hxxps://drive[.]google[.]com/drive/folders/0B9bgpPLaLVIjZ3ZLU09YRUNuZjA?resourcekey=0-mBMf2gxDU04TvWPjkF1N3Q&usp=drive_link

Analysis

max time kernel
460s
max time network
464s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
23-10-2024 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/0B9bgpPLaLVIjZ3ZLU09YRUNuZjA?resourcekey=0-mBMf2gxDU04TvWPjkF1N3Q&usp=drive_link

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 12 IoCs

pid	Process
3304	7z2408-x64.exe
5336	7zG.exe
5784	Kogamixo.exe
5892	Kogamixo.exe
5924	Kogamixo-Instalacja.exe
5796	Kogamixo-Instalacja.exe
4132	Kogamixo.exe
368	7zG.exe
3100	Kogamixo.exe
5648	Kogamixo.exe
3348	UnityWebPlayer64.exe
6512	Kogamixo.exe

Loads dropped DLL 11 IoCs

pid	Process
3320	Process not Found
5336	7zG.exe
368	7zG.exe
3348	UnityWebPlayer64.exe
3348	UnityWebPlayer64.exe
3348	UnityWebPlayer64.exe
3348	UnityWebPlayer64.exe
5776	regsvr32.exe
6200	regsvr32.exe
3348	UnityWebPlayer64.exe
3348	UnityWebPlayer64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
244	drive.google.com
245	drive.google.com
247	drive.google.com
248	drive.google.com
2	drive.google.com
3	drive.google.com
4	drive.google.com
12	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\sharedassets0.assets	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\2.0\machine.config	Kogamixo-Instalacja.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Resources\unity default resources	Kogamixo-Instalacja.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo.exe	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2408-x64.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\Assembly-CSharp-firstpass.dll	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\sharedassets2.assets	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2408-x64.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\Assembly-UnityScript.dll	Kogamixo-Instalacja.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\output_log.txt	Kogamixo-Instalacja.exe
File created	C:\Program Files\Unity\WebPlayer64\UnityWebPlayerUpdate.exe	UnityWebPlayer64.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\~Kogamixo.DDF	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2408-x64.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\uninstall_l.ifl	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\uninstall_l.ifl	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\2.0\web.config	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2408-x64.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\UnityScript.Lang.dll	Kogamixo-Instalacja.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\sharedassets0.assets	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\~Kogamixo.DDF	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\1.0\machine.config	Kogamixo-Instalacja.exe
File created	C:\Program Files\Unity\WebPlayer64\loader-x64\UnityWebPluginAX.ocx	UnityWebPlayer64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2408-x64.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\mainData	Kogamixo-Instalacja.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\Mono.Security.dll	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\mainData	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2408-x64.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\level0	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\System.dll	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\mono.dll	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64.exe
File created	C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\Boo.Lang.dll	Kogamixo-Instalacja.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2408-x64.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\UnityWebPlayer64.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kogamixo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kogamixo-Instalacja.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kogamixo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kogamixo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kogamixo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kogamixo.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kogamixo-Instalacja.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UnityWebPlayer64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Kogamixo.exe

Checks processor information in registry 2 TTPs 13 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 11 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7256C18-4076-4EFA-8600-D29EB39F3C13}	UnityWebPlayer64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7256C18-4076-4EFA-8600-D29EB39F3C13}\AppPath = "C:\\Program Files\\Unity\\WebPlayer64"	UnityWebPlayer64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7256C18-4076-4EFA-8600-D29EB39F3C13}\Policy = "3"	UnityWebPlayer64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18415021-099D-4ADA-A695-B51D044C413A}\AppName = "UnityBugReporter.exe"	UnityWebPlayer64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18415021-099D-4ADA-A695-B51D044C413A}\AppPath = "C:\\Program Files\\Unity\\WebPlayer64"	UnityWebPlayer64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18415021-099D-4ADA-A695-B51D044C413A}\Policy = "3"	UnityWebPlayer64.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A7256C18-4076-4EFA-8600-D29EB39F3C13}\AppName = "UnityWebPlayerUpdate.exe"	UnityWebPlayer64.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18415021-099D-4ADA-A695-B51D044C413A}	UnityWebPlayer64.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "540"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{F008CD3D-7044-4CD4-BE14-BF3FCCF144F9}\ = "UnityWebPlayer"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UnityWebPlayer.UnityWebPlayer.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\TypeLib	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "435868577"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "750"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\Implemented Categories\{59FB2056-D625-48D0-A944-1A85B5AB2640}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1d3e37927525db01	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\MiscStatus	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D10F4BFD-C3ED-44B7-BD0D-83F05E4D52D5}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\UnityWebPlayer.UnityWebPlayer.1\CLSID	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0df6178a7525db01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UnityWebPlayer.UnityWebPlayer\ = "UnityWebPlayer Control"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "540"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\NumberOfSubdomai = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\UnityWebPlayer.UnityWebPlayer.1\CLSID\ = "{444785F1-DE89-4295-863A-D46C3A781394}"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\TypeLib\ = "{75A564FE-95D1-41A9-B1D9-10D1E3CB502B}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6130BEAD-7375-4DB7-8B6D-7E41303CE675}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\RAR Kogamixo.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Kogamixo-Gra-20241023T175826Z-001.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\UnityWebPlayer64.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5036	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5036	vlc.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
5408	MicrosoftEdgeCP.exe
5408	MicrosoftEdgeCP.exe
5408	MicrosoftEdgeCP.exe
5408	MicrosoftEdgeCP.exe
5408	MicrosoftEdgeCP.exe
5408	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 31 IoCs

description	pid	Process
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	3304	7z2408-x64.exe
Token: SeDebugPrivilege	3304	7z2408-x64.exe
Token: SeDebugPrivilege	3304	7z2408-x64.exe
Token: SeDebugPrivilege	3304	7z2408-x64.exe
Token: SeDebugPrivilege	3304	7z2408-x64.exe
Token: SeRestorePrivilege	5336	7zG.exe
Token: 35	5336	7zG.exe
Token: SeSecurityPrivilege	5336	7zG.exe
Token: SeSecurityPrivilege	5336	7zG.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeRestorePrivilege	368	7zG.exe
Token: 35	368	7zG.exe
Token: SeSecurityPrivilege	368	7zG.exe
Token: SeSecurityPrivilege	368	7zG.exe
Token: SeDebugPrivilege	5300	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5300	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5300	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5300	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5056	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5056	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5056	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1424	firefox.exe
Token: SeDebugPrivilege	7052	firefox.exe
Token: SeDebugPrivilege	7052	firefox.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
5336	7zG.exe
5924	Kogamixo-Instalacja.exe
5796	Kogamixo-Instalacja.exe
1424	firefox.exe
1424	firefox.exe
368	7zG.exe
7052	firefox.exe
7052	firefox.exe
7052	firefox.exe
7052	firefox.exe
7052	firefox.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
7052	firefox.exe
7052	firefox.exe
7052	firefox.exe
7052	firefox.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe
5036	vlc.exe

Suspicious use of SetWindowsHookEx 50 IoCs

pid	Process
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
3304	7z2408-x64.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
5924	Kogamixo-Instalacja.exe
5796	Kogamixo-Instalacja.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
1364	MicrosoftEdge.exe
5408	MicrosoftEdgeCP.exe
5300	MicrosoftEdgeCP.exe
5408	MicrosoftEdgeCP.exe
4120	MicrosoftEdgeCP.exe
1424	firefox.exe
1424	firefox.exe
1424	firefox.exe
7052	firefox.exe
5036	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 2828 wrote to memory of 1424	2828	firefox.exe	73
PID 1424 wrote to memory of 532	1424	firefox.exe	74
PID 1424 wrote to memory of 532	1424	firefox.exe	74
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4824	1424	firefox.exe	75
PID 1424 wrote to memory of 4728	1424	firefox.exe	76
PID 1424 wrote to memory of 4728	1424	firefox.exe	76
PID 1424 wrote to memory of 4728	1424	firefox.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/drive/folders/0B9bgpPLaLVIjZ3ZLU09YRUNuZjA?resourcekey=0-mBMf2gxDU04TvWPjkF1N3Q&usp=drive_link"
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/drive/folders/0B9bgpPLaLVIjZ3ZLU09YRUNuZjA?resourcekey=0-mBMf2gxDU04TvWPjkF1N3Q&usp=drive_link
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.0.144577264\459266097" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88fb93de-9ff0-4231-8e6f-d45704fdfa4f} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 1796 1b16abf4358 gpu
    3⤵
    PID:532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.1.18391126\1964864163" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43872338-879a-48cf-a950-9175552ad2a5} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 2172 1b158872858 socket
    3⤵
    - Checks processor information in registry
    PID:4824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.2.349549400\119241793" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b390dd4-0704-440d-be08-4d975675f310} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 2892 1b16edcfb58 tab
    3⤵
    PID:4728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.3.1389296831\264933663" -childID 2 -isForBrowser -prefsHandle 3316 -prefMapHandle 2824 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f72185ac-a312-4358-a980-625a8a4838b5} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 3524 1b158862b58 tab
    3⤵
    PID:4928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.4.2081121376\584664189" -childID 3 -isForBrowser -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {710dd77b-4368-452f-b43e-89b7c251ed80} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 4920 1b171e04458 tab
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.5.330801769\797641795" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dee428cc-1358-465d-bb0a-1a4594a85102} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 5064 1b171e03b58 tab
    3⤵
    PID:2920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.6.1588887840\1555238009" -childID 5 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7698e66-51f6-420a-a1ee-09ba1fea1391} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 5244 1b171e05958 tab
    3⤵
    PID:3172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.7.1881766757\2126951818" -childID 6 -isForBrowser -prefsHandle 5472 -prefMapHandle 5476 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af345c03-03d3-4fd6-90f9-70b25252e4ef} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 2592 1b15886be58 tab
    3⤵
    PID:3260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.8.1870829407\904975157" -childID 7 -isForBrowser -prefsHandle 5976 -prefMapHandle 5980 -prefsLen 26543 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9537c545-8038-491d-ad63-30251e83ec9b} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 5964 1b158868a58 tab
    3⤵
    PID:2168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.9.887322167\739289649" -childID 8 -isForBrowser -prefsHandle 5516 -prefMapHandle 5640 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97e4a901-9efc-47da-95db-db45651be424} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 5052 1b171e05658 tab
    3⤵
    PID:2552
- - C:\Users\Admin\Downloads\7z2408-x64.exe
    "C:\Users\Admin\Downloads\7z2408-x64.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.10.1793523013\1322265899" -childID 9 -isForBrowser -prefsHandle 5188 -prefMapHandle 3488 -prefsLen 26864 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a67dd7fa-1e65-4c3c-a012-5ca0482cff52} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 9776 1b15885fe58 tab
    3⤵
    PID:704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1424.11.244672009\1152897528" -childID 10 -isForBrowser -prefsHandle 4624 -prefMapHandle 1456 -prefsLen 26882 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12dcd159-42ed-41da-83d5-83d070aa6b50} 1424 "\\.\pipe\gecko-crash-server-pipe.1424" 4176 1b172624c58 tab
    3⤵
    PID:5832
- - C:\Users\Admin\Downloads\UnityWebPlayer64.exe
    "C:\Users\Admin\Downloads\UnityWebPlayer64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    PID:3348
  - - C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /n /s /i:AllUsers "C:\Program Files\Unity\WebPlayer64\loader-x64\UnityWebPluginAX.ocx"
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5776
    - - C:\Windows\system32\regsvr32.exe
        
