hxxp://www[.]futbin[.]com/design2/vendor/Cruyff/CruyffSans-Medium[.]woff2

Analysis

max time kernel
379s
max time network
364s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 12:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.futbin.com/design2/vendor/Cruyff/CruyffSans-Medium.woff2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722609517474740"	chrome.exe

Modifies registry class 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.woff2	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\.woff2\ = "woff2_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\woff2_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\woff2_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\woff2_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\woff2_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\woff2_auto_file\shell\open\command	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
5980	chrome.exe
5980	chrome.exe
5980	chrome.exe
5980	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
532	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe
Token: SeDebugPrivilege	3320	firefox.exe
Token: SeDebugPrivilege	3320	firefox.exe
Token: SeShutdownPrivilege	4880	chrome.exe
Token: SeCreatePagefilePrivilege	4880	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
4880	chrome.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe
3320	firefox.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
860	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
532	OpenWith.exe
3320	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 3148	4880	chrome.exe	83
PID 4880 wrote to memory of 3148	4880	chrome.exe	83
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2292	4880	chrome.exe	84
PID 4880 wrote to memory of 2872	4880	chrome.exe	85
PID 4880 wrote to memory of 2872	4880	chrome.exe	85
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86
PID 4880 wrote to memory of 3584	4880	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://www.futbin.com/design2/vendor/Cruyff/CruyffSans-Medium.woff2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffba9cfcc40,0x7ffba9cfcc4c,0x7ffba9cfcc58
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,9220761375368687413,15640599257674469642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,9220761375368687413,15640599257674469642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2232,i,9220761375368687413,15640599257674469642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3032,i,9220761375368687413,15640599257674469642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3036,i,9220761375368687413,15640599257674469642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,9220761375368687413,15640599257674469642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4956 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5376,i,9220761375368687413,15640599257674469642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4664,i,9220761375368687413,15640599257674469642,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5980

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:532
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\CruyffSans-Medium.woff2"
  2⤵
  PID:1488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\CruyffSans-Medium.woff2
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:3320
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb49efc9-f116-4173-a821-5cfe4fc3d26f} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" gpu
      4⤵
      PID:3580
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1a3565b-c6dd-4a45-82a9-c309fc891d93} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" socket
      4⤵
      Checks processor information in registry
      PID:4260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 1 -isForBrowser -prefsHandle 1752 -prefMapHandle 1428 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ebd278d-5bb4-4e12-bd99-8c4fa663d8f3} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" tab
      4⤵
      PID:64
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3804 -childID 2 -isForBrowser -prefsHandle 3796 -prefMapHandle 3792 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16604ac4-089c-4bb2-ac82-c7fdc00949e3} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" tab
      4⤵
      PID:1308
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4712 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4704 -prefMapHandle 4660 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f27793d-1305-4f1d-8e94-921be906b327} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" utility
      4⤵
      Checks processor information in registry
      PID:5832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5356 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 5388 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {829ceebf-b263-494b-9a09-4c3a2752538f} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" tab
      4⤵
      PID:4864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5520 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e71cbb0-0a3b-487e-ab4c-ac48aced87d4} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" tab
      4⤵
      PID:5136
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5716 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1292 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bc368f7-3154-44a2-93db-59343df9cef5} 3320 "\\.\pipe\gecko-crash-server-pipe.3320" tab
      4⤵
      PID:5152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\CruyffSans-Medium.woff2"
1⤵
PID:5652
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\CruyffSans-Medium.woff2
  2⤵
  - Checks processor information in registry
  PID:5660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\CruyffSans-Medium.woff2"
1⤵
PID:5792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\CruyffSans-Medium.woff2
  2⤵
  - Checks processor information in registry
  PID:5292

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5176

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1cb5a60c-3b29-4766-b259-a009a2f5ea79.tmp

Filesize
9KB

MD5
b5c30bd2f6b130d1ec951c75fa12337c

SHA1
e80adba3898837e3293039231beb41c343639bc4

SHA256
5751835c79f281ab5e0f2d7d81be4bf7c8e58c548919e31b8feb687016b99ebb

SHA512
b6d33b8307ea415a083797177ac0ac032e27b7f4050557018f18f55ceef5fb5be71ce7553f761e7ca06954a0e50bbed1096393ab6a8a65152f11cd252a1c10a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1f3bf4ce-5b06-48d3-9ab6-e9d266bbcda7.tmp

