quasar | 64207a7e81e788dd1044a8fa6d6a4f87757cdd870af520a2e44576ac21a6e746

Analysis

max time kernel
700s
max time network
708s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
03-11-2024 19:13

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Synapse X.exe
Size

3.1MB
MD5

e78c57ec9112a2860d4c07e1535452c6
SHA1

cfb8f58daaa9ae932b2e55c04eb887210cbf0a41
SHA256

64207a7e81e788dd1044a8fa6d6a4f87757cdd870af520a2e44576ac21a6e746
SHA512

50597692c65f476d3f96d43fc97813c2747cacccd542eaf82cb736827ba02fb291e905b9a7410f891eee394f2252f37aceaf26fbc8dcef0ebdd21fbe37fcaf93
SSDEEP

49152:bv2I22SsaNYfdPBldt698dBcjH4CD1JoLoGdESTHHB72eh2NT:bvb22SsaNYfdPBldt6+dBcjH4CK

Score

10^/10

quasar office04 discovery persistence spyware stealer trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

Inversin-43597.portmap.host:43597

Mutex

80329fd2-f063-4b06-9c7e-8dbc6278c2a3

Attributes

encryption_key
744EA1A385FEBC6DA96387411B7000D77E66B075
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
java updater
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3816-1-0x00000000002E0000-0x0000000000604000-memory.dmp	family_quasar
behavioral1/files/0x001c00000002abc0-5.dat	family_quasar

Executes dropped EXE 1 IoCs

Processes:

Client.exe

pid	Process
2848	Client.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

Client.exe

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ = "\"\""	Client.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "65"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133751349209573697"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 5 IoCs

Processes:

firefox.exechrome.exeClient.exeOpenWith.exeOpenWith.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4248760313-3670024077-2384670640-1000\{25877751-2A08-4721-A723-AAEC6360F56A}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	Client.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	OpenWith.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

Processes:

schtasks.exeschtasks.exe

pid	Process
3480	schtasks.exe
2840	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
6836	chrome.exe
6836	chrome.exe
7308	chrome.exe
7308	chrome.exe
7308	chrome.exe
7308	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid	Process
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

Synapse X.exeClient.exefirefox.exechrome.exe

description	pid	Process
Token: SeDebugPrivilege	3816	Synapse X.exe
Token: SeDebugPrivilege	2848	Client.exe
Token: SeDebugPrivilege	4832	firefox.exe
Token: SeDebugPrivilege	4832	firefox.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe
Token: SeShutdownPrivilege	6836	chrome.exe
Token: SeCreatePagefilePrivilege	6836	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

Processes:

Client.exefirefox.exechrome.exe

pid	Process
2848	Client.exe
2848	Client.exe
2848	Client.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
4832	firefox.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
2848	Client.exe
2848	Client.exe
2848	Client.exe
2848	Client.exe
2848	Client.exe

Suspicious use of SendNotifyMessage 20 IoCs

Processes:

Client.exechrome.exe

pid	Process
2848	Client.exe
2848	Client.exe
2848	Client.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
6836	chrome.exe
2848	Client.exe
2848	Client.exe
2848	Client.exe
2848	Client.exe
2848	Client.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exeOpenWith.exeOpenWith.exeLogonUI.exe

pid	Process
4832	firefox.exe
5716	OpenWith.exe
5220	OpenWith.exe
5696	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Synapse X.exeClient.exefirefox.exefirefox.exe

