emotet | 2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

max time kernel
468s
max time network
470s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/96591.exe
Size

1.2MB
MD5

568d17d6da77a46e35c8094a7c414375
SHA1

500fa749471dad4ae40da6aa33fd6b2a53bcf200
SHA256

0da56126ffb57acb5bb1a3ffa1c4c0c2605d257988b2d2964344b8f23173f615
SHA512

7beb044f8bd366350b267c0fedc8466d2c5fd80b0f791f5697ce4577edced36b668401fd48df90b6c4ced05247d990c5e739e7232a2dcfc059dcc0c6a79d9427
SSDEEP

12288:D+FwW6Se3oB/8WjH2fIGOVoDJLvfOqsUFY:D+qJSgZwEIGOVUJLnOqs+Y

Score

10^/10

emotet banker discovery trojan

Malware Config

Signatures

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet
Emotet family
emotet
Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2660	YouAreAnIdiot.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
142	raw.githubusercontent.com
143	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 12 IoCs

pid	pid_target	Process	procid_target
544	2660	WerFault.exe	145
2200	3984	WerFault.exe	153
4472	4468	WerFault.exe	156
7996	6380	WerFault.exe	204
8124	8036	WerFault.exe	207
7620	8176	WerFault.exe	211
7076	8064	WerFault.exe	208
4468	7128	WerFault.exe	224
6432	2460	WerFault.exe	227
5592	6172	WerFault.exe	230
7184	6560	WerFault.exe	233
460	6688	WerFault.exe	236

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	machinehistory.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	96591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	96591.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	machinehistory.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 780198.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2632	96591.exe
2632	96591.exe
3584	96591.exe
3584	96591.exe
2104	machinehistory.exe
2104	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
1844	msedge.exe
1844	msedge.exe
2316	msedge.exe
2316	msedge.exe
232	machinehistory.exe
232	machinehistory.exe
2192	identity_helper.exe
2192	identity_helper.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
4944	msedge.exe
4944	msedge.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe
232	machinehistory.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3584	96591.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3864	firefox.exe
Token: SeDebugPrivilege	3864	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
2316	msedge.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe
3864	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3864	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 3584	2632	96591.exe	82
PID 2632 wrote to memory of 3584	2632	96591.exe	82
PID 2632 wrote to memory of 3584	2632	96591.exe	82
PID 2104 wrote to memory of 232	2104	machinehistory.exe	84
PID 2104 wrote to memory of 232	2104	machinehistory.exe	84
PID 2104 wrote to memory of 232	2104	machinehistory.exe	84
PID 2316 wrote to memory of 4960	2316	msedge.exe	105
PID 2316 wrote to memory of 4960	2316	msedge.exe	105
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1632	2316	msedge.exe	106
PID 2316 wrote to memory of 1844	2316	msedge.exe	107
PID 2316 wrote to memory of 1844	2316	msedge.exe	107
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108
PID 2316 wrote to memory of 880	2316	msedge.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\96591.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\96591.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Users\Admin\AppData\Local\Temp\Malware-1-master\96591.exe
  "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\96591.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: RenamesItself
  PID:3584

C:\Windows\SysWOW64\machinehistory.exe
"C:\Windows\SysWOW64\machinehistory.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\machinehistory.exe
  "C:\Windows\SysWOW64\machinehistory.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc37046f8,0x7ffbc3704708,0x7ffbc3704718
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3448 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2396 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Users\Admin\Downloads\YouAreAnIdiot.exe
  "C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2660
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 1200
    3⤵
    - Program crash
    PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12048955183785752714,10831642431128887927,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:6388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2660 -ip 2660
1⤵
PID:2860

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3984
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 1200
  2⤵
  - Program crash
  PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3984 -ip 3984
1⤵
PID:4356

