8092406cf05048ec107945fca6003da4ad4b49fa6eb299afb2ddcef35e98965a

Analysis

max time kernel
1799s
max time network
1560s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-03-18 12.40.15.png
Size

48KB
MD5

d3ca9c78c1ceb7abc7efb0e27f94a600
SHA1

1cdf1749337430b838a9d17dca96f8da6b961b30
SHA256

8092406cf05048ec107945fca6003da4ad4b49fa6eb299afb2ddcef35e98965a
SHA512

a97d3f5f8c8b8085b9bf84f929ac65eebe7b66168e31e76e352de7e91636b385ea5f3d8a36d083734cb5544eb34f48422b4c8e924d5257f7aae6b9657c1f0f97
SSDEEP

768:iiZz+EsZY3YZCOKBm9HkOPkk2KK4WOnDO39NROWj/4dZEwUAPmoxN8s8ml/ElyMi:is+EsyIIqHkOPrDOBKoojx8Xl1N+l

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\IsInstalled = "0"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Stubpath = "%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"	unregmp2.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	unregmp2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\DontAsk = "2"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,7601,17514"	unregmp2.exe

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	unregmp2.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Media Player\wmplayer.exe	unregmp2.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	POWERPNT.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt	POWERPNT.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	POWERPNT.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar	POWERPNT.EXE
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	POWERPNT.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	POWERPNT.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{A45AEC2B-549E-405F-AF3E-C6B03C4FDFBF}\ = "Toggle DMR Authorization Handler"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer	wmplayer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-wmplayer\CLSID = "{cd3afa96-b84f-48f0-9393-7edc34128127}"	wmplayer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\WMPShopMusic	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shell\Play	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{A45AEC2B-549E-405F-AF3E-C6B03C4FDFBF}	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shell\Play\NeverDefault	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\ShellEx\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shell\Play\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shell\Enqueue\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shell\Play\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shell\Play\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shell\Enqueue\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
1132	POWERPNT.EXE
1084	vlc.exe
2820	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1084	vlc.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe
Token: SeShutdownPrivilege	2152	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2152	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1132	POWERPNT.EXE
1084	vlc.exe
2820	POWERPNT.EXE
2820	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2952	2152	chrome.exe	31
PID 2152 wrote to memory of 2952	2152	chrome.exe	31
PID 2152 wrote to memory of 2952	2152	chrome.exe	31
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 1484	2152	chrome.exe	33
PID 2152 wrote to memory of 2768	2152	chrome.exe	34
PID 2152 wrote to memory of 2768	2152	chrome.exe	34
PID 2152 wrote to memory of 2768	2152	chrome.exe	34
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35
PID 2152 wrote to memory of 2788	2152	chrome.exe	35

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-03-18 12.40.15.png"
1⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6929758,0x7fef6929768,0x7fef6929778
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:2
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:1
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1492 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:2
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1352 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3692 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=896 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1884 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1316 --field-trial-handle=1324,i,15931958389651326181,15226071504269144059,131072 /prefetch:1
  2⤵
  PID:2028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1612

C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\Desktop\DisconnectUnlock.pptx"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1132
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6929758,0x7fef6929768,0x7fef6929778
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1484,i,12060896284964274380,1063697323699926896,131072 /prefetch:2
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1484,i,12060896284964274380,1063697323699926896,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1484,i,12060896284964274380,1063697323699926896,131072 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1484,i,12060896284964274380,1063697323699926896,131072 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1484,i,12060896284964274380,1063697323699926896,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1504 --field-trial-handle=1484,i,12060896284964274380,1063697323699926896,131072 /prefetch:2
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1312 --field-trial-handle=1484,i,12060896284964274380,1063697323699926896,131072 /prefetch:1
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 --field-trial-handle=1484,i,12060896284964274380,1063697323699926896,131072 /prefetch:8
  2⤵
  PID:1952

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2184
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  PID:2704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.0.696434399\1615155837" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {275eb424-ef57-4ff6-a078-098bfcb4b451} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 1300 122b8e58 gpu
    3⤵
    PID:1540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.1.1801356000\299300143" -parentBuildID 20221007134813 -prefsHandle 1480 -prefMapHandle 1476 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd502a5b-c3da-4d16-9889-7a446d009856} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 1492 f70458 socket
    3⤵
    - Checks processor information in registry
    PID:2408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.2.1602498845\2115818582" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 20868 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea2d50a7-58a0-48dc-95fe-bdef21640157} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 2084 1a366758 tab
    3⤵
    PID:1876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.3.893351418\797432001" -childID 2 -isForBrowser -prefsHandle 2556 -prefMapHandle 2412 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a6836c9-83f0-4911-9d88-923d9b2a1a4b} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 2532 16db5c58 tab
    3⤵
    PID:1784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.4.1254080668\836703878" -childID 3 -isForBrowser -prefsHandle 2848 -prefMapHandle 2688 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db8f2fce-23be-47d3-bd9c-6c4c7c0ac403} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 2860 1be3e558 tab
    3⤵
    PID:1840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.5.673167928\1987151888" -childID 4 -isForBrowser -prefsHandle 3700 -prefMapHandle 3704 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc852ee1-0076-4666-9e5b-7ef24409f118} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 3712 1eabc558 tab
    3⤵
    PID:2724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.6.1469501034\778691916" -childID 5 -isForBrowser -prefsHandle 3820 -prefMapHandle 3824 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed5ebd4f-34a3-4b60-a76d-3b08ba65175a} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 3808 1d89cc58 tab
    3⤵
    PID:1488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.7.1967360660\1512518442" -childID 6 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {589a9a75-8e98-4762-91b1-9026d34d29c7} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 3996 1eab9e58 tab
    3⤵
    PID:2268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2704.8.1473898913\1590381511" -childID 7 -isForBrowser -prefsHandle 4332 -prefMapHandle 4328 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 868 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a77e78e-c810-4002-8c18-2712d422d21a} 2704 "\\.\pipe\gecko-crash-server-pipe.2704" 4344 2203b858 tab
    3⤵
    PID:916