Filesize
9KB

MD5
8041e6a72a6410921103e49a258f32cd

SHA1
cdaea89ac17ed2ed45662af5c7d8e2965db650fc

SHA256
8f6cdf15a31fd32a20d7596c33b877a7769ced45010268afee64f8ce5d44e123

SHA512
6ca83c28df438976def44cfd20f7f657b4d4cb9737c89d6b684340a48ccea0e9307dc9346d84cdd99273eb2cbd365d16cbaf48ce6c0bf470721dc4889ad5b660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
765243611fec72a983301504b2599901

SHA1
fbdc4a050ee4a5f8aa961e3864dab7e5c5c76505

SHA256
05feab17e05b3fd32998baa8575d5c677d4c029834b81928afb4b41cca073f36

SHA512
47c40df6b86cddd076f67b03ec737117f43be3b5c47f9087397927ff9660b96b9babf6d81096e96fa1fc261ec5312cfc19adad51b1020607c024424f22f516d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
240e188fe1cfdef1cb1781a340de469a

SHA1
093de42fcb0d15eb2c19b65b016b0a62a30336ce

SHA256
936d3522ec7a5f1af558f48d922387148956f649303132747d87a73c9b2f0e2c

SHA512
924ae4859b49113480447f202069e3aeb5e576a6c98abc27474c729d61b5c4c3ad8d97ca4422b93b31a3afaff2d1119b3beacfe2a455b1b603bf3ea9d454dc5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07d94dca17889d15b8b4a85b2fc0d180

SHA1
6fd459f1dda4a1492d0d8d8bfdee7678590b858c

SHA256
c3d188cca72998ef40db77e0d5a57c5160c27d4d9dc44c6cb4ddaa06aea564d7

SHA512
c32cf14e5f9fb14540d968517563cda47494864c45bc5bf5632ad1fde11f777dde76813e8a32dd7f1540abbec4b1489735175a955cc509cd76ba9ffcea7f966d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
80d4cec41d8e2ff4ab06458948c4ce77

SHA1
6cdea3f66ff205217c7edffd768ffec1926c4823

SHA256
fb52f8ec1acb3565921fcebde116b828d44b1284bb275da6a17cd723761476fd

SHA512
7a1fac5210f6cec0dfb500616ada9d69b43e7c56e85435acaa3a83e1959a0733213397f4cbc7b3bd565d81c337d01c0d1597e9d218f11570122e955154c1689b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9112e888d49b8493260718654b72597c

SHA1
4a16d4a665cafafa77d4802589714586c4a3e730

SHA256
68d4ebc1714df67e77d59fd5d00e518c09c3feb8613d4c42d6aebbd0475c261b

SHA512
6d5c1b41ea2012ac190f1491acc43b103858956a004738ab5e1ebccd7745ba9c6d1dbe3b189cf38f3e3c74b315175520fd6c9da2a07f0fe4c14691a1831c7f57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46e50de3399ed753ff71d522d2759ed0

SHA1
7a4fecf4ca59e949c7401e84646f18757bb847ac

SHA256
69c6fcf74a3a268ded5803ff1383920b4a902600da905795c786e59cbfa0acc2

SHA512
11fa95f90f806984531e76b2dfe74372aca24ec22478bf80204faa57abbae85403ad6a940bdf654456c487f2984d18ec28b77918279d2fab88fa767443ce70b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e334a47c8748d0a26c5ae58762e9775d

SHA1
6a736df6025068d13457aacc9ff6f85db14ddc2f

SHA256
e8d3b8027db5435d0890487a80bf40cc335ba310e0c79df5c3fee6575f6e9b0e

SHA512
01084199ef28fecce26bff11c79e2b2d763213b0a708ca88c17af23ff54a605f0e0521bce5b192d216b967775ec146667772bdf705dc24b1bfac43853cb7b026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3426829dc696926fbdc66f6f48b03c9

SHA1
3668448bf4b9ec11deed2102f2e83edcbaeb4e61

SHA256
1614fa22d17499c2f31bccc1f66cb7d6bcca2ceb1e1bb444d93e63e89c762f18

SHA512
7ca9fb10c33c52c55e072617606de6d97964b7558060f5c70bede1a2fee953747a4abe6d17ec09250cf9860eaaca99b3ea8070633dd9f3eba9ca8ef23938d5a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d45dd58a38f70a1f975f15612fb9379e

