ac436cccb6aa63de21a666d1050fdf700f019a93a033d3678cd7e01879d7c266

Analysis

max time kernel
187s
max time network
213s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20/04/2024, 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mechvibes.log
Size

13KB
MD5

96ad065b2483cba0da74a3acf253ad40
SHA1

1c8c1a8e7e100815861252464864544a837a9a09
SHA256

ac436cccb6aa63de21a666d1050fdf700f019a93a033d3678cd7e01879d7c266
SHA512

b6234d061105142c2beec4bcf02e08b9f16d666a6b62191da58a4e25c032ef155b7513522a307186ad266e55139ec6d92d889d2ed3157c24e699dbea5fb34900
SSDEEP

192:2Yy8eo7ooVuzzaxdriYf6DORjIBHGy3cBigvjUV14hkPhDKVDYdOrHPVLdP9DPaE:je56bQ4

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 36 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133581002878339152"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4672	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
360	chrome.exe
360	chrome.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
4400	chrome.exe
4400	chrome.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1892	SpeedAutoClicker.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe
Token: SeShutdownPrivilege	360	chrome.exe
Token: SeCreatePagefilePrivilege	360	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
1892	SpeedAutoClicker.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
360	chrome.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe
1892	SpeedAutoClicker.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1480	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 360 wrote to memory of 3360	360	chrome.exe	76
PID 360 wrote to memory of 3360	360	chrome.exe	76
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3528	360	chrome.exe	78
PID 360 wrote to memory of 3756	360	chrome.exe	79
PID 360 wrote to memory of 3756	360	chrome.exe	79
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80
PID 360 wrote to memory of 4340	360	chrome.exe	80

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\mechvibes.log
1⤵
- Opens file in notepad (likely ransom note)
PID:4672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8616a9758,0x7ff8616a9768,0x7ff8616a9778
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:2
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1820 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3380 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4120 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3900 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4884 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5416 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:68
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5596 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5864 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2572 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2560 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4016 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4676 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4596 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5736 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5572 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3020 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3044 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5820 --field-trial-handle=2068,i,8394913680296171267,16332335502202579782,131072 /prefetch:1
  2⤵
  PID:4436

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3312

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Temp1_SpeedAutoClicker-v1.6.2.zip\SpeedAutoClicker.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_SpeedAutoClicker-v1.6.2.zip\SpeedAutoClicker.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:1892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1932
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:1324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:4556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2464
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:1184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:2228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:4596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:1924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:1480
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.0.1722082822\645964898" -parentBuildID 20221007134813 -prefsHandle 1660 -prefMapHandle 1604 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c287a8a-5405-4a20-abaa-6fae7d1b870d} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 1748 1736edd8958 gpu
  2⤵
  PID:6884
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.1.1584362578\1973318645" -parentBuildID 20221007134813 -prefsHandle 2112 -prefMapHandle 2108 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ebb3d82-d3c0-448d-979a-729289e6fa05} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 2124 1735cf71f58 socket
  2⤵
  PID:6932
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.2.1318928194\591358388" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 2964 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 944 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fffb99f0-a2cd-4fce-8985-92c60adb60a0} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 2980 173732d2558 tab
  2⤵
  PID:6960
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.3.1348909503\417409508" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 944 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19c56f68-7466-4aa8-a140-471c3600d0a4} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 3564 17371d90d58 tab
  2⤵
  PID:7244
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1480.4.221729862\734941232" -childID 3 -isForBrowser -prefsHandle 4256 -prefMapHandle 4244 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 944 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c23d7205-ab38-4a03-afb9-df23e24b4fcf} 1480 "\\.\pipe\gecko-crash-server-pipe.1480" 4260 1735cf30b58 tab
  2⤵
  PID:6608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:4108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:2324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5104
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:4824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:1372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:3988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3496
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5128

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5140
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5164

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5180
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:6584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5196

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5204
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5244

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5260

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5268

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5300

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5332

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5356
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:8528

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5364
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5388
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:8160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5404
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5412

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5468

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5500

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5532
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5564
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7504

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5588

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5596
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5604

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5628

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5652
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5684

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5692
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5724

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5732

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5740

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5764

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5788

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5844
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7412

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5852

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5876

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5884
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5892
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5900
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5948

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5964
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6052
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:7276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6132

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6168

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6176

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6232

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6240

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6264

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6304

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6416

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6464

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6504

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6528

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0d9a7838eb294f8c8cbb763d8455b2b1 /t 2440 /p 1480
1⤵
PID:5204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\0ba29557-0d9e-401b-89ad-b77daa6471ee.tmp