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\LimitSkip.mpg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2e0
1⤵
PID:2280

C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\Desktop\SendConvertTo.pptx"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
PID:2492
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
  2⤵
  PID:1156
- - C:\Windows\SysWOW64\unregmp2.exe
    C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
    3⤵
    PID:760
  - - C:\Windows\system32\unregmp2.exe
      "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
      4⤵
      Modifies Installed Components in the registry
      Drops desktop.ini file(s)
      Drops file in Program Files directory
      Modifies registry class
      PID:1840
- - C:\Windows\SysWOW64\unregmp2.exe
    "C:\Windows\system32\unregmp2.exe" /PerformIndivIfNeeded
    3⤵
    PID:2000
  - - C:\Windows\system32\unregmp2.exe
      "C:\Windows\SysNative\unregmp2.exe" /PerformIndivIfNeeded /REENTRANT
      4⤵
      PID:304
- - C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /Play C:\Users\Admin\Desktop\CloseSwitch.midi
    3⤵
    - Drops desktop.ini file(s)
    - Enumerates connected drives
    - Modifies registry class
    PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5e233654-7d13-44f4-a559-530e2bf6d373.tmp

Filesize
134KB

MD5
8bf0eb217194609775d0356bdddd3777

SHA1
dfa2cf21a4f1e8b47e41b998d5c0e9d15c182fc1

SHA256
7ddb5c194343f08e2ffd319ff8348cb68c80927fe5b507fcbd7f2a1f380d2a24

SHA512
fcf5aaa2ceba870a6855c58e382353ad600c1ac4e85b57d5b350488b00771b5168763c799b6a140721d2e67fc08434108697806d5b8e6dce3fd565da3a4d8653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7da39d27-8831-4dc5-acf6-5094a36e3a6b.tmp

Filesize
260KB

MD5
cde7bc15372f00cd47ef30eb1202d032

SHA1
119aebeac95e1f63460bc1353e080e6d417c6406

SHA256
77759e3e8e56764f138689d05c6d4f113004333ff091e2ed3c56f57228e2c004

SHA512
2db51504632cf98639695f3ba656d47a7fef016a913ee22b3accefad7d474e6771bedf859bdfaa2f351473304063106b04f2536bfcf57577ad0b7ae070981e87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
89f4922a7587a9f92f626d7868051285

SHA1
9419dc4f12c1cafefe5a1a12997cd4c0ae5d6702

SHA256
16d4c209625f423200c0a930685ec659bdc58c7e5c7848d0008979311b945ce7

SHA512
009d7b6d168824bb8c8c15f256502673af694fec8b7fd3761567bddcb0c40500d77de42c13313fa33e7848d8380d097cdc4c14dd21e71023572de5508127f9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
110553e4deb4d43dbbd9dec192a9e6f3

SHA1
830dbaec222ddae861f8eed2960e5cae7b5487c1

SHA256
2c490d4a5f4b1392692c71fc5232fb5e3a58fca68fab7a7e670ba22ff17d2908

SHA512
b5900e736c69ed3b138c0af0b768066bd572e10bcbc8720377ee38cf32539c5ff8a9c75cec9c3ef00846aa6ff5957ab1eab00a339b4fef26346f653c31f68f4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e25e21ff5a688ea039a23280be638def

SHA1
34426d5e8cb5bfbce949ed91b157d76f49e6fcbe

SHA256
c708951c316578c30ede86b93975858d6b956171edeeb2dcbfdb82374dbe2ea5

SHA512
cec1555c0fbf92dcdaf5285089d0d67a68138950e6683bfc1ce0266c310d21ca194b6ecf3c8711f1819185b2c38cba8a5e8aaa45eea7d9324a72c2d761708164

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1f72222c20138d979041d4f529da4cfd

SHA1
348bd9fc3255b72ded977f3cb5052cacdd0ddc07

SHA256
7eef2459df5f6384976c9cf632ffd319d5f555f60153ae20c3195f264ae0f251

SHA512
74f5e8098c28f363c0ebef6dbc9b5f21d4c9dfaebc5378caa6531cd8d2fd3736c3cc328c8beb98da0d0f3d3eea8aed75f574e7b96ce9b3955b7961d9e0285b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
4022da585e3bf9de688dea3ef09fbce8

SHA1
f0188aaddae7e93bd697f62e831692a26bef4a30

SHA256
2ea4dc56de9121f11aea22c9511f17a603f15b520f1772c9a25d0bca7f90f511

SHA512
1975427a462c72ee305a60d96cc1eaca5b110048f91d5b5d463dd548c1c62a1a8069cc143ec190b1baa8c9aeb263058680b05c56339c0738a8c943504153443c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
cdf68d4d550d474e6060dd07a818faf9

SHA1
dce3015b68e90c16fb8df0897dc5affaf88c63dd

SHA256
0c2d48173f100103548fad57179311839a10d430255d8f336c0fe40802431e08

SHA512
2cf7ac701211afc0529278899359ae1732590daa9ea3caac75a8eb8b7b12e9958c0ce7d977d521718aa13e2330d54b5b28d11fdd0841eeff01324d9161b469ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000007

