hxxps://www[.]speedrun[.]com/redball1/resources/w5scc

Resubmissions

09/07/2024, 00:58

240709-bbhtgszgph 1

09/07/2024, 00:56

240709-baklpazgmf 1

Analysis

max time kernel
400s
max time network
401s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09/07/2024, 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.speedrun.com/redball1/resources/w5scc

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 30 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 54 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aac80f062bb18a418e66e4ba1387bc86000000000200000000001066000000010000200000007bfe7d266c90c897e3a840871af136d55f63e5e6e540256ada1b645aeb6d8048000000000e8000000002000020000000e5dea80d298cb4103baccd3f9027ab46acf63ac227bdf7c14795ff417c9dff0c2000000048c29497dd16ac09e91bc96b1cab6c9339e643b1573400ba64d154fd42e8b9f940000000757eb43e6682f6a9d3993a79a91519ef90b7cf8f3770f1bd0e144545e4415431e9551ef398a49701f4c910240bfe8e705761724612dd432dfd42955bbb4883ce	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31117723"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000aac80f062bb18a418e66e4ba1387bc86000000000200000000001066000000010000200000004a4c56d28fe9879d46ba6dce7c7d0b60a59a05c3400c5a9ff8b2539807266fee000000000e80000000020000200000000dd73fc1d84c54eeb036f6a9cb3067e2b0365a992753f34c60a9290d3144d71e20000000b45a62b92ac2fe56f190b4bb28663967bf9b08e9d1f26b74c601b2692f772dfa400000007915e3ee77abf236f5e77f8fede25c0fd2479ed2bbbc629fb1ef86d0dc089d982fcf6fddae487fd3dc9b445613f1362a23997e930ae14b273b2236c7ec61f121	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31117723"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1211819023"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "427300312"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "427268320"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1220393689"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1211819023"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31117723"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427251726"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73790CE1-3D8E-11EF-92F7-7AC34D24CA04} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70e292499bd1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 906c89499bd1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649603302407322"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
8012	chrome.exe
8012	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
7572	OpenWith.exe
6788	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe
Token: SeShutdownPrivilege	4616	chrome.exe
Token: SeCreatePagefilePrivilege	4616	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
8588	iexplore.exe
7452	firefox.exe
7452	firefox.exe
7452	firefox.exe
7452	firefox.exe
1860	firefox.exe
1860	firefox.exe
1860	firefox.exe
1860	firefox.exe
1860	firefox.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
4616	chrome.exe
7452	firefox.exe
7452	firefox.exe
7452	firefox.exe
1860	firefox.exe
1860	firefox.exe
1860	firefox.exe
1860	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
7572	OpenWith.exe
8588	iexplore.exe
8588	iexplore.exe
8712	IEXPLORE.EXE
8712	IEXPLORE.EXE
8712	IEXPLORE.EXE
8712	IEXPLORE.EXE
8712	IEXPLORE.EXE
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe
6788	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 192	4616	chrome.exe	74
PID 4616 wrote to memory of 192	4616	chrome.exe	74
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2896	4616	chrome.exe	76
PID 4616 wrote to memory of 2832	4616	chrome.exe	77
PID 4616 wrote to memory of 2832	4616	chrome.exe	77
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78
PID 4616 wrote to memory of 4736	4616	chrome.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.speedrun.com/redball1/resources/w5scc
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff813de9758,0x7ff813de9768,0x7ff813de9778
  2⤵
  PID:192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:2
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5116 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4388 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4412 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5428 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5580 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5584 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5940 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5232 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6372 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6880 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6888 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7056 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7280 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7588 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7608 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7756 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=8024 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8028 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8336 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8480 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8608 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8636 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8660 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8676 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8928 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9160 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9348 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9612 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9940 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=10176 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=10760 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:6716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10892 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=11048 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:6768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=11180 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:6776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5352 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=11428 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=11436 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5316 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:6856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10648 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:6988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=12228 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:7488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=12596 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:7496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=12724 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:7512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=12504 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:7520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=12976 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:7528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=12864 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:7708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9960 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:8300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=13280 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:8740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8356 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=16908 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:8
  2⤵
  PID:8568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=864 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=5744 --field-trial-handle=1788,i,18263844830269094089,10053080329879540295,131072 /prefetch:1
  2⤵
  PID:8544