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4468
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 1172
  2⤵
  - Program crash
  PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4468 -ip 4468
1⤵
PID:3536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1244
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {798fe685-926a-457e-8413-04fc71fab086} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" gpu
    3⤵
    PID:1220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {784ea5c0-1085-46b4-9da1-391c1d05b82e} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" socket
    3⤵
    - Checks processor information in registry
    PID:2376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2852 -childID 1 -isForBrowser -prefsHandle 2580 -prefMapHandle 3032 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0896e63-53f8-48b8-b0f3-5a8d6aa88998} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:3496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4064 -childID 2 -isForBrowser -prefsHandle 892 -prefMapHandle 3780 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95a46e18-6bd8-4357-85fe-14d48390f3d8} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4780 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4852 -prefMapHandle 4620 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e62b907e-695c-4423-a329-67c01b4e1e5c} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" utility
    3⤵
    - Checks processor information in registry
    PID:5228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5352 -prefMapHandle 5372 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de02bd52-33eb-4f10-8554-0337b7ef0d39} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {026eac04-745f-40fe-97ff-05fe08c030d2} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 5 -isForBrowser -prefsHandle 5772 -prefMapHandle 5768 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a23167a5-4928-4581-be9b-3a7888323e8b} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 6 -isForBrowser -prefsHandle 2708 -prefMapHandle 5252 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e7d7615-5c7a-4624-aff1-0b6103d7ed8f} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:6124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3024 -childID 7 -isForBrowser -prefsHandle 6024 -prefMapHandle 6032 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99e05347-f7ba-46e9-9b35-ef1bfeebffc5} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:1344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 8 -isForBrowser -prefsHandle 5720 -prefMapHandle 5716 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {113aa634-d9e4-4b70-b112-a90f549b2c7a} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:4624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6264 -childID 9 -isForBrowser -prefsHandle 6272 -prefMapHandle 6276 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf2a1b1f-fd4e-4f47-b275-c616cc2b422c} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:2776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6472 -childID 10 -isForBrowser -prefsHandle 4972 -prefMapHandle 5004 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe06bcf8-a23b-4f2b-a9bb-cc243d6313c7} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:1244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6648 -childID 11 -isForBrowser -prefsHandle 6604 -prefMapHandle 6252 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9d712f8-9011-4539-8f17-d390c44e4834} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6800 -childID 12 -isForBrowser -prefsHandle 6844 -prefMapHandle 6852 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11d6224a-0903-4573-a8cd-81ead1882fa2} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6824 -childID 13 -isForBrowser -prefsHandle 6816 -prefMapHandle 6812 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9f12c23-8737-43bd-88a2-aad28f280b0b} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7076 -childID 14 -isForBrowser -prefsHandle 7084 -prefMapHandle 7088 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1743c609-3ad8-456e-8e6c-5970674b3e84} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7296 -childID 15 -isForBrowser -prefsHandle 7372 -prefMapHandle 7368 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08939b78-f7c2-4270-8057-a1e870cf8060} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7532 -childID 16 -isForBrowser -prefsHandle 7540 -prefMapHandle 7544 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a2fe0f9-d104-4565-a5aa-4fafc8451336} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7728 -childID 17 -isForBrowser -prefsHandle 7808 -prefMapHandle 7804 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91900f61-4630-4df5-98d6-2b6a4d6ce0ff} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:3176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7932 -childID 18 -isForBrowser -prefsHandle 8008 -prefMapHandle 8004 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {875edf44-6e91-4bff-9f24-54964075d430} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7712 -childID 19 -isForBrowser -prefsHandle 7724 -prefMapHandle 8052 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04f685b1-4eec-4373-8531-8f41aae37381} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:2844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8316 -childID 20 -isForBrowser -prefsHandle 8324 -prefMapHandle 8328 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9223584-74b0-4b83-b851-011be485d4f0} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:4664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8508 -childID 21 -isForBrowser -prefsHandle 8516 -prefMapHandle 8520 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4a8306f-baaf-4674-b166-2bc21554a5ef} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:4688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8700 -childID 22 -isForBrowser -prefsHandle 8708 -prefMapHandle 8712 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4893010a-3226-4003-a33a-a94979012b94} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:2388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8908 -childID 23 -isForBrowser -prefsHandle 8984 -prefMapHandle 8980 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {817ac40f-ad41-40a3-a778-7193ab54e1de} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9108 -childID 24 -isForBrowser -prefsHandle 9120 -prefMapHandle 9064 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1df2674c-0a81-42b7-bbf3-8e11d3fa7337} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:1156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9284 -childID 25 -isForBrowser -prefsHandle 9364 -prefMapHandle 9360 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c82baff2-1487-4980-8ed3-84f35b739e9b} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9256 -childID 26 -isForBrowser -prefsHandle 9392 -prefMapHandle 9380 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52ec372b-2219-4a60-94e2-9e029dd3303a} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6080 -childID 27 -isForBrowser -prefsHandle 9612 -prefMapHandle 9616 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec73477e-a83e-4b9f-b7ae-028eb0260185} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:2432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6024 -childID 28 -isForBrowser -prefsHandle 9820 -prefMapHandle 9816 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61938dd1-fd66-4c90-a038-9c30a4d8c0a8} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:2168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8964 -childID 29 -isForBrowser -prefsHandle 8324 -prefMapHandle 8708 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {750e3dd6-c443-4ea1-89ac-57e140d43de3} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8944 -childID 30 -isForBrowser -prefsHandle 7340 -prefMapHandle 7336 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb1c7281-6b89-403b-8e65-acf23c1cf942} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9532 -childID 31 -isForBrowser -prefsHandle 8960 -prefMapHandle 8732 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {982d7919-60d1-46c1-9dab-dd66d3fb53f7} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:4112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6692 -childID 32 -isForBrowser -prefsHandle 6684 -prefMapHandle 6680 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {494def65-067e-410a-a779-470cfe6f3cee} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:3100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8200 -childID 33 -isForBrowser -prefsHandle 7612 -prefMapHandle 8528 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {912bab1f-f25f-403b-a34a-082e0d47ac86} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:4768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7804 -childID 34 -isForBrowser -prefsHandle 7548 -prefMapHandle 7604 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb228b89-7b4b-46b7-a7af-b16239ad1f34} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:2264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10192 -childID 35 -isForBrowser -prefsHandle 10200 -prefMapHandle 10204 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be90998a-cea3-4547-9519-76b3abd6b15b} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10340 -childID 36 -isForBrowser -prefsHandle 10344 -prefMapHandle 10348 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3db1392-2f49-4e0e-a633-6ec190d111c9} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10324 -childID 37 -isForBrowser -prefsHandle 10544 -prefMapHandle 10548 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba74b9a7-c03d-47e1-a24f-76781548ee2a} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10668 -childID 38 -isForBrowser -prefsHandle 10632 -prefMapHandle 10628 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {230257ed-313e-4865-a956-d4c0c814b79d} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11084 -childID 39 -isForBrowser -prefsHandle 10872 -prefMapHandle 10876 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c9f939f-fac9-47f4-97e9-d75107cc1a77} 3864 "\\.\pipe\gecko-crash-server-pipe.3864" tab
    3⤵
    PID:5360