        /n /s /i:AllUsers "C:\Program Files\Unity\WebPlayer64\loader-x64\UnityWebPluginAX.ocx"
        5⤵
        Loads dropped DLL
        Modifies registry class
        
        PID:6200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5224

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\RAR Kogamixo\" -spe -an -ai#7zMap13552:86:7zEvent13023
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5336

C:\Users\Admin\Downloads\RAR Kogamixo\Gra (Kliknij na ten folder aby wejść w folder z grą)\Kogamixo.exe
"C:\Users\Admin\Downloads\RAR Kogamixo\Gra (Kliknij na ten folder aby wejść w folder z grą)\Kogamixo.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5784

C:\Users\Admin\Downloads\RAR Kogamixo\Kogamixo.exe
"C:\Users\Admin\Downloads\RAR Kogamixo\Kogamixo.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5892

C:\Users\Admin\Downloads\RAR Kogamixo\Only for administrators\Kogamixo-Instalacja.exe
"C:\Users\Admin\Downloads\RAR Kogamixo\Only for administrators\Kogamixo-Instalacja.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5924

C:\Users\Admin\Downloads\RAR Kogamixo\Only for administrators\Kogamixo-Instalacja.exe
"C:\Users\Admin\Downloads\RAR Kogamixo\Only for administrators\Kogamixo-Instalacja.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5796

C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo.exe
"C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4132

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Kogamixo-Gra-20241023T175826Z-001\" -spe -an -ai#7zMap3298:128:7zEvent27595
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:368

C:\Users\Admin\Downloads\Kogamixo-Gra-20241023T175826Z-001\Kogamixo-Gra\Kogamixo.exe
"C:\Users\Admin\Downloads\Kogamixo-Gra-20241023T175826Z-001\Kogamixo-Gra\Kogamixo.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3100

C:\Users\Admin\Downloads\k\Kogamixo.exe
"C:\Users\Admin\Downloads\k\Kogamixo.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5648

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4892

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5408

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5300

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5056

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6024

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:7036
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:7052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.0.379451444\337184152" -parentBuildID 20221007134813 -prefsHandle 1596 -prefMapHandle 1592 -prefsLen 21154 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c029b73-d0a0-4298-acc0-fc05fc6072e4} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 1684 20d16cfad58 gpu
    3⤵
    PID:4732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.1.89189907\952410877" -parentBuildID 20221007134813 -prefsHandle 1984 -prefMapHandle 1980 -prefsLen 21199 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a212e0e-23d1-432e-a653-65f7ff37ea4f} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 2004 20d16932958 socket
    3⤵
    PID:1472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.2.628172729\1065822915" -childID 1 -isForBrowser -prefsHandle 2836 -prefMapHandle 2832 -prefsLen 21660 -prefMapSize 233583 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f34b6eb5-4c13-4590-b259-c0168124c4c1} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 2848 20d1a78c858 tab
    3⤵
    PID:684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.3.864171277\155154907" -childID 2 -isForBrowser -prefsHandle 2748 -prefMapHandle 2780 -prefsLen 26838 -prefMapSize 233583 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11c01341-9e8d-4b31-9dda-d537bb9d24af} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 2736 20d04a61f58 tab
    3⤵
    PID:6392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.4.96428856\239003874" -childID 3 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 26838 -prefMapSize 233583 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {240a1f51-706e-4165-915a-91219ebe4d03} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 4028 20d1c0cc558 tab
    3⤵
    PID:4240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.5.49675507\1861821391" -childID 4 -isForBrowser -prefsHandle 4476 -prefMapHandle 4488 -prefsLen 26838 -prefMapSize 233583 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f9badfc-ccde-4922-86d2-cc004db338b8} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 4512 20d1d12b058 tab
    3⤵
    PID:6764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.6.557950985\1615195383" -childID 5 -isForBrowser -prefsHandle 4648 -prefMapHandle 4652 -prefsLen 26838 -prefMapSize 233583 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a2673c9-25ca-4aa5-925b-102065186693} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 4640 20d1d12bf58 tab
    3⤵
    PID:6776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.7.182770731\1548627431" -childID 6 -isForBrowser -prefsHandle 4836 -prefMapHandle 4840 -prefsLen 26838 -prefMapSize 233583 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {11132cd4-c37a-4bd5-b550-bec6ee500f13} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 4828 20d1d12b658 tab
    3⤵
    PID:6784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="7052.8.1291813919\1405546871" -childID 7 -isForBrowser -prefsHandle 4864 -prefMapHandle 5112 -prefsLen 26838 -prefMapSize 233583 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0c32b60-97ad-48a8-8563-eb5f2d8856db} 7052 "\\.\pipe\gecko-crash-server-pipe.7052" 4676 20d1db8a958 tab
    3⤵
    PID:708

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\SelectInstall.mp4"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5036

C:\Users\Admin\Downloads\k\Kogamixo.exe
"C:\Users\Admin\Downloads\k\Kogamixo.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo.SED

Filesize
1KB

MD5
7b933c86d51e7f017b1be8fccbfc2b16

SHA1
80b95155dfac09fb5348ab48be5f8b7231be0604

SHA256
4583f2504887a831a6c89572cefdd7639b5b28d3032d8df1f20178b57cae19d5

SHA512
95e6eb372ce56476fedf92c62391424036de4ec3a2503b48f579cf32038ced8e5e7e8415d6df52e3a24bafe4d4298a2b6e12bc38d19ca54aa36ff892e0dc97f8

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\Assembly-CSharp-firstpass.dll

Filesize
17KB

MD5
330b37548f557892337b0268c1efa817

SHA1
8b8de496b480da7b0c5f9b44f23672ceec2cc71a

SHA256
8485a3ef30654a58efdd7a77660f64d91ecfeffa661f371dbda318d4f0ca80d1

SHA512
a6e909e99c758045cb1118ba8ec14be5dea97021f724db9058fae535e53b5d098b19799fcb1bdd6be2bb890b390a864e5a3d37254f81fca1702730038513a5e0

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\Assembly-CSharp.dll

Filesize
74KB

MD5
405e3030bf93d490525211385c6e5860

SHA1
4f3cfd47ab32aa31dcd1a1d699a52ef24e7ace00

SHA256
6087416f785c7ec445b0358d7e07ffc9852b01a65bd7c3b094d2e150f2cbf374

SHA512
d1cf1f5cc49729bb3be839070179aacb69a7c4223ff8ea3feb4dc66528775d01d7ecf698acfd5546516a4783a45902e0f56a29521e4525b050785fd1ed76e61b

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\Assembly-UnityScript.dll

Filesize
104KB

MD5
304b95091bf9f431de23e8cf215aa221

SHA1
cce2b8f68ce54b3239353ffe9b1be510622525b0

SHA256
6f787a885fcb8ac6e9c0bbd8816776705887b9480114d7a28e22189d9431339a

SHA512
a5c234218d868c32b087e6902264dc1f745d8d97bd4c6f8e5307190e72b4a657e3906b4cf28263ce94f729004fb80bdfeb0577e78ed9e5961bfd21183c164437

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\Boo.Lang.dll

Filesize
124KB

MD5
70ed33dbbc253083fa253cb49463fcb0

SHA1
579114228b242a5aee1b56575914175e5635653d

SHA256
d75f3fe1ddd1179b298b11e46f0a235d27df39cc8da0e6c8c80af4a41fd2b9f5

SHA512
8646a9a1ec9c82bf5613778ff7fca28a995cf662572121ede1c353d1f63ae169dcd2e9475f7b905b09fd2256dde8fa2613a693d03e857d7ccf390d68ed18df88

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\Mono.Security.dll

Filesize
286KB

MD5
a72c7d684c17f588a428fd92f536c1bd

SHA1
0a8402d80b6d1f3f4ba87bdadb096dd9eb4f6d41

SHA256
5942cbd1da47c9c7cef29da6a7a6e2271522c653f59f26274374733f81230bd3

SHA512
e88f74841137f27c53c883593f1791c419259bcecc861b72f69f08a342da94b78088a9f35387abf472a248e856bdf6f7042243a04361583a97f27c5c09c8eaec

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\System.dll

Filesize
1.0MB

MD5
5773c9adbcfe495f1717967347538eb4

SHA1
94cffc9c691dc7b458cc263bf0767248e54dc9e6

SHA256
26b1f7848766b877c0fa98c20e7c26493f3a8aca6790d59032bd2633e4c00988

SHA512
c0c7ba504148bb8b0d52724d64cfcb3e6129fe0253aaa0deaf8be0114254392652d56826b1925ff41eb31f2d1120a554fd6f964c66c624227bc8fad41c615904

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\UnityEngine.dll

Filesize
477KB

MD5
4ab30fafd0feee38730bc30aaf41cf76

SHA1
46811aa02ac1347e4420c42373f23a38910f9836

SHA256
33fb841bcbe9a73f38f171100504cefb2f34ee1f3609832cb395fd5dadb7f0e8

SHA512
fbf7684ab08bb7c3c19d5cd97d312b3fc3fb7782fec6856840c82c86b62aa46b33c6b6b73aca166595df5e1b572818f00bc2dc8484456f94909ac361dd031361