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2568

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc
1⤵
PID:1908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7356

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7572
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_igt-nomusic-deterministic_e55bf090.zip\Red Ball - IGT Edition.swf
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:8588
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:8588 CREDAT:82945 /prefetch:2
    3⤵
    - Checks processor information in registry
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:8712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6788
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_igt-nomusic-deterministic_e55bf090.zip\Red Ball - IGT Edition.swf"
  2⤵
  PID:6968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_igt-nomusic-deterministic_e55bf090.zip\Red Ball - IGT Edition.swf"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:7452
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7452.0.2026319952\960067800" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5433465b-e5fa-4654-bf5a-0dc5665e4ad7} 7452 "\\.\pipe\gecko-crash-server-pipe.7452" 1780 233913d6458 gpu
      4⤵
      PID:1056
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7452.1.1092487926\1577682616" -parentBuildID 20221007134813 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad6d7abb-f585-4257-ae30-6fb0fce83774} 7452 "\\.\pipe\gecko-crash-server-pipe.7452" 2200 23391305658 socket
      4⤵
      Checks processor information in registry
      PID:8236
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7452.2.1003614593\120621169" -childID 1 -isForBrowser -prefsHandle 2744 -prefMapHandle 2672 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f136eadb-1920-4dc7-aa0d-70b9c33ea961} 7452 "\\.\pipe\gecko-crash-server-pipe.7452" 2956 233956d5a58 tab
      4⤵
      PID:3188
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7452.3.1615920953\1109564876" -childID 2 -isForBrowser -prefsHandle 3428 -prefMapHandle 3424 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0df29a3a-104e-4180-98cb-000527fc38e7} 7452 "\\.\pipe\gecko-crash-server-pipe.7452" 3448 23393db1a58 tab
      4⤵
      PID:6900
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7452.4.2021299136\196596403" -childID 3 -isForBrowser -prefsHandle 2632 -prefMapHandle 3908 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34d8793-28c8-43b4-8513-acdc1de3bce4} 7452 "\\.\pipe\gecko-crash-server-pipe.7452" 4792 233978b8258 tab
      4⤵
      PID:6168
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7452.5.1094121815\1758325568" -childID 4 -isForBrowser -prefsHandle 4916 -prefMapHandle 4816 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20c76655-fa37-4fba-9b0b-580f8bc81532} 7452 "\\.\pipe\gecko-crash-server-pipe.7452" 4956 23398399458 tab
      4⤵
      PID:8480
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7452.6.1991543120\1943047351" -childID 5 -isForBrowser -prefsHandle 5148 -prefMapHandle 5084 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e5cc7e8-d833-4b27-95d2-73536eba2b68} 7452 "\\.\pipe\gecko-crash-server-pipe.7452" 5240 23398399158 tab
      4⤵
      PID:4844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Red Ball - IGT Edition.swf"
1⤵
PID:8148
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Red Ball - IGT Edition.swf"
  2⤵
  - Checks processor information in registry
  PID:7820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_igt-nomusic-deterministic_e55bf090.zip\Red Ball - IGT Edition.swf"
1⤵
PID:2632
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_igt-nomusic-deterministic_e55bf090.zip\Red Ball - IGT Edition.swf"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.0.646779467\357997775" -parentBuildID 20221007134813 -prefsHandle 1616 -prefMapHandle 1608 -prefsLen 20928 -prefMapSize 233536 -appDir "C:\Program Files\Mozilla Firefox\browser" - {811e0d4e-538d-401e-baf8-007519cffae8} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 1696 143ac0e7658 gpu
    3⤵
    PID:7532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.1.747085336\1818065888" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 20973 -prefMapSize 233536 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b5ed1e2-23d9-4535-8ba4-5889bb96a259} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 2016 143a11e3b58 socket
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.2.867066883\1696101466" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2544 -prefsLen 22190 -prefMapSize 233536 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7812782a-5f76-4afa-8611-64169b64243a} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 2568 143ac560958 tab
    3⤵
    PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.3.1401651601\1807519492" -childID 2 -isForBrowser -prefsHandle 3532 -prefMapHandle 3528 -prefsLen 26596 -prefMapSize 233536 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {806b4bc3-2e84-4cb8-9830-beda50e86e5a} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 3540 143a1167858 tab
    3⤵
    PID:8876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.4.160504141\556026142" -childID 3 -isForBrowser -prefsHandle 4824 -prefMapHandle 4852 -prefsLen 26655 -prefMapSize 233536 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fed5609c-1ba5-4849-9ce4-2d5c19f35476} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 4864 143b14b7c58 tab
    3⤵
    PID:5136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.5.2093485460\1001038739" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4996 -prefsLen 26655 -prefMapSize 233536 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cdb6e18-c227-42a6-a63a-03aec3b0d1dd} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 4984 143b2b58b58 tab
    3⤵
    PID:7400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1860.6.1288914639\745911451" -childID 5 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26655 -prefMapSize 233536 -jsInitHandle 1016 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c06ac32-d3ca-47ac-b119-9d7dd3b5a1f6} 1860 "\\.\pipe\gecko-crash-server-pipe.1860" 5184 143b2da7758 tab
    3⤵
    PID:8336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_igt-nomusic-deterministic_e55bf090.zip\Red Ball - IGT Edition.swf"
1⤵
PID:3588
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_igt-nomusic-deterministic_e55bf090.zip\Red Ball - IGT Edition.swf"
  2⤵
  - Checks processor information in registry
  PID:4396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_igt-nomusic-deterministic_e55bf090.zip\Red Ball - IGT Edition.swf"
1⤵
PID:7944
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Temp1_igt-nomusic-deterministic_e55bf090.zip\Red Ball - IGT Edition.swf"
  2⤵
  - Checks processor information in registry
  PID:6424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
281b3ff4c7f4df3efc39c53102257e18