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:6380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 1176
  2⤵
  - Program crash
  PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 6380 -ip 6380
1⤵
PID:7972

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:8036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 1172
  2⤵
  - Program crash
  PID:8124

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:8064
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 1232
  2⤵
  - Program crash
  PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 8036 -ip 8036
1⤵
PID:8092

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:8176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 1104
  2⤵
  - Program crash
  PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 8176 -ip 8176
1⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 8064 -ip 8064
1⤵
PID:4504

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:7128
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 1176
  2⤵
  - Program crash
  PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 7128 -ip 7128
1⤵
PID:5656

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 1172
  2⤵
  - Program crash
  PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2460 -ip 2460
1⤵
PID:6096

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:6172
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 1176
  2⤵
  - Program crash
  PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6172 -ip 6172
1⤵
PID:5576

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:6560
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 1172
  2⤵
  - Program crash
  PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6560 -ip 6560
1⤵
PID:5856

C:\Users\Admin\Desktop\YouAreAnIdiot.exe
"C:\Users\Admin\Desktop\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:6688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 1172
  2⤵
  - Program crash
  PID:460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6688 -ip 6688
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
48KB

MD5
76ddc8975051661ddcd2b39a3d313787

SHA1
4356ffbe94ebe23f0a1f02d784110cf40cf85d71

SHA256
50d5ee3a555060f197e1a930e9b9e7b050dbc18b522f66ffd1aebe1b8d011649

SHA512
dbfdafb8976a435f3330d701610c0e62f7ca4fabad54f66759fed1461bf39fa178463590982d8dc2887d18cfb67c2e2ffe65547c4bf233fe28fef226ee2d41c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
494356f2389027ba1c50ae23a106719d

SHA1
e7c04f3297a10752a335d242be631a70034c6c50

SHA256
fb67a4ef737053cf778e958ccc408405624a5fa33579f90d9eed78bd1a6b0043

SHA512
13d261f5a0c345e9062d396a02fd5df0b4138b66a6d97bae037f6a77953f641888ef8784c6e38171dd9692e222e5001ae1d8831197353fdd323e9676a52d2777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
180B