Filesize
50B

MD5
1be22f40a06c4e7348f4e7eaf40634a9

SHA1
8205ec74cd32ef63b1cc274181a74b95eedf86df

SHA256
45a28788cde0d2a0232d19c391eae45777fe640790ac0674d6daa5672c444691

SHA512
b8f6f42d375e3ad8015d744fa2814994fa6e588b41cce0131fca48194dd40146b08169a8ce0da350525ff32a59a16edb503c72e0f07254955c82a0d38074856e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
6274a90395d5e8596ff867ee386e7a66

SHA1
cc1ebec66e07b36e49db212225fcf6b1325a5927

SHA256
a9bf77f2b03ca34280b41acb632c5b26dbd1e773e2c28d643623ca0c1949c941

SHA512
8f9c8c070a6492f55fdde26e9eec1afe856e593c035b2fa846181d52ac7f77af2eb74e1265d7f3b258894ba883c93a6ddfda5a6d3184b60022a35abaaad65fc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
c694f1305a6994f64be65af7acebdbbe

SHA1
b99e8f586e370b938383d1660eff88c23fa93b78

SHA256
5bcad74730ed5b84eb5f0d956679e584d2c12f6715118d7939300fb47516de5a

SHA512
f0bbb388d63c775ac2cca87a9be9ea9d89ea2bdef80e0131145d2b31e4aa6f09411962f35e2d4292e46a013cfee57eb2f12deb04e4798054843b1954fc53809e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000007.log

Filesize
338B

MD5
274a513d7667f85556ab0b445cd5e9df

SHA1
7b4ce341489ce745c4df8e189e7b15ea8335a3d4

SHA256
a2bef12791110797fc2da079c61561cdd4b5ed4ef931142853b7bdbc1b0f2c7f

SHA512
4522bb2dd4f180d6c8199729be71dbce3d753e12486a7852c6ffc4ac319d18ab04cb67d2c4cc541802bf4e02431d0ef69bcb2a6b63fdac835a8c981ac3293bff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
904e093c79d4739a06f6cb4d470f91dd

SHA1
064a94cb25b7675a74ef1741dc4022535cc391b1

SHA256
40e6c57262ee64d34f6ca78469a050e088528ecae10480fdd2fc3d3ff3367e30

SHA512
4275b4e77060c794c5bb98e084ddb809b86bb59b4b09baea70600a16da22fab1dab2fc3019251450f14b9042342d3e779efb741b0fb759514e6eba27cdb63abe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000006

Filesize
50B

MD5
78c55e45e9d1dc2e44283cf45c66728a

SHA1
88e234d9f7a513c4806845ce5c07e0016cf13352

SHA256
7b69a2bee12703825dc20e7d07292125180b86685d2d1b9fd097df76fc6791ec

SHA512
f2ad4594024871286b98a94223b8e7155c7934ef4ebb55f25a4a485a059f75b572d21bc96e9b48ed394be8a41fe0208f7bfb6e28a79d75640c5b684f0c848fe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
70a61686d472344d9903a5a9fa5822f3

SHA1
ca992f4b4d7f79eb26202d0dfe1a8056236bdb04

SHA256
e34d302b666c74bd17ea6d0f4b8b2ada8b8a89f8af756e00f252bc3aeaddfe79

SHA512
b1d785c996e077fedcf890ad5f16442178126758d82ec9a0bd72d4597758e32c833690d219dc75fcda430f2f37c7275d8c1bca4cab4c0f1f50608dbe24437d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ebba3e94b1f7a360796e964cf44cbd11

SHA1
d4b60433e3ab96cc86801f5578e94e51501a616e

SHA256
783287b19498b3306f88dd177bcecb6aab4e5adebb0c72c45c640336d474d6a7

SHA512
724dcf469b9c8732635fefa3e79e8ec4817bbfdc194a99134eda1a78cc212d8f4a0758c75b5f6fcea4f1326571a32afc35202c51fb6568590932c0fb8335b674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
c358b35e1d55ff3aa17652cba7958266

SHA1
e65028d355caf0123d5580803d6325cde951a82f

SHA256
7348d611d2ebd40fcbcd7bdd5705a48a49e265dd0071713d741cd27c14478731

SHA512
86fbfc0f2a0a6819102728fd6460d07df1b74db0916ba4fd05060e75e4bd018535f2b392469e819683da9cee090c295be2dada75195edb4221eb622549f164d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
7a040de5150f9052e6ccecc019b87b7c

SHA1
d00b665fe9a9015e9730e2283c8b1c0fc16da413

SHA256
126ddc8891d2f4de7566f9d62930cc9fc9e4a42985e93118b4f2ff38e5eda263

SHA512
7191b1ebdb5af955522278014e6682684ed23e3f030d3c14068a4a0b99258acaaf61d5eb543256c94adefe0564f61fa859a0b8c642e8995abc34d22761f60bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
622af4d1ed2c660eb661d0436365d4a1

SHA1
6afaa442ca1af182dcad0af1547c583dd4190bd9

SHA256
89e09772c3a1fcd8b97c576598f95a3196280720b62a7e457a51cd854420b1b6

SHA512
8291fcddeecbeff8b2a76aa20ea28bef9ba9ad0cee2df8b65f9a3ffafe66628a1946199f4cd419b460c5fff87e123de95def37ea9aef0bf36a3b611bf0cdf658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1e084d327236a4ea40b08bb16c0cfed1

SHA1
1a29ae0286ac509acbd3ddb45139a3a152d0b603

SHA256
9d20bb8b7fed013d4eccb0adb6dc527f692d4bb3f1335714c95b6ab27d36f131

SHA512
cc5bf8f9dd57cc780ed0781d7c6b228f8410cc56b914db8999780b7706b6f67e5802359ceda44c67bbe297f79a6952089049404bd34e2831e8911913929c07f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
c84fbf33e47a2f3bf0e17cf327f5677a

