asyncrat | a68019dd68703c6730a7a147226aa8be7d04ba824dfdbb4a7aceb5a3901d4e40

Analysis

max time kernel
69s
max time network
74s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
09/11/2024, 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.exe
Size

47KB
MD5

8747d3b2af91fd12510b81d94d9a9a41
SHA1

2a60ec4753588701347f5dd324edeeb33cfccf27
SHA256

a68019dd68703c6730a7a147226aa8be7d04ba824dfdbb4a7aceb5a3901d4e40
SHA512

4fa26db6482c1a39e917cc70b4315bafc270609ce432a1fee6b9be13b8faa5071421e3413b06a04a0b01dc0c4422d9fbe419f619c4adcb832ce85d8a18147bf0
SSDEEP

768:Euny5TgoqzqWU8d9rmo2qrLgNVsTePIXlWtmOtZ0b5hl7zsTo63ZXXnp1g7BDZ8x:Euny5TgNR2zMrXlGmHb5H0tZHLkd8x

Score

10^/10

asyncrat default discovery rat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:1604

fervic341.duckdns.org:6606

fervic341.duckdns.org:7707

fervic341.duckdns.org:8808

fervic341.duckdns.org:1604

Mutex

DeggSV30ABik

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756660415283935"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
8196	chrome.exe
8196	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4368	firefox.exe
Token: SeDebugPrivilege	4368	firefox.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe
Token: SeShutdownPrivilege	8196	chrome.exe
Token: SeCreatePagefilePrivilege	8196	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe
8196	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4368	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 2440 wrote to memory of 4368	2440	firefox.exe	94
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 4504	4368	firefox.exe	95
PID 4368 wrote to memory of 896	4368	firefox.exe	96
PID 4368 wrote to memory of 896	4368	firefox.exe	96
PID 4368 wrote to memory of 896	4368	firefox.exe	96
PID 4368 wrote to memory of 896	4368	firefox.exe	96
PID 4368 wrote to memory of 896	4368	firefox.exe	96
PID 4368 wrote to memory of 896	4368	firefox.exe	96
PID 4368 wrote to memory of 896	4368	firefox.exe	96
PID 4368 wrote to memory of 896	4368	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\2.exe
"C:\Users\Admin\AppData\Local\Temp\2.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b5d23e4-c7a1-45f8-a4d7-f2160a77db4f} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" gpu
    3⤵
    PID:4504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a6a3423-5c40-42c8-8139-ca2e8a3b8d32} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" socket
    3⤵
    - Checks processor information in registry
    PID:896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3100 -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5123a09-9e88-4654-b31c-bd20951a705a} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:2064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3928 -childID 2 -isForBrowser -prefsHandle 3904 -prefMapHandle 3900 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec18a8fd-2037-466e-81f0-15f04fdbffea} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:4228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4912 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 1560 -prefMapHandle 4684 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2c47dd0-5dda-42dd-8dc1-d990df1f88c1} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" utility
    3⤵
    - Checks processor information in registry
    PID:4124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5164 -childID 3 -isForBrowser -prefsHandle 5320 -prefMapHandle 5316 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {882b4d96-639b-4816-ba3a-880a309cdebd} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 4 -isForBrowser -prefsHandle 5224 -prefMapHandle 5236 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {754c46a8-4a2e-4e59-8431-e74d0b9f93cf} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5452 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd206a78-e005-4c3e-8eb1-7b3695fcc412} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5744 -childID 6 -isForBrowser -prefsHandle 2940 -prefMapHandle 5476 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b4906a9-00f8-477d-86bc-15edcce1e5b4} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5908 -childID 7 -isForBrowser -prefsHandle 5916 -prefMapHandle 5920 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86b689a4-61f5-4c17-b576-81b55519f39c} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6100 -childID 8 -isForBrowser -prefsHandle 6108 -prefMapHandle 6112 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d42e7fc-613e-40d9-8918-d64db575a213} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6296 -childID 9 -isForBrowser -prefsHandle 6304 -prefMapHandle 6308 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62944240-027e-4d6e-bcb4-c022f35a9d42} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6488 -childID 10 -isForBrowser -prefsHandle 6496 -prefMapHandle 6500 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a72880f2-298c-4ebd-8fd3-ee9f3dbb973b} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6680 -childID 11 -isForBrowser -prefsHandle 6688 -prefMapHandle 6692 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c0f0233-9421-4e40-a0ef-1acf772c541e} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6880 -childID 12 -isForBrowser -prefsHandle 6888 -prefMapHandle 6892 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce423e5d-b451-4022-a4f9-d5581837d580} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7152 -childID 13 -isForBrowser -prefsHandle 7072 -prefMapHandle 7076 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd1061a4-931b-4669-be56-9e00900c6ef5} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7396 -childID 14 -isForBrowser -prefsHandle 7316 -prefMapHandle 7324 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34b05ee3-6e80-4f48-8278-85a7cd9736e9} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7480 -childID 15 -isForBrowser -prefsHandle 7524 -prefMapHandle 7532 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2535d4a7-10fe-42b6-8fda-1171c69b3338} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7608 -childID 16 -isForBrowser -prefsHandle 7748 -prefMapHandle 7752 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32165c5e-cbe7-4f77-970e-767cce3f3105} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 17 -isForBrowser -prefsHandle 5808 -prefMapHandle 5752 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed68dca9-7814-4d43-a755-b4d04efeb9ea} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 18 -isForBrowser -prefsHandle 5788 -prefMapHandle 5792 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76a4ba8d-1597-4db5-9d6a-4f19e0c1494b} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8032 -childID 19 -isForBrowser -prefsHandle 5764 -prefMapHandle 5632 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fb9b98c-25c6-45f1-82ec-99fb8727e29e} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:6008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 20 -isForBrowser -prefsHandle 6564 -prefMapHandle 8084 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c618fc1-8f8f-4f49-a26d-64dba823998a} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:6020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8268 -childID 21 -isForBrowser -prefsHandle 8276 -prefMapHandle 8280 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5fb2b7c-5fb1-4079-8a60-e3a6a7b20b2f} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:6032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8460 -childID 22 -isForBrowser -prefsHandle 8468 -prefMapHandle 8472 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1197088b-2a7d-439b-b6cd-536f0dd49d7d} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:6044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8676 -childID 23 -isForBrowser -prefsHandle 8752 -prefMapHandle 8748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74cac4e8-2296-400d-abb3-25cb94a648ab} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:6056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8660 -childID 24 -isForBrowser -prefsHandle 8868 -prefMapHandle 8872 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a2234be-ce57-4335-aea9-cc3ba88e7fe7} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:6068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7132 -childID 25 -isForBrowser -prefsHandle 7932 -prefMapHandle 7928 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3a9f873-ba52-411d-8e67-7fbd2a156d4b} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:4308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6892 -childID 26 -isForBrowser -prefsHandle 6748 -prefMapHandle 