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\UnityScript.Lang.dll

Filesize
13KB

MD5
26fe0a5f77745ca6d8ba6748d2aa6fe0

SHA1
103fc7425c579bc9a5b3417a92ec95e539bac903

SHA256
3eb87d0fd8262649a4a385113ddacf55f26f287d41ae9bbe9f7b19735615589b

SHA512
073331411fe1f5099a2471799a1ff9217b969855660b8c4bb424056c7530affca889243a2c38bac715fe97c023d7c2f5921b6586844044a4349b9216f53234af

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Managed\mscorlib.dll

Filesize
2.4MB

MD5
aa6b75f219ce790cb61d56e78c1b6c37

SHA1
4984d63710d27a8bbfec9d968d4ee7819b406fc7

SHA256
41a7988ab21a8cf10a759b8726c86adc0ed14fafb297e54fec49cc24af9f230e

SHA512
79022e4ddf4550a7765ef8f088d0fe6ac0503071d40f5fddf49de666a425bd0d7054a1b5cf035c0dcecb65c3f220887edbb89a336c0d74c26837d4d1ad427c79

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\1.0\DefaultWsdlHelpGenerator.aspx

Filesize
56KB

MD5
66fed2411c14a0fc8ce4c593ef601bfb

SHA1
4680a34aae1193f1e4a6aac1a5dd3c307de257fb

SHA256
d87d5196b2ae2abf4e673315e1fd22c3a44df80192f23e89b78108579c287524

SHA512
331874a9956c87db0646e4d21937a88009804a59fdf5f5882ea5b1dfb7dd7ef17724e09877d98f52e7327bbf38a46dde0c54d5c85f1e860b88322bdfad64679d

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\1.0\machine.config

Filesize
16KB

MD5
8dccd9a98d2575162aa366224a983c08

SHA1
4eedcaa785182201857134d8432807bc30742f6a

SHA256
1ba3755323483de257587a7276180c65d96824d441f95feb28f819e77a0cf767

SHA512
96b6beb2bf56334ad5e7d0b95079107ce736b45011679bf9a2ecd295636ceb7f0748e84bdebfdde37cfe45ab28716e4cc5fe2441e986777369a319cc0c5ecfc5

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\2.0\Browsers\Compat.browser

Filesize
1KB

MD5
0d831c1264b5b32a39fa347de368fe48

SHA1
187dff516f9448e63ea5078190b3347922c4b3eb

SHA256
8a1082057ac5681dcd4e9c227ed7fb8eb42ac1618963b5de3b65739dd77e2741

SHA512
4b7549eda1f8ed2c4533d056b62ca5030445393f9c6003e5ee47301ff7f44b4bd5022b74d54f571aa890b6e4593c6eded1a881500ac5ba2a720dc0ff280300af

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\2.0\DefaultWsdlHelpGenerator.aspx

Filesize
59KB

MD5
3b3452c399f27a24ea5a589c7bfe750b

SHA1
b06cb1d09ad3bbdf1d8214c910e3da2a228d113c

SHA256
ae044cd9cc2c7c42f8864195125ab440472d657e5f0d55e131f7890bd45c518a

SHA512
41c099350159e942be8bc04c8f59c7fb0fd4bd99db46f1c0158f0fa053c08ae0c73e9d169f6816b77376283cce5beafdcfe5d3d5e3b98e8b358d67c34b954a04

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\2.0\machine.config

Filesize
26KB

MD5
603173d56ace47a2d90b87ffbc3bfa91

SHA1
889d20428d2f8a60f7aeead5d0da4009200e5365

SHA256
2d2fccb3f1afe931f7f4df289caf9fcfa31578b4fb4e1f610d3530832848e70a

SHA512
7b8b8073ebae8a31605ab127e2549a013f59da5d4de0fba933aeca7119cfc937111e48a2354e41c794dc0082b6c08ad50724ae806fde8f95a946d55d2ebdb7f5

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\2.0\settings.map

Filesize
2KB

MD5
55dac562878b7dd98ee8a7ad203a26e6

SHA1
d16baa15e7d3042bcf9d7318209c696f4daf2cb0

SHA256
ca89036b7d7f1ae9311a6a2fbcf05fc5b997bd43fd21dd54e11c18018ef65f08

SHA512
987c5cd86a9825953de670e5c15404694feb15cd5fa9afa8af4c2d5bda9d805839c9695d44122b32e0ffafe08d720c3df58000e89c8822fd9a5eb28eaf2ad478

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\2.0\web.config

Filesize
11KB

MD5
2b6303c4f12762b71051db6e947f90a4

SHA1
a4d7e05516f63d6ab67327b299d4fb2852cb840b

SHA256
3c1a76a5849074b437d297656a208a3bef6d84b982153542b9c797046c601dfc

SHA512
80f5da60654e1851ef21526e434b32d94e18883a08bacbbaa0e1f85b80469c46510b6ddb9b429f16cc4be89c6f2bb2627bbae9cb1d0c7e45b665efb7721c6d86

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\browscap.ini

Filesize
304KB

MD5
378be809df7d15aac75a175693e25fbb

SHA1
2d5454e161de8a5b65910f27bd70d9d0ad8fa476

SHA256
4ddd50f31fb968f30bedefc253a46dc3f2890192d05cdaa9e0a64a056eee807e

SHA512
d0d181e806cbd2c016eb0a8786f7d9db877463eaac0195db4e891be111c9ed87491a1abcfa0d9ed7c2743e004e1f4a3f4789333d0b535e63358c672ae833c363

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\config

Filesize
1KB

MD5
f95c345c1c53b820487f6b72e62d5485

SHA1
957e4e50e74c50347af92abf240c2c7aab3f3f79

SHA256
b585c70c70c88b3e03489361558f5d711c2ef71df9baaf37d92dbf95fbf6cd92

SHA512
6b06434d07ee51be064a3efdca65b73e6c8e7560b43fb61633b08c7d2a0d792fe0670e57088c1dabd23929e0b7f7a27f65f503f2b640587042c8bbe98946368b

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\etc\mono\mconfig\config.xml

Filesize
25KB

MD5
f34b330f20dce1bdcce9058fca287099

SHA1
936520d5bb5c00a1985d7a4c4f0ef763a9031862

SHA256
0c56e34c69124510fa8c19e7b4c2ca6c1c4ff460ae19f798dd0ca035809e396d

SHA512
d6d4a8321eb44c117755a41a2590296be86a0568d27a5347f9d7f32f2d151d8f7e169675c83faed2dab5ad0f8d81858f8cd1167e439cd4bff7e68c243e3544fd

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Mono\mono.dll

Filesize
2.0MB

MD5
173cb44985caabf7ae2421748e7efe31

SHA1
03a336779d690fd2d753ff3b1f8cf25a885600e5

SHA256
ba5b03a7bd3a4878ef3f82ce91e9c0b171b1d8048e1afded755e41ba1d406717

SHA512
896d027f7c5705e86df6561f4e46b683fe11a64aac3e3c444c0e4b845fcc0f48074abdb18722f765448026ae18ffdf7a772caaa809ee35d1e70a877d4e7f9899

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\PlayerConnectionConfigFile

Filesize
22B

MD5
b1dedf7d05d0cae82c62699178ffb51b

SHA1
b700e680d6297eaa29544457d584258ea70dbeed

SHA256
9213defc297be2f1817019c91e6fc1408f08f023df15588fb69e2f97f1e13767

SHA512
2d4f1b7f84e4ba2589c923227c03d2b3dd807acb40fafedea6ba6a4f2e72898d2889aae6a430297b2f78444e5402150c9e4768c3f970d1deadd6e4276a1a6d16

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\Resources\unity default resources

Filesize
12.6MB

MD5
a6d6b7c8127e0053cdca795a846edb81

SHA1
377d6d9d777df221c28cd9618bafafe682f53f85

SHA256
0d17858471078101cca6331f823ddee7721e958101858e2ad52ecfe01af95be5

SHA512
2f3d001d6ec79d28f80e907c8a6a4f334e0fb45ab7c01d8f79dbff7377d3d9f8c7e87280d9e59d8ad3c668a9062b6c07616e9b43919a8b50f7ac3a613d250eb0

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\level0

Filesize
5KB

MD5
9c4ca39a7b648505efac7ee4edee9b9a

SHA1
95d997ba07f5fa242e04d0e61a2f90a0434deaa0

SHA256
1947da09a750584b65af1b677835e330c0771f2ba90f380ecf393a405f1ebc05

SHA512
7f7e8c9cfeb176946bfd967bfa579e60f90bdac457f3826cc96b7f024b2b3abe7facab211d492e53cc84a11d18164baa9357e0f816e187003f67aa67548c9755

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\level1

Filesize
123KB

MD5
f3be429a87a3c79bf86deab734e840fe

SHA1
20b9cd32a040acb3b8e2d3dfae64a8429c57948e

SHA256
a6d8e447fca7692faeeced722efdb344dc8e248c733b75c60035c3b036022937

SHA512
8a32591f84d5010bdbba236b1f0de04361c571bb55ca9a60312ae5204de5db8f7408fe855592229ca862b81dcfb0e4fc0f224cfa4ece21b5b3ddf5c1afa2d57e

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\mainData

Filesize
67KB

MD5
afdff753cb7543c0cbd3a13437e8decb

SHA1
8411f2f0b204b1ff3978adcf8aa604c408871c9a

SHA256
fc0773e2020f52bc859aba8a9856de335d21784dcf6aab3103a163661a5e8b73

SHA512
051ddfba173cdbfc4eb3c4f68fce37a73edc02acdd7b965922d5672dcfcffe84f99a668363ebef2f469a9591f51a28a1e604127f31193cd8aeb75552940fb51b

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\resources.assets

Filesize
33.2MB

MD5
5bc886265ed5df5dff8d2c16a1f60eae

SHA1
2976c6cbeb607794322df4ff8f9eedd30db2c6ae

SHA256
ecea5cf0f3fc6ee97dd5ab592dfc32b264524d70a1f1570fcacc3c469e234ffc

SHA512
abb0118f832cd3c8e7c95414aa1677beef4302ee6ba8f1f6f86c09ccc6aa8507c779ce79d08af81702d871cedf363ca412a73a237ff471779f0f1b6e8a4f07d5