SHA1
fae6c07a443006addb656c7b09cb153f7bd48004

SHA256
03b8382d756f887102991273eeb1ad73da7321b226a93e54c7745d89bbbb8e0f

SHA512
d2ca0d02925dc809d47f2a082a4adb4f65169fb7d80bb3b064ef2a794e1d3140d9a57f6c2c7b1c47ac22bad993f349b9fa6a8c35a06da8909ecc4013ef0682ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05cff74a71a70b81729e390b77d7fd71

SHA1
03f0985654e4ee113c429f0b7c1044d8a7ff5768

SHA256
b79c2213e7e7b8c995d90ffb3fe50258be4f17bbe235644acc355561386b172d

SHA512
8d957ddb5b9319597a6f9fbaec82b6eb8e145f72ded65f7bacc7cfac1c709540b426ca814d254ffb15368c6de2d4ef1b8254cb699c8b893904530245c66f7d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
388e0b596a2d0b761ba49f2d56ba590d

SHA1
83e4399b5e812addba02a8ecb6af51ffe6095baa

SHA256
faa77337a5c49550c0e6399b010d0e45b8a1b3c4b8b2b9174c370d2298d96568

SHA512
ee1e6b231d735ebd4f358f8348862c93e490f402b8f51589968b42c578379f012c7efa53f9c2b4efc75fc5d16bb5b80d7fef8e986cf247185a0f8bea1511bfab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b2bdb894b67990cecbb28ad215fb0533

SHA1
d02d14e039331ff7748712a4e782812bc5fe8d5a

SHA256
a52476d6bb0fbf6cbaad494f2c5f42f30c1548979eac80bd1c5db814e9f38e03

SHA512
6053dd2567db7ff99e6f7c524f4e0a759e5215a1cde2a4f9a5e8d69ca4f7dcd6ea0bc50c0648287118e36b076b06caebad1333d5dcb86614b06030adf8eca449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46663017281e239797652b59977a36b1

SHA1
cb6bf7a0c6d4eb72296b01f8c3d542ae02c071ad

SHA256
a2c51de2f828ce4e7a79aee04d455d7b283d617c9794d51ffb59b0b5444be5ce

SHA512
a44f1385df4b9bed8a9617fbbd8f05eb71089858c000eee989926ae06c6621c938de64a78c3848e05f84f6c0679774ded41d0b3fbfe5f014e7348c76ca6a151a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3f285e486e5d1b27b4376c811641cd82

SHA1
4bd7e540cb970afd7d641e83c3f26069461b410a

SHA256
7f4be9417992cc7e792dac86213a373c0388073173cebcbad9c02b83ab4273a1

SHA512
6b7cc7d88b4b6cb3bb0474685dcd81e3d8b88df2dce0162d656af1044bdde2d9bd556c493564113598e889bbf7bd799c2c5ebc694a697514c07984dcf5c8134e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eff5023eb2469ef21d8928fb557c7af4

SHA1
d8f71c4236f3e850e517f55bd5400fd119e17d85

SHA256
c72c6e3635a190aee2e2420a2f881829772f71d3bf1c17ccaba24530238173ca

SHA512
3a10fa1b82bdf95a6bc813395e7da50e5534fa43a428da20c763b72694909d6331e19075859590db90245a7ff85a0bd24037104e3e85fd77fc4050eb1d4e744b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f8ed5203c2ae397fc8e777151d37dd7f

SHA1
f5b65bbb1c2db161cc0bab6e2fb5c4f93a3c98ec

SHA256
098a5571c20c807609ad6901d476641fe52392b8149acf6c9fb2c60604c32d0d

SHA512
0adeee446b6486fe8d9eee9cfe732a6a66c61466bdb0af979f735ff9236b43611e13260d3672a12b848905df2d62d428d644db4f1a6cb4e35e52382a7e433fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb4781a2c46e79b5517ac21b168a1099