7940 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c5afdf3-2a48-4e0e-bf9a-1f7b574acf98} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7804 -childID 27 -isForBrowser -prefsHandle 6500 -prefMapHandle 7748 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c2cd35b-2895-4abc-82c0-72f9e5c6de11} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5996 -childID 28 -isForBrowser -prefsHandle 9428 -prefMapHandle 9424 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fc67b15-0831-47a5-97b9-cca165d83ae0} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:2260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8516 -childID 29 -isForBrowser -prefsHandle 9484 -prefMapHandle 9480 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27ad3f9f-9d24-4a0f-a3c3-9cb9b1529f48} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:1604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6160 -childID 30 -isForBrowser -prefsHandle 9552 -prefMapHandle 9556 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce8e4aa4-5236-48f7-b98c-2a629434228f} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:3140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7072 -childID 31 -isForBrowser -prefsHandle 9648 -prefMapHandle 9652 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40b5e110-88d2-4561-bbbd-a274f8c2ba1b} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:4480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9792 -childID 32 -isForBrowser -prefsHandle 9872 -prefMapHandle 9868 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e68ccf50-4175-4027-99ee-6c39d329407e} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9972 -childID 33 -isForBrowser -prefsHandle 9980 -prefMapHandle 9984 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af7b3cfd-39d6-4545-8f4f-fabb15a1bb76} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:3408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10164 -childID 34 -isForBrowser -prefsHandle 10172 -prefMapHandle 10176 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ef5732f-201b-40e3-8455-c602c269d302} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:2928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10360 -childID 35 -isForBrowser -prefsHandle 10368 -prefMapHandle 10372 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c635dc5e-b51d-4721-b846-4a79dafde683} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:2440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10552 -childID 36 -isForBrowser -prefsHandle 10560 -prefMapHandle 10564 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce287b65-6cd4-4b45-8592-5b2f50fb8009} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:1796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8696 -childID 37 -isForBrowser -prefsHandle 8704 -prefMapHandle 8708 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1c9420d-0c67-4379-97d0-f0c749b5d865} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:1740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 38 -isForBrowser -prefsHandle 8460 -prefMapHandle 8684 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af94d0c9-362c-4138-ab79-404221c621cd} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10944 -childID 39 -isForBrowser -prefsHandle 11136 -prefMapHandle 10928 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1edb374-08d8-4553-b7f8-db15d3546701} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:4996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11060 -childID 40 -isForBrowser -prefsHandle 11048 -prefMapHandle 11044 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf36434a-b257-413c-b84b-3c3e6a879bdc} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:1144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11328 -childID 41 -isForBrowser -prefsHandle 11592 -prefMapHandle 11588 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e466f4f-d93d-4999-8fdc-170deb4d0b2e} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11420 -childID 42 -isForBrowser -prefsHandle 11604 -prefMapHandle 11600 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a18822e-1f63-4265-87e7-7fa3019f6056} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:4584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11972 -childID 43 -isForBrowser -prefsHandle 11832 -prefMapHandle 11828 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a950e640-44ad-4bd8-844e-d2153f410cf5} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:4960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11980 -childID 44 -isForBrowser -prefsHandle 11844 -prefMapHandle 11840 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6017a6ee-75e1-4657-9318-8702ccb6c97d} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:4056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12188 -childID 45 -isForBrowser -prefsHandle 12096 -prefMapHandle 11980 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cbce2f0-e355-44a8-a688-79e119c1de7a} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:1648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12216 -childID 46 -isForBrowser -prefsHandle 12204 -prefMapHandle 12200 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fef825f-8142-4f0d-b61b-1707c51e1ebb} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12604 -childID 47 -isForBrowser -prefsHandle 12472 -prefMapHandle 12188 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bedb36f-44d4-4f67-b0b8-64caf3595f66} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12624 -childID 48 -isForBrowser -prefsHandle 12612 -prefMapHandle 12608 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e0551a7-4005-4a6e-be3e-a8270cd9be7a} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13128 -childID 49 -isForBrowser -prefsHandle 13016 -prefMapHandle 13020 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {768bcab6-a7dd-4151-9bf7-1fa1c723ccc9} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13120 -childID 50 -isForBrowser -prefsHandle 13004 -prefMapHandle 13008 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac120b23-6540-426e-8c1e-50ceed5181cc} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13328 -childID 51 -isForBrowser -prefsHandle 13316 -prefMapHandle 13224 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {769d9e8d-de2b-4130-a740-acd9c6cbfd07} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13348 -childID 52 -isForBrowser -prefsHandle 13340 -prefMapHandle 13332 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34c273c5-9b9b-46b1-a111-e2a9fc60f180} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13644 -childID 53 -isForBrowser -prefsHandle 13552 -prefMapHandle 13348 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {025b0a12-0ab2-46ee-8149-677410485cfe} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13664 -childID 54 -isForBrowser -prefsHandle 13652 -prefMapHandle 13648 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1008 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f98456b5-5621-4ec6-993c-a8ae431c600d} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" tab
    3⤵
    PID:5260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:8196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x228,0x22c,0x230,0x1dc,0x234,0x7ff969dacc40,0x7ff969dacc4c,0x7ff969dacc58
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,15447759072459372848,13695160098975838019,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1888 /prefetch:2
  2⤵
  PID:7120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,15447759072459372848,13695160098975838019,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:6300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2336,i,15447759072459372848,13695160098975838019,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2488 /prefetch:8
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,15447759072459372848,13695160098975838019,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,15447759072459372848,13695160098975838019,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,15447759072459372848,13695160098975838019,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,15447759072459372848,13695160098975838019,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,15447759072459372848,13695160098975838019,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:8096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4400,i,15447759072459372848,13695160098975838019,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,15447759072459372848,13695160098975838019,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:4360