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\sharedassets0.assets

Filesize
11KB

MD5
c7bbdbcf641a1095d1380bf3f19479da

SHA1
c018362271911c03d899462114af7153775c5c47

SHA256
247391db0fb943225f2959b32d5094f95f5aa22e0786741c3966e2c534cf3003

SHA512
b95a2d39ebd35ffb9525702c84ec0d6b19f7ae30123a92bb98c97e8fef2a25fb39720b6fd4324377f844fe08f9096f53959584e3a4a0e6b235899d422a74e1b4

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\Kogamixo_Data\sharedassets1.assets

Filesize
12.9MB

MD5
3fa02929aeeed29e31dc81ec7e2b023e

SHA1
6f27ff7712311c214aa4075b7f68ed0452dd63d9

SHA256
28a487cb6fa058ade0faad8fa4b9b9d92a463087f5bbd390c375a66f1023f984

SHA512
7fca19e3da620dbcea857996851fe2aa1d06d66f1f38a9aa523687364e2e18d7a7f3e0cff1f138ac49271408dd53013ec28b8f1254f0fb30b661cf282284cc10

Download Submit
C:\Program Files (x86)\Kogamixo\Kogamixo\Kogamixo-Multi\~Kogamixo.DDF

Filesize
1KB

MD5
6cc405691944db3bd28de270871793a0

SHA1
61a160a3b2c3d3fef6779e5222ae5aac65d05663

SHA256
230e1801697325e80da3bd56bd9b0848a45a1f98b4a4b67fbf52d0633f4d9a66

SHA512
2ce42ce2da8ee268c804b2ce45d6c7dcb6010709450be7592a5e68ea3dfb231e0081b7226a961f3ad73e4892f970772996bee751deca50ea8c9be6e6f19cc3d2

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
692KB

MD5
4159ff3f09b72e504e25a5f3c7ed3a5b

SHA1
b79ab2c83803e1d6da1dcd902f41e45d6cd26346

SHA256
0163ec83208b4902a2846de998a915de1b9e72aba33d98d5c8a14a8fbf0f6101

SHA512
48f54f0ab96be620db392b4c459a49a0fa8fbe95b1c1b7df932de565cf5f77adfaae98ef1e5998f326172b5ae4ffa9896aeac0f7b98568fcde6f7b1480df4e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OHP8MVFQ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\10457

Filesize
23KB

MD5
68006d734b0151ce35cd7426c73b6064

SHA1
da9b6c4ab4f7f353c63bf89392a44703fc9ae379

SHA256
5e7d5786e26a8e62e4fb77d110be2f2602e265a08cf42c63009babafa727c11b

SHA512
a24f4e9466eb6e2948c19bd9b9cd2811eb0d8ab6139001f717c8e418ad135df46d42a94eba17f308d5e7db5c4261f7f49457e44524ffe067d131899d5c96329e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\11247

Filesize
23KB

MD5
9277d99799dcaf44b45b8f865a119312

SHA1
4c28f1a0cfa8e615bdfc084ead2529fb52ec40e5

SHA256
7b7bfff2eb56cde0f03ab14cac57ef19dc44862d7e5643ebfe9cb0abc1bf169b

SHA512
576420e7e95b7aba4ed1f42151dd07473ec20649feb6a060775b36c9765e91a6082f6723037d2e5e4ad0c518d9cae9d4b968021ad4f1348f930f273fcda1a22e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\144

Filesize
23KB

MD5
c8613310abb393e5f47f591b629ba572

SHA1
f89c8138337b862cdb22740222ce5ec849d97220

SHA256
dceef234c273b0d02aa4d694d0e71900f4cf875df10399474851617b8780cf85

SHA512
2ad4ed1be48aabebc2b1261517a62567bf6f854392b5cfcf1f26800e11f2daa9935d0412c711bfb01b1ffefedb46c354bf14a0d2d251bc421b2c705c2b8055a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\16198

Filesize
23KB

MD5
60617d6651851c510fe8d12f729f9e77

SHA1
511a8c757733f8201f5b60c02c4c6c6d285d3df2

SHA256
c029d9a890cf2cfb3322e86b05402fb8eeb4d1dfc0dfc5f14d78a4a78f33707a

SHA512
edafa4b9723c70d44454e5dec1c3541d316fe6c64507e11008ce5b6da1e5d9f72e3cbe05adc052762bcfe13aeae1e970610099f710e41d3a489cb2880ed8a3e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\1630

Filesize
23KB

MD5
a572b4efcd859fdc2f6dafd6039a4799

SHA1
bae50d54678795a26f1ab4780ce0cfd07d3f5a84

SHA256
e68750c67e7bec63064bfb32c83bad90db35ffaa9106f666c01142ab87a80ba5

SHA512
e38cc88276b27bb709ab304b917422ad434562fee0a3011ffa30640664ce833ce82d47ec0a2252c0ce4a96803962fbd2471b11f2d938fe0f0546910b5c274ff4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\18494

Filesize
23KB

MD5
111c171a3966c2d1769e8ce300141415

SHA1
5d9e6d2a36729855bcd2ed133051101d28af2bc2

SHA256
a861a094031957f3f83555b7f7a4702880da8a2251097d6670750c90e23abfa0

SHA512
74859cce562cab5069ed6f9a02e137f125466b870d4603962bfc8d75b7cd2e48f6455a3cfd875d3f630fad3f088441e18ff304db16687ab9a23592917f00b86e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\21243

Filesize
23KB

MD5
920537791e395d3d247697c65fa641d4

SHA1
4a9b62a131cc90a4c36fb431eb58e11fff4e63af

SHA256
7f91d9956d13242035d75a57b995e41efdd60932c97bf48df2ad1602f5473877

SHA512
cd03827f1d2e2eb24f28a7f8ea78224b79d51987d4445663ce4c487480e2e4079d4e60749fa2f303dc1e0dec2cc2b7cf3d75d5afbd193476f2581378aca5bdca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\2533

Filesize
23KB

MD5
7c8ffcfd5ee91132ae000b903ac0c20a

SHA1
5d0b467e6bf6bcfc073bc734b393ea3cf6c5267a

SHA256
815557e8ad1656085a394871af14306ac8c8b3f8d0652560a3e02a43cf8bc6ba

SHA512
bcbcb3522eb067db29b0daf4e365b645ae31c6a3b597d39e8225eb0f5a79e805b2e445c33fa010c9da6aec7963c2c0c8fe833ff86155a5792e2a719eddef2e93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\27482

Filesize
23KB

MD5
f063e049695a29d1162197823d656143

SHA1
d43607586f2d3e70b9098ac131247dba209bf50f

SHA256
c62e3ca855eecf7f586da5efed8ab8b2320261e929bc1c7217d1a47373c45983

SHA512
569d779c3e1aae6ec85481d76cee5a916979c34e48ae36dbdac93260379cbfa8e61203a47f9c74d75eb6491341d4eca2fe6f8abfbc1ee8374fd55865c9b8ebcb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\28676

Filesize
23KB

MD5
f76f3bc06f513be9310b52fdbc82919c

SHA1
7816f60db5487743288072c0875ba7b437043e55

SHA256
99a2231b270abda6cac2ddf31e9775160c65ec660b57f189eca3f2e0ff97adbc

SHA512
8c6fa89b4259b68b59ca837bd22f1c3beaf4d33b86835f3bad75572daf8ec3c2f7f4dff609549de8e636fea9364d51fc8ef09eecd8133878ebdf049262f92ea0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\29062

Filesize
23KB

MD5
bd75ad310c1bbf1691d4feacc3c3cd8c

SHA1
a06d6973f87441d37efc90d690141c12e7804894

SHA256
a8598dc644f06789ca1da618d1ddfc9cc8cbcd07d1636b237d848db5457f5d33

SHA512
e72fea55b246da0332cc3500c6ffe843d4c3884e68ebddc09c494c885dc006526c785ce6d856b9aa0599796dadfaef091afc9de7ad9ac5d7d0d6433a20006f12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\32732

Filesize
23KB

MD5
58f7f663d25adf1429c6722db6f82dd2

SHA1
7fb0978068d54e3f5670e5f73aa271689920e2a0

SHA256
7cfedd710b6e2165c78e363f9e83979b10c16aeb7c3d32a4640ded1b73d85f28

SHA512
1ccc0e8df53c45578ce26921e3c1245fe479f407086831f03844ab0513e77aceaa005d97b6ff6cb828ce8386ca9a6405838fcb73f688109e46e6a773f82feb92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\7577

Filesize
23KB

MD5
13357e15753ac7301d77d2526eb995f3

SHA1
2de2d53cdbe29da9b760d53b3b1765126cdf4d60

SHA256
1500ae08c0a592327d855833e648f05a8c18567ed2fc36ce14d047eeabab912e

SHA512
502c980e0b6b8670737735ae9c3b0383449c3a0bd6bf5afb9f847bff38030678d47b361c3a9d0da55604c43c6a70d36cf842a249b079d38c57e94598eba296de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\7596

Filesize
23KB

MD5
8437a23405c00e8c7818be5684790792

SHA1
f1a85132ebf2b92a9925d61f7b073e34c47a90c7

SHA256
5403ea6a38522ec53d2598a38999e956063075876d3213d19bb6cfb56a08e390

SHA512
cf82997052f4570379241368d4fee58619f6f82169893e3984cd694028c1f81ffd7c0a612c5d20f61fb4d9276d8591024a2e4125f959063ebb469203380d78fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\8566

Filesize
23KB

MD5
cdf4a994d8ae3b4b37531cd560cc2ce5

SHA1
6712bd01f46d53b6be6fd8839c3e835374c42691

SHA256
bdbda79b81f09a44cc7c45c1c1ed5c9428d9c48d9d20e5301be0362ba4943955

SHA512
803776771fe26b079889e1da04c630daf85c88813f1f81f70e892187a4ab97727ae591d95ca0ce05e74898158f1da3534195dfc75185878e3cf61b1276a302a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\9375