SHA1
2d4f96e103fae69936f545931ff95096ee290fa3

SHA256
93cd9819f2f7963251b919f9408cdf8053441a6bbc8f1407f05ebde763ce02b1

SHA512
0a4885f670b0710a2b387eaf8776e1574b6f3d275fd56f6b0245a17834a7cc76b5f792e72574899407eb2ba8d98453b58f3a6098793d26315db71be5d582bcc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
ee0a314ab2884f41fb55dada9728b9c9

SHA1
25cba718a10fa1e0477eba383b30d14f2ca1ef33

SHA256
faa53fec1f3a8c8dd1b6fc1f8281c0d916090999ce783b7a34b129dd2d6ff672

SHA512
3ec2d866c998d4dd956cc415dd681f7e5d5b2746b6570cbf5801027676b2ecfbeb58aed4e9731095f3540e8972e5c9d8c4f55dff2d39ff0dc2d2f5dfd0634c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
19KB

MD5
3ffbd1e963d6dcce5ddad8916f3d0fd4

SHA1
f9eed0613dc30a8822bdb897914315f5a0e949e6

SHA256
f603aed80eb6a8d8568689c4c735b73eac658e5a402f7d8840bc5fdaeeff9f73

SHA512
f0dba2780a4994a38a400b577229c7dac71e8c175c4c6d73bcd750086b4e45e2f13a1ba43ca139da2998c7fa1d0d8bf39ebfea83b31441aa6ed1df70e8498bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1f337642bd42b5016b6db2c36050429f