MD5
00a455d9d155394bfb4b52258c97c5e5

SHA1
2761d0c955353e1982a588a3df78f2744cfaa9df

SHA256
45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

SHA512
9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
857B

MD5
7443cb445d14683487a5f9265172c99c

SHA1
1ed9f39c7d5367144b873856a18dd4581922e5f0

SHA256
c8a7865296eeb08cf6883f771941d73d296515d4b20cb0f782e2448e32669684

SHA512
2a0e2eadffe3d54e076baac5adcebf8923ba2fdec417d3b042a145b67a5073faf9d0f41f3c62ad41e5aeb7973b68d7b6fd435b366dc257298dfa187c2586c891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
940B

MD5
c6cba7ac8d9d01df781401385a654707

SHA1
19c0e90e9474c29c8707b40706f370145baf333a

SHA256
166eb0a1033b7646ce9807be28226946390a9a83edf5fa6c26efb48cd348f425

SHA512
e55474b1cefd4a1cb8fca692032a7b843615201cc6840e40ee4b45c272bb28c149d4443b7296858717b82e8fb947b99e112816812564aa6e9872093cfda129a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
940B

MD5
df07b166b80b95a615676b0e1a78a4db

SHA1
5b2b75465ec922089a7eb1902e5d1e2fd0f73e14

SHA256
bc4a93939c72a41dc2cb9f107fb29b5b680c8e910ce619293b6fa31d73d7cc19

SHA512
1347bb275fb4d7afbab43e4b00ba8f417751e5f3c874f146269d96cacf1e384038611ec0d13bd9192c3c2223b19180257a6cafa4ac020d4ed7010ec329dabfd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c80e511185e423df9ba14ea361b351e1

SHA1
6d2eb06eb17e8bdcfc787f929b4016beb04297a1

SHA256
b94fe3813f320788f30193771b83f92a508a2be845607464c08ce69e67c5fb80

SHA512
0c42ec1b1f3898603bd585f3e47b38eb76ab48ac4484177c6659cbd157b99b2a42c4017015ff2f29611a0f3640a7103f4ac7a8554fed91d07989d844109c1f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
917b0780e32ca0a43e71950197992e0d

SHA1
32d2a13dcae60666434577475944391bf31a0504

SHA256
bf598e7a664edfa02e492bde2bb437ae7eada8a62997a941953b73cb93ca36b4

SHA512
290ef6d86b669aa56707840ca29a6b24aac6159ded9eee929813cac7e4f67a0c5d152a3aee0ce8bf37591cf864d1cdca5340402255921aee44719ca30d220771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae39f18519010b7673a95cd3b0047ef8

SHA1
c3e656b2bbad315f6e0ed09c5261341c30aa8d9c

SHA256
202985efe6e8d41f328f7496d48a56869b86e7b892220a4fe0a1745a34f92052

SHA512
d6f80b649f9fb401d2fb99c41c6abcf9fc2b6d89df08a576f682dfbe4d7b9e528796d2c8eda2a19ab7f04a209121045f48beba894c245aaf696582d779c59c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1725529972c2b32cd4a7734439c15552

SHA1
934e2f5703669317857c2207da7a55def45adda2

SHA256
345e83ef0b8a7c3e25abd7f0e675e67b767508aa3f2ef8b0a306a77d5db5e1ca

SHA512
1c248e447417e77ffe1b83a0fa06a5c531206b9607a594e79dfea057ef8e73915ee3445418bb422a48c2152455e776cfdf1dc60cdda8d343495cfab6a6c87fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca66d14c80075cded1748b3ece147961

SHA1
d2a8ae3ef5f38de4942597f0d37ed4140a8c079d

SHA256
71c200284b94fa7582cc7f4c75b5e8e269a2f2f4f1f88c2169606a08c0b611bb

SHA512
443e0d51fd6e73380a207d4a3bf13f17338ea482305ca1e15eba070adfd5b055af78b7d9540bf0731740242d08cb0a0d5694b368c1e8af1e4bdcb07b2cb479cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0f07ef09b9aa835849b1d32d360db6a

SHA1
de703a4646a315da608eb35947bd323fdec5ccec

SHA256
803e7119d276f67b0b26655b2a1059187250a0c41a7fc791826078409eb0c84c

SHA512
40f692af288ad5357b84e40fa3b5c65d0177d574a17162daccc90a75c19c7824c226a983a7b515a5e39878b902f0e587b36ada6e96e6797bbc429eba05123728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
289656698660605dea1a114f1bc29ac9

SHA1
65fa6c8d3a3694fb407e2132eb3adcee0381d7a2

SHA256
1c6c87717d219518edaa6d6124d9cc7ede123be7e64398867696235893887578

SHA512
c0c41673b8d5f28f31906569cb7356c5bc17c71aa7c96ced57590de980ce9cfd9e0cfce093bd0379a0348ab04822887b59f50c3dc084585df02bb8b26650c664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0282d4ff2e9db09f23d369629164166