Filesize
23KB

MD5
7c134ad422f0bac1a9d0ae1c8e7d35dd

SHA1
9e49d424321ee46da498cabf1020b6123fa0ec98

SHA256
116798793591a473d6665ca430e5346119ec6903697ea04dfd7e62b28a80c16c

SHA512
19ea69057f23f05977c2fdc4c69b9cff7470ba473cc100138880c6b40aea7a9d9305c102c0c30e237f7eaceabe54bac99ad64931be1376dfad208eae4aab768e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\9959

Filesize
23KB

MD5
1f0fa9a706e370938ca21662690e3eef

SHA1
d3b059cc0ca2e76d7b59f7adeb5520dec461cf09

SHA256
ac6781baa750d61eb96e807353031aaed86a9aa47fffe6e01d13b8156cb7d3f6

SHA512
6a6a22c904732956271f43d1805de5c9f244faded1f764ef6da22966c77547d41b591ec73e72e2eda35139c816901337afeae6335b19753a62473ed7d906bfca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\3A323886E8B18048C81A7AEF19D0F40B7DBCA810

Filesize
8KB

MD5
d9a11e3c3dbdcd35883d3034cd6318ee

SHA1
58a2be064dd2b22f96c89d8b73ea7738a04061a5

SHA256
a51e7504e4611471ab688c98e68d5f2172ee8f326bfaff7dc0a8d6eb1472decb

SHA512
496b54233935de8778128fcdb6eaee4eaebb26916cba666e604fc85331edcbd1e70bb6f1f12320b402aec4e29ad6ee877e2db3cebd18daa3172b1ed911f7d770

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\3A323886E8B18048C81A7AEF19D0F40B7DBCA810

Filesize
77KB

MD5
23ca5c2259c3b20d8e84d834911e6135

SHA1
956756c58bc9afbdc764163edd2f6e0295dbc9ef

SHA256
8825654c96e2031bb4bcc2cc724013c72ca2eed8144a1ef06d9dedf5d9f060a3

SHA512
2822a7447686868cb72fa201ed428f7283be94124aa964482506e47f15f0d9afa3784135e6a13bd69fb5280a1f25d214d0555b7af5fdc05c60cb58944b2b04a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
cb3ecffc39ee8a8b76e5e3882f30e61a

SHA1
078f0ff5523fc6a42a7c16f3bb2c3842f729af76

SHA256
295472be0fc717208479e717637199ea29f440570b81d38a799ee6c3f29506b8

SHA512
72089860892c22e455da532fe4c779f7613343fa784f36b84b275a61ec55cc5169af0715d6bf2ce4343551c472915306b522ca644471ce4ca50cbfdab26e6825

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\7149E56AB76C17B0631885D26FAC30380B8664B2

Filesize
18KB

MD5
89f1c94958ca56ebb491e5d1207a3bf8

SHA1
d7fe7bcb831de32d4306a43b63fba247b4554b03

SHA256
3041502206ff90ca296d39d2a09526fdb3ebff3ab3754993f194db0e64c12277

SHA512
7a0f9762040d6fa8f5904f190fc57190d65f82985d75ce59f7f5c82c21a5867819174cad4c57ca28b076110770d71568b315131b2fa15ccaafdb4056b7380e61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\7149E56AB76C17B0631885D26FAC30380B8664B2

Filesize
214KB

MD5
bf4f2ce56ec4d7e48dfa3e10fefb2fa2

SHA1
f5d4067cc7758962a208e1574442d021f09d936c

SHA256
5701da13725ea6495ec18fd0cc82355be3649b8673bf1496f12644d7ad48b189

SHA512
b29e72d37a299a9b353ac2fc37d7ceba916a0777fb5544d33b23985af11304a2eb40c879d8d74e251717b151d129e25ffc704313880888427182a515b464943e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\98A0482648E66B88BB35A1070756DFAAAF492723

Filesize
1KB

MD5
a3b8d3f94b62a4fb12898620f1f3b629

SHA1
755143a63dd1f5237c934e28d8d311ef1245c587

SHA256
fc02368636a9331a6e420743a20a0cba4bb989644b00914ae14d0a617ce55aca

SHA512
ea32caa583953197b82a3d8e965349ede05612f0edfe834c4642fa8f4dadb43bc9fa4997682e5b8c40c5806de03d91cf797d25047b8e70099dad16f1e69f2cd9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\CA01B3A89E722496DD1CFE1FEAC12A3924666AF4

Filesize
43KB

MD5
0c2c6902faec95e3c6e09d31c5a31a9a

SHA1
a112a65ea08ec58e0434c6927551adcede59bcc2

SHA256
19ac70ba3e3b25b6e1ae9847887d9f016cb71c5fc060f9a3b40be28409a808ee

SHA512
390ad1009640a213f173545d2cc5381f518736f7358f3d103b9156d0382c6d47908f3244adf4f6387e3985fca2e9a83f90da00a01e5be3e52dbf704bb8b2ac7e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache-child.bin

Filesize
458KB

MD5
ecc75f6374fe4c127eabaf6ba184bf8f

SHA1
fcb9bfce7df6533dd18dc516f262b5907d08cd40

SHA256
c7d9559755cf0059c53582443c969d6293545163a3c84096d9f75170ce471315

SHA512
ff5c5dc043bf0078adf070cbe68f0d1d54102681273df6cc6ba0d01d3a067ba150edb5e00f7c9d44241a31c1478b97820b593abb4535e4452ffb455660ea49b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\scriptCache.bin

Filesize
7.8MB

MD5
d2ec869a11210b12daf34995fddaebe2

SHA1
488528194552dd57db833439dc41893eac05cf1d

SHA256
3a34f2a319a18c0b158cb148302f4a85b5c39d1b651fd1d93c63558843555c6e

SHA512
24113bdcdedcae72204e4a80364f68944c096d8e9e44e2da45aa9ac7936496cedda444a11fd28ebac081af1b1e134d7764fa2b1c60c78446629d5b9ac89b5844

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
e2da140ae0a01d663f9f96e5cdc90f4b

SHA1
df5d69bd14d4667813a5adcf8697b54124e06201

SHA256
2b529789e766427ed18ba9df209f2eec413934fb2270ffce338fd9284c900cce

SHA512
c223df4126e9749089b4ea9684af0e8233c7632509b8c5c0926650355edca6d2112859cf7877ed789c05a8fe57c41062517facc3559ad361e412468a56e0a0bf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NB7JLYO1\warmup[2].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\LQ0OMCY3\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{51D0BE57-B80B-4306-BDAC-884CDA567251}\Default.ifl

Filesize
3KB

MD5
f58ecab499c8395cf339f956d1801a96

SHA1
98860b3197e67f55ce12efcc246365c59421e688

SHA256
e74d62c3c1a238e99ba23ac6112b71962aca11f3ff1a849ab7230dfa9aab75cd

SHA512
b84278cad158ce076ff89dc978377bdca0da2da6759731b2bfa4e27fe560456f32f7b9031f3554e80b15f20f9ff33d65ad0fcdf093cf90f605c14bc1ac1641fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{B7F8C677-4203-40FE-9A18-E5640C6C0428}\Image_Left.jpg

Filesize
177KB

MD5
7df0fb350ea90897a5102eb8367a4e6d

SHA1
bf8d6b8547b95aa020379cbcbbd531b892b01d68

SHA256
5ef3ebf667b966c07bc7a0e6706a5833e627d3fe6c65b0cc818e5a944343ad96

SHA512
7af70c3dafc55ce8198ab5f2b957d9371bf654bd414927e98dd6dcb25accd6c1464384cedd8e9b7e6250ff1164b4865cc042c35737098edc711c0698df65bd69

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{B7F8C677-4203-40FE-9A18-E5640C6C0428}\licence.rtf

Filesize
130B

MD5
b7899a723e502de71526a9db856d97e9

SHA1
dc3ddd95417451d9939931a35df2ba48b8e31be1

SHA256
d0646360abddd2e3e48266eedf349fac6151dfc61715fa44f19975756b04d5ee

SHA512
cd84684ddf0e30e333768e4921420713d8b01b73e3cb002dbf382a7c554e1185d4789b500de752a1cd2405f061d57439d7cea37a33323fa8b25e546fc19449bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{B7F~1\Setup.cab

Filesize
311KB

MD5
717753f9f6585e049d2a630d6b84482f

SHA1
1b896bea3127522aa9d248c2a10ac9e82f22719c

SHA256
1f47e513cbe6cb511f86ca9e1cfa0ca5f2d67a9ab3ef43ce2b2cde4744a5521d

SHA512
2a89fec73bbcf9df468aa743c6042d2cd51594ba7fc1e534278b6932d220acc6510f3636ff42e73dd37cddde077e042e40c34fa232288743c4d199d31d4d71e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgB290.tmp\UAC.dll

Filesize
18KB

MD5
113c5f02686d865bc9e8332350274fd1

SHA1
4fa4414666f8091e327adb4d81a98a0d6e2e254a

SHA256
0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d

SHA512
e190d1ee50c0b2446b14f0d9994a0ce58f5dbd2aa5d579f11b3a342da1d4abf0f833a0415d3817636b237930f314be54e4c85b4db4a9b4a3e532980ea9c91284

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgB290.tmp\ioSpecial.ini

Filesize
972B

MD5
4d4828ba63aa303cc7e8010af1ffdf9a

SHA1
ec907bddab9bd1272febcaada0e2358176b385f4

SHA256
9ce87f88193ba6d48d235f38ccd0c39a881e5db8c98ac882ab844ec06a2582ac

SHA512
cbd008a057cd49c837b9bbd4771041c1c5b7b017488088c8a0bb46d8cde2eb72401ae9a7a6e09e0fb4a595ea13a7c817310588bbad2c7ab31dd3228c963f2e6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsgB290.tmp\ioSpecial.ini

Filesize
1KB

MD5
a919f1cb55744f9ca8d755aba6856c77

SHA1
a0446fc7d98044b795fb54b585ec711fe52803a0

SHA256
877bd3588ae3ddff8fdc6974ee41ce30bae81b72972913d784ff13c04fd6907b

SHA512
79b03030b6d0bbe81aa73a7637ca69829b0581167fbef371c313a0efedaadd203bb45a863ad6b75ea10e0f1ab37940937335ba3cba947f0313e7a6e26e861601