SHA1
b258452e0da000fabc098798765404b93baaecc9

SHA256
6171285139d5a118121d4f0ecc7db61831773ae0917b92a1238d098b38a811a1

SHA512
455dc53f9e4b65ddaf27befe68485fd7ebdaccb3edc37d01a32ca5f066caba9fb3bc0679dfc26740e3a4767edd6e4c8f782ae4eb419c1ce286482cd58019c23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d9c37aa0df8de8772cc2ed3b629d7848

SHA1
9f4dc7fba8517b3c02571d69e10fd53ade463222

SHA256
6f77326342aa59a8f3fb6fbe371cd278d17ad4498b23debe0a45256c089bc09b

SHA512
13d128f03072c861b71796449a84893b02364f49151a2fa0b5cef1f3e03e135052fecfb904e9d7317d319235cc11d3651bb34c291907843e6187b234416aceb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a6663608e4526205bd7a7a34ade27c03

SHA1
3499cfd365c12e0e97524f590317c7b239593501

SHA256
43c83514b71ab8e364ef35c936f7a9a9e61a9917a8d74934db51943d0e7c407c

SHA512
ff54c13b28e7d7b0d2bcecf38374f4a8d9acc43a55d6154dca796146f7969225c9336e8a57c84f666a0e2bd1f7a91a5952092a60ffe65a0f92f30774a4e4e583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5e4a83ceb48a85fe8891608c5bb48214

SHA1
6ad0128521631f2ae94717f2ff27c4155227825e

SHA256
dc6b4dd7cdeab80b6a206fcf7c9330b8a04d77ad1b3fd05b687769c97b1b44d5

SHA512
688153a55ed6a8fea1c746cf3e8d202cc98c04c1295ed586181754d21201b1038526c1948e1d34757ebf9a1df5ec8bfda708f88c7f46dbb2bb9d1f4c6330d5bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2167764e72cef68be577ba729f89d7dc

SHA1
335e75b15d437b596734e2e360fc9c8f1bcee21e

SHA256
bfefe9ec109e8a93afb1b0b96c3998dc818aef4d0c6c72ba4eb2cf004111d2b0

SHA512
576eeea822fb77f650e74f3fefa043b779c41afd10750cefde28d448e3591222380dadb1001576cc1ecb8e1227014e67a0d3a0e1846cf9f93391481471e57aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000009.log

Filesize
1KB

MD5
3bbfb896e93bdfcef0e5c53d7bcf3dbf

SHA1
f5fa5c1594998346666be44313c8ceee065875d9

SHA256
fad3d251937dda77ffad4486820fdd56d3f483cb7b70145449bd8da4cc61c50f

SHA512
1f63894a8a0c0d666326e857b3e7611e95b75f5d9cf13c53b7759b208a148f26e2313d71929abd24b1d99ea82c85cdc48d38e672642482ae4c58d4da849992e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
4c4a144d6d45a8c178f0ceab20f7af95

SHA1
9a5527dcc452213b5f32f0973d26a38564cf2347

SHA256
2e89a8cb9418d1b490e9b4c55985e0394e7a1d781da58c61431f7931ec9c8bb8

SHA512
5cd408de435fa675788a93c918fb8b1c99098fb71a22b74e64a22418df61684a0c1e70483bdb8496b9bc2fd3a5d59472bb0a4eccb0c6a80b783bfea50828eaf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13355318431978000

Filesize
6KB

MD5
eb55809c149636fe899598d9424f69c0

SHA1
e5e2b8dc48884b62523ad8585d698ef03aae0a9f

SHA256
12a04e9c2c84e5de9e9af86dd3aae42d715f91269cf5ccb6afebf3e6bd6994e1

SHA512
0eb8099426454b4d652aebb13c316d1ed3578149ed3d8cd2092a8a7d7356c7ec1bb76254d677b00bb644ec1d0cc860cf08af6d020a90d2225677333718b7748a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000008.log

Filesize
144B

MD5
1db5e41b614c7f0bee54720dc821726e

SHA1
86d546044b24cc312be439d4f86eb4f778af9323

SHA256
4e2ad5339232ab102ae7a86bba36607269f1b8c968726b6a3285485dfcdcdd78

SHA512
38ca1f8aefa5a1efbb01d1d0c141a7caab65bb213947b314a6fa3252b7a5ea4f4de4a9e464937dd61f0b87337f76610b3d478d6b06af080c8a6e50141effe3c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
9dbc91750f64f463588287989074284b

SHA1
9d2b90991178bf91462670ec04e769666181362e

SHA256
40fe9844c22c643b289e2c5e79022daa270e02cb456e40106bcb0e02804cc170

SHA512
237b49bd9c953c25ea0d0a37687236cca229d6b31dcddedb0a535f0463897012ad7f2327b9105bba81be64523b1439c8f2755930577e9ac8c332f0e6559dc395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
fe7ac6296a783949264d5abc8d69b443

SHA1
32bca04fb95f953deb38e3bc05c0314362420b76

SHA256
ee1ac8b2768e40583cad98e8edc274ec882384c4776b3fa07b75a6070d0b6ce2

SHA512
e4f55e14469880ba92bbb61d3708d3489f56f195d0a21938c9ab14588a29172258849c84b72d3405665889f88a55dadeba6c5a02b211c44c9ded24feb76ddbfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
a7dc3940a6f56f935cda88488c83b76b

