quasar | 3ac5ae9c8f911d487ba0abd16877e4bd6f507f8316763483524da339a71f357b

Analysis

max time kernel
347s
max time network
350s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-02-2025 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New Internet Shortcut.url
Size

133B
MD5

8211bbc19996462890392f818d4209c3
SHA1

dd503dd2c9593feed13ddd52f124852a0dbeb6de
SHA256

3ac5ae9c8f911d487ba0abd16877e4bd6f507f8316763483524da339a71f357b
SHA512

5a54d2232b20119dab89fe5a4317d64d6b88a20ccba15722a26ef9e8312769a9e7784e38a6642bef296da78637fdd67780b9e0cd093209480776cd8ee38dd49e

Score

10^/10

quasar office04 defense_evasion discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

192.168.1.19:4782

Mutex

cbd5bb11-a5