SHA1
1da990f7820051bface75fa31f3c450cbed1ba0b

SHA256
7815ed154c3331751bf9e51eb99a3dead26ea1a8079ca5c1995836df6c875427

SHA512
4b796a8847f14b0d2b39b64318098ee31079fa0b73bd6763d9b34c2915ee71647e1369061aa3f1316a8c8fdf28625c29ace9d5aa96ab0ef26d9309324ec98833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1090af6beafdd78ef259938da3f0ba1b

SHA1
4ea24f15623ca869f188bf53a89c149e6f14cb2d

SHA256
334498c4f78a7f3edd318abb2294d90fce6c50c26db993ed29c99606c70f13bc

SHA512
ee658525a982618920ad47c114a979e97715e80cb06af1e783de39fcaff043c2c9807c86a729eb39f214f11c3b0caddcc1e22d1f72c333526a7507bc08d88ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d96461ff73ab3628234c0f6cc2cfb9f7

SHA1
c14d747c85286f139fad0e946dd3fd5679829577

SHA256
02b5dec85b35f16199ab9160c89ad885735b98db5aab32172aef599a058ce372

SHA512
2301b0a0a8c04501e6e99669833e5b83271e54cef94ba13058bdcf561184db9f3660189c05a0af1075f3e5499b5f3a91f23bd8185188a3575e018b2c6af18483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
53a39ff6e10c7637182cb160e49a6fac

SHA1
bd04b263624f435dcc6befcef149fd9afcc0387c

SHA256
3c4ebd4668101c90ecaaee9b796c8bae75baa9e44b3529c73eb6aa7962f8fa84

SHA512
84be5a115eca0d70bf1425fd1810c56ef07003cbe419d3b236945c907f2015f5face8a867847f6bc74bc048f87261126e47ae097546629d54eccceae151f91bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
33a6a2bea8559547ff1ac1dfedf76ba6

SHA1
57524d5cb2418d96e70e198223ab57f75d5bdb09

SHA256
31b6d8b38dbec6f2bc2700fc23ea4e74b8d6fc68cf5ab2aae745113bdf7bc738

SHA512
1fa493c9f9008decaed3ee5da15877cf0ac4a65b4364e2f3c78d00c6f8ab75afcedecdbb961d0b11b6d6daf9a469d400463862417a0053fac570cd36986b1962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b6dee0791bf3049c86e0914cb72eb4c1

SHA1
b15ea9d3bf2f860e61047e50125b643b775bc8ce

SHA256
549c856b3c06a9121ddd9ae5158a5413b9d26cf5afb34c55ffb5eef1883ecbd1

SHA512
4ee72ab6c4bf9cf93764d697f40dfbef9606fc54b6d5705d0895547d7454cde4336610d520a8a5551ab83e14816556bde150198b6b48b9cdb0308968b9c8520e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
a439131a1b0b499b04e8f1dfc83bff7d

SHA1
fac7988230f3bcdc6fa04c4276ed21a557bbf988

SHA256
1489cdc352b2d6c57c3eeec55b7596729b91030da36bef4738376e2da1b35a4b

SHA512
915d59c18d0a406da031786290c4c423410ace9f8a55965b0a32632ea40bb9362cdd86970978544b93ad0dd2be47778501b47e09e1c0e3a80e70a01966d2da60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7b2b2718eb114103ba1fbe7e77cd6b4

SHA1
b6a02d2a043f6b0e1f6d807975804617f35c3f98

SHA256
b087c891b6f75e5fdfda429db5f660c6201c28afcb8eb61a956367089984bf7a

SHA512
bc553910fbb1975b68689a684a7d6cb20437eceb302cbfd9fff19e7c50c45b4fca2ceef3af402425fd0ae17b9dab384cf0ca4e4ab6126ba0db8c3a83781f6dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c758457220243a160d16bdfb0c3aead2

SHA1
156573d1258ded3eab29a2b855533486b74e0447

SHA256
2449c26e2ae2d161c3eff3a6c5d8c4686bef23e2565767d84588733e990d2e3e

SHA512
e83415e0d513b7cdf65c271691a630a85d3250a7cfdd740297516c6472cea1bda4edcaf25242ebfab457621cf809171467bf31860f5e55bc7d7a36e8fff28e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c593b114cca9672f2ebff816f96084a2