SHA1
f14645deb8988f01eef5f1316f48b33f307a8172

SHA256
40de07e3e0e5ee8ad6f560960012069f1cbc0519f03d1327c12893fd923d16ce

SHA512
24b5c16483a958b3dd5cebb789b9da0efe65ee30aa092307d81e6003d0cbb938fc1532e2b641bfe4c1f385e4445aa43dfbafb52795f311c641bcf24ebe04cce6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
93402ee3505b706cb4a125534dd8d2c4

SHA1
2d2c27918492101c4296b969d7b3553f3e1e24d3

SHA256
8137d93729f30f041436cb3068da8a74a0b2b3e7274ab90ba3c11ccc2e85a2f4

SHA512
2b674f856e3b90d9740135fb4c226f306dc0ddb24eed4c78ec104c8df203f96bd0a21ddff03bc391cda54fae004e65c124a6d971a70350e19bcd6a5ffbf3e581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
03d881fc5a4ab4013bd1b30988abb179

SHA1
9ad861569715575d7b676e5683b14dd3cffec304

SHA256
5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8

SHA512
29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
f173b65d2a08a731625c5774e192b576

SHA1
ee390a03678ca4354a493c8afac1b6dcef13173a

SHA256
9ad4ba1f82404f5e2ac5ff91b925e8d49cbe5a85b9e0c52c0cddff3b76e796a0

SHA512
48bf93732c844c59290b06d45a5f34a17fff0d238e3ba3fb09bc4610165b5eea9c4d39812baf384e432696d7d0cd9ce9476984c3b06bfd007bf84c365a8c977b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
92KB

MD5
727de7c24ecbc1d5e1d70f4324686bde

SHA1
8d6a72886422a5d9845bb3016e023fd2b034ebb1

SHA256
5f7a8a6d53ca58d5ce8c9800f68e19064dc4729e18c4551619ac18b9cada1c57

SHA512
59bc6b224d05d64984cc66d4046a51c3592251835cc09db9a8160f21843f0407f78b921b48b7e864462c48ca1c4909a77d75d4d7a7978ad80afe0c972dbce19d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
485B

MD5
60921bb85b827d5acefd124579fabb2b

SHA1
88fad54ac7f80e1776867a392c8f115a375fe5f3

SHA256
7e768bfbbd844a1cec8c3a93e464dd7203cccf31b6e44f271e46c34293294d3d

SHA512
529ecf55f67fd18a22c11fdbdea515baee0f3b80fd422d8c9e900aac9a9c8cc3bf7876b9f1bdbcfbe7747a0db58f7783a21fc404a5d90c3cf7010c6093b12c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
190B

MD5
a6d065d2773959dbbb48f0270e8babd7

SHA1
ecf7034b7ba61e70eb268d677041fc550003a134

SHA256
5d849d78540f2f1a3ed8636c75241036f6314ea0a86031aa0883f0a99e7cb787

SHA512
278fcc9427fab921b0e6438707c1bc1455a2dd8ccf2ee7e3f045c4ce6857df41f983244e50aa4b5a4e9c9c632a07ef291aebd1ac9b444613c4cfe81e18f20c9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
b0f0400979c88e6e32b611ae09ea5d8e

SHA1
0b64ff0a69095b7ebada0282d271596f20e6d401

SHA256
979fa8f7f7f5e26a60178d69792740a9f0b812c071fcf44989892263be30bdb9

SHA512
e8353685322ab6a452a620ba43cf4dd22c8a706542ff17d86c0063f68caaaeb2cba850c4c25b2f3c33182400a07d5fff20a0f2b3f9b819047a90ff05951b5789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
1c0c23649f958fa25b0407c289db12da

SHA1
5f6b10cd5a39fe8c30353bcf4cd4e4a60ef35574

SHA256
d5134b804a775cfb79c6166d15b5721d38ffc2da11948a6c1263595d6c2941cf

SHA512
b691e882018833a108bd286bc76c55a140d00d5a266617a3a381af1ceff01aefaef17acef29d14dec931d7051455726cde8974cd04cc07302f1c3cc452fe2f52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
318B

MD5
344c5d36023f40a0ebc6bc3b19928f60

SHA1
37e06a37f939f6e7d39c76fb99fbbbde4b34bb7c

SHA256
d06ef78df825929e27d07a790bcd833e66b2faab89e9ee18e7c615fef77ff286

SHA512
c55d1727c1ef123d5d5c64c22d9a95d761c8b57bee4d73a72860b086960e9485614998f411dc3e9ceb13527472ba0244f1d619880e05e543c36618c11cb2f1aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
fe62c64b5b3d092170445d5f5230524e

SHA1
0e27b930da78fce26933c18129430816827b66d3

SHA256
1e1a9ca70503efd8c607f9bc7131f08aba0476d75f2586dadb4da5485a5315d4

SHA512
924daccfbfb0c0464b4c5fd769e01a8f2e96fe28b635aa27ab4cd91766b05b03bbf941af14c017436107673f01bad815ce1fac2a649e745c76b3c736994b4fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
af870736b73d9b8a2492f80d554a9e30

SHA1
c538720e30a3de17d4005bcd1341b1f2b29f26c8

SHA256
0d468eb393ecf080f1d4492ef492682ef18add887dde8c17e338a9306ac24e9d

SHA512
0e7e23622843a88ccc81333322f8500231ade2fb19324241aff5bc52668652e79a3783f65e56098704288d5b59406c56c393cd197148b9087be5f4a4fdc68dd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
4f194166d4f80d68f6b5ed2bcdd28fb9