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
2c739bb53edf5df3a4815d84673e51c8

SHA1
c60eee55c0d412aacd41fccc867ad6b33e23af0f

SHA256
46ef14f46f792057cb238096048d608c770c462bada8aafd6ae2afee7d322b66

SHA512
3eaf4311aae9f916f794b2b049e98ec65f6c79e46c565abaae3be5ee5b4a423348607dae4e8e5a24892db28bf26fd6d48eef16df3f53d6e519212346f2b68c3f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
3cb4dd442341604b5cca3e711aed4e9f

SHA1
67ed4c72b4929f59b0bf407d7ae8662d49032c1d

SHA256
0b1fa597852032d36f0422d2bf43ab59887ebb81b3f7d77144c513d9303eaddf

SHA512
c5b9e7072d290493ff439005e06b6fd38741cf5dfa29dd3de53907c3226cf915502af917bdcda2103ab6c53b67a07b426f7028ce7f6043197c9e6972021626ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\AlternateServices.txt

Filesize
5KB

MD5
86852bc7b6128db1908b34bd508a2377

SHA1
6d4f60518e524085973be94271cb2bf885d6ba6a

SHA256
c374c9dc286dacfad08fd4e7ae06de61feddefe71847c79c32d3c76d8e6d4a04

SHA512
dec55eb26976a6073b40aadce143c43e6572da39d6e42c73e355cdc1b77aa18cc4571e1bb90cf7e10364ade57f34c8bbf6666cfae11d5ab6a51a344fc6feaf3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txt

Filesize
1KB

MD5
84771f8f37f07ab0e81ba226335efce0

SHA1
6b52279c97b5351a1ff1b1ab1e7a09a83ecb5bd8

SHA256
77465311509d6bb0aecb17635ddbe717ed1575db47a5bace8a6ac492ad107ae0

SHA512
c54d3bc939299d25b1ecfa111ff10605c2e7679d475d31c25bea18f3249d7d2722660b43a6b1be096bff469e8c13cc06000e6d128abee188a1497b1c94d34dc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cert9.db

Filesize
224KB

MD5
b54759a0de6e9ff3fe675c152e8f52e2

SHA1
901f19146b1c8c68472cc404deec6c5362cab917

SHA256
90307f52d838ede0bae571338ee29a19e608bf6fbc7a415174dc824dc0abfafa

SHA512
045b919a23fed5c42e18e266a9742a72d27587efacf7375da324882ba85efedbde359a26638e818026a23d05ed4b559cae06380a83d67b4a0d978a2238e2c32c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cookies.sqlite

Filesize
512KB

MD5
f3f7b12edee177af06a3562c7b1058b0

SHA1
6ab8c3e6a150878f71b50de9920e9ec346976465

SHA256
946de80c18eefef0d6d2712b2cc6232fb67c41af72e39d461c44fc0ee70d5ec2

SHA512
a73f8a51c87ad557e626069ccfa00abfb5765ac2f7d2d5809e27c2392ea1e742adefa38c4fb053fdeee669a7762f33497a1b6c548446c0c1788343a5107b9ae5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f4fc4f6cda084cbe868a6a8a303c44f9

SHA1
7dc3c3cc432e03dbb34c1bb3870c01f4c15533c0

SHA256
2b43f78d9401b232e9a3447fe96edc7a858331771d19dc2b964e70d2941a141e

SHA512
a8dfcdce0e543275e9e9ce3f2c628d8953aa409fd802cd644009a28a90f0b37e9d9edfdf340479f02ec8f4067e1d934957f6aac986c5657ef9c9f7787a7eebda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
17KB

MD5
2f0c0113f20cba7e1f664eb5875c38cb

SHA1
51abb2fc2b67e7065a9e2c2548cb27bdd07e47cf

SHA256
9bf8ef72088772c50238f766e33bd8665c1b1f594e206963517f4babda92fc52

SHA512
88d3b5742c09f827e07f5091778e71210d90a9ca8cb2247b888783cb6a0a5a411484e3439e54dedb1900f6414d7b56fdee6fd8d717dd699e7912d6ec5221cd15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\events\events

Filesize
483B

MD5
d41c609fa0459afe5537ccad6feaaa69

SHA1
585eeb123d6818faeee785876d303fb2d7eeeea5

SHA256
a4bfcf4e4af0858ca2dcd64d1605d73dcb5b8fdd0ad5e7b780837f419e038354

SHA512
4f3bf33acfbd65815d9e4cc75eb743d7b83dd503b9db0798e39afa5da0ec917a1204422b070624ee1d787df416d3ed321a77a121fcfc97d58755fa7b6461c815

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\34a49778-af26-4ddb-84b8-fc52ac570e93

Filesize
11KB

MD5
309d80bf88f3b70bf285cb43f651377b

SHA1
b71368688c8e4cb12cd4ead47297b545dfa6f2f6

SHA256
4fd6a165b59a04fa0ed1a351034de00a5cad1ae23b74bc5fe84b2c59742d91e7

SHA512
c081727c7f7d3d3ffa3f7bfb07678feacfcd8265d5f932162de1e8cc5d810b1958ffbe605374bd9a1511ab0e0211b2d726c5eeafa4e1aa403a64dd1931f49b80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\d24fca64-e682-4c9b-be1e-116fb50ceaec

Filesize
1KB

MD5
61a976f873500790160a26f4147c6d6d

SHA1
2d72d660c2fa492863101489977d6bbf39108c70

SHA256
72e2f449736df54134b1cdf9e4240aa887ca2e6cc86644e67a103062922daec5

SHA512
404fcab02097a00f47741229ac3a6d5ffdab3280271f969a22f07c8c7f700b84694e8ea2ce601d728ff705ddd4091ca7f45eace336d9dc4e0b7fd6062b61d890

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\db2e72c6-a63f-4f3e-884d-c5eb09d5d091

Filesize
791B

MD5
0724d6a44c9236e122b416f1ec5eb969

SHA1
ce1332ecbcb36ef44a8f418a5387920964e59cc3

SHA256
63c15fff4bc598b5772f4d4e5803b9fbeaf2c8a006f39e909bb40436fb2bdecb

SHA512
9c3c65d702a337b6af65dfcd54af1b87d2a375b9495be010e22ccb75c4181708e0a3ceabf706034081a16336d8f17e7bfa2dbd0c88c0f7b006fefe0111301b20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\e3841a6c-dbcb-4f6e-bbda-f756ef12fccb

Filesize
746B

MD5
18120732238b8cabe9907034af9f3ede

SHA1
94945c9b1ed1800092ba0651194b220a4bb23f5f

SHA256
73a3fb75c09953de1b7c89e3aa8f8b81e0f283bc05c4665230a6625c120997b6

SHA512
beebcbe28554fe6a067f42c80f1913e32d6286dac19a0467e39241654819e4dbe279ece49fc121c8f6c25a56373ac42004ba41c2a4e895e053ea03344a29e169

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\favicons.sqlite

Filesize
5.0MB

MD5
e81940f679dd9fa1d3ae922409a6874a

SHA1
8f17b4a8f724c5de3d71255ca56a5c93d2862c04

SHA256
9cd6fde4a0e06616584c0b3864196c1d4531b677b7e3fb1da25241a93beb67b3

SHA512
543b9afa882554471b4178af2c2bfb3064786b1a09d9171493debee89e77e4fd9b315ecbdff76374851cd76b6f9c92c83da9ba20be18ce7b2497c8b90f55d724

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\permissions.sqlite

Filesize
96KB

MD5
cdd737ec4a9d531f6a97b243f392bf17

SHA1
d70398a5af1d28253a9f5bf0b86cd43e1fd4e6f9

SHA256
c619d7ab86424154e35a68fd276638f33cc00ee443d36d677a75bfa22a05d3f0

SHA512
fa179bfaaa95ffe7eb3e8917a7fcc9323f91713b58e64e7bd72cd08f6ed446483ebbabb527649737b9e49546d2e468cee3dbb91cab5d9c99f3b5b7dd5a7a096e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\places.sqlite

Filesize
5.0MB

MD5
7b4f911ae27f09f78ccb752f93b6ef60

SHA1
68044df3ef0f779d99a77416aae9a6e266e4140e

SHA256
00c5ca3ae739edc3cf3787114c10a6b8c9c2245cf80669a5711603cacdbc3a33

SHA512
002b8696c9e0e72997ead3e1a3b0667a76d0dd6476e4382626dab5ae262ea072e32b65b90468cdb8416a5a511ca5d89b67ef254e63e6ed0f1bc20f7b517cb903

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
05da1ceaf361058c66d97a44eb94791b

SHA1
ed45f244a965ee075435df1b353a026586d68685

SHA256
62071600c5403a77fab368ea64ca2182a108e0a6c9dff1e6f7f83fae64f59e49

SHA512
31acedf4d8fd7187d0e0ff1e08a408afc665d66379e469071682f3a3534153844a0d6d81f6afebcfb9fce3f75b4cb38bc6875dcb92bbfda5526b9638312a12f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
285c804d7259e83952ee7755573f5b0d

SHA1
3af630e0cbae807958ea77eacfb21687c7d7e2d6

SHA256
fdf340751112d9b4e3d3911e0cca039b9494c3737c2fda8f07cb7235da38aa3f

SHA512
ca8540bf38ebe072b97846de49c9a45cc3c218e746d687585c63be428d6abd011cf5a8d907e30b2e9c006e9615dab84d4879dc27d26e374cc8b98a504811cc4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
96ab12a9b925581580874724e0c48920

SHA1
840fe2f34c01bba1a53a6a90b8fac1e159dc6202

SHA256
5af1a0f6072392d96e82b8d6adc3a894f50bab94b9cb0508edecad5d02251bc8

SHA512
aaa558de637ab9ec9eeba7db0f89711a2b7cbb80b57a8d29b53001fb794bf59d3bbee3c7f6fc879a85d27f36a3cac879e4421092b71c6d45bac1097f99757c3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
053281ddb0de6c5de19b327d5bb026f3