SHA1
a3f6792b0150cca831518b6356b5fa6a2185abf0

SHA256
02ffd06ff70a525f44429bbf6dff013b5c8a43f4e5ee0e3dc2c5af662a8b8c2b

SHA512
d032b010c433d987e8b28cfcf0fdcfe50d6d40ecd9fd6615aaa092d7c6b057a058550e4a10d55c3c1c24d94f1226750051eca94a00323a4d92fe67f6609cb806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd03c1c3898de8dd506797e901b53979

SHA1
b447cc76c98eb19633b16ca781303edde76819c5

SHA256
7f8783bce0f0f1ae4ae00c706dc59d26a99ae25230fd11126cfd87991c19a988

SHA512
2b49670a173ba9328150fd1dc75c6cfb927c54fde5a24b94c8bcd6f046fd3a2d3bab9ca249da57a83f828bc20246cb96abcdc8158e2de48cd312c6e203e162fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c0e641003a4f0aca97db0930618d420

SHA1
a7bbd69a0becf88befdc2918a89646eca6e4ef49

SHA256
ab47abe4027527c42cae01e14c49fdebf9bf5cefc26142a5247ddb1214632ce9

SHA512
072fd3fdbdb73034c5462320f199062271c69a9b907b15dcdc7ae8a54b79a0315633bae7f24363deac0ec3c9589ff390eb4e3904c8e46909cc3a7bdf50986e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
06ee8ba123cb7f244a049e59676eb146

SHA1
a5513005e7ce4f81d4561d778d23d7d6df3eb818

SHA256
d70d6bb37785056ca25c1ff81edfaabbc73010472b5362727fb5af64da7549d9

SHA512
54b3d8853377b905f365e086cda60cd8a0148dd5963c27f3fbf6d7e7a63efbc96024837242ec6de143cca0ab7870b63489e66ac89e08aecb520444fc1dd014b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe7aa9784bd1e59e3d38e1f6389bbab5

SHA1
06db17c9362c7d994e4fdfb19ed2b380468fa7bc

SHA256
01d1e63e7fad2f832bd493afcef7c28ba163b1eeeb7c488d57317c7790b3ddc9

SHA512
f15de390711f691e93045423675bf86880654385140ca4ee36c3bc9b7b47f3ec2044d10b192b1458060e29be93384adf6f44be477b203d343452698dd64ee071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63abcf5ccb59cad475a41a7ff24d3b3b

SHA1
0783b60594a1be15f2694fd7dfefd784d3e79413

SHA256
bdeb59f1a450f5186ed72a70e66d7758890de265cf70f4f7c7b7cef05893ac0b

SHA512
8e499778fc2c1d4c6bd07de8871456aa3e91ed66b3b5a138c42c510887bacaa9d9bf306f96263de2890a94e17c42056dd856965be428434dcf7b25f28d5fee3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3f928b8fbb5a2422d00f82f2388a1cc1

SHA1
1a218c82b053d34ba2403551e99f5b72f969ca5f

SHA256
7a16dd46c6baee43403d2a34f95f47ef21d6a2de94132f67f0a9f4f10d100d8d

SHA512
c23116e89dede44bec9df200d943469c64bcdb2c2e1ff73991742afd0183ddecb1d48d33bb7dca77452a558e4e98168bc0f058ada403ed5229f517624018afee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
874e1359710f8c5f125b0ffd8fdaac89

SHA1
a0968eacd8ea49430ae620d8bff98e7e296d39af

SHA256
7746e7e346de18fd5d22a482f92f915175752b5c9c044efaa3ed5f894be7bf90

SHA512
a34a16422559242e5e1e4930c917ce14effb51d6454955fdaa3f64fc327d533b9ee1736f71ddaedf6c666906b86f344e999a886b0a84d554c177a94dcd53ba09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7585ba14b3ef885749093058e5b7651a

SHA1
f5e8b0e19b2b3ee4c295d8ad759d2631b464c742

SHA256
8c8feae99c655edcf2754532c542e63ad2e9ec9119873b856f7a1f033fa937aa

SHA512
ed02d1686a30d117bd690d478c25407ca554d91e2e9374da33d926fe9b231d943fad6ccc8b7447584719c729c0d932363b3ca20c0ad64321858e0b092c794c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
831f592cf88a39ca4873e1c23c51f381