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:8008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
a588020d14e0680d91a40b1225d2749b

SHA1
539eae6ae1eb81ef9bd5c27c7c2730f809f213dc

SHA256
70d7b3d1015587ce25ecb852fe1842fca0c7fdce30a56134a94a33bed4d75224

SHA512
8f28dcf0add2d3fda347698780387e4b7e31732e6c729e6052b375b8fa42a6757076135f1b32da46000f78774750467d12749434a36ffb83db6cb3c809c12db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
dd47f977de7ff4b4469cd53d469027d6

SHA1
4e0f1b6b427b68f6c7fbd8b7da63597d1d7fe925

SHA256
2c841e3a6b18a0cd109645eee3deedbb49611e275f5631099a23a013c8874ff4

SHA512
9dc78741cb6887a9f423a55eb5f5585b2b2a2147f4d07dd2a6a4842294c76004bac04be081e3eebefb588b34a9618d9129f13f823440f2c7fbd584cfb8aea57a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bbaacd812badd8a72773ab1b93aaa83a

SHA1
061d83ab0293cfdb88c57237c2ac19104c83a8b1

SHA256
06abc5f7f3fe7e24dcd33c0a4e839ea1190a0b732259c4f2f6c3e258c4ac15ac

SHA512
829dd929de44b2ca4d7be361ca93a85edd5be4173561acf3e2b2102acf84c4836b905d47f3251b8d09b5b0756ae16c260ca48a6e227508cb5219191d2f2c26e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9bf0d7c9a1782bc5daa6e01999b1daf9

SHA1
858c3058e9879bcce4423ef0155564236ba29575

SHA256
8fec733181e9ab03eddaae999f1f2608b9eacbd8e01b9c1b20ca20acbb88e8eb

SHA512
7687d1955529c9122cee4cf34c7a469c83e1f98001f5930a29af11f755288b6bb444a5724c6e3ff5d0709079d08f1a6c783be959560f98cbefecb40533053bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
51761a0c223d678d34e5f0b34060bcc1