SHA1
78f4c300e2f4787c492f42079e82b6dcc0dd409d

SHA256
4b61e76e1aaa512b3cb235104847101be205467c70bec40a8ed030fe9677216e

SHA512
3bfe625f2930b0712e9843f104f70970c636fcc9ce45d0635fbd86eb8cec9112d2484b88b5fd7d0fec8dcf8b12776238dc29f8d778283abf23659b63f9a715b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ef2f1a44d1bbe289bb914b899a8e8e80

SHA1
051022238011307102d42afa8f255a69536778cc

SHA256
60681bbfe2eaa8ca26abe0050cb934c05caf995fc9c2ce7a7f709fa03e3d5a87

SHA512
43122f9d25c4a932df78adadf92df0330fca869b248d503596c138cb9e737ea8993f7005c77fa09c807639ef624b3b13e02c7871d7ab6f30f07f2895d4320206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cff29c93e199c2830f94f08131d3ea5b

SHA1
b344b64cd566a5b15bd0d165337de159bc41408e

SHA256
5a983d594956e007d4e341391590a406cde9ff52b878a553e1e3b7d599c0f2d9

SHA512
f1fd95e944537d6fe56e612b8c3250e2cff79ee875de94236802ed6c42b22f468d71d2bc1be719284e4a6500980228b5e1ce8906f80da3e4202afe61105bcef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d2e6b31c67ac072591d4c346a0a06935

SHA1
d58c2689bfc5f18bdbc8dd3197b81718eded7ada

SHA256
dcc9e06fe6488a8af9949ee869389b5d33b1fdf1590521813a75ae2f63188d48

SHA512
69a462f4c0aea227cf22d417010d4bfeb30eeb71bef3bd7e3535d3a91643438b7db1b9c025f8ce963169d833004ac8f16c676f92deac3d1b77a29ad6b0adf3cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
a26c3bfbfdd0e125dcf4092823345212

SHA1
9be0c5e87eead539ccf8eebe490ad6c82b38763a

SHA256
3cb99d3894178bcdc5e4faca29e9c23807c52072d48f8e8a1a146e610742b945

SHA512
6c9a55d3beca204e829be24d1daa5234ab6983ae1e56bc70175638b9881d810de9ff40596ab4e2d3a15d4310695d704fcc4fb3208d3a800b9cbb15839c48ebf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

Filesize
6KB

MD5
6febdde593419087156b41b561d32d63

SHA1
f66ca7e7477c203a1515f65b4148d19966c2af05

SHA256
7977706f2adfb1e5abdf0342652d87f790a7d9e346a625587ec8df18122d11e2

SHA512
ae3f3b3dc0221ad94ea5a4fea6faa1be2e0ab9d872755f7dc1985df554c1a55cf5fdef4570c08a58d9d125c648becb08fd3637272bae0e9e4b5c7d332ac3f3d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin

Filesize
8KB

MD5
870757b7a9a78aafcf87b14f5b54d85e

SHA1
f467265fd587c96c3a89a4f0ad9c9aabe69d83a3

SHA256
ae8503d291eb321c774f768775bf90fd516b339e258559de3c461b3984183be9

SHA512
249f99f39cfef73a2f572357a577629c46063d0ad6d03bd2d5f7bd90901ab47fcf9eedd6e9fffda3f4f9f18819ee0633b6c437a88a47b09e781b6684c35aa049

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8aad07bcc8fcd6082f4049103880f5f6

SHA1
0a63551f2b7d35a2cf4451151d9d33c47aea7320

SHA256
19a4840573e85465bf16a3d4558e5c0284fd4c3db82d7a383601dcbaaeee27c5

SHA512
a88a9e5c6c786f5be48e12d20b6f380befaab0882f75ceede7ead352d54fa97b13b7bfcaa88be28225062465b12caa60469d94d0dc433baf679683923af53127

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7258c84eb78cc5373e6bac6bf3d9a261

SHA1
b03b246b23167df540fea3209c5b25c2753da83c

SHA256
4840bdf20f2b64af8197615e21628fa4d66e2282f3090a8a4e10c44fbc193979

SHA512
3d075ff0586bae5009a510b1016fe863745d7198a4a2efb3dff7075bc4a0686adc2f34b95cc0bfbaba8882f17a5bc0db6e17a5a5aaf22bb65278bb024a67c7bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\5ba76a88-33ea-4421-8346-b1b44177d48c