description	pid	Process	procid_target
PID 3816 wrote to memory of 3480	3816	Synapse X.exe	78
PID 3816 wrote to memory of 3480	3816	Synapse X.exe	78
PID 3816 wrote to memory of 2848	3816	Synapse X.exe	80
PID 3816 wrote to memory of 2848	3816	Synapse X.exe	80
PID 2848 wrote to memory of 2840	2848	Client.exe	81
PID 2848 wrote to memory of 2840	2848	Client.exe	81
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 2772 wrote to memory of 4832	2772	firefox.exe	87
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 2680	4832	firefox.exe	88
PID 4832 wrote to memory of 1280	4832	firefox.exe	89
PID 4832 wrote to memory of 1280	4832	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Synapse X.exe
"C:\Users\Admin\AppData\Local\Temp\Synapse X.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "java updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3480
- C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "java updater" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:2840
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /K CHCP 437
    3⤵
    PID:2828
  - - C:\Windows\system32\chcp.com
      CHCP 437
      4⤵
      PID:3500
  - - C:\Windows\system32\whoami.exe
      whoami
      4⤵
      PID:3464
- - C:\Windows\System32\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /s /t 0
    3⤵
    PID:3428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1932 -parentBuildID 20240401114208 -prefsHandle 1860 -prefMapHandle 1844 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2364c7e9-626c-45d5-a62e-9a2e880d2740} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" gpu
    3⤵
    PID:2680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2332 -parentBuildID 20240401114208 -prefsHandle 2324 -prefMapHandle 2312 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0147fa1a-8e3b-4207-90bf-459e7d706cbe} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" socket
    3⤵
    - Checks processor information in registry
    PID:1280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2796 -childID 1 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1c96133-9bff-49d9-8c4e-396ed3e7e3d1} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3452 -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3644 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3b4270d-0d55-4eb5-bcd9-c9867047dfd4} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4560 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4704 -prefMapHandle 4688 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e73e0f35-e269-4902-8d55-605cd31b39c7} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" utility
    3⤵
    - Checks processor information in registry
    PID:3272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3744 -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3784 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c0345a7-89cc-4ed0-9b97-ce048c3be05b} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 4 -isForBrowser -prefsHandle 2272 -prefMapHandle 5452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd88f1cd-9440-4f3e-8ac1-fe0d9088f66e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03079bf2-ac3c-487e-9296-0fb47a756311} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 6 -isForBrowser -prefsHandle 5760 -prefMapHandle 5764 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7caa5b4-ab57-418b-8f41-5b451e19cdc1} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5936 -childID 7 -isForBrowser -prefsHandle 5944 -prefMapHandle 5948 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d801903-7260-4fcd-8aab-a3f3cdaa925e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 8 -isForBrowser -prefsHandle 6140 -prefMapHandle 5932 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f141eac3-d328-448c-993f-4c1c37a2da41} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6344 -childID 9 -isForBrowser -prefsHandle 6352 -prefMapHandle 6356 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d22015f9-17b0-41df-8e8c-5044ae87dd45} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:1572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6560 -childID 10 -isForBrowser -prefsHandle 6240 -prefMapHandle 6328 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11399da2-0edd-456a-a12c-f79b6751cbb2} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6816 -childID 11 -isForBrowser -prefsHandle 6736 -prefMapHandle 6740 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70793c3c-b163-4841-ba4c-c00ff57e3956} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6964 -childID 12 -isForBrowser -prefsHandle 7040 -prefMapHandle 7036 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3134e3e-ca3e-4d79-bdae-7c2497f052aa} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7156 -childID 13 -isForBrowser -prefsHandle 7164 -prefMapHandle 6952 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef094f42-a46b-4ad0-b683-21360950ad91} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7336 -childID 14 -isForBrowser -prefsHandle 7344 -prefMapHandle 7348 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5200d43f-1e34-44d2-ab66-97239d6ef5fb} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7520 -childID 15 -isForBrowser -prefsHandle 7528 -prefMapHandle 7532 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eecad97f-9f4e-4652-be6d-f0fbe81e3c3b} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7712 -childID 16 -isForBrowser -prefsHandle 7720 -prefMapHandle 7724 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15d48b66-376b-4da1-b82d-596b93d0d6e0} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7936 -childID 17 -isForBrowser -prefsHandle 7948 -prefMapHandle 7608 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba742e5b-f1a9-4d03-b23e-be299e195d88} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:1512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8096 -childID 18 -isForBrowser -prefsHandle 8104 -prefMapHandle 8108 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8577ef04-f31c-49b0-84be-2fff379618d8} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8292 -childID 19 -isForBrowser -prefsHandle 8300 -prefMapHandle 8304 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d550d351-91bb-46bd-a0e7-e9aaa15b5312} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8484 -childID 20 -isForBrowser -prefsHandle 8492 -prefMapHandle 8496 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a22cd74-2517-475c-a49c-cbbcd9e83ced} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8704 -childID 21 -isForBrowser -prefsHandle 8660 -prefMapHandle 8468 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d2224e-c448-44c8-889b-7ce99d8b80e7} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8868 -childID 22 -isForBrowser -prefsHandle 8876 -prefMapHandle 8880 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fc67061-1c4c-4940-89e7-1988e2a14ae0} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9084 -childID 23 -isForBrowser -prefsHandle 8676 -prefMapHandle 8852 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab74e6a4-f688-420e-aca2-96232f56a317} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9184 -childID 24 -isForBrowser -prefsHandle 9192 -prefMapHandle 9196 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10c62fb3-7314-4e9f-9930-a881ea9aec10} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:1284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9468 -childID 25 -isForBrowser -prefsHandle 9388 -prefMapHandle 9392 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a297b7-5556-4551-b4cb-3da363798413} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9660 -childID 26 -isForBrowser -prefsHandle 9580 -prefMapHandle 9584 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d70d5ac9-5979-413a-8245-385909be497a} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9884 -childID 27 -isForBrowser -prefsHandle 9788 -prefMapHandle 9792 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9be1e4f3-3ed1-43b1-9e7f-31b2eaaa8227} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10100 -childID 28 -isForBrowser -prefsHandle 10024 -prefMapHandle 10028 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59b583fb-905d-4889-913b-95f68582d76c} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10120 -childID 29 -isForBrowser -prefsHandle 10112 -prefMapHandle 10108 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5a35612-628a-4018-b2e4-fe9b5a57c218} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10252 -childID 30 -isForBrowser -prefsHandle 10260 -prefMapHandle 10264 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {662e2dda-dbe3-473d-ba6b-2d97384e3d3d} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10472 -childID 31 -isForBrowser -prefsHandle 10480 -prefMapHandle 10484 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9e91503-3391-496d-8a97-15a6055b1cb5} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10656 -childID 32 -isForBrowser -prefsHandle 10664 -prefMapHandle 10668 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b48588a3-db2e-454e-ac34-408afc50134e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10888 -childID 33 -isForBrowser -prefsHandle 10896 -prefMapHandle 10900 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8ae7094-ae4c-4771-b3dc-a6f44c080010} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11168 -childID 34 -isForBrowser -prefsHandle 11088 -prefMapHandle 11092 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43c66f0c-a6e0-4ba4-9b30-1c01938348e1} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11276 -childID 35 -isForBrowser -prefsHandle 11284 -prefMapHandle 11288 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {969f0706-438f-4651-9fbb-42e9281f6f54} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11480 -childID 36 -isForBrowser -prefsHandle 11560 -prefMapHandle 11556 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {026e0356-9fa6-437d-ab73-1d357ad64aba} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11692 -childID 37 -isForBrowser -prefsHandle 11464 -prefMapHandle 11456 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46c9512b-7f15-4103-beb4-22a6ae2aeb4e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11960 -childID 38 -isForBrowser -prefsHandle 11880 -prefMapHandle 11884 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ef24052-1829-4eda-aa46-60c7bde474c4} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11692 -childID 39 -isForBrowser -prefsHandle 11976 -prefMapHandle 12076 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cbe4120-5426-41d2-8540-2625d535aedb} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:1060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12276 -childID 40 -isForBrowser -prefsHandle 12284 -prefMapHandle 12292 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47af189a-b309-4f1b-99cc-c8a759b4bc1e} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12472 -childID 41 -isForBrowser -prefsHandle 12480 -prefMapHandle 12484 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb3e0a16-97d3-4d15-a674-d07169ae90e6} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12672 -childID 42 -isForBrowser -prefsHandle 12464 -prefMapHandle 12680 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47c3802d-c3b7-459d-9073-bc06a7ce4fff} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12856 -childID 43 -isForBrowser -prefsHandle 12864 -prefMapHandle 12868 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cbac146-c978-43a6-a064-5c787bf2177c} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13032 -childID 44 -isForBrowser -prefsHandle 13044 -prefMapHandle 12988 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5c541c4-20bf-49ab-90ac-dfa13d435913} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:1376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6212 -childID 45 -isForBrowser -prefsHandle 13124 -prefMapHandle 13128 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45be2b88-73b4-4a4a-8c83-f1b62972bc2f} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13268 -childID 46 -isForBrowser -prefsHandle 5948 -prefMapHandle 13108 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8433352f-a350-4b9d-8cda-3bc27847edfe} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6172 -childID 47 -isForBrowser -prefsHandle 13316 -prefMapHandle 13320 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {087084e3-8f85-46da-8510-2646dea5e534} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13500 -childID 48 -isForBrowser -prefsHandle 13508 -prefMapHandle 13512 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {988209f5-b1cc-4e88-8069-5816a6a9ef0f} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:1772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13492 -childID 49 -isForBrowser -prefsHandle 13648 -prefMapHandle 13644 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {763656ac-ca03-46a9-a8b9-a15794360786} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9388 -childID 50 -isForBrowser -prefsHandle 9648 -prefMapHandle 9652 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e5a36b-713e-4918-99fe-00ef4d801394} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:1032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9400 -childID 51 -isForBrowser -prefsHandle 9636 -prefMapHandle 9640 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a21ded-4cad-4136-a798-0bd3a54dad7b} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13912 -childID 52 -isForBrowser -prefsHandle 9620 -prefMapHandle 9624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82714816-0137-4aa7-9433-74e6d221badd} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:3600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13712 -childID 53 -isForBrowser -prefsHandle 9608 -prefMapHandle 9612 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e025da3-2c84-4323-8a77-bbe0348ea42f} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14052 -childID 54 -isForBrowser -prefsHandle 9192 -prefMapHandle 9168 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0a418e8-f657-457d-a884-3f5b3135eff9} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9148 -childID 55 -isForBrowser -prefsHandle 9152 -prefMapHandle 9092 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57e53cf4-f23e-4011-9f4a-0c3bc7d4ab68} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14408 -childID 56 -isForBrowser -prefsHandle 14420 -prefMapHandle 14364 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15b98b22-4ca0-408d-b09a-3b40a0764224} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:2500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14384 -childID 57 -isForBrowser -prefsHandle 14376 -prefMapHandle 14368 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1404 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {069275c2-3995-4ca6-beff-350fe8acb2bd} 4832 "\\.\pipe\gecko-crash-server-pipe.4832" tab
    3⤵
    PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2838cc40,0x7ffa2838cc4c,0x7ffa2838cc58
  2⤵
  PID:6880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1808 /prefetch:2
  2⤵
  PID:8612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2100,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  PID:8640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:8656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:9152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:9164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3552,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4564,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4556 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4568,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4808,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4900,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3448,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4916,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3440 /prefetch:8
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3464,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5080 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4480,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:6456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5260,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5384,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:8304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5548,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:8320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=872,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=1112,i,5223190087095976189,868648760155613217,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:6972