SHA1
38a8852ea8473973b7843ae077586b0cd8c8f29d

SHA256
37c9942cb0bc12011a77d66e63e944f0f34bf6a514dd9e7b1cee0ffcca73c729

SHA512
11841d3765c84355373697b6a7bf865ba35d0553ca585a70b44da8419de4136ed58e23d2818cc6a14ee157fae8f56836dcee704ccb781706518c6a3d8b2de264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
ed1b5e802aed15ab9daa15855e5a1de0

SHA1
82ca04f7bd504d09079d913a20e884c857d436d1

SHA256
92b0f3e3c6c3fed39bbccd2ea4404b7bef8a1cc099901c9b2eb804f13b65135f

SHA512
01e0116d23619f031cb1778c99101c0a77751e353d7265a31775174ea3be51d30dad499cab76c29d2ef34a35d79b2e04cc40fc3d8d92f7dfdfe72538deb7dc9d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\enjqfdim.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
a06c589b029622af7cd9c4c7650a497e

SHA1
417c6d244479639ae0bb42bbbcfc367f1b5dc1d0

SHA256
1edcec84068458e5c273aeadc0faac154ac6c191e827c459c826f58226c38b50

SHA512
68f67072ef06ae5ceeaace89abc4f07a5d3a42948439d342efcb1de32657ea079054aa9b9d09015c7feab9924c8d40e88875155d20ce79d77eab333cedcce3e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\AlternateServices.bin

Filesize
6KB

MD5
80d08f1b5be789a8b513db07a9173a03

SHA1
af450dfab5a71979b0c83c6da78f68def87d881b

SHA256
169483c5c4f2ffefee552cfa92981a5ca3d2d6f4eaaba05ee08c7c4f17266c31

SHA512
cf63e7c223ced51c4afccbbd734cbc2454034ff0f4cb17eb46587eec1f5db846036e14f2d5278aa253b8c10850eb938b7b4d66f3686d183c47033590d71f4ecc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2f0b42c85b2d33b5c2c07dd4d39a5d95

SHA1
9845283c0c11d851ccfee5e775b522af488c5b55

SHA256
bafd03335a458080e0c2386edcc1ca6589754c20cf47e8cfd490b111dac0f93b

SHA512
85a1f6be95731799ad28ce9e6ede0c65708b0e2caa265929e468151f49a9c21149b6ca59cf867722fad600b23c15e2186eb9010977646b5905739a11d8d5f28b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\426ea11d-b16c-4531-9ef8-d4cab917a6fc

Filesize
671B

MD5
41c96fceb4862bedeb1598af940f879e

SHA1
134527bcb7c86083e588b1ad489a863aee15e621

SHA256
85cbaa85c35b46e9e0395b7dfc7b97fd27f7279a8a0ed1f38a97fa21861100c8

SHA512
7c8f235c145298a77ec07acd3a9fccb00dc2d799fcc4584a9114e4958db336534c95315b3f1c06070a15156bcdacd7ba78320ec509bae4ceac1181f556e689c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\datareporting\glean\pending_pings\cb4458a8-6115-4b22-a8fd-c886dae87d08

Filesize
982B

MD5
008b3d7ee54491f4f81c751debe21fcc

SHA1
c7da96771563da96cd7d02d93d935c41ef0ec5f4

SHA256
388a211b30b57098c2d86f24549f18bf7f744230265da1e0e29ebd3c2843ae3c

SHA512
9689583a3b38ca9784a4fde6769b67bdcff3b2961e1048ca1de04d5ef4f59cab8b37a08a6b84526b9b252ffea0f491f3d1aa8ba2ec88cfde3cf044acb0847ba7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs-1.js

Filesize
10KB

MD5
0b42b89dcd10937527b1c48cfdbf20b5

SHA1
443adefb510bebfe26d376b999ae09303bacca50

SHA256
79111e1e269a4b1a58eba02862ac10a76870964f4407aaa91ae5cc8ec1265b7c

SHA512
39470b37a19300f1e2f63e4c5454165e8fa3e3e65bafacd87de3ef1b9bbedd5319854b3d29ed2f02d0b7b82c7d58acd446c7980ca479d5ec850b77853ca86382

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\prefs.js

Filesize
10KB

MD5
2ea91cc124a52e0dd7d959a1f08d9abc

SHA1
20ae97bf366d9881ce15378f3c217be0ccafaf57

SHA256
261017c8a884b5b7ac144f01e53c33f6234400e11a274fbeb9ac903a049410ee

SHA512
36ac204f2b022da1ad8ae819d5698bf16b0af2cf400a1c56b2fdf70d7ecf453b7f04fcc88939969653923f13fa0e44216223b343d61d28395a49e6b02ec57d51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\enjqfdim.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\Desktop\AddSelect.M2V