Filesize
272KB

MD5
e78f9b28d8b4acab9a33238bed67a184

SHA1
74a9246d692e4d6389e10b5d716f7eb94d110a0a

SHA256
5cc298517ea7b788977077fd5912962b4ba9a156f4affce320d333d7a78e7f69

SHA512
ae766ade1566d76d1fbdb0b1d89a8dbfd6dc376e5c6371eb798626e5f3cb1fc0cd3a89dcf3529b515422bd4bf2fa4119314be21e59dce7f3db17891599a26ea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4fcd883f2973c00c4c78244578afdfb5

SHA1
291684efc1f398f4fc55776fbbf2694082d060d7

SHA256
dbe0f34cd0f2b29af7d9135e1798180ba09bd54f7fe05b285419b867acbc9b7f

SHA512
23586ed31c9a99ae85be1adeba8b453661e428500d30ea5062a16b3919eb6c481337a90c5df0f3c11a4336d3017d6c0df321aa554c0fa599993ec0ab3b5f6b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
29cf97f3e0dcfae71b8a14c97980a27e

SHA1
53284380e4db21d0f74f58cf080ec05318ab0adb

SHA256
8f49dab78eccd826ecb5cf4f6ef2609ae2fa98ea1f517cbfdf37eaeb54fb29aa

SHA512
e327184be654efd978ad4a9e14e9aa4a0340ae92c6afac338be2260aed26c466847a3029de26cac716d3f03c33a8f80824f2f0cc93360731682f633b838caf42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
34146e6e75fdbf11a2076234adb820c9

SHA1
797e1e43ec52e2808222abab2e85bfb402d58049

SHA256
9a1ddb0b2ba305154f524d319303caea31358064883f3f19f6f348b70c0075dd

SHA512
c4b8af16bd1c53d5000e3efccd7add0de39f05faca508d2a81a5f1424e4134eda7ad236f6b2133c50e24eca8e65059d5d6f92cdf959c842f1b3c712564afa7cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a679df7c6d268063ee4251ab14b6fce7

SHA1
ccf523cb9b7348980ef8664a6c6da424b7d09a34

SHA256
8578843e55decf7a0329532b702c929d5c3688fe57698672b47bc0fcae9638b8

SHA512
539b7a402cf7075578e5d4c7f244e23d912448ebf34c75b1baae51e3c3b09369897eb16fedd068dcc36e94b972733dee9b05f239fe1781e20d02aa9d15ce3fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5765c4253d39504b78b56273faf73357

SHA1
eaf6cc8c80dc376d218f0fbbfb43e717f9f1f410

SHA256
cc436ecdaf00273f98756546a4be7d51c2217e9dec005323d3a25f1534c11c12

SHA512
917e0edfcbb1ff4bb2305ae898d809e3414c06759e78ba63db4113c46e7b4a2d073d7e84b5089d0bbc1ee765edf380a5ddf08d1413d6c2d0986006ccfe81644c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
b959f8c6b75284c580d042b78d6b8d86

SHA1
858bda5b94e4e617fe9e3529d95f29f0ccd00c66

SHA256
70a426f23c08f34e2f79a0bbe99ca0f6ba8fa6b4ece3ed3f1655aa58d6efe763

SHA512
2f74a1b6ba884f65c98933f3826c6e92bb4d2c129dfece6d5c9341601d5dc8d2d6fb52de4e3545b444131c235e7fca03f344cdfb64801be177ac1c16a23a7976

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9488bb2edd55b4a1b389c8a26922e49f

SHA1
e8b8a705e9a017a91f5e5edfe18bdf9fd23a0f43

SHA256
9277bf475cb5c597178e7e020375b6da390f6650ebc6260be3448aad02779730

SHA512
98106be44294a0922e6749a1d233bfd503c3fce821a32ec4d805bb1c2373a03f7e5eebd4d5d0ab11cc1c64531cf8fae13d7abbd359885b41130b0ebe1e815fbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ae071c53a517752e96c4b6295a02b6a7

SHA1
e38eb628bceecc2153ba1c760ae6e91653e5f4f4

SHA256
87b038dc6e5e97217e5c9e1fa21792d53e447b9abbc534e402d67d4fbea02d74

SHA512
e19bdbd61a3697cabf9a421fdeb7e595244916c1ae336c8d8f214f48c6e063df9477ea24c99a7bfc2fbfad2d04ac794d459e6583e7cbf85a9b738383174dece6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4529a4db1fbfddd2249e31c7397d6e5f

SHA1
3531493f678463cf26fe887ae023305cc40aa996

SHA256
64837a39507b1a49ab0d4e7a5a38a433111dfa3c8e14920cb9849f85e8168d48

SHA512
bf6bb00b283adb77e7dfdbd8ad11fd48cb37ac00299b95b16f652b72236bc51208da0ebd94d9d4d7b3775cf59cc245a80326861c9d0a97ef10a06f14aaec3043

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4e0b1fe067d48b7fbd50b015276cbce9