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:7564

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:948

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5220

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39c8055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\99925c4c-9ad6-41ac-9744-45a96cba58a2.tmp

Filesize
9KB

MD5
2cb2857d53619903c109a75b36452feb

SHA1
211d213820f0740248a85fd2f899498be03cc931

SHA256
9e12a750726fb05cb0a80eff783acef893f86bca5ed2efaccb6544ebf7f34261

SHA512
6cd8dfbee92f11e523ecd45f68129b201ae84173af0c05e2db2f24172c5bc9bc09408b41d68b1670c5bf6a354e0b078e76e25cbcfa0e6bdc25c8f9923b66bb21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f89c837da316c77b26d302792891d605

SHA1
d8603ef396586b9b10ca07e4980423491bb34928

SHA256
5c0374b25fb23793115f3915628661690f5099b9b830f171893d7ab3e7eb7b3e

SHA512
64e37bc07f702d9e905fae153a19c51fccd15853394bd165bbdfe69bc803aca77b15cc58d86d1459d75e5e103ee7f615038249589466fde6328bd4d233b2da64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5bccc583340b2226727a87fc8c214e28

SHA1
c2d7ea3a1b16cf2d62b5b36b6d563417743d7857

SHA256
2127010747fdbacebd6242e4addb6424bfb00e271aa4406b066e389549a04816

SHA512
54c398699999941488b0e46631c35186f88f11c7089135d79ab8a4a6387b654ab2e68065e8e62987631ed767347e1c22f74a9c4de83c3f82e72a6c041b023e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0fef0a393f70509601036149157f5813

SHA1
5d5ae1ffdc0b99114a8738ebc9322d06c82c1099

SHA256
38e22e439b1bea153f972aaf9bd19c0833a922259269cd89d2067824b31e1865

SHA512
1ef50eb7abc53ebd10b0635b4c74c4d917ad7aabdd6fc17825f4f822026043f9b105289b758b1969e5d40f177edfa6cc8f3cd0953bc82c773d0165bf962d20b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7ea3cc559154a879f12f47a85c7513b9

SHA1
6914dac8cd5e44b8eddea458b367445e4d4fe046

SHA256
a4422ef2f6ce0d493d24dce6670dcae7cd00349ea5a999e704664fd624e15af6

SHA512
38c17481f6b724f09273235db65329d4cd5565d62e036aebe0a0b1d1c193174eb607a1952e71a48ba2843ddcda25833ef856b550519999ac6308100a1eeee1b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
70ddac6eab9aaa75ee15328b463aa690

SHA1
303bb4988d90e43aa48a0958ab29fec27de756e5

SHA256
0bda00e8f0e0786b268edd474aba530c0ae1ffe4b8f4692cd71fff1b5d9b7d7a

SHA512
0e9face198f3827fb51f0037435c90a8d9be5e7fd4b62e13bd99491c982dffe9442d43cbacf087a151fb216cb52a26835b4f7ad444cf2bcc7005a736c4e9431f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
873fa14f45b1654128876ecbf42d20bc

SHA1
da2b38b6ae58c32d495cea412f95ccbdecba0136

SHA256
8863f7a5272cbe43ad345da4756671b515f5614a2c342743f5415df9d91f697e

SHA512
954f1e02f24b19a15614109df7d2aab0e0575f405b1d4dcd44feb42fd47fa921d29dd3bc3a62ebace4b3371b128012d22c345ff133ad680796c25c8e654d2116

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
d9c474c6b6c9a85d6260326dbbc18c50