SHA1
e66acca75cfdfc8fb2a55177201c1864b893905e

SHA256
3e1fc4afecf29febb23de6f0d0f7a2e91af08b78aeda4b7b36d1f17a0933db00

SHA512
78613d51ba345d337680b519cb2c6080da73af66577eda0513ef48b3b26965e542c19dec3bfebb11135ee1887e293de218f563937ff2de75a9a77273af39f68d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
89dad89255d0bd05a394a3b6227f20bb

SHA1
24433dff43ffd5aee17e1344a0084f1da0f0802d

SHA256
6159b1c84388a165efac6cd5bd5fe0f6772d05c155ff22fc4dcd57be140b1081

SHA512
4d4939c7df3bb56aa47e36bd02549821e1e5db462228b2b3a7c93a140653197ef35f5c448864fa8008ff6b041f52bf5b4f51fb9865e82d33e298d88e9c36d6d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
5e3e37242c52eef3d8a2f650fa99265e

SHA1
0bd7da87a1e17c2083074a732de778364befe446

SHA256
3fdf8d1f9ba1334d130a18b910348c12bb6a88b6436aadcfd55c059cad0844e9

SHA512
72bae2b743a4bc548968dd0417754a57800aa5fe99bcd6ea85d312326760b9f44b51563f6e59575df0d8ef788a8feea04728a427874672fd226ba2d0d4f18f73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
cf252fa3bdb913d9a65b9bb6ad3241fc

SHA1
68f2779ab99975a94c959656e3ff666a3aa84d88

SHA256
61e82834874038b9d0e58883052f4f189e6d6144e0fcadf7c3f886bd72c57979

SHA512
a473a88d79b2b9e30553318644b3d9ae5e53291ba03482c70524736b8e5d69114a24b9d79e6d4debbda295716e93ee23a436c0eea88d2208b2d5d60ad1489347

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b533494dc096f69564046d76b3fd4250

SHA1
d5328af47cfc104a5ec24cb45df853f856661708

SHA256
8c9ea9f4cb14e9ff2304434c6bb4e73dd8c160686e30171c79c94a3c8ea855e3

SHA512
6cc0e240e1bfe578b8b99912f194675517efadb4a00453b9f20ac241d9dd58d681b331cd56c4c3603ade5e29695167dd1331f33341bcd15ce56bd2587094eced

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b5df157d6356e78c26d780e8ef0727ca

SHA1
66be9158d966c3809ea5f91e9d783c414cbdb9ce

SHA256
86d4f763df226086afbfc66c78e889b9af7240ca820291ad571e655005ec2204

SHA512
b0f2883e84605a7228f5788752d1194ddcd56e9e438deb246531a73e9f70021a3f8b2ed5b2907c486e018b5c80485f75761f0edfc6488e58f430881d59a5eb49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d729c853c64070c5ce47511897d04e69

SHA1
8449508606f63c1bd92f92e2542093451b20f338

SHA256
9ea0f9a21879c57ae6d88aaaebeca5a0903ad7fee2e3cd150bb784320d17d1ea

SHA512
3433d3e4a034128966683370642cfee90a9761a5b2d84e7abf5930f821d722b8d6f3993a2f1b9d72f3e7f81e47ba0ca279008313d01dad1ceaa067735dd86ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
adc8d8fd5ebdef93431be2bdd1fed1c9

SHA1
43215bd28a9252641c0c0481095fea5b8cfe813a

SHA256
db77b782e20fa8e5210bee1156325ba6a932403b1cd4f700766d695d153a7fe8

SHA512
489c933ee71b435fc58f1b11b31fe081a979e6b8dcc1302714315b0203a239265b7ac2a721c99c1a05e7a7d0545d756d0629270552bf6820db1158b927a856f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
85a01dfbe3c66c4e788879e6259873ac