Filesize
518KB

MD5
0c974927d73a422eaa23900f32a513a7

SHA1
1fc44b5b8248ba26b8433fc2bd56b05eda9de85e

SHA256
4d2f2166cdb1e86bee980d5fdf03b4b4b81a567ea2a8147f1ac98c12f3c1f67c

SHA512
c45302129efab7a7904f8a975047eed17a539a48d256a9e3f1772cdf9c5f7cb003137b4ee4f48d3e4cede1a29449881c7f8440e33d15c8af6c6cb5b47015d2b2

Download Submit
C:\Users\Admin\Desktop\AddStop.mpv2

Filesize
568KB

MD5
46dbc5dbcf5a62138c6e45a519e9d0b0

SHA1
c5d3d3cb694373b304bf6071032a476f2d6612f5

SHA256
1d91417305dcd5dd8e5989610afc6fb5eaa1a7a2d167dee04962c438cd989c23

SHA512
6d9449b81ce023811e352e82b8bcbc90f28325ccef05be1d481e0d946f9d37c37859275a84ee8d7784eb25da5127140c9112db634e383bb1174cc1f77f63ccef

Download Submit
C:\Users\Admin\Desktop\ApproveSave.docx

Filesize
18KB

MD5
a9088c0acce4c711812d2b28f17ee8e8

SHA1
41061a5fd6348883fdabd8c7c73079c206cd0645

SHA256
7e645c96cdf46c3dca1df3f4f4205d750bd49a3f4e72341a7ae6fe7e7761c08a

SHA512
c417670ad1bafc493ca5d8d64af6a2b8e4e3affc4b4e0301852afb82397bbcf871cbe6e480a3b290a8db14129fc440e4b886e41d432a7f81702d56b0e3cd5fa9

Download Submit
C:\Users\Admin\Desktop\AssertConnect.search-ms

Filesize
973KB

MD5
180bcf252df35b8d8b35b04a9f35d052

SHA1
a646429db5ef0832fcbd4c868ed362f4abd2abea

SHA256
e401e9c5c591d43b48a3346ba7399ed795882d2ff1ca681b4203a30f72c12048

SHA512
a2402d14c907b7b5b0276c36e605d84a6d2332115bc25b856177d17fe668dc30fe685f10fdb86fa50925921613828bd7b39350220e6e7f5e803d69d797ecccf1

Download Submit
C:\Users\Admin\Desktop\BackupBlock.xlsx

Filesize
12KB

MD5
12253239923dee752e0668f284e0f3eb

SHA1
ea2617d517900a3d18d84a4a7a4f6472cf184699

SHA256
834ee83b5124f62a908fa14ee04b83be0f16fd7bc14ca88195d0c8441cda5247

SHA512
aa0cb705825dba2ac4f567fc884b6be4050c4916ff2db1fed18e6fec76efda9f163f517c43659e5c8e3ebb45f93bf962b4149e4ee4aed066d3f0c21f1f4c069e

Download Submit
C:\Users\Admin\Desktop\CompareReceive.wm

Filesize
341KB

MD5
6bb6f4a9865c9946f718e6c5882103c2

SHA1
dc0ee596a407113ef4605479d7aeac426a809e30

SHA256
7039ebf5939e49f5221f4c408bc60239612aa40569fd1469660fa46b98146ee2

SHA512
578a2d0292102e85409e37b79250f015ee4ea88aa70f4ed231378f0a93d011ef130e8108ee08403b18303e1b15ac6b9a6b3d7f7fda0a7c3c5550ce011e7f262a

Download Submit
C:\Users\Admin\Desktop\CompressMount.MTS

Filesize
493KB

MD5
367a281d7ca4fd6cabc0ab9b44950a87

SHA1
7a83f17e12cd328a6984984b793bde23b82dd5ca

SHA256
93416ba6eaecb976d9e1e82eab9252a29e1f05bdc633f1d1a8a507a7785cec90

SHA512
c65dcdf9c555965d722bb269eb84b5b1772e78c4e897e30892d8fa5455ac1f7f1da21b1eac7e4302985ff44795124e118f4f2d66fb2b0908983b378fd9370344

Download Submit
C:\Users\Admin\Desktop\ConfirmInstall.mpv2

Filesize
366KB

MD5
4e91db8cf48caa3d168aad9994b70e88

SHA1
f9f807775c7eb36b5995862d392d3829c29ffa35

SHA256
b93fb06c040fba92fe94bbf6b029bcc34bb55c72df9b2f61431caaf2ea185c74

SHA512
60d05e3b0a3ed3d3a2f49fc8d1b0e178888085a7f40ccac0a098e380d5655f736ceb66acae04164a010e8e60584de7894a485c5c99b6fd16851780628f4111aa