SHA1
2828bad9697a3287127a47c2468ced9370ae3be3

SHA256
3c6ebf04cfe2c25993a5906374d4b0a6de4f86ded22ada609a5858e271b6272b

SHA512
902f5d634c0198fe8e3bf38b9d1716af383e58f32afdf77cea7957bd2ca4d5faf8f34e2b3c1859ab1eaf64f16eb59cf25ea4133cac620df36acde865428a1701

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
90b89d51302eaa1b90d86b6e0f2e9fe2

SHA1
adc149953f018f62f409471f80afeb7e9b9de7f8

SHA256
b5c406fece3a31e7baf89c008f2a9d054c8d281ca800181081202aff728c5d2d

SHA512
abadac4d7be9e7e2326866ff5379f6b4306ce7f713053bd2cc50c01d04d551010b6e956fa0c9cdcbc97c76178b52239ab6f7c38dbab15d6de45aaf057d2fcbe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
db03b32a3be052a168b4986772b7e145

SHA1
2a3b793b22a96eff055cc7581ccdb95fbd3c2190

SHA256
e43a955f2b02923adc11cfe747d0ba3b76afa1f90abd5ed6223fca7148fd9dca

SHA512
af9d6a9575b49b4879572b193e6b43f86b140c49e4b80845d8e336bf55199f1ffa6d339dda0bd3daf330a9740f054748656b1c04913613a7e173cc0edf1a6b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d71ca7ff378fd5a49bfb32ca5c9b0eba

SHA1
633c1e7d2652d46b400e855b66cf9d498ab536cb

SHA256
6b067b0bc0c2b486fcec5adbde07a10d67aa6f437c539a1221fc51e46f7d84c6

SHA512
dcfa23b4059bd5b6578a59fb29f37059b5bc0cf286f354b42cffe3f648c9027fa0788f9ec404422428424b3bf822bf5de195842b2d6193132d9c46d8c95ed28d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
78f9a7ddf4df43427d986fb19c2e471e

SHA1
c2b90c8c6e85d163e2f8a7e016f13c38c7320e91

SHA256
3de64de158d96682e258dc2fcec946f3c2c5a443a12fdbbbd51d0d188b5a38e2

SHA512
511b5817d098ccefdb826201ee0939ac755b0bad2f75fdbb856b95ddcdaf4d71914b519399d4972bedccb7ce890cee2f8e3dbe2b0247ebe03098e3537d322404

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3d73ee6817a215a43a2a4d6d57cab6cc

SHA1
58f45248d2977a760253c168d69a2e0038bec4dd

SHA256
58754f1096f3ae2bef4e523130459d7b4fb3a0dac5fa05b4c057c0ca55ce589b

SHA512
6f218e9aee8a825fbdb4599253e149c52279ce8ae7b719b6bb2393f0e8beaab5509f5c56a74cc4d8397bcc5f1c78ba857eaa9d71bfe3570da77c447619f29679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c4b3bdf3fe258faba227b20d56d5a1a1

SHA1
222175d40ac3849de4b0b6470958e2d7ad96e38f

SHA256
fbd7c03da9eb5c0490dedbffed0a625f94999374ff05b6209b2069e030fbd566

SHA512
e4f16bdd56c25fc524ed942c88ec9846b48195a78040563d985dcb0f1139bd65621eaa85c0869b256928ff057e3ccd6f4fae929369132888b5400f9cfdb9d382

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8d6fcddf4ee92cc1972a97dc545a79fb

SHA1
934ad6e40a5ee1705d30490d265a622d1329c4ba

SHA256
88403ae7580a21abba6ef5065716a291ed20383e1edc75291cdc09f3cb76b7fd

SHA512
ecc471419ade6dd90a28e8b29e956676420b242fca6b615b09882a2a6a57c8b8f15532207948c83c9d64e0d30d4fa91625c57f5c8959febd148f9aff14021ba0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b72b0d7deb8fe1f56e00bfa4a55a83e2

SHA1
05d2e215c41a80b61858488737a084c87b093d5d

SHA256
00f8b4e0e629edc6bc1015b76205ea0dc500fb0f44047e3a0de003216472faf5

SHA512
de786bf2d4575dc80b153c96895934f0149aa454634012a10eaaa8ceb8c6c20c2637de0502e6273795362c3d4bf2f60b1e6e099cb1169f11b32f0d3f80587711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
698d23594f9d39d026c6599b660cac3d

SHA1
dbaa3885ea3fc3b7c38c323dc3ca4e4d7cc2b125

SHA256
ad320abcac9d063b8553e514ce8f182dc57a53438065f3511a2fc2a2fe1088a0

SHA512
6a2fee1471c5b96b67cc596385a9b2146375f80c7f2d6ec0ff9a9c8dbef8e1a86e8f5d5803342bf93aed12895bfed432211c4a384bc5bdd364758505e5efed61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0307107f8b91d09c83f315fbe5ed7cd9

SHA1
626c262abd5b9e21edc156e9cecfe3cf9b599b1f

SHA256
fe0cf3298cefb08a52a2b9c2ef5b1edee30439228a69eafd32268ca857f792b1

SHA512
cc66394897fa37b902aa9b584e732ac082179de0652833bd4ece69184eb57339b767b9053f09734db4305c5a02ec6f27c2131cfde7ea6c013e03a82531b070e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de4fc3f84866708aad5995893ed2393f

SHA1
15426bbeb76cc4280ea9600ac5f95e6af113be71

SHA256
da4913ad57ef200e413bf10a2a0e39b926307c193f13da503705cb479bcf4b80

SHA512
a8f471c29fdf3e432c021932bf181aa1bfcce0a880924be0151af6dee4f472e4d5793bfda0112b9fe4a15c6fdcf64c03706a1a469f9fd74b43d537a475cca334

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
953f5a3bbd0e028dd23e700a8a00e826

SHA1
0b33c980471334960e28d4f5a9d987b3e010ae73

SHA256
f4aeafe31044851b03f229571868e5908bc35f82bf3951163bf03b6dcf28f623

SHA512
f4f9d481e38e9c8eaaf737763ac0264a0cd741a5152e35b1598b014d9d6029487acb41d2f8c831755a4163c8a35c71098c9b28bd3c782a9f8209e63aa04eded8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e1e4c3b18af431d1482c564e83643b88