Filesize
982B

MD5
74eab8fbc63fbd66b917aea16e347aed

SHA1
aa33058647e43cf91d2316557539317302e5f73b

SHA256
01cb0bd83a7129c604cee5d230d51eacb0c0bd86ef14fe5f6ca70ff3db3ee555

SHA512
09cb23fec1182b8d9cd3d285c9c95fedae938efa34d6ae397632d1b0ac459112fc50be2220cddc47a9f1f59cf2f25c2d34f19430ee4bdf78a02e0a2a014114e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\5e6c90e7-6693-48e7-b57a-c161c1796bc6

Filesize
25KB

MD5
601bb3c210b9de07808d4682bea318bf

SHA1
f018c20b9ea5aa03bc8da030b8eb9b7b1e3ae2e7

SHA256
b8a9d89d11f74ed2964a689526f6656f16406bd0fd9c9dea5cc81f5a413a0ab6

SHA512
48cd291ab14e49ddcd59add971b846f4fc64477de590fded3d21e27bcb84164fb231275cdcdc7c6d87d91ce118fcb6450a447026c5aed8b61b8e1b41f77d30cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\75c30a55-5de0-4618-8e95-80a3e4a305dc

Filesize
671B

MD5
780da38a7fa847cef6feca46723bfeae

SHA1
aa15ac8db6bb64e92e817e86b66221b18e1a0111

SHA256
537985a27e7e3bdc1c99c43171ff5c031e145b905a051667ea0df46e0610988c

SHA512
5419dec3a36cc587b468abd6058e6d1e0d99784be4990d742317cad542c6713b155e3ed4e5dc04e5b7e4f49816ce824f908719c688dc1a7374c8d9da37b11c52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js

Filesize
11KB

MD5
feb15f36df9ba390f0adf513e5e4dc41

SHA1
b3c418e6e6aa24e8404004fe7ed48abd986ef300

SHA256
0982442c1880df33a7880062a48ac886ef917cdfcdd8497d5c5a1e5de1d82399

SHA512
245eb19f4235d66eb3614d5ac8d210d2f5df664d6879a082815230d594f8d1060604e87bb0e7d0cc794989beaf9dbc5617e3b0d723007f94f7eae25e4e7582ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs.js

Filesize
11KB

MD5
4569b98b9fa2b1a7e4a1b39556f74a8f

SHA1
256f61358b3ca2ffcc9a6388830c5fc3d629a14f

SHA256
2b72ea44296a49157acc1645b0c1ac0b1e3085d3179ebfc36a4cf93e325cc3c4

SHA512
3e143ca84d8a2c12e8fdb1b5d28010b1c83c0cff5a8591d537add787128713c9a68616f62df135e3d355e0c89f97721f29cae71c2fc60d12ab4f0f7955405a8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs.js

Filesize
11KB

MD5
7e37ac647e0089785813815b942c7c81

SHA1
de5d37276d35ae8f982a4c87e7a29b9b9884fbae

SHA256
874ae9c8fb6d1f9815151f639230ff287b40d848c823a4cd1e58e8ab6aad9cc0

SHA512
3f7b2c42d4d578b96ef58189db4eefa72dea1315acd14576454dc68d0fa1a568d68f453b757745266acd5b0f393276348f71974c1ec7520f5f7f179822c2f458

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
8a71a8f0d1895fab2a9899acc75af3c5

SHA1
9e3973ee8c6d2f2b59a03cc29c88e5f04299fd54

SHA256
892ae8912d2249c92c3fe7e954925bc7e38b60d1f4c7db789173d7edf278d76a

SHA512
0b743dbdabfd7fbcfd285d819f13bb7e2a94158f27ff88ea6942291f04386a9233933c408a504d163b0ad4220df2a76f2fb8d6c8b944f84760c67dd49e23175f

Download Submit
C:\Users\Admin\Downloads\CruyffSans-Medium.woff2

Filesize
54KB

MD5
2bc9f0600b9aa96c9639fd52d196087f

SHA1
3176567febf96fd533f5ad39814e9914f5c7d77e

SHA256
df9bf301065848b9ecbb503875ac334339fab12adb08db146480bee261f0188c

SHA512
60f1237958295aa4edb96c895fbd783152d5f0c5bf2beb7430f7d078c96ee84962aaec95773b337666b47b762119f6f9a042cb6b3510dcbe4d9c3dd4309d4d24

Download Submit