SHA1
d3c49e17caf6e67405047f48dfdd05c41cf297e6

SHA256
0d8a8f157861e353da705a05303bdd6d155711b3e2b480fd5ae210983778141e

SHA512
2164d9323cfdbd8b29137d16f05255dc2c9e0bf77e81abc4c8ede804ab325c2cd7eb6f81271da613849bf1b098ba49d28badcdca8ac07efdbb5aeceddf1abb97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d21d8c4a5782c72735a0ad8fa9ee0cc3

SHA1
23ed1b5b7e251cca3038cd2904646bb8e28dee12

SHA256
ab12c057d0fb202b1e8e4cc2ad9d293c263f125f5aa6c4c4b2c18d7835183de0

SHA512
39afac33130a3527511922da08e9ff334b00e63f76624ef933cfb4b28f2db8b1bd0fec8107fcb6029d7ead3e2dad041aff26328819786029781c40752f2522b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a806c87094d7102c9187af5791f7fdc7

SHA1
aa50638b48af46799a03a33a51c1c7ed9c1e2573

SHA256
bbe6f0916c79853e561b417810d4cf637cbd639c387038020b6eda2844696137

SHA512
681f7922e5b97ab604a2b1209ce05b35168877f09a3bf900758de6ddc44d02a14be64bcfd8c019fd19c6f14b6c68926a0254b8cfcfda3a1bdb758c711c20b28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
40c06cd789cd3b980d744a8843c8edf5

SHA1
4754f38ad855a2f50ed8008e5010f72698f0caea

SHA256
4d712748b9eb426e4cef13de718ca5e8d77341261b5e4e4716cd47ca946d19b8

SHA512
bf6a34c0691763b777ed5acd6a1aa1304d98bde1eb026c446fb2600238aee306a4fcf295607c1bc6ed603eaf9fbd9afb3ec3536625807a5bfbceb06684137942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c21774f744358b08a51e575a31278d15

SHA1
af478a0422e8a57b55e7e4cb09f459122f497d13

SHA256
15c38aaf82a82a919657905cd52a3f9446447dd05601e55116e46d710f94e9b4

SHA512
53797a2e69a8f09282777814fad9bd47f52bbe08316a20c652efb492eba2bfc29581ea8cf199e53d8aabd7835bbe2e69b664d2187b8b5f2a0f0c51caba4fdf70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ca19b859354c85cbe888f25c0a2d87e

SHA1
bbf95a0d0c98d3f9f9b3bb8e910a0123c20b088f

SHA256
72bdf2f6508acabfc3f6287872339fa413335e0cfaaee7ebe6d9a548685e1507

SHA512
f303a69ec660bd8d6f93276286e75de371998f547b23c107564e811a6e3b25322d6516162d1bcb11075769fc8fa7cf99397efcad596c12a10e7faec31e2f660d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
467409cde452d919564ec638bc91cfa5

SHA1
6c8b49f90f1b256bdd1369b7613d67d6acd08a41

SHA256
7a8dffc9b848d308dfd8c2430b3996d478bfbaabe3393f682dece026959af946

SHA512
6181cbc0f7923ea37ac47c83e5f92fe8c13c979e6ac2e58b7c03d7d26d93e6e50c774fd0127402f30d0d10dd733370e4e91ce42b0e190b86a1aea0be6f860ac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\AFM2CNBX.cookie

Filesize
545B

MD5
f0db886e95b958ce06cdca06a911e10f

SHA1
667ac651490f96ab9ba9e3c651decc29287404d1

SHA256
d15479b2165c44042b3bee12cecc3ed573fead47bef794366d1db1e0778544da

SHA512
b1dbd175ef738931e249c268c64e02e343347d4b49c9e9fd5d075fc9ac915ad06f25df837462249cbfc25de74f9f8e22ee5ea541014ec4068dd72854163d792f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\scriptCache-child.bin