SHA1
adfb48e0fc40315c8b945a03dc694ad77a2224d8

SHA256
88748e0fba07afaaf80a79c41725c33996cbc31ae0c9233ace87967d8e8c6f96

SHA512
7fd55123dd5b1f1ad674669b61904bc075184e8b11dd699b26164912eb3fc50e003a7777ed41182c8f6bbfe45df6406b9c201baf1501a004bb8e28d7fa2a67ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
762e5512d2ff43896ae4302528965aeb

SHA1
fbb4567965cb4dbbc1990c63f949f233f337ab73

SHA256
09f0a78a6cc14fba8bde9c3d487999e63b7152781ff17e3bde4312cf6edc222f

SHA512
83996bb974c1b43b76e0ae46a8fe2752ecd69f3a73eb7dec5c5537c5c63d919fd07fa7dce57ee16879ec3d6b69dc3bbbfb769f03b6b7240b10261efae3a183bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7cd3c78caa73c32ab830e80e8e23fa0f

SHA1
843429affafa8e7c25ae84bd485f63c2f973268d

SHA256
8cef3698bd85bd49547757ddcf906e476fff8656278d9ed50a6d40fd5b898d51

SHA512
20abdc0945e2b49e4fee39039450d3cfde0050ecbfc5357eee79061ce7086cb62565bf6f2a284ffaf033dea46a2eab37770b2a6f460523679e24c42c03ed55f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1cbb11775510f4a5bd592f4d929c542f

SHA1
6feed791125a51612a27416f4dfb902cb9f2a772

SHA256
7c935f601b2d9c932412ffcd2fdd802158e9b2e394f50206c4459de628594047

SHA512
194ae9d8f066d718e4bdbef166884ad01cd028dc6e17b1878ab42ba23b8f1f86ec01f7056abc0a73f17afa66b66e546e243843944ecb4bfd343303769452cbc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
469330eda98761de8d1bd4864eefd203

SHA1
ac92baff87cd52487f8ca118a7501676e35bfcd3

SHA256
b83a5cb20fc39daf3c8e8587a314aa057696ff71de987476e5cf6eb5e92dbf8d

SHA512
ef0779c6c82e8982731738877960ac1bcc3fafbcefefb8ecb191588ea3b3f6a38cef31feabfdfbacfd4803094d0c83dcd48ff9f28b971b529d4e6663665a252e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6bfee3636cd7d2b1c66694e508978a46

SHA1
3817419be8bdaec901e31d1c00883e4518d62076

SHA256
caf0fc2f37b9a4f274c181af1b945261c4e1f57b823de8bf22802ebf8f9f7f1e

SHA512
d88130613b4fd62fe8e4616c620aae9864d142246f0dccf34554a5fc9d9152c6e08d507adc3b4e4c57a8f143422474796b6f7c8cc985e07942dc582a679a761b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
766fde2dc3b231832512bd9a71fbdeb6

SHA1
5c4b0d332cafd5852d5e687833fc7af888f2d64c

SHA256
e7d48f154a4f0062630b9c75d5f28fe325bf26e966c06db86ed18baf584faecd

SHA512
995ab24886d195357a344c687536e6bc44de2d8e61d50e3cf36b664ee7b4dc6223779208d16ab25f38736b98ec3e692ff52237f1d38509c69b5f8b8a1a9c33ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8a499d095059ed4b041707e1a8bea47d

SHA1
53e330e6b0a63fbce9f42cd98b4deac165dfde7c

SHA256
ca2d1bce83e7c36bfab0f726c3a80084bcaf1f307959936144f84d000e2b7faf

SHA512
e1bf6984b688e4458178fca051141f3ea2b71afc32970eba9b3347a8488ff70192688c8a5ca45e028f81f64cda3238e24e4a7ea678d5ca1dc42873402dde0e27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d42819af0e8dee6bffd244327580a67

SHA1
2de93fe917ac8ce5b0008d10b5a9493f103f54eb

SHA256
06855b0d2c6b8d71549a76523fb7bbeb7d16380efab7fe2f0ef2a4a45a8cd39e

SHA512
9a9453eceaf6f113c41cae247f339c0f3c8a54795f8edbebcd374a32861b5571b6f2f125398f4267cefa680dbaac1b0354c08de326c7b24c3dbaca4507f83c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a373c0559cbfb0840c9047768fa45c3f

SHA1
34d89b0a702e5ab8733986f53d35709439eaf03f

SHA256
646e40cb06d50676b10b2771a2849e27d18249912955371ba446b7d914dc68dc

SHA512
370cdebd064fd863e9a96052a4c43e699eae6f463d10f33603826a4d02be9fe1492fc0c58fe8c67cf2941f7eccc8f5b4b5e47b4278f2076b2a0f84ad4c5cc9d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a5367d08d2538b218feeb15d49b5166

SHA1
2cfcc90a6fdc400700bc0939d1a840683ff348a3

SHA256
fad2df99894238aa8a748ec3c1a99b1e354437dc34be272d1ed3395d31645f8d

SHA512
c612ffb6d78c35041ff24739600306aa4d6e11083047fbcf1eaf7d4ae1f281bbdd6376d8542ee4338398a25d8fd4a6eb22331d1676a9abd414ee248febc95533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
943fcce310c0f1c34a21891bd9f095d0

SHA1
3248b66a5c81c749b86bda1f6a93d9e6f3864db1

SHA256
bd2c30cd080eb2e6d100d04c7ed869f7fd1d44368ad2266247c4c81f1f775779

SHA512
64ef4f2c64efb736c58f3cb8c23895c88a4691def91afbcf208c44ca15ba2523063b1f035484b1ea0b117d8d1c7c8296a2d9efcb0fec953fd772ca30a40c9f17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
216c60dc880156a7b2b00fd6c6b7f7ba

SHA1
6e52d5b3d76f8409297711b698d56ebc12e053bb

SHA256
17f0ccb1a277b672cc661e2a6139180f4ba2bb16a2c0e6e784e756e2f923ac2c

SHA512
7cd897ce48a6bb666e52ae52d4cd4019ffb3005479c4e103d5f9986c5b2f25dd1478ae24b9c9b14797ce086ebabee68473e0bddadf736c5c2f56e85f27885705

