81be5f23a258527ee324da

SHA1
26d1345e99ca7e879aca435b9e82fec035797812

SHA256
f3bd1673c663adf6420087ee32eaeb46e01e7f0b2c0fa8380ed68f6f48699177

SHA512
ad07425ba25a7a3a60648ec10727fcf35d453c77d6b7df071f692e03faca3f5ca4e2d9e436c74c7293fcf24bc531f7b2be7f03cc6f6abdaabe38b888f879aa95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
00383c58106e15b3427dc53112a76cd7

SHA1
a5241779e6c22880d7df3030293024fc7d098c5b

SHA256
62a341b60106e3d1a6ecddaa19a4f79a6476579291fe6b0b9c9995d6eab97b2a

SHA512
491e6cf8ddc51f8d0f8e68881c10e1155492e2848578f0a7d380007ac997aa283e1a5ff50aa32a7dd97160bbca405fddd99b1ec2116b7c633fa95b0b9ae1e679

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kzcnpuah.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
c33eeeae6240363bf7334434731569b7

SHA1
59af4849dde07b1abeca03a4ee4efeed5e19fd9f

SHA256
98e3eff8200c2ebf4ecca2c53a05c015455c0f4e9fed265dd5306ecebc21b627

SHA512
de4eab456a4cb7cfd782eb6b8a861f7158a4f080b3534e072447eedefae00ed30fb7adaa12db8408be24d95e51d1958ded258d7ae3b4d9f97700112eaaf4c6d2

Download Submit
C:\Users\Admin\Downloads\Akutiobw-project-main.MDx52NXu.zip.part

Filesize
3.7MB

MD5
152741a7e3505f4f4d9bd4094e0774c4

SHA1
885d3d505d4e3ecaec6f1505a0f4b61e224a6efd

SHA256
ac6a190a2b331ddb8939b13540fe8281025b4b01004b08d6428df65734e85f93

SHA512
33e205a28c2411009cca0ccbb0dc5a31e9d29fce1134787725f018028715bb8ae36654b60b178c254a4567faa376b3a3284b5575feeaa5ddc4d2715aa666b1d8

Download Submit
C:\Users\Admin\Downloads\GTA-Cheats-main.zip

Filesize
5.1MB

MD5
85ff43327f6e61afafa923313f500033

SHA1
963ba14a56b3e55bb7b73f5da7e6499061497b2c

SHA256
aabf2e8263b0f57a8ced35f9a4e7add4ed5f940b50bc73b1bde6ee54b2c654fe

SHA512
af2aeddf5436912309952e4702c5125024303b388b9ce644e6b3347fa4395a49b752fff257cd8f0dd1daa2dd25a0b09d6fe0befbfde97024716a0d42cb47c139

Download Submit
memory/772-2631-0x00000000053E0000-0x00000000053E1000-memory.dmp

Filesize
4KB

Download
memory/772-2653-0x0000000000030000-0x0000000000130000-memory.dmp

Filesize
1024KB

Download
memory/772-2628-0x00000000053E0000-0x00000000053E1000-memory.dmp

Filesize
4KB

Download
memory/772-2629-0x00000000053F0000-0x0000000005400000-memory.dmp

Filesize
64KB

Download
memory/772-2627-0x0000000000030000-0x0000000000130000-memory.dmp

Filesize
1024KB

Download
memory/772-2630-0x0000000000030000-0x0000000000130000-memory.dmp

Filesize
1024KB

Download
memory/1000-2772-0x000007FEF1FE0000-0x000007FEF201A000-memory.dmp

Filesize
232KB

Download
memory/1000-2804-0x000007FEF4250000-0x000007FEF428A000-memory.dmp

Filesize
232KB

Download
memory/1000-2773-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/1000-2770-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/1000-2771-0x000007FEF4250000-0x000007FEF428A000-memory.dmp

Filesize
232KB

Download
memory/1268-2615-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/1312-2824-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1312-2826-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1592-2820-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/1592-2821-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/3640-2665-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/3640-2664-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download