SHA1
ccff70f00c64e9c069aa37b87f9aa0561c12816d

SHA256
fc299767eafc7906b57d75dd1f13128eb239e1cc17aa9bd8c6a7c97dba53f0fc

SHA512
93b48684575fe4b2093067b14c7b93668f5ef7d89f67fb513758408772d78c2cca334e0e09000a11859e39f93a14928ed8a37632de2ce0355a7deabe53f27bfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
95638feb259bf0bc10f462adde06eb5f

SHA1
d18baa7f35d9b67343ad1f90f300cddb42049312

SHA256
3eca79b7e9198a5b2c5610a20adc2cebf9c9aad86dfd22a47ab88722da6136d9

SHA512
b30e66e57aa9813b9be4534d64ec7703e642d3b0a456e76ba60de14f2c0dd4157041bd048e139cabf5dda101e8098330f3767b5962b7e87ac568273c6e9b20d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e3bfb80e40a34cf8cc4753d3a9ef5e95

SHA1
f9c0ccea8b5a707fbd1eae35a870925ff5dfa017

SHA256
7460c4cafba1cc4cdeb538bbb3ee4559095f85065f73a8f5d9a03729c3c4099e

SHA512
4c5e9eed06deb2bece921047b04580d11dfa777cb3bc0c6ea18298dc8321ab27c6a11ea1f72c3a094b3ff8f0965d9004f76d560cfa46a1bc8dc95131564d5abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bcb4b8ccdefbc7e57a75ae23e9dfab64

SHA1
587124365dd97966581ddfd9e9ac1b77450b7aab

SHA256
7b939f13857df360aa24b180fff465e2dd4caa942c06c19e3fdc0ef89b71f2c8

SHA512
85e048962f629df3f0a74fbac6e4b0a430c9d918c1b0fb238a7e6f801c9d5c6463ec59e9e49eba9464a68dbfc3d56ec6b78d023a38eddb87bb489e47ab20b518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8ed738d4190fa00b50dec39c8544cf9f

SHA1
2917a1e1d339e59a1a74915867e057c51864322c

SHA256
afa0687865e4b0134fc28500eefd29b8dca645c6c46917041d61596537eb55cf

SHA512
d7f763a47d3608fd2a6dee512be48d86ca8a00784d0de031263b20437d446b323a5cc0b1030dfa14bc6533aa80ac62a3108e492045060e7812ebdc4ba4ca3985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
472e006de1d6632a5a446948ea691ce6

SHA1
593eb116854db4cf927d976736ba4e8534df6ebb

SHA256
9924014a2e666f4b15bc779f2da04dd731c1f6519cb4e1b10dbe67c38f3541c2

SHA512
160b1cd1eb288603e416e64ec0ddd15a7e534e393d7540c8acfa376c69190a539896e9d0bb697727e2c782635ad0bfec645e8d0456313ab6c70746cbe86f29cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
a9ddbf9158c253e10eb408df812b4c18

SHA1
87d2b9c24d5b2ffd0791dde4fc7211bdd3b38d5d

SHA256
f682ef74b8e9825d54726ad2c42f0a9593b4c4c1ace1928ee9df5df0372575fd

SHA512
1c038b8532572b2c79a3717171300c3046d46e338b42f4981815c58bcc3a394bfb85729749c04d95e49d2745cf36922eaec9dcbadafeb731c037805995f63590

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57c1ba.TMP

Filesize
120B

MD5
ee1aac46f612d8ba90b6783e8fc57edb

SHA1
44a3de72ae97c09a187e02a1b9d65a2ebe2f0459

SHA256
e82b2aa763242cadfeb5757b1dc1e3c0b95a04c3c49aa76623c6cd9c050fbbcf

SHA512
c078bbbb513b86c7503223125add0e0331e9414609935146aee03bd25a7425726b4b278851f4aa291b412deb1ec060f2e308db5bd5adfe74b74d65de1e958673

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
c67908976a4901c2f5de666d886faf32

SHA1
820ae79c75f115504f22b9ee7c1051c4b063f38d

SHA256
642585b899984916f0e674c327eedae07ee625f3968bd925887f45f4380cc7d4

SHA512
caff9579cab5cbe837103fa720ea0c2873f9a1d8cebab9e154ebee62c02e1d7de35e24ba06ce526a1a52f5b7cee8f5b753e09b446688823a8b055efb8dd03a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
a25e0e61e7ced008bdc273022407c316

SHA1
025f568390e22fda3d40c66188ce3227e7bcb67b

SHA256
f962aec1412a88b5c44e6b8ff58be776a04035bcbe36fe4648b68449f8d5bb37

SHA512
cd947eec96f593dd207ba1c4fe349413a565ebaa0e114f9a21af8af13ff92ecaee47a7dd28f06619aeced3709055e3750dc0062c136727b3b9a259941e786d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
00f37ba933d45650bd0de1ded91049ba