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14a24ba6a038f5ce5dacd2f5fa4861d0

SHA1
e95c8d05220f890f95f0fc41706b152e77f8c2d1

SHA256
e8aa8b186c87e8c3b7b8c1cc12280c917cd1e62afa86a60eb1670a30f4385848

SHA512
eaca9c1011445995d28ba0221e88f8ac28d59d713ba376b506cc680b4a4d054366af67da77e7dc5e1ac60fe7b00fdd1b6123260c9fe66d65618d15477468f76c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b0837b7cd3938507a17473ef9089c1a5

SHA1
8552fcbe6bbfa13af331c8047685451027d2b950

SHA256
78e999b9fad4bf2c4a10b4d58a8cfa4796fb26acfd3fa520f2cf0b28212cfb19

SHA512
3e0402acc052b3f14270876b146da899aaac111e51d299d736e9159200f879f6968fa4a081bda1289d92d872c2b679a3da963ecda220fa6f038fb16c7de58e3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
234c02ba14aeed1bfafe5d19154f22d7

SHA1
3a072aebef169c8e1b45744e534d8d8665fdb3da

SHA256
2cab5a8ac2b35df7a887ed3dee2f19e239eb83f16b2b9a9a7c9679b720f97b3e

SHA512
1cccd1cb61be4484c8fa10b914a6c3f5079b1f5764bd61ca102877acfaea2f09f07c5a49b6cb63712f76e76b463fb984112a7e5e5d0e3033de7fb466671674b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
190e066fedbceece41a3fd8ef8643fb9

SHA1
52c2fc1645382125e677643871a7448b34055dbd

SHA256
e75d7f0b7895ee5297ace284cb06c4ed5296bba9c7ab2a7ef2d12579d0590bd7

SHA512
1bbab80afebed45c2f996103bad801d9cd949b66049a03c4955941dd1bf73cc62c71c4fda39f4b91938af0d1de78a21db1124cfe901a1f3ebf69bae9ec95ef9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3d3aff53e10622646d29e202e5c18476

SHA1
39ecb7ef5b9c5b8c74d98445e70ee35bfd0cf680

SHA256
c34a097aba2c3ebf0df0e7a5ce4833fea1c34e32754f4e07a8b422f6eda000b0

SHA512
d5b79be1d0cfd813c208f0fe9d8cadd746976ba32c327d9b727256a8d5c2d1af55330ee7d5c93681fdbda3ce514f899461f6ed2dfc153672d949402473e4d464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c24af2cc15cc54cc109c52ce55c48ea1

SHA1
0fabae63c66ad65c58fa9f7f7be247ae6f55a29a

SHA256
1d7fd9cadc26a936f5d4bc053d52c4fe6bb643fc272c087e554255860b1a24d2

SHA512
5e8629f78fca49c26f0b8cd6b78d20d3e84166097141d02a0871415e801e8448f55bab3c271e1c1ee028ba45d9298792acdcf74ceddbb2b37dd28f3f6518f8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
483dff162ee03c68c1c56f8859ebdefe

SHA1
1ae06191b076eeef427d12d3da61af6ef67634a6

SHA256
fb99423c63fbdaee9cea4d1530f92bce512d87c97e2f81e93da62043d44e0171

SHA512
a1684c988407d3de4b8b9f3364e34e4536ad1058cc7ac9f0563d0d5651b8de94854f258c4c2511da248bcb66501e7b0c432f22f5257d5b6ac8be3971400601b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7dc245d8d580f3e0399eaf6dc0d18920

SHA1
849c8d55f0c27781eb11eeb30a4dc21b9551824f

SHA256
fe5bc17add2818b7bfed3229c6b91fb1067232cbd93bac7782e0eba695d90437

SHA512
1db161fd33dc66825760eeebfda5dfa22024d0356329e4d935b98760a0ddb543a6f07c70b73549e65937a4df459645ee52b2333cacf5b78291dd599a543d70c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72975e441c3a919c312fd3d220d17810

SHA1
7c4f659d9e7bef52c6bd7f448d389f60239ab0d7

SHA256
753fb94b63b13d20e77e7b83ed83a7b4949f31615a0cf7ca3c776bc448e0a2b4

SHA512
ec4c6001f07831af37c0bcd9a2940cf975abde874fe1e3a219915c99aec44d31e9739eadf18a84a201ff3d9c96a6c4ece46f111561def55fe6366b94b8bfe3c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93515433e095662f217eb42ef4fab4aa

SHA1
cfc0d1541d46e117517f0bf5bde221bd498a8ffb

SHA256
13d39b40b2623e769396747932be5c2c929c24dc34a13f42053b684575af6eb4

SHA512
91ac05307505a8724e7d125bcf770a5d9776372727ef7ec68764f4175eb3b8e7c8330a47ec715faef04fa20ac88bbca46450b7451aa1856f51c910a4f98dc3cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2521f41a114c8574fdb17d0f4da6d04

SHA1
78022214c9c7c09d81f2ede4c43ec1c83f29b3d4

SHA256
ae80fe1e6143e24f14237ab1d735bc2d487c76f59faf2e75d6374e7afcd530cf

SHA512
bdea2f9196eaa2c29e7f1d3414933c5f51a87d839066aa05869d7ca92550bcae9fdf16dab89b29cac0c614112c5307a5627b192980f38a033ce19df0d323fcba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25873a93d2c257e76f20b95341af63c0

SHA1
cf37ba5965021fa8bb4f8fc0c5a0c005c5ed7751

SHA256
0e8778a943b97f0938c0efd4e71326b00c2f011ab7026e7e0204ef8b43a83203

SHA512
14db27872f165f2776f437625188344154f22e497677fa154fb234c1a8bc55d6a6a5a8e90204303a16490d52eb4dcc61d183e96947e36892d53352e5ef3b5232

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a3c09206de756763d7b928246bdfca58

SHA1
169ad13f4bec4ff6b8c67d2ce7f3825602a076d5

SHA256
9c174605e55c487e0cb837c55de4de30e774b5922e5c85c13a0ac64a4e311932

SHA512
12a73acae8681bde9404a98312ccd2f675762d5381224b42a05a1d46fb0c6efb439cbdcac4010bcf0f4a75170ef6644de20f3871647dc044185030503ce3c94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7357457e832aa45e96b0356a13ce16b7