SHA1
5e37dab94297a425586e9e8480808b1e65773671

SHA256
c3c714c805aa3cdc1753bb75ed5aa2cc45352d0f1eca0f4e0af6b3b2b8b7e123

SHA512
1b19806e40d592c1bffd059077d27e9069e1271b1242d3f02cd1be60e00de4e55e2d70caa54d7ac434d982da6f56a411521c95ce0efbe6ef177631123491373e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
6KB

MD5
92c424753f09413617a71c359acc6b07

SHA1
4a7425cb0017e000158c295b8978ad20df9f0dea

SHA256
bad4fb796ea6b3554f7fb9285c4508fe1f2ec226635393d658da75ca301d7f37

SHA512
b83169a7865b0fc6d44a73329461571908ab3e3c6138a06d8240a8ba801d3f07ab8c3a4aeedb9cc525ed1379c5bb6f6cdae98e7568c7c817a413c2f6a6a8844a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\protections.sqlite

Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
06137f9f129cb430f1dca34da1b398bf

SHA1
8d1ccca2e9ba356d89b4b5d1f7c9acaf30aafc66

SHA256
9b9698fa8a0f87c43490afbc7d6dc6a5c54bfebe21f81d848d16b1829db19ece

SHA512
1b35dd11cbc745be372b785fb4409535bc9dc71c7d8deaf7a1b69fa68335d977d5fd87ca49ae71e35ee7afbf3ffa41b2f018200659300ca5b2be44a8a3521bc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
7114fbc3b464a7fd6c197a7a2d66eee9

SHA1
597d12ceb756ddf98c69f8af763be77ad52a8c87

SHA256
18fae92e3a1fdc74db23efe290af91b5e62d7f50ed99a6ac05fa5362823720ee

SHA512
eb5830f23608530afd7a0fdaff39a2dfc0c41ad29af9297ed3922c52d1ac48b12e47dc020334f9ae8a0391637683050ee79353ebe5da5423d195321596ea91a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
3e1a20be6d4e1ee1f0549889909a6692

SHA1
5b10bb8b597861e0881d9d9da5eb6c70aa7d70c0

SHA256
9235fc6705dee299943066fe266c4c7406536c5564a154ad46ac84b6ce3f3d57

SHA512
aeb4a7b9c89531ec8f53eb5df3a736b8551a7ca1db34450885a50059914295918f8ca4b11ef60d60570bcbb1b68160f0c425ab67902b4e48677bbe559d139120

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
6abb67678309e5da0fc7809500e120cd

SHA1
3f8d1b7705114424bb2bd34245ac3d6734de8894

SHA256
4b053ef10b0d0dd975c726e0fddada1e7ae8adc430ec168df6cd7956d1157fad

SHA512
0594fe0c98fc35057c6f0eac7aa7146b880884808a9391a9b9278b568e97088301d05c9cc13c7bb52df358c0030e883b6032874da0be9723f67d13a3122bd13e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
58e8cf99887580efa96a35ca283646bf

SHA1
adf60bc0dbe47fed7d76b64480ec73413cfb9bca

SHA256
c9f37be5c195bdcfe6168dc4866b43ebc6b895cede0bd0c66fc9e3da433b3977

SHA512
2dd832b879a27fea7dea3eeb0709753a88ec1896e83b944b8be7fa3f9acc9936546b4f2d7e202779fcf9d90023c7024dbb07001b824672adce1fbdc992545cdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b034f6f969c9ca1d226726a6b9ae8818

SHA1
c8747dbaf944fd43d248902f4dd526d9d4906b94

SHA256
8b5938b2a494a0ef7fd426473ebc3be34c4834bf3215e63e0d23547d16ec75b7

SHA512
2dec7089c6b66f7c17b153d994bb9e40a5a634d36f32c5a98f63e6c3bec9c3326264f0ab4bc9714c1ce19f4b9b36dd949c02fbc5f784d0b10dc83226a8c97355

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
089fb34e339185e422947dc887050bb2

SHA1
6dbbc27bd4d23d2957f2722ab24dd8ac1f4005dc

SHA256
8cfebbf7cfa1c2529def85e16dee2cc86f5b0289f41a14a1ea0f80885ce32fd6

SHA512
2a3b7754c9e5e813d308496b7b91ec9ac4d0f29668e9aec97bffd9c2a88d7c79d3a276680cf97e4533c8d8ddd633e94d1d2f5f0a918bca13ae36c2120bdd7932

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
d2b8fa42c1381a059fc97e95b69e544e

SHA1
4e6d90e4a2d4cf2815f4f3a23402642743b9c34e

SHA256
53ecf4f7c6c8dc391b37a3b79715946092e60dba23e9df61bac3588e3fe67664

SHA512
69394ffc5826baf641c351d358676acbb154f4dfe1b9cab8307e9f57460cc06ad21d3c58564b08905d00e14797d740b4ec0234238d7476e24a87f617d84dd1d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
6f4cd1a5194e41f78cff886df243fb99

SHA1
72a75d7c9803aa38fa372571a5a547c9d764bafe

SHA256
47fbc650fbad54955fc4834aa5078cfc227a660d82f637c7fbfb2d333922f7c7

SHA512
b0f37ec07763d4c1e4d9f5d6cc29e538792ff1eaf8acc9a99f766759f6a1dc41ee8a892865834e7dc67e1069e30ef6370b4e37df4b5cf4108e8bdfda6f5a5e09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e87e5c234dc0a8c25058e6a84c28b93f

SHA1
8c9489fe0c508677767b11762e94175ce1bcf64d

SHA256
65b7038b1ce5eafc44d4320464a08ed9c4b2319fae34c537ead9ba6d915e8fb5

SHA512
ffb681bab9475b0c38f15a4740c8a59fbe20eb7efc1c8ba23c165300b323a05342375b0f4f5e9ae1498a67b8504aa228fc43460bf7615b8ee4c74b490fb8d163

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
1aa72f2b1e962516a0d182cc9ea49289

SHA1
ec5c215bd54857c8d95a2bbd3117ca520a5b09d1

SHA256
4d9915b7e157cb0c41f15b082e5323e9ba4cb89f333fc51d70a8f4d48976ba14

SHA512
6f714bd55bddd56ea15fdd5419b2690671e71a5d1ced7ce66eb6eb9271eb79bc1116d91cb9df7ad45df4cc8aef935fbd015c8b11b2213b86b5b7619d585b3426

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage.sqlite

Filesize
4KB

MD5
11ee8ebd3b6ff72fba58687f7f2def5f

SHA1
22e7d9804ac8face78d98b964ef12096019aa3f8

SHA256
75b2bd4ac8e1d86d48e533dd04d0f1d87eb45f0c65134b369213bc58f15075bc

SHA512
7c7dc1878c8022e12220bc1e64a90c08c008f4e48448a94097ba45483dc696dec96b5cae67649f50d8c5bc1573829dd1ab479d2a1184b9fc692bcbe79a3e7fa1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
4827ec28edfaf89282ce0045c113362a

SHA1
d9acd0cc0f8a059a2027329e573384eac91be2b3

SHA256
55565534ba8beb912dcb7ce0fa4dfbe3f392e344cea298d4aa9a2b21b97d8902

SHA512
c406e35c4a518c9115cdfbb7ebccfecba4a384494c7757800f3ff25267ea074199c02244799a2fa46bead9441e1d1c3c974ef5c794e774e81adb58f2fd459f60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
3fce64c3cf23f070dbe67b544cebc92b

SHA1
84d5104a0aedcb8c73e2ce79598ae97d8190fb8e

SHA256
21679f659e81fa16d78fb675003b34c8cba5d361da34399b1938ab1a86e4590f

SHA512
8f99e44cbc39b256ae6087d962cdc1a31dc674ea3542eb48e55dbcd2ff8c3602ea8940373d8429036e86b2340e3d1cb267dee7bd97890c861601f212f6dde2b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\xulstore.json

Filesize
217B

MD5
58e240288763218d12bf235d34e5aee2

SHA1
89135494b57f590011c09668dec3b90d2c5ee9ae

SHA256
615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176

SHA512
caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
80B

MD5
81ae228891ad570edf298bcdc7577092

SHA1
dfd0ed32b628a2a42efd68a5cebc0052ebaec076

SHA256
428131323d5bd8049abf04e24e2b7308be0cf59ed4b4ef02cc2735b85afd2d80

SHA512
73e6c6b3a73a3eb26785c3416120bd9cd96b7717ce1bd352b7be52ad72cbaac7e0b3461503a77675a4b1dec7a5d5c1c93c5df08dca2758eff97908b46f415f9d

Download Submit
C:\Users\Admin\Downloads\7z2408-x64.exe

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
C:\Users\Admin\Downloads\7z2408-x64.npiO6sRE.exe.part

Filesize
15KB

MD5
6ee46b96b29ae186b44f839e07604a9d

SHA1
bc24b879d55210fe431165fc4a569b0ef5b0e03b

SHA256
4249c934233eef568a7baad65cd63785a683f34ea30d38f6cf6f13dde77c053a

SHA512
c68e6749d45fa7f06a1bd969ee8afc9bba2030b3670d2db94430c3bfe5cc6bcb5b3d15b284db56c0ea70080c6dd389d6f581df0272e4b50dd079f5239c0f8e61

Download Submit
C:\Users\Admin\Downloads\Kogamixo-Gra-20241023T175826Z-001.odC4I7aX.zip.part

Filesize
4.9MB

MD5
fab30034ea6343381755d5f5d5ff689f

SHA1
963e94200cee465506af0ebda7915eca599da9f8

SHA256
3df219d0ffb39d22892dd21cdbdbb5f55c0712e7dd05c87eba8aa9b0a96139cd

SHA512
8e773d92ecea5d642bea07e5f991f5783168aa4c091bcd0b67e5a777efd6f7d544431a1c7f2e09980d7d3172524d5ecb01ba85a2d19a1ecbf8be5ebf0af1a96e

Download Submit
C:\Users\Admin\Downloads\Kogamixo-Gra-20241023T175826Z-001\Kogamixo-Gra\Kogamixo_Data\output_log.txt