SHA1
c2477bc1d9b3e14e42eb8149062a6396ef115de5

SHA256
89a755425cf1c47985d6093398291253395641bc0e8a7fc9b56d447fa7de1300

SHA512
606ad1da0df5ee1231eb3fcd34c2fd02d6e3015bb9a84e80788776542fc90ea8e4492c7a3da3d72acb92b7b8cd7902c55c2dea8871d1ac14105121dd696b8c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
c6df2ca4ff10badf9ab43b3061f616dd

SHA1
47ab3e7dbed3ed3dc5b2727ec6d1c09cb8912bef

SHA256
dbf79da2ff8d03ce425a6f83019746f7acfe9fc79718f816b0ee62e781489183

SHA512
c11cc1bbc37a05974db83e8b6a7581f8e8e64ab3fa8305e3a1db1111e18537f9b45b4b03c6fe86777480c71110fe9b6d3ba1713254880faca6333c4bbbf0acd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
7280cf0bd33e12129a09886a6e7c37f1

SHA1
6e60345d639053efdcab6dfdd4fc3388a44ef429

SHA256
4d7afbbdb420bcdc5ac7e335441bb81955363a2895b5fcf191ce488064d36b7a

SHA512
00f826cd508ae405bf1a15bd4e57343a38499320144ea04de7203c05b3407f9ff8c12e776547d4fe00d04cec650cbbeceaeba99f2ddb241019dc358e8275d7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581be0.TMP

Filesize
93KB

MD5
4276e8518986dd76cdb70e1f9f707584

SHA1
503b64735baf4eea1cd4bbbe10413f4ea236a872

SHA256
e79621d29a95fd21043764fe067f8e02e7bc593b0e42c8e5e2dcda5e68ba10b4

SHA512
af4bffcf33682f58db89cb80552220bc629a268d8ae145d034e03caf4c41479319a2a254eefbb4c195976a239c7327a6daac869fcc6c32940f1486e48161207f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\SpeedAutoClicker-v1.6.2.zip.crdownload

Filesize
2.0MB

MD5
9192d35de69f1dbd9de0a36004c35caf

SHA1
0876ee1f6408005a754ffd34f52ab9185450b36d

SHA256
b6014a35c04e9c13c6e97178f18b1597b0a7d8e1bbd3db4cd843bb7d8b6993bb

SHA512
8219ae7635a8c0cfa4c0ec78dc2688a0f376f0e25c1f057c4dd4f61cc00dd03dfe7b474d4ae54d491956ee14a625001467d4885f22577a06d1756cc80855307e

Download Submit
memory/1892-287-0x00000000054C0000-0x00000000054C8000-memory.dmp

Filesize
32KB

Download
memory/1892-300-0x0000000002DE0000-0x0000000002DF0000-memory.dmp

Filesize
64KB

Download
memory/1892-303-0x0000000002DE0000-0x0000000002DF0000-memory.dmp

Filesize
64KB

Download
memory/1892-306-0x000000000A620000-0x000000000A7E2000-memory.dmp

Filesize
1.8MB

Download
memory/1892-307-0x000000000AD20000-0x000000000B24C000-memory.dmp

Filesize
5.2MB

Download
memory/1892-290-0x0000000006400000-0x000000000640A000-memory.dmp

Filesize
40KB

Download
memory/1892-317-0x0000000073A90000-0x000000007417E000-memory.dmp

Filesize
6.9MB

Download
memory/1892-318-0x0000000002DE0000-0x0000000002DF0000-memory.dmp

Filesize
64KB

Download
memory/1892-319-0x0000000002DE0000-0x0000000002DF0000-memory.dmp

Filesize
64KB

Download
memory/1892-320-0x0000000002DE0000-0x0000000002DF0000-memory.dmp

Filesize
64KB

Download
memory/1892-284-0x00000000053F0000-0x0000000005402000-memory.dmp

Filesize
72KB

Download
memory/1892-285-0x0000000005400000-0x000000000544A000-memory.dmp

Filesize
296KB

Download
memory/1892-286-0x00000000054A0000-0x00000000054BA000-memory.dmp

Filesize
104KB

Download
memory/1892-283-0x0000000005520000-0x00000000055B2000-memory.dmp

Filesize
584KB

Download
memory/1892-282-0x00000000053C0000-0x00000000053DA000-memory.dmp

Filesize
104KB

Download
memory/1892-281-0x0000000002DE0000-0x0000000002DF0000-memory.dmp

Filesize
64KB

Download
memory/1892-280-0x0000000005980000-0x0000000005E7E000-memory.dmp

Filesize
5.0MB

Download
memory/1892-278-0x0000000000960000-0x0000000000B86000-memory.dmp

Filesize
2.1MB

Download
memory/1892-279-0x0000000073A90000-0x000000007417E000-memory.dmp

Filesize
6.9MB

Download