SHA1
c0f4fe6668f1c91081a5a0a334e3b1362e1083ad

SHA256
8523d440544a20b6844d804af58581302380fc26f7b01fc84d0c54f3be20f5df

SHA512
8044554d779ac6d3bb9eda708388436ac9b3005bc40bb3f121ae67f79a23f8d747bba4681d58cafb84ae450ed749981af2460f57a4d3e426c4d8c69b1f1d6188

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
a46570ec070724f6a026cccb8ef7d47e

SHA1
2ff9d1a0fa6a19d89203868ca4fac5526b92782b

SHA256
eaea78fd63b8c8eff95e9b25aca4e060856e52dc1d71376222c466be53cf89aa

SHA512
2e566468510e659d748e4cc6d3160d8980b0c15819df7635ab7829eacadec7ad04b7ef33656214fbd5a7cefde6e8f89ddba828e6ce20f43387e16b7dbb5cde09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
6KB

MD5
1ecc6cc63b5325fb07f1bfcc540b884b

SHA1
363d9975af19be849ecebb47bbdfad4fbbb4955f

SHA256
226fcb927f0812f173db1d19bafe810fc225dcb11ff7f9195943d24170f6ecc3

SHA512
a614c091d74b90805d2fb560960cc096262f95136ec2284fa3614b9a3864eccae5f58f4864dab55cc09a88d69d4d8475b5f757278da78168923182b5ab859055

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b21cba85d7262213460304974d732be9

SHA1
909b95b0a81a763596e33f1b7ef7dc08845495be

SHA256
4a5621aeb4ac1eb8c0404aec9194c4f5857edce9fc5c2e99960bd205c4f89ebb

SHA512
f9f4e4af5d3b46c5d868176064bed8d9c916b1abfdba61b7c4ceea0533f60d16cb21b0c3c6aaa1bc27e0721e54c79ee178a9f1a1bdefdb5f7df1ec1ba0638490

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
13539148e2cafaeabad0407c8dae3ddf

SHA1
32482d5da875727f0a8a339cedc626b30f332bb1

SHA256
57d570514f93d8f6bee0bf07bc3a53f081dc9b10446bbb06b0fa92d4c067e9e4

SHA512
4ed472429a377b2ddccd86ef7eb2f4fd11aa14895f2106dbe4633c8aa5513519d95587c142d6b09844ec22ab02a39726c69f5dfe568ef62d23a5d4e6a3a2f280

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\14c27577-807d-4cde-b98d-57da74cdff2a

Filesize
24KB

MD5
e442511ee9f4125a6d0214689d322c15

SHA1
fbde9eb53e2e62abe6fa6ba0170d38b507a0eb76

SHA256
481e41d3acf12a4afb1f8ebc2b9ea47b303004cd40e239a361e3a3aa86b51e9a

SHA512
4bb24d5772b1f55eda87f718baad6c477695d06b4c2d491631984958add66d14916d159343280f307b6919aab73d1433e949e1a55d7d3b359a957840ea762176

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\383ae368-d276-4c23-bbaa-e493b3477b95

Filesize
982B

MD5
69f4e68edabfdc848595d29a57a7cdd9

SHA1
df31643d4958bfc84a04a9460dad4f2434892143

SHA256
1a8622d584dcc1dc34482e49fd105c1ef51630ea3a08ff5e93a2f25e2baf25a6

SHA512
0496bff004eeaac8e1c3f57cfb943589e3f047517ccb16ad43d040863b3b3b38dcd1e06f673acf4692bc14f4d2bb0d44b131f488eb8a507cca292be0df177f46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\9f341751-188a-4c9c-8f3e-d2cd3202ac95

Filesize
671B

MD5
2d0aa1fc3020921ed8f999d28c5dfe74

SHA1
0569907e92095db84648fa5e797301c03068f1bb

SHA256
9bb64fa6e67bd3569ad152cbeae650698c3e82584a0b704dedf7902762bda755

SHA512
85cbcb8e4679c64115165ec4810064835ed3b025b5412b50219c261dac3a7779299e18178fe97883a20909d601043687e2b5037c0dc516f90ba523ff367f4adc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

Filesize
9KB

MD5
248875cfb70bdba51b87abb52b706604

SHA1
532bb43f04e27af459368c6b3b792fa77c3470a8

SHA256
43c838a617b87f69420329cf59521e2fc18b6608e80ed5f7e151ea49db7cf2f9

SHA512
e2acdfc1e97ad734dd9a964f8b519c7b48f5a660e4dd36936949661e4b43544ab48223d4b7625b9e25bb330cdb770fdca20e006058d14d3262b3fb2c623dad1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
10KB