Download Submit
C:\Users\Admin\Desktop\ConnectMove.jpe

Filesize
442KB

MD5
0a6afe33428a86af4e5574543de033af

SHA1
1ce44d18c71bd5492841cac17ac81b6430ba4b86

SHA256
ce6e86d76ae53eb6751527e1c64f62a9b6e31df91d6c29ff85d6ae8eaed3ae60

SHA512
656a88122b4705f622f4817533af680b48d7416c4949278c24975a3bf5570b5eb7111e461c13e8901f93c54f2b194c9b46afac355b4ac1f97ca0a97d2459c3a6

Download Submit
C:\Users\Admin\Desktop\ConnectSet.png

Filesize
391KB

MD5
899a651fd3e31441eb8ae1f8cbe758cf

SHA1
2a20d23119a29831d603f01497eeb8c73d788f16

SHA256
5506ce470f785bd54e5bbc12b63b4fd621bf8cadcaeddf30e1eea454e1bb64ae

SHA512
54127c80c56eeb4852e30a71398fc11a0dc7467cc67ab6be5a16001d55dc24ae4124449daf776865eb03c8efc5d96155a9899b6112e8c17d8a78104d784e40a2

Download Submit
C:\Users\Admin\Desktop\ConvertFromRead.midi

Filesize
720KB

MD5
c834cb1d729a2e3910556b4b3db9c1b7

SHA1
4a64070ffa8a14fbc9f756d1fdca75b3380dfeed

SHA256
05397c56dd863ca84383ce1e899e820f9153648beaf852eec72de7d43379e6f1

SHA512
701f86b2217cb91bbd8e0afc9ae8214cd36aac71dfae3b8439716e500960fa545e75333fe5b94cb9d5b388f984127beb3a0ffc21d16e03f0a59ebbd0d233a51d

Download Submit
C:\Users\Admin\Desktop\ConvertToBackup.snd

Filesize
1.3MB

MD5
93bf1c15de2011375da726d01cf71176

SHA1
3d96a7beb31b07573ab10305f05d7bc79e1512d0

SHA256
8cfecb46ab065ccc8feed05652e41cc67d83712b85f8d1c448b46cf305be632c

SHA512
f65587121a1d15393b7f1984f8dcf0b872231cfc076a94c532d09e193ea2621f6f4138b4b62d32c746c1c20ebd1337afe7e562b5a0494544c9954b0db5a2ea5e

Download Submit
C:\Users\Admin\Desktop\DisableEnable.mp4

Filesize
745KB

MD5
331673c2ef52e1d7307ac2ea06167b33

SHA1
8b9e295d4499638958896c1c4c5cf9445941e350

SHA256
c8e67c8e48e7740a71eaa4be9b193f9bbd30fe6275db53f09c7ac067bbf51245

SHA512
faafe25f0a722c82a383c86be2c0e295b8b53737dc5306d9fec135634f59eae05129fc8014eca337ae2a09c51ed787bdd0c32af247ebbe6120fd0c0aa98453a8

Download Submit
C:\Users\Admin\Desktop\EditBackup.wmv

Filesize
821KB

MD5
374d43cf827e3c7909836a2b8eb351fc

SHA1
435b3eaa35dda903aae1f17956c9e56161f1c5f6

SHA256
8259236a04aa95b42f9e9f34fadec6b35610ec31cee6d7e688d2082bf2868fe5

SHA512
32803ef15ba93717642c2f4631fbe67a2786047a08c8c0cc6ebc0c192aca07f601f750a78eed4bb9aa093dcdfea180e6818f8f1fc22a3f52dbc7a135bcf4b002

Download Submit
C:\Users\Admin\Desktop\ExpandUnpublish.asp

Filesize
897KB

MD5
9b28dc32006ac9009387fd75b4ba74a9

SHA1
9ccabf72c81fe8d91dc7fd0ab81b383f1a626919

SHA256
15096e7cab9d65b62833406a1390b2846b014134f459cd3d075b67538a4d86b1

SHA512
87ab983b203b7394dee2b057170893f764b013a2649edbcad3b0738979fce9edf6cd193cd4707aefafae37d5d069096fdf71209bc965361241603a0e88dec8b2

Download Submit
C:\Users\Admin\Desktop\GetResolve.sql

Filesize
594KB

MD5
f42526c976e649900d62de405b038d46

SHA1
3f6996ff8bfdf48fcb9c513ce7255c64579f8f04

SHA256
d8efd0988af07955b80c31eca67e6815f0384432a68251beb7b5b5bef94aea58

SHA512
04453b1372bfe97465a9506a11ac66e3b141d7229c9f42600a50c31ef1c3fb0cb434a9b149e4251071b5f095529b92371a732a0604cb6674614c4100e059c77f