Filesize
489KB

MD5
c994779fd7700932655bf40a083077da

SHA1
3b4631093eacc39f228f529cf4220ee4ac95e32f

SHA256
56a3c8ab0fb9a192ab872167ed527a7d30c9621b074de175a3a81bc64cf3790f

SHA512
58638bd02889f20935e660e30276f549a63c77f9cad36d29198b3e228c5cc65b41996077f148da5669e331b312a4b0b9d4df9ea1e5efeeaa6f8a82094a2b6871

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF54D51D2D69F79441.TMP

Filesize
16KB

MD5
0224a22bd97dc5b93372a80f4c62a1de

SHA1
17572fdfc1980d337b898d6ccb0d9963813c252a

SHA256
80e025984f315ae6c53d342d04bbc09fecd4d755c7cd4e511ab19f45cf0fa181

SHA512
8814593d33402384dcf626a88cecb1f07a0dd636706151570350e37e17b8d961e6987f3afe664cf2dd247bfb579aa73da8545a8d0f773fd93d3b270882f2e4d3

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
196B

MD5
8bf4024779de41c5103be16f359535ca

SHA1
8e3eb0277c98694f54009e2353e524b08f96e076

SHA256
e732c1355fef27cd64239cb7e037552d9363e9d412c5f2e253cfa2a59e7520a0

SHA512
9c36b175b40a93c060a094c660c6193870b821884af0ad60f4f366a1ed665dfd8d83b52217457c212c4d4c12930d48ecbef57acb126dc44290ef6e0d19da2a29

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
492B

MD5
9269be30986ef5dbe0c9a886da62372b

SHA1
f593d0c0899bce146529b4da9227adeb6b462ddf

SHA256
9ce3264f6d7c2fa02f2946e4eef9bb3680f526f9e3cc4ac206d55a4817688e49

SHA512
b3991f7558028cb69350fb75c018f8fc3d4fb829ada9a925f0f5cb736e383f4b7f62406ce887f13b0c2a7e20f57160f632ffc764f41ea800aabf56c6844cf05a

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
173B

MD5
8d8e33f5f89585553109a40a90cb7fcc

SHA1
7f831f584976a593626a72f0f46985a3e61eb22e

SHA256
4428c7d57355e006ab1efcbb20db15eaa3bea740213f664f2835499285b88411

SHA512
1746792b8b9fbfa155309ae644b4de17a045e301dc7eeb9c766b2dcf212785b8ba4d6686bb90516510f06dde1a5044aeb84da2f41b9b6050ffdc0bc18c5b3687

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
415B

MD5
4fa5a3b3fee8fafe089424d2c4776a7a

SHA1
7986e7548b7d02aabbabcee9f4bb8b2053b23d95

SHA256
a4ff78d6bd8f4bdb648b70073b23ccd469ea685f3567973831b3f90f430a76df

SHA512
859a519e76f8d344fb978c1cbb7dcaf18f19edfb1b228330eef1a91153ff732a638ac96283c1f82a47dce8d71c21b74a6b9eda583f342a3affc031d4772d73c9

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
492B

MD5
e51e64a1fdb6959e5d2304a6d247a3ff

SHA1
c983e07c8b596cf4be42b07839bf796efb0a1f40

SHA256
79a2d6dc19fa661adc83b0f0ea4f19678edcc2c2ce259a0a3aee0b6534d998f6

SHA512
b7a3c1f2c4d3054864143f6dda8a7c1722021c5a21c1dbb8fb5ab5a302382ddfc649734fb57dc6a39b568926eb7432ad558964d097785687d01d3ed1fe66377f

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx

Filesize
515B

MD5
44f7255a0212fb21641a916265ce3188

SHA1
efdb1bb595df6c07d97be9f461f33301bd7f3d71

SHA256
40f6a9b297907374d4dc71ac0f2ac22fce724af0f3611c3a614eabc1e61738b3

SHA512
fa940433affccdb268bcafac17d60a911552e2d970a4622172158d17fe5172d257eece456cb25eaf0d290369f127d6d4c6f64b5052c525773a18612527376048