MD5
b6a49de2582f9018fae1995069e45d5e

SHA1
9ed5c96313ea5197e4b56c1b19e6af030c9fdb37

SHA256
39046353b06da1e162887f6c613a264139ac5b7ae7d47cb88750c7d401b85e81

SHA512
880d6dd391969b40ee09b266ecc73d04bf16e155bf662feae11f3df1a91bd32228010ed9b4193ab2e4f78f168fbf9a0430a67061cb0945e1f0a2e33697c13c87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
9KB

MD5
b6fd133e1e0f5cd84524af644c77ab02

SHA1
ba8cbfc74abfec00dc8d2e8b2fd88bff5e44cf06

SHA256
c2da982526297d0f413d149cb4f2496dd8740fb839fd29aef3c7d8e2008bc5e4

SHA512
8cb699859af5a27578b1ddcf87975a4c508ec228a5fb7a2d307ecd004c1048038dd1714277157b9cdc02df8da91c52f8e7c58b45bc97a56565036b235a5cb8e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 780198.crdownload

Filesize
424KB

MD5
e263c5b306480143855655233f76dc5a

SHA1
e7dcd6c23c72209ee5aa0890372de1ce52045815

SHA256
1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

SHA512
e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

Download Submit
memory/232-22-0x00000000007E0000-0x00000000007F9000-memory.dmp

Filesize
100KB

Download
memory/232-26-0x00000000007E0000-0x00000000007F9000-memory.dmp

Filesize
100KB

Download
memory/232-33-0x00000000007C0000-0x00000000007D9000-memory.dmp

Filesize
100KB

Download
memory/232-27-0x00000000007C0000-0x00000000007D9000-memory.dmp

Filesize
100KB

Download
memory/232-28-0x00000000006A0000-0x00000000006B0000-memory.dmp

Filesize
64KB

Download
memory/2104-20-0x0000000000E50000-0x0000000000E69000-memory.dmp

Filesize
100KB

Download
memory/2104-15-0x0000000000E30000-0x0000000000E49000-memory.dmp

Filesize
100KB

Download
memory/2104-30-0x0000000000E30000-0x0000000000E49000-memory.dmp

Filesize
100KB

Download
memory/2104-16-0x0000000000E50000-0x0000000000E69000-memory.dmp

Filesize
100KB

Download
memory/2104-21-0x0000000000680000-0x0000000000690000-memory.dmp

Filesize
64KB

Download
memory/2632-14-0x00000000006F0000-0x0000000000709000-memory.dmp

Filesize
100KB

Download
memory/2632-5-0x00000000022B0000-0x00000000022C9000-memory.dmp

Filesize
100KB

Download
memory/2632-0-0x00000000006F0000-0x0000000000709000-memory.dmp

Filesize
100KB

Download
memory/2632-6-0x00000000022D0000-0x00000000022E0000-memory.dmp

Filesize
64KB

Download
memory/2632-1-0x00000000022B0000-0x00000000022C9000-memory.dmp

Filesize
100KB

Download
memory/2660-900-0x0000000000350000-0x00000000003C2000-memory.dmp

Filesize
456KB

Download
memory/2660-904-0x0000000004DC0000-0x0000000004DCA000-memory.dmp

Filesize
40KB

Download
memory/2660-903-0x0000000004EF0000-0x0000000004F82000-memory.dmp

Filesize
584KB

Download
memory/2660-901-0x0000000004E50000-0x0000000004EEC000-memory.dmp

Filesize
624KB

Download
memory/2660-905-0x00000000050A0000-0x00000000050F6000-memory.dmp

Filesize
344KB

Download
memory/2660-902-0x00000000054A0000-0x0000000005A44000-memory.dmp

Filesize
5.6MB

Download
memory/3584-29-0x0000000000800000-0x0000000000819000-memory.dmp

Filesize
100KB

Download
memory/3584-12-0x0000000000820000-0x0000000000839000-memory.dmp

Filesize
100KB

Download
memory/3584-32-0x0000000000800000-0x0000000000819000-memory.dmp

Filesize
100KB

Download
memory/3584-13-0x0000000000680000-0x0000000000690000-memory.dmp

Filesize
64KB

Download
memory/3584-31-0x0000000000400000-0x000000000052A000-memory.dmp

Filesize
1.2MB

Download
memory/3584-7-0x0000000000800000-0x0000000000819000-memory.dmp

Filesize
100KB

Download
memory/3584-8-0x0000000000820000-0x0000000000839000-memory.dmp

Filesize
100KB

Download