Download Submit
C:\Users\Admin\Desktop\GrantRestore.mpa

Filesize
872KB

MD5
581e3708167d931303b2658f4e12685b

SHA1
d51a004a88cd413a01b4e0c791d0b450a5517add

SHA256
39245232cdd49c8206fb9cec0c4b1d81f4b75bdd0703e965c035f4d545789f79

SHA512
5c45f183356dcdb99eda3cf9e777dff91b3b43030f83bc7a8cd6ee855282d7908dfdd26518c795ede64e51912b3736f02578b47b6c6492e7b9b49529bc126bd6

Download Submit
C:\Users\Admin\Desktop\InitializeWrite.rm

Filesize
796KB

MD5
a0ed2047c2d0e2992484eed38df1a329

SHA1
c930b4f8ee58d282e2fdc11b0198ddb9b0f98a44

SHA256
5baefbce1117e50d9e1861296d43aaaeecfaba0ab20fdeb628d73e49d121fdb4

SHA512
72842b1841b04e1704d58d4f7621401b524c88c316215d94760bb52605a244daeca472ea31dcddd3d1bf1c1997c6ce6e9daa9649bd19f86f8a81c0454af60c56

Download Submit
C:\Users\Admin\Desktop\OpenProtect.dotx

Filesize
619KB

MD5
55ce1ba07cf2b1a32896b4396aa671d7

SHA1
6a11c944cc909d16f874b0d808cbc35822de1cd7

SHA256
276e5753294532d428d081990d207049691ded00c8a8159531c67a26325c55b9

SHA512
ed78176beec2743f5dd6cb17c9e6657b88323a12742327f819a90e122505e6d63303d6ae1e4648f6ecb74de0b2dc7a3c74f4f5f65461830ab46226abd9486630

Download Submit
C:\Users\Admin\Desktop\RedoTest.aifc

Filesize
695KB

MD5
ea06273a7415874ef14b9416db22ac64

SHA1
a1858add727b6e84e9f0f1ab323c89ce15861c31

SHA256
c74fb23e172cfe8087bb9962282a0cca0fdda46556414c70c178fff70f9a8c85

SHA512
6a019a123c84fdbf7bf30103fabbb52b86eb594d81a0f41c26981dd61f2a20f4582571b6a6fe5c397d8600c2f9df1e90d85726ddcf882332f291e8ae012803f5

Download Submit
C:\Users\Admin\Desktop\RegisterConvertFrom.rar

Filesize
670KB

MD5
1bf2a5634d841ecddf11044ab53ac7f5

SHA1
bdfcc655595bfd0232878beea70eaf638aa48753

SHA256
e1184f97af5f5903579a5f0766cbd272b831afa43bedb8f55b1c3645bf1d28e8

SHA512
3051f19ca428f6532fa97a3a0b4423c761f91343414ae20cb71355703a429e1e61e944a8adac140558e9d28252c3ed99107f868c0a18090865b60454ca51abd2

Download Submit
C:\Users\Admin\Desktop\RegisterUpdate.mpe

Filesize
644KB

MD5
4b06cf69c6d6d199c790cb4aaf846773

SHA1
6afd93f5ed6395c4ec9a05663a69919528f98a73

SHA256
046e077f488945dac56c4b7d1fdd98041078f6af91af6b0bf59a4be5e406050d

SHA512
138a8f22fd4b82c9059ebe38aae768edb499c962551d130d7b92ca919d583a402f5f1c92d933cebd84e2af631f68e4d15765a65006557c4372ba0782a2ac1c09

Download Submit
C:\Users\Admin\Desktop\ResetConvert.midi

Filesize
948KB

MD5
9deb6087620199d6c05432734c7d6e96

SHA1
503afd5c4a09f66311abdb9b17f497c8463eec49

SHA256
c874bd7933d3fcd492541a5fba85b10973712386696902113d016b7d45886c7d

SHA512
b4e66eb6972a20ed4c544ea7d8248162a0f7e4f931304cf378d479f794e505166b06def0c0af5a709f991beb73f8a7787c325c1583d6feba06bf52bab9ce8708

Download Submit
C:\Users\Admin\Desktop\SearchInvoke.odp

Filesize
543KB

MD5
e4bdfb345dbff839b7c240715a349b9d

SHA1
f440699280920b463569252e8ea6a36dbb5db8bc

SHA256
52934252e233ec1974757f72c8dd16b2e0345f8d22532291e0c5dcffcb132b79

SHA512
ef5fc11fc50bfe72fb3b0e8a60f7379fd9a7ebdb97807f67a8df32eb2a21f56edcf3bcf5cdc2237768f51ba26681c2699418fbbb7a53c1f803a4ddb3bb4952d3