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
07dbb3e9a7f17d99697f3ce267f223d8

SHA1
e8c2bf98188c52b38bcf9397488fcf52b6bfef46

SHA256
e77ae3bedd1bbe65e69b50bcb07c5b273d671ef1d0f93c8417b74ef1c6dcf901

SHA512
51865e4f10ed646568fe39c120c2b8abd0c2760e819b4531b715f83a70092df0ada085ed069efb7db2f3f5a3122f8d5e91980b3fcf556014876469cbccd2be91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
bd94d00eb56928a797f9ab34e4313bcc

SHA1
af1c6880278548ab26bf3417022f9e7686625acb

SHA256
76e3afd635bfeeffd3c8549dc91bde5aa3be0449c8c64791130779fcdb35f1a4

SHA512
39a54b575bbd800f5725657204922acc04b4d888240d7e201089ad8c2c76e1a841c064f25279812df7f17bd78605a2dcf03165520cd8e6182b27623092a888a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\37949b24-be77-468e-86c9-1dd842481356

Filesize
657B

MD5
e1c6227226c15169ce4ef66910681c18

SHA1
843a6ae69cd060346e6052f1e61dd4cb920ec247

SHA256
67d5769d9b0efae10c5d0aa5800c2cc728aced2a139025c8e97bde46f8e2ffef

SHA512
7896043cb3e89dbfc077c305fb9b7eead58b925feb4daa11dc30a8f59ec02a5391679fc7ae253bd74e4c6224d70c76760ca1f38acef49e92a1963580613e1e9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b54a8a85-c9be-4f3e-8d86-1743e2ff8327

Filesize
734B

MD5
8df0037c0c61a990b8f1d7ed4ab8efd2

SHA1
f5d6a3bfdeb7d83974d0f93be6ffac482b212464

SHA256
66224cc9856614be07e3b3d9a4cd10aa8c8f59438854c432ab8e3a74ae7b0cd6

SHA512
c91577026831a7c20351773a364dff80d95d1c6c36269db1124d115cfe8ce823ccbe7cce91d1ab572313303873a61eedb1d76f15a989508bcaa541d064768aba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\handlers.json.tmp

Filesize
476B

MD5
1469859a404ade53806929ff9f5d4a0c

SHA1
64781a947570b8facc365315ba4f6ccd4dc168e4

SHA256
4bdc89361cde1387b7dad4b30a0ed0870b0df0a9e82797663266189a1dff35cf

SHA512
d685289a89ae83d8565b1742a4678def68d92d0e1b7be20a7cf46e2890850dd506869b3a4b37b2325c9d0c7d161ef5430d418d3382e6e6f64d5028e719aeb360

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\handlers.json.tmp

Filesize
476B

MD5
44eb7fd7f7d9732ff61748d39c82a0b8

SHA1
8a92352aa59e399b0d7e012a3dd1fa77d9d21ff6

SHA256
141b19659c217f33bbebe7a3af44bfcdefa28486430750df21e8f73ab0ff5f12

SHA512
15cf8b68d47775aef83bea33ff9c2abaf3bbdbd7bdf48838c8b55d369e2d2f1cb98e3598881eb60d7ae827080f980f81896d8e97d662f6a08a1e73c2e6f6fcb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
f4f2c741d28dafcb04d5742a3e2dcc11

SHA1
42f116f5eba9cb92cc3127b64257bce269b60ae5

SHA256
c1035830e402e4af0ddedbe1eae82e39c9060bb4318817c369659663ebb0c26f

SHA512
593890d808c2260cfebb05ccb5f9f9dd824c547384a1699fab3b1f1a43cac5a7121b5474b8cdf0b8b3c48807d7e340dbb439e79b033b82e418fb20149e1c70ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
40bcdf53b4b323280ee61175963c616c