Filesize
4KB

MD5
f74b4e3ecaa75b70a351006da696b1d5

SHA1
324aa23c22e1017db72e98dfb5e6457e459cd8b5

SHA256
05d41ad8ef987d5a202e63b023bc263f306651fee6b0a92d2151938755ee0c23

SHA512
c24699e7b7d1338c05069f081f499f2c1da63ee4fdf7ed54f98ccc4dd1106722d5272a98a9c3bb0c333664b5e05569fe2c50e7bf982a644d4e172729ac72c9af

Download Submit
C:\Users\Admin\Downloads\RAR Kogamixo.loz93a45.rar.part

Filesize
5.3MB

MD5
f510aef0784fed1494fed97da047508a

SHA1
e6d4ffd2e8b22ee4928e14084b08dcb6ab5e2147

SHA256
514406374fba173970d2897c34368bc39cea2b87ae7c47d83f5fdde348efed85

SHA512
b2b9e90ab8b7046eee745d074b34b0ba9cbea9da3b0e9fd4c927897990fe51ad09ac7b94f50874ff1f6eef1264bc5c9af982d71ed087e5bc331bb978a0dbb09c

Download Submit
C:\Users\Admin\Downloads\RAR Kogamixo\Gra (Kliknij na ten folder aby wejść w folder z grą)\Kogamixo.exe

Filesize
9.6MB

MD5
c15a5f6d33da58c7e5eaa08712a348a5

SHA1
bd2b434efd3f8fe4b1991e8e2915c4eef3c79c2d

SHA256
5c838981b8023bd69fda2125f03b8c84a168aca18bed1ce420fb6aebb1395161

SHA512
5cdaf55772d3bf555b7eb48e29630d302b9f11640820556e68845359df6e2384455363f8045d761e121580140e8bd7552974f83aa66e5e3ac9724f5d7fece76e

Download Submit
C:\Users\Admin\Downloads\UnityWebPlayer64.exe

Filesize
1.1MB

MD5
91f13553199476b42f09f282dda0c3e5

SHA1
767ef4c7ade407b44e75c3dca39bdd1f3f831d6f

SHA256
1467437442a4b1449fc973e1a59658edee111b52b61a6a77b4dd31419e0c6b34

SHA512
a0065071be12b4b276c16f76de0fb5ca19bd5924a0d08ce6c45f40a574586ad1edd470b3bcd7249cf1c453ed99158d91d19809c0be9714634e9627b30d046962

Download Submit
C:\Users\Admin\Downloads\UnityWebPlayer64.sJW9PkuR.exe.part

Filesize
11KB

MD5
25027e2e175d376717ce74e3291a80fd

SHA1
3bd7eb695a1f51927c2a516e2694a99404638cef

SHA256
bc207c89240a3cd68a2f6cb6b25f6c7425737a9e5055b465b9bc43830dd87784

SHA512
cba82f0e19fdb9024b5e81902734cff5e68afc9b7e5a061e1b7dc6fce967e7f35f28635a6c8a8fce8fcf3c0fc3224d8b7a32b0563192e201af4387188fa21476

Download Submit
C:\Users\Admin\Downloads\k\Zagraj w internecie (BETA)\Kogamixo-WEBGL.html

Filesize
3KB

MD5
e7d94a9d28ea1dd2456efb8e391d63b4

SHA1
763d6fa86eefc0bca8a5e9af3bab222abe6e66f0

SHA256
9c653dfd4d178b92505db621d31377e09dce2bdfa1d91faa96ef82129e916672

SHA512
b7afb3748f16fc5bbb8f273fb9c5dcd545b5c7f5a5a968209fc5c5e7df41147f49d2cab1cefa2253f7e2a6634f1fe3801db00842e82c8d313e665b69bb9406e1

Download Submit
\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
d346530e648e15887ae88ea34c82efc9

SHA1
5644d95910852e50a4b42375bddfef05f6b3490f

SHA256
f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902

SHA512
62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

Download Submit
\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
1143c4905bba16d8cc02c6ba8f37f365

SHA1
db38ac221275acd087cf87ebad393ef7f6e04656

SHA256
e79ddfb6319dbf9bac6382035d23597dad979db5e71a605d81a61ee817c1e812

SHA512
b918ae107c179d0b96c8fb14c2d5f019cad381ba4dcdc760c918dfcd5429d1c9fb6ce23f4648823a0449cb8a842af47f25ede425a4e37a7b67eb291ce8cce894

Download Submit
\Program Files\Unity\WebPlayer64\loader-x64\UnityWebPluginAX.ocx

Filesize
206KB

MD5
2fbdac9bb315e937d2beb573f6b83188

SHA1
3d083b16ba2770251efc50b1f16744e31f25c3f8

SHA256
bb90d9de42b0a6d2780f81ce9420250db85f3d80d8f22bcd9664426aef2d2024

SHA512
f285284c49ca025c703f1bf1631035c984d8ad2656966f0a2479a856b461af7ac48af1d66ff9e63aff0fbfa84e4644d60fbc96fd8cad593f47ad6084762285db

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB290.tmp\InstallOptions.dll

Filesize
15KB

MD5
605878b664b6c4ddefd73918fc45a440

SHA1
68328d6a9ce62a668bbe12878af26c1f1d0e3f82

SHA256
7b3a3bf008489b61de83b94a63db4556cae5de80701a2e1ebdf9a025b3b631c4

SHA512
c83eea75288272c3fb72aca2486581127dc4875ee80165511c38d32d3cb7e553836249df79358fc5d0ec5d7aef183c888c2df03ea688d163984cdd919255da26

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB290.tmp\System.dll

Filesize
11KB

MD5
d0d7d2799802f7cddf8db7a2d8ae1e23

SHA1
ae8d8cfd9f1a7104036a9e8658f50f9c35c7a1c6

SHA256
828819614dc0dbfb73f22d4c3712e6369230eab92819c5d4efe75870ee109a5a

SHA512
2b5af0e34720eb2f5b0aa04b589b46fb4b4d344b5c5d23fdd382348b051ac9766ff80f6a2455ef66da78ba880e8ce41b23daf741033de7701ca3f17f1adde408

Download Submit
\Users\Admin\AppData\Local\Temp\nsgB290.tmp\UserInfo.dll

Filesize
4KB

MD5
13a689123cebd31c1d1862e05981beca

SHA1
0430094a1a0f639ba9bf5831c24f1f4330762a6d

SHA256
386933bdaf4774e88670e21abbebdeddf64b1e87b1681f85ac5b3ec1cac8dcdf

SHA512
0663148e80f4703000bbfc8ede2bcc7cad19877585a5cc46aa13a7003377d7315d33f01c1d311d38bcf5e3782e4b361510214f09a9f6537b856c5ad9bc41fdae

Download Submit
memory/1364-1190-0x0000024D97530000-0x0000024D97540000-memory.dmp

Filesize
64KB

Download
memory/1364-1224-0x0000024D94B00000-0x0000024D94B02000-memory.dmp

Filesize
8KB

Download
memory/1364-1205-0x0000024D97620000-0x0000024D97630000-memory.dmp

Filesize
64KB

Download
memory/1364-1841-0x0000024D9E5C0000-0x0000024D9E5C1000-memory.dmp

Filesize
4KB

Download
memory/1364-1840-0x0000024D9E5B0000-0x0000024D9E5B1000-memory.dmp

Filesize
4KB

Download
memory/4120-1373-0x000001E8CF9B0000-0x000001E8CF9D0000-memory.dmp

Filesize
128KB

Download
memory/4120-1368-0x000001E8CF720000-0x000001E8CF740000-memory.dmp

Filesize
128KB

Download
memory/4120-1327-0x000001E8BEE00000-0x000001E8BEF00000-memory.dmp

Filesize
1024KB

Download
memory/5036-1927-0x00007FFA89D60000-0x00007FFA89D7D000-memory.dmp

Filesize
116KB

Download
memory/5036-1925-0x00007FFA8CBD0000-0x00007FFA8CBE7000-memory.dmp

Filesize
92KB

Download
memory/5036-1922-0x00007FFA91830000-0x00007FFA91848000-memory.dmp

Filesize
96KB

Download
memory/5036-1923-0x00007FFA8EA00000-0x00007FFA8EA17000-memory.dmp

Filesize
92KB

Download
memory/5036-1924-0x00007FFA8CBF0000-0x00007FFA8CC01000-memory.dmp

Filesize
68KB

Download
memory/5036-1926-0x00007FFA8A270000-0x00007FFA8A281000-memory.dmp

Filesize
68KB

Download
memory/5036-1928-0x00007FFA7E5C0000-0x00007FFA7E5D1000-memory.dmp

Filesize
68KB

Download
memory/5036-1919-0x00007FF7E2410000-0x00007FF7E2508000-memory.dmp

Filesize
992KB

Download
memory/5036-1920-0x00007FFA8D5A0000-0x00007FFA8D5D4000-memory.dmp

Filesize
208KB

Download
memory/5056-1246-0x000001C2FD120000-0x000001C2FD122000-memory.dmp

Filesize
8KB

Download
memory/5056-1243-0x000001C2FCDA0000-0x000001C2FCDA2000-memory.dmp

Filesize
8KB

Download
memory/5056-1248-0x000001C2FD1E0000-0x000001C2FD1E2000-memory.dmp

Filesize
8KB

Download
memory/5056-1269-0x000001C2FE0D0000-0x000001C2FE0D2000-memory.dmp

Filesize
8KB

Download
memory/5056-1241-0x000001C2FD010000-0x000001C2FD110000-memory.dmp

Filesize
1024KB

Download
memory/5056-1283-0x000001C2FD680000-0x000001C2FD6A0000-memory.dmp

Filesize
128KB

Download
memory/5056-1273-0x000001C2FE110000-0x000001C2FE112000-memory.dmp

Filesize
8KB

Download
memory/5056-1282-0x000001C2FD5E0000-0x000001C2FD600000-memory.dmp

Filesize
128KB

Download
memory/5056-1275-0x000001C2FE130000-0x000001C2FE132000-memory.dmp

Filesize
8KB

Download
memory/5056-1271-0x000001C2FE0F0000-0x000001C2FE0F2000-memory.dmp

Filesize
8KB

Download
memory/5056-1240-0x000001C2FD010000-0x000001C2FD110000-memory.dmp

Filesize
1024KB

Download
memory/5300-1234-0x000001B6C9C00000-0x000001B6C9D00000-memory.dmp

Filesize
1024KB

Download