SHA1
72615ba026f084ea1da8207674410b2148c803a7

SHA256
433547727beb4ef62256196909c5d240a4a13274040b77a748f0c129658963a4

SHA512
afad121054c02f6270978ae9cd5d054ce9413c53f1bea5829b688e3a5df537f886765ef56519675d887a32863d221cb3fc2f772b649da261f39f24247e40a48b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
f1f995b6566547c05d9ce7c079fa2f5c

SHA1
96372bd9f33a42959d868b92daa8b8b578b4a103

SHA256
762a04c8bbf13d8f4ddf4bef2e202b65a85a4b4251531a4c04decda9091ccc6b

SHA512
e4d6864cc4324615950c44668bbb19837f370ab932aeedc7dc462738c38e5a9a57f668335568504b4c7c08df1d6f82833ff73b6d14fc13e39a4e2b52cc52abe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
7e53c576ce388e6337ce98c4b7409805

SHA1
6a3210b3ace28f978453d509f7141b99d60ddf33

SHA256
9f675e36d3adf427027ef10206f0f441dd9af033d909ab110c39ada0070434f6

SHA512
fc39ad89a8089f0667730b2c60db0f8538a029b5404ec0c1983ab1945b9963a81b0056f72d41dbb1688dcf0d1cbbffd4989588c6ae2ee84fd8d92eff9daa75f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
47648834ab674f96689da5866acd0c03

SHA1
ee0f27442ac54984ff351a50510e48263f007a10

SHA256
55745a9c52868c262259ba940165a76fc431d8f52a19578ea6915da34ecb096c

SHA512
8ddb2d0f68c1a82ad45a5887036d7dcc57d173a18596b1888e9a3af007dcc979f1d65181d06537cfb207d15af177a670eba23687716efc52ccf719a122dbc4fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp76078.WMC\allservices.xml

Filesize
546B

MD5
df03e65b8e082f24dab09c57bc9c6241

SHA1
6b0dacbf38744c9a381830e6a5dc4c71bd7cedbf

SHA256
155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba

SHA512
ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp78543.WMC\serviceinfo.xml

Filesize
523B

MD5
d58da90d6dc51f97cb84dfbffe2b2300

SHA1
5f86b06b992a3146cb698a99932ead57a5ec4666

SHA256
93acdb79543d9248ca3fca661f3ac287e6004e4b3dafd79d4c4070794ffbf2ad

SHA512
7f1e95e5aa4c8a0e4c967135c78f22f4505f2a48bbc619924d0096bf4a94d469389b9e8488c12edacfba819517b8376546687d1145660ad1f49d8c20a744e636

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
a74a66a8dfa178abf17207493a213757

SHA1
e6d07989d748c01daf58f1f474482b845ce302c5

SHA256
f1af11a7713b428fc0a462a1bb606014e13349188ed809876d57006e3ee4f37e

SHA512
46d9fe748ec8c58dcd8de98ae784e1341e6a11132d8abd9bb30b823efb46347ff1d79ddbf759e572378c9c92ebf08dcccf3c9534f6810d1f1de0e2e2ec252f5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\ae085a46-cc23-498c-805c-c1bc99279d02

Filesize
745B

MD5
a051e4510d2df01a777f690ced9dd29f

SHA1
b2cd2443e5d7849ca9afdfd626ece569910418f9

SHA256
5c67268da002ceebe85af92cdb65edb60e59753a70d10087ab9770b775362e51

SHA512
64ec921466cc217dd83fb2b30dd012a42c2c865023e1f0d396d5c5bb925d0f9d16aa7ae31cad3a8116911c973c07e99ecca7fade0a9bd002b4656b5c2479db2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\affdfc05-0f0a-4d08-93b9-e197346419eb

Filesize
10KB

MD5
186d643cce9a06acbb13bfd3be1cb0e4

SHA1
b2572d4376e31f145f377c44fafa2ed223b61f7a

SHA256
9d3d061c29e50bca3acb333047d432f4b1f0ae500e6c0c00791ddc00c2922f6b

SHA512
5a9979b281a5fbeb911ba1b64a533775621c6d6b9c516173e098156053b0ee86557fc2230ca864ef542cc2eb89850df5f8afea3505cb10113f74beaa0a98290a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
6KB

MD5
26c6f95de61348a1b96d222c5831904f

SHA1
84e8d2646cb38052b4717cfe31e4595198e635c4

SHA256
5ebc17548f7f728cb86d0dc49878202671e4439eaa33b54165c65222b1cdd674

SHA512
188a46e4ddb0c2680487bdcad577d6930f281b73a6b73dedf5986dfe0d45720855cafa7781adf9d0f8a5e1de990e68598232ba7edcaee0ae2e247e0a7b8d9761

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs.js

Filesize
6KB

MD5
3551e362ecd04856a1ecdcf1de627471

SHA1
2954bc01a772090a1d544a3631bfbf832940a0fb

SHA256
060424d9f71e560dce3ca1387429fba96fb6f97372160784ad3877a06f3b2fa8

SHA512
5258ce48ffae6f292ec5b291331d4a5aaec99f4f108d255254375597f7c7afadb2a11d43637d21c4d9e0e5639df472fa5996eb5efb903d1cabaf7eff72daa1a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e42acbcbf9febc3b1f3eef2a8e7774f8

SHA1
69396c0a4ed03fe9a7ee4f26f4ea5f24a97ade32

SHA256
2d773e7ea9d31425b259d4ecfecd143db33d401a30dd6167635a95cdc891318c

SHA512
1dc51b72d1485bf1f556d25d15d831da23aaa8cc1d443ca36d407d8d959f4630c18a88f1e4f3910d0e7cb7b0dab3734ab03c1fead546336c967b78c6ff7f8f92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
459cef266cc4fc941e01e61d8e9a0c69

SHA1
f2b1c012d67a4ea5254f9229d6cbd9db046df3aa

SHA256
8e2dc8937eaeca93302cd3bc69d94f5ec92efe94b33b40fbd82ded2e15a44f7e

SHA512
062b831c766a6a039dfd1c960d000493baf4762ea4416d4a5321c67928973473651049b82bb00ddda26cd649318654af83fce6502d5016500925334e0fd32024

Download Submit
C:\Users\Public\Music\Sample Music\Folder.jpg

Filesize
22KB

MD5
35e787587cd3fa8ed360036c9fca3df2

SHA1
84c76a25c6fe336f6559c033917a4c327279886d

SHA256
98c49a68ee578e10947209ebc17c0ad188ed39c7d0c91a2b505f317259c0c9b2

SHA512
aeec3eed5a52670f4cc35935005bb04bb435964a1975e489b8e101adfbce278142fd1a6c475860b7ccb414afe5e24613361a66d92f457937de9b21a7a112e1f9

Download Submit
memory/304-962-0x000007FEF4C30000-0x000007FEF4D01000-memory.dmp

Filesize
836KB

Download
memory/304-963-0x000007FEF4D10000-0x000007FEF4E38000-memory.dmp

Filesize
1.2MB

Download
memory/304-950-0x000007FEF4C30000-0x000007FEF4D01000-memory.dmp

Filesize
836KB

Download
memory/304-945-0x000007FEF5C50000-0x000007FEF5D12000-memory.dmp

Filesize
776KB

Download
memory/304-961-0x000007FEF5C50000-0x000007FEF5D12000-memory.dmp

Filesize
776KB

Download
memory/304-949-0x000007FEF4D10000-0x000007FEF4E38000-memory.dmp

Filesize
1.2MB

Download
memory/1084-782-0x000007FEF5650000-0x000007FEF5850000-memory.dmp

Filesize
2.0MB

Download
memory/1084-819-0x000007FEF4BF0000-0x000007FEF4C51000-memory.dmp

Filesize
388KB

Download
memory/1084-778-0x000007FEF63E0000-0x000007FEF63F7000-memory.dmp

Filesize
92KB

Download
memory/1084-779-0x000007FEF63C0000-0x000007FEF63D1000-memory.dmp

Filesize
68KB

Download
memory/1084-780-0x000007FEF63A0000-0x000007FEF63BD000-memory.dmp

Filesize
116KB

Download
memory/1084-781-0x000007FEF6380000-0x000007FEF6391000-memory.dmp

Filesize
68KB

Download
memory/1084-776-0x000007FEF6790000-0x000007FEF67A7000-memory.dmp

Filesize
92KB

Download
memory/1084-783-0x000007FEF62F0000-0x000007FEF632F000-memory.dmp

Filesize
252KB

Download
memory/1084-784-0x000007FEF34A0000-0x000007FEF454B000-memory.dmp

Filesize
16.7MB

Download
memory/1084-785-0x000007FEF62C0000-0x000007FEF62E1000-memory.dmp

Filesize
132KB

Download
memory/1084-786-0x000007FEF62A0000-0x000007FEF62B8000-memory.dmp

Filesize
96KB

Download
memory/1084-787-0x000007FEF6280000-0x000007FEF6291000-memory.dmp

Filesize
68KB

Download
memory/1084-788-0x000007FEF6260000-0x000007FEF6271000-memory.dmp

Filesize
68KB

Download
memory/1084-789-0x000007FEF6240000-0x000007FEF6251000-memory.dmp

Filesize
68KB

Download
memory/1084-790-0x000007FEF6220000-0x000007FEF623B000-memory.dmp

Filesize
108KB

Download
memory/1084-791-0x000007FEF5E90000-0x000007FEF5EA1000-memory.dmp

Filesize
68KB

Download
memory/1084-792-0x000007FEF5E70000-0x000007FEF5E88000-memory.dmp

Filesize
96KB

Download
memory/1084-793-0x000007FEF5E40000-0x000007FEF5E70000-memory.dmp

Filesize
192KB

Download
memory/1084-794-0x000007FEF5DD0000-0x000007FEF5E37000-memory.dmp

Filesize
412KB

Download
memory/1084-795-0x000007FEF5D60000-0x000007FEF5DCF000-memory.dmp

Filesize
444KB

Download
memory/1084-796-0x000007FEF5D40000-0x000007FEF5D51000-memory.dmp

Filesize
68KB

Download
memory/1084-797-0x000007FEF55F0000-0x000007FEF5646000-memory.dmp

Filesize
344KB

Download
memory/1084-798-0x000007FEF5D10000-0x000007FEF5D38000-memory.dmp

Filesize
160KB

Download
memory/1084-799-0x000007FEF55C0000-0x000007FEF55E4000-memory.dmp

Filesize
144KB

Download
memory/1084-801-0x000007FEF5570000-0x000007FEF5593000-memory.dmp

Filesize
140KB

Download
memory/1084-800-0x000007FEF55A0000-0x000007FEF55B7000-memory.dmp

Filesize
92KB

Download
memory/1084-802-0x000007FEF5550000-0x000007FEF5561000-memory.dmp

Filesize
68KB

Download
memory/1084-803-0x000007FEF5530000-0x000007FEF5542000-memory.dmp

Filesize
72KB

Download
memory/1084-804-0x000007FEF5500000-0x000007FEF5521000-memory.dmp

Filesize
132KB

Download
memory/1084-805-0x000007FEF54E0000-0x000007FEF54F3000-memory.dmp

Filesize
76KB

Download
memory/1084-806-0x000007FEF54C0000-0x000007FEF54D2000-memory.dmp

Filesize
72KB

Download
memory/1084-808-0x000007FEF5350000-0x000007FEF537C000-memory.dmp

Filesize
176KB

Download
memory/1084-807-0x000007FEF5380000-0x000007FEF54BB000-memory.dmp

Filesize
1.2MB

Download
memory/1084-809-0x000007FEF5190000-0x000007FEF5342000-memory.dmp

Filesize
1.7MB

Download
memory/1084-810-0x000007FEF5130000-0x000007FEF518C000-memory.dmp

Filesize
368KB

Download
memory/1084-811-0x000007FEF5110000-0x000007FEF5121000-memory.dmp

Filesize
68KB

Download
memory/1084-813-0x000007FEF5050000-0x000007FEF5062000-memory.dmp

Filesize
72KB

Download
memory/1084-812-0x000007FEF5070000-0x000007FEF5107000-memory.dmp

Filesize
604KB

Download
memory/1084-814-0x000007FEF4E10000-0x000007FEF5041000-memory.dmp

Filesize
2.2MB

Download
memory/1084-815-0x000007FEF4CF0000-0x000007FEF4E02000-memory.dmp

Filesize
1.1MB

Download
memory/1084-816-0x000007FEF4CB0000-0x000007FEF4CE5000-memory.dmp

Filesize
212KB

Download
memory/1084-817-0x000007FEF4C80000-0x000007FEF4CA5000-memory.dmp

Filesize
148KB

Download
memory/1084-818-0x000007FEF4C60000-0x000007FEF4C71000-memory.dmp

Filesize
68KB

Download
memory/1084-777-0x000007FEF6400000-0x000007FEF6411000-memory.dmp

Filesize
68KB

Download
memory/1084-820-0x000007FEF4BD0000-0x000007FEF4BE1000-memory.dmp

Filesize
68KB

Download
memory/1084-822-0x000007FEF4B90000-0x000007FEF4BA3000-memory.dmp

Filesize
76KB

Download
memory/1084-821-0x000007FEF4BB0000-0x000007FEF4BC2000-memory.dmp

Filesize
72KB

Download
memory/1084-823-0x000007FEF4AF0000-0x000007FEF4B8F000-memory.dmp

Filesize
636KB

Download
memory/1084-824-0x000007FEF4AD0000-0x000007FEF4AE1000-memory.dmp

Filesize
68KB

Download
memory/1084-825-0x000007FEF49C0000-0x000007FEF4AC2000-memory.dmp

Filesize
1.0MB

Download
memory/1084-826-0x000007FEF49A0000-0x000007FEF49B1000-memory.dmp

Filesize
68KB

Download
memory/1084-827-0x000007FEF4980000-0x000007FEF4991000-memory.dmp

Filesize
68KB

Download
memory/1084-828-0x000007FEF4960000-0x000007FEF4971000-memory.dmp

Filesize
68KB

Download
memory/1084-829-0x000007FEF4940000-0x000007FEF4952000-memory.dmp

Filesize
72KB

Download
memory/1084-830-0x000007FEF4920000-0x000007FEF4938000-memory.dmp

Filesize
96KB

Download
memory/1084-831-0x000007FEF4900000-0x000007FEF4916000-memory.dmp

Filesize
88KB

Download
memory/1084-833-0x000007FEF48B0000-0x000007FEF48C2000-memory.dmp

Filesize
72KB

Download
memory/1084-832-0x000007FEF48D0000-0x000007FEF48F9000-memory.dmp

Filesize
164KB

Download
memory/1084-772-0x000000013F0C0000-0x000000013F1B8000-memory.dmp

Filesize
992KB

Download
memory/1084-773-0x000007FEF6550000-0x000007FEF6584000-memory.dmp

Filesize
208KB

Download
memory/1084-774-0x000007FEF5850000-0x000007FEF5B04000-memory.dmp

Filesize
2.7MB

Download
memory/1084-775-0x000007FEFACB0000-0x000007FEFACC8000-memory.dmp

Filesize
96KB

Download
memory/1132-336-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1132-331-0x000000002DC51000-0x000000002DC52000-memory.dmp

Filesize
4KB

Download
memory/1132-332-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1132-333-0x000000007219D000-0x00000000721A8000-memory.dmp

Filesize
44KB

Download
memory/1132-337-0x000000007219D000-0x00000000721A8000-memory.dmp

Filesize
44KB

Download
memory/1172-968-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-1014-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-947-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download
memory/1172-964-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-965-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-966-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-969-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-1018-0x0000000004740000-0x000000000474A000-memory.dmp

Filesize
40KB

Download
memory/1172-967-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-970-0x0000000073140000-0x0000000073231000-memory.dmp

Filesize
964KB

Download
memory/1172-973-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download
memory/1172-1017-0x0000000073140000-0x0000000073231000-memory.dmp

Filesize
964KB

Download
memory/1172-1010-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-1011-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-1012-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-1013-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/1172-1016-0x0000000004740000-0x000000000474A000-memory.dmp

Filesize
40KB

Download
memory/1172-1015-0x0000000003A10000-0x0000000003A1A000-memory.dmp

Filesize
40KB

Download
memory/2820-922-0x000000002D791000-0x000000002D792000-memory.dmp

Filesize
4KB

Download
memory/2820-924-0x000000007353D000-0x0000000073548000-memory.dmp

Filesize
44KB

Download
memory/2820-929-0x000000007353D000-0x0000000073548000-memory.dmp

Filesize
44KB

Download