SHA1
5ee583903cfbf321e5d4a51d8250792042a400d2

SHA256
7b8b8fda31334807a0e9bfdd5113fa1bfb85dd17180caafe5853554c1d72c8ab

SHA512
8031e7ab1be1496c2907463afa2a8eaac5e33101d58726632561f5c9d55f8b84dfdeef248ce25bbaf246b7f8a3d1cae495b9beeb7a6494de7ab4be046c826ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b9308e37c1d7d869633ab54ff163f35

SHA1
8e1e2aa16f816ae7ef6b1b473e0d6b551514bfdc

SHA256
639d5998875485623de80d2f84c80142b89e0eeb614cc65f64c0c6f2448c711f

SHA512
af562923b5aeae751625b08816ee897ec82a4753deb0a57498ce7063206163c495ec9e76f212fc0452acf1db520dadd1bc7583b9061abb6f6191f7f79bcf24ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ebd7dfd5462af7031078ca0f66aa192

SHA1
64269a91f8b8b994c69b7c56beeb1baec23d8eaa

SHA256
c2210c02c5f34dd6e3a72249907f4f4a2f556fc3481f8cc33cc8f376472805ae

SHA512
6f4f1168eae50e55124eac719de4732a32c5aa4b53eaed0e8d8675211ad530f69c63f0e21318ac3e95931f30338457d081dc191bbf36f64a0fce48fa61f77d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02c4cf273deb38049669cb63d27b3d1f

SHA1
36b1031341250a7d867584fb5cbc238a84b7d0df

SHA256
ac2639bde516377349f893c37506f6eab05b115167e7fc188471f3ca87795815

SHA512
38b673bdd8ce3cabb535c8cd72a43e7dd652772f120bc9037c8a86bfde871a4594aec792bf62ebcd42f6c70d4530f05a0ea43b54c41cbdf370e36dde656a9abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6a71570d999cfa2495bb29a1a549826d

SHA1
4ba24146db8212307cfb46c426ba48c0282c1bb8

SHA256
4680ca6dbfb7746a1dee3667a1a85f87a44741beee090c4d0adbe474309f83f0

SHA512
34f93dea7caac06d38d98ef1271325c2c9fb7fcb6e3e56d0e796a3ef7d6420bd061366ad5b20d2146fe11bcc8493a2ca4f916330dbc4486ca4a93bd78ff8fc2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6530a193ec8880646e7ccb5b6e996a8f

SHA1
f77c66d921ae1124c78912821fda10b9fd29ba35

SHA256
bbafe255691057f1cc43e364060a2cfddbd9964edb2a07002d0beeef2fe5b79d

SHA512
a5ccc60cc999b6d62bcb39440159ecd16171e0f54aa250b14fa106ee6737e6d46d96f30298d85acd9e9de1db4a9cc612a05d49a72e50a7c7926283c7272a8261

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
607cd74b4de9088b2e411681d5a13145

SHA1
5a0b53430ce6f7a7b91192c00248b9995c03d42b

SHA256
2568547ef9d29f94924d3d6cabd3674a5ee4690679083cdf5a09d295b0e265a3

SHA512
9a8feb22dcc0551c3fe7570927ffea897749a5d42b61767f7385036b283da3e30c3e845d65a029c7ac7e34865c5941011c9c2bdc3054bfe0c01a4584af2eb274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f9947f4949a9cb697ab22e40d364a2a

SHA1
f5deade702e259c091f43aa720d5557c10cf7d25

SHA256
fbbe5769e1987424784027be6a64810168751a2df2bab5fa78c92949006ddc9c

SHA512
82480913feabb1b504d103634c0a216d57252d219d97d349363b815e55d713214e29eb3e9cab17dbde5fe0c90f60803e9ab8e80181027e8ad53e0789b6654bfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
06cf524c7ba010eb1d0d792e73ba8e89

SHA1
f5c37b8928b28c70990bddb6ff4fc8cd4133ccbc

SHA256
82c453b830ede2b5f4e740bd745a0facbcbca5cb25dde818bb1aac735576c111

SHA512
ab3a32ea46e07e428503be651c64ad05f03ed02c459d0feabdf79d4f8e5e92d8e8711cb8981213e8c96ffb38248ffd2c7c33e18eae5f2f0be82bb22d54f34842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
788ba5785137233228ec6a0db47f162b

SHA1
b066cec3e605f2d57a27934553f0f2898699d5d7

SHA256
fa768e11415b6fe402eb05fa24a27f44aacdc636be7129cb076a8ae0dd203bf8

SHA512
7c36065b3de3b52ea3619a97087312c57ee00478e9ba2067690bfa8ad4c2512d1f9c75f1f73b85aae3e4926ca4d4c3a4015d4fe216eaaf534295bb765d89d3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
4f663d8ebb214fc3ab5130eb6f263374

SHA1
debb02a0a85f0b369ae582bd73b34cbc11da45bc

SHA256
7e1c211c135fc1be1e60ab9ee6eb2a228fdedc937be67226b9964ec92ae5fe2e

SHA512
d3646221506b0345070d6deec23323e350c35383508689a51814c94ad849c4a257281c37d8d1e6964df123374ce8f2d11ff9cf7a4328c3e1da4febd093115a4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
88354292f1fb99b410e7376c1739c2e3

SHA1
aca7d9de6af57287319884c808a30c840c70e8d8

SHA256
2bd72b64a25d75fa687afa7c21e86e059f67cd00f13fb759d9498be39d836b78

SHA512
7515997edcb63c5dad3fe8a283dcdca4f94e3a0dae33dc907ab0d396f6a6cc2a2ad505b57d59fe1e7498f35d8159a85b5347a4fbe1a3e4fdfe63b58864e8f3ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
df944248269316c33de04ee0328c4987

SHA1
58e2c01374b50b7d8b687531065336a211e1e56b

SHA256
d6c56a0a3b5631b092882a0efd716323cb1e37aba9ca98d19811effad6e8129d

SHA512
239196492ab5030703f2152f94edb31b096481b212818882e66b001ce9f89ced242ee1333cb8b34f389d8f3a98e283786f0c68c20812401e8f296089c16d2279