Download Submit
C:\Users\Admin\Desktop\SwitchConvert.vsd

Filesize
771KB

MD5
937a408d09728a2d2abf40d193267919

SHA1
253a37680ffbdb80a6c70eb7d6086084109c80d7

SHA256
b57d1d7c4f0a948058bdbed6b387aa2293062c01b03f777c1269b80e9b35589e

SHA512
e85a8fb30a6a5878e3435d2847f77b6d3bbf174b3f0ce006ee416dc27cda1f7d8a8e1fd3cfdcfd205818f8d591e5a9c98c88e9be0499a9acbf68f1408aa6e7e5

Download Submit
C:\Users\Admin\Desktop\TestRename.vbs

Filesize
417KB

MD5
4a174c0c4e3c1f498984f4f444f48b49

SHA1
cfe5d60009b400a95ffcd1a9a508a67c9f258ef0

SHA256
a77bd44388d3a9be3f5a16b344f1d88a285af1bef7dc64d89051b7bbee09d113

SHA512
00777028301270952365eac5847d4f5c97e05f83fc89e7c81fb39d9b0c66a333e232fc64e8a3938fc9a5ffebd80a6cd9ea07f3430342d7c8944353265715f828

Download Submit
C:\Users\Admin\Desktop\TraceConvertFrom.m4a

Filesize
467KB

MD5
cc6d10e61f54a101f9f4a62d59063d72

SHA1
fa509a1fdba5c3dc346ea1879b6d167f534b88ff

SHA256
a7b059408ba56de4d39342018a30b1fc67fe1bfe912c0210e37d07476740767b

SHA512
f0ebab877b17cb43a64670b0164b8439a96c76d71ffca606e78b3f0b99b47a980e3a7899e2e6235390389cf8f444acaa734d03c4336e37cd7b82cdf660f9855b

Download Submit
C:\Users\Admin\Desktop\UnprotectFormat.htm

Filesize
847KB

MD5
8d2ce72cdabe0c62e9ce26e5422c3e17

SHA1
f0b7ca403fce85215744e37a8afe40262a2c9cb3

SHA256
ae8ec94b66bdfa71065874cd1e9f48abf0ebd5f3b383ad86be0c0acd8ac90e18

SHA512
b0ad3626652d4ef1d7d85aa58cdf542dfe43f0eacc1f90fa7a4c4882889ef73cb8e7bc6a1ef29de3deed4f4692c780329b200664ab075f039dac49a90b605d63

Download Submit
C:\Users\Admin\Desktop\UpdateSet.dib

Filesize
922KB

MD5
45685bb0af5e2b2ee067574d7241c0b0

SHA1
8ef0392532c18704f068ac53286438af6cc56a09

SHA256
f704f24e2e82cdf4c80b7ab3f6e802d6ab56e870f10ab8d7fd2e65ad8fbc5a76

SHA512
24de39cc374e9d31b345b11149c75059d7f7c81414dd933c0e0baa1203854f64685433966e62f66f15ba5c9a8a887b9f1268113d7348978a02c9f1690aa92532

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
da99cc4ffa4d5d2b8b3e78e0108db4e1

SHA1
b72d0ee90380c4265e0fa38a1cdc6d4c35bec9dd

SHA256
718ca3b5e3a9d40864c3857cbb3af7bf93147d65fb398cf5f9db4994e863d12f

SHA512
debadf31454f2d386256a1c16c455dacaf2dab7043af698bb9dbadee9b9ce9c4713fb11ae236febae27c77c103732237801fcee0f77104b0a75b4ea3935e2bf5

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
bec0b56ac96e0240a4329811cc3e8589

SHA1
5444c75acb144ac66e4682013afdf26a06554f18

SHA256
67715b6ffe03ee075e4be7f03988c66c69b46d7dc704a2f6b9896efcecf780c2

SHA512
da45c887cb3a30e29407db77ddd276b903dea0e6150852c9248f85a520dda2e7d10b808e7a69a7dfe085bbd42fa3042373503825f794e4b962b726dcdf98e9d6

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
ee029c079b7c0e0bc733ec6d80b9b893

SHA1
703c6299b3298ef459457ab15dae75dd11c23c2e

SHA256
96d68f1bf94d0dc4d9e6b9844503ccd295d80eed153b8832901c972a773b4732

SHA512
46c5c04e5ec8e43769738a8dc2f4387f49ed139fddbe9d6c55bb65719b333c7a3bd821501468bbdcd857acc5dc10e657849137e0a87d4a897f4b2ea3c48ab464

Download Submit
memory/4956-31-0x0000000075010000-0x00000000757C1000-memory.dmp

Filesize
7.7MB

Download
memory/4956-0-0x000000007501E000-0x000000007501F000-memory.dmp

Filesize
4KB

Download
memory/4956-3-0x000000007501E000-0x000000007501F000-memory.dmp

Filesize
4KB

Download
memory/4956-2-0x0000000075010000-0x00000000757C1000-memory.dmp

Filesize
7.7MB

Download
memory/4956-1-0x0000000000600000-0x0000000000612000-memory.dmp

Filesize
72KB

Download