SHA1
71351af2f3f5f30879062d5037f5ae09ce079d98

SHA256
c7679047365541f16342a1f9f6bdb5d95d26771da902e098265c323e3b82f3da

SHA512
e57feaa93da432c429249d9704def4cd1a924870ffb8687a31b399256e1048ec8ccaaedc52df703e3d726dc7c796c9cb8edb3afee451f2135bee288c7b304066

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
cf093c08df55843d252f8a5db92f9dad

SHA1
ac81c26d4e967ed8130e2ef4ccd329d6a399c520

SHA256
b848b7984085dfeafa3545676acf6c14828edf7ae25523cc3110309c0f80c56e

SHA512
94cfee361c9d36b0c9b1c239bdbabbfe9eccc07ad74e26f3af6995cd2352455bf092d9d7e20cdd2e792fdba61012b6481eac37061a3122002b3bc2ba7b28d360

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f3d5020481e24a80d7d993faa83e058d

SHA1
247dc952ff46436797a7e27099b6ca1d1b1b2c9d

SHA256
c9f7cae884d05ffcd2b54d8409d6f893c023c1f586e68670c6859c487146a4ac

SHA512
936fc6cd4b717c57c560a80f39a99d2ff71b5211e8716fb3b81faa5d7ef13168b75d9c1560e0e3f3fed4353c844414f3a255815d286352aef6aeff9c77a5ad77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
803B

MD5
ca1feea864d22ceaf61c3844b792afb6

SHA1
20eb44e60fbab64a108fc54fd0e36805c90f8309

SHA256
971c8acd364cc81034fe70e7b4f8cdab3da90165a54115a8b933b1020889abd0

SHA512
ef7594ad091d8f8019d6179bbeb3ef2211ff99d7f6171f1dd19958c4083880542e51def0f6adc6a21e1853ce08305a46b9c85d44df8f692a93d800304db34867

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
757B

MD5
e1e6d175ba95eaa475d20a9e3f66820f

SHA1
d430e590fbbe0cc63a785b38390866a5a4c0d6cf

SHA256
559942ca1af35290bd41c6504c591f9e4b7cc479e2336e6f417505ce89bad631

SHA512
a5b7e2c75e907b406e8af9aa34cacbcda37e8ecf894aec55e0ca9554d7a046a24f958e500a1747d33e0718c12a6e22a71fda7bce7c0fae41ae2725ae3ef06f1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
e7d901ad03d22078f4c42ecc83c3bd45

SHA1
13ffe2ced2026e6b99c39a96d006c7832a72ba17

SHA256
fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17

SHA512
8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9

Download Submit
C:\Users\Admin\Downloads\igt-nomusic-deterministic_e55bf090.zip.crdownload

Filesize
1008KB

MD5
e55bf090301eb49631e43970e1093bd5

SHA1
ed9bf9761ce3351b7c121f17d315cf05b58cecce

SHA256
cba452a10943055350ff7a2204a1966ab664e636877ee54f4f8ffc46edaf1f6f

SHA512
29a376f1a9ab6eed2cdf262393f4a6c5d7857fbd90f88c1e6c84f7ce6815caae0f6af6c51c0b81fc74d6f7868533f859f2aba4a6219b1636fb9dd93ef9585cef

Download Submit
C:\Users\Admin\Downloads\uEFbjI9s.swf.part

Filesize
1008KB

MD5
60e6044d0549e640c62dfef157506b31

SHA1
75405b5c1404575d92d08673b278acc2601e8641

SHA256
d9270f00f038535be6d91b261e809c5d5a236478957e551a2943b07a881ce14c

SHA512
03191bf286cd089769f010d2ab424c9ae7cca2443a226c6c7a222abdf0f5505da471b841c2c98f65ef297552ceac4cb63afa061e2071a3ea666be96403952b64

Download Submit