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5l9wod5l.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
8f83761496a7e88a789a82f9cd6a829e

SHA1
3ba63fc295036d822b25d4ece5c0d1495f557a24

SHA256
e45bce59f7212541cd8499afb1db838590fac19ab96dd1a04a9b611a805005dc

SHA512
06a47761a62b7e753b5a82506f46ce418c998873f0f485c4273ee15822328c806303923122edc55c2dfd50a2edf9a5069d9197a6da9977e444337b9e45bfa157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e82ff79590c91372dcfbd2be7a7e47da

SHA1
f1562d95f75cddfb3025b2216e661c90c5aee92b

SHA256
166e3d96c9b00918fd554d6ee3375cdd8d10aec91f61dcb23d027f75a2cf7f60

SHA512
1fd74c1a4bf6d5d4810adf55a76dabdb1f0190d43c519051f8eaf69c1161cb6769bf8c8ddf85e7636c8eb65c2350b0166e46fceb7648f33d54021a13a9bc5015

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
138340034f542b112e289767d0d7c3b8

SHA1
a35b926b44363c247b1cfcbe5374b2578e98ab0e

SHA256
006ff2fbcd9dd3e6f620414422431adda61364ac8039d5f25180b8cde0052007

SHA512
fb74e5d18d03aee36df094beda9dba27db9992964b3158ab5c3b4f8a31cf21fa256296c0c8e43ee00e96620ed3843a4d28de314f5822f760c50b93c92357de33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\3b23a554-ed36-4039-a6c5-d752adb706b3

Filesize
982B

MD5
e3b3828c1789e40815af7e3852259b74

SHA1
063c514d81776bf21599c454394e52855b0108e4

SHA256
f1cc1afc562675e3e46cdef5d9025f4af3f40ec41cf78907d9368f6c3bd54911

SHA512
72216419f1785f5d50b2523c14387810353844916b2c50811d423a6be13654fb289c053b5f1bd2b010acef76f3be7edf1de05da8baebb9d1c476d48864c26167

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\50fd6d61-f739-4e9a-983a-2fd0ee4cacb9

Filesize
26KB

MD5
6f513f86c529c407a3ce85b3d2db4a2d

SHA1
97007d6a8b01e5bb5d28837f5c948d578fa51336

SHA256
92cb961554451d788e665cc3b42a9be42f06f9701e27a40d8c9f413cf51c6078

SHA512
fc58d734deed37ad9a05d531c3344b0feda5bf8ad71021a87314911bf0a2af07104c7889477b660fcb27601df7781fdd30f141f12e87da443250dbaabb996f7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\datareporting\glean\pending_pings\ff54bb88-4719-4b95-a1e1-83d5ff16f1b8

Filesize
671B

MD5
8df8c5bae1fd5cb6f81f5c6b0359ab62

SHA1
c5ba97514873ff7487663bd90fd682ff129fe924

SHA256
3a2766cf4768248e7b1c2a93cc17972a0b64c0f9b79226e137495b47dadf5f0e

SHA512
23ffbebc3850e813390e9db4d4a9371bc79fac9215f830dbe78eddff9d098b0eb0a3185ed05305472c1a53691f85004db8dbf43adcb6a8b8213ecbd9ea2ab0d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs-1.js

Filesize
10KB

MD5
ba10b83389ecf9ba8e5c07282b2cf675

SHA1
4b78d6cae4fd452ad0786b6ed3fd6c94c578985f

SHA256
45b1d0de534dc879ac49ea819a6b30614302f03f9a153f96dbbe048de1239718

SHA512
d53cf72332b81475e0457a75fc41ff96486158e0c90fba49c901a8666ad53ceb870827f4fa93298ca314374ff96c3e08e673c2766bd8210f4272fe222f22cd64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5l9wod5l.default-release\prefs.js

Filesize
10KB

MD5
2b7e6a062bb0609bb4cfaa616bde2e8e

SHA1
ec9b6c7299e84db5a2cd7dab3ad1137f7bae6880

SHA256
80576d39c97da72a8667b50fc23d721aa634f8d58725914c21c845db2a575d27

SHA512
7f15e7cb8bbd615fe47a535338c181a9b7615a7e9941690477635db90b89e4b107032b77cf6379ab2c4f46092153011251a71c74649dd11c3e0fe8ab29cb723c

Download Submit
C:\Users\Admin\AppData\Roaming\SubDir\Client.exe

Filesize
3.1MB

MD5
e78c57ec9112a2860d4c07e1535452c6

SHA1
cfb8f58daaa9ae932b2e55c04eb887210cbf0a41

SHA256
64207a7e81e788dd1044a8fa6d6a4f87757cdd870af520a2e44576ac21a6e746

SHA512
50597692c65f476d3f96d43fc97813c2747cacccd542eaf82cb736827ba02fb291e905b9a7410f891eee394f2252f37aceaf26fbc8dcef0ebdd21fbe37fcaf93

Download Submit
\??\pipe\crashpad_6836_AGYVLMJFSEOSVYRF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2848-9-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

Filesize
10.8MB

Download
memory/2848-18-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

Filesize
10.8MB

Download
memory/2848-17-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

Filesize
10.8MB

Download
memory/2848-16-0x000000001BD40000-0x000000001BD7C000-memory.dmp

Filesize
240KB

Download
memory/2848-15-0x000000001BCE0000-0x000000001BCF2000-memory.dmp

Filesize
72KB

Download
memory/2848-12-0x000000001BD80000-0x000000001BE32000-memory.dmp

Filesize
712KB

Download
memory/2848-11-0x000000001BC70000-0x000000001BCC0000-memory.dmp

Filesize
320KB

Download
memory/2848-10-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

Filesize
10.8MB

Download
memory/2848-1395-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

Filesize
10.8MB

Download
memory/3816-0-0x00007FFA306C3000-0x00007FFA306C5000-memory.dmp

Filesize
8KB

Download
memory/3816-2-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

Filesize
10.8MB

Download
memory/3816-1-0x00000000002E0000-0x0000000000604000-memory.dmp

Filesize
3.1MB

Download
memory/3816-8-0x00007FFA306C0000-0x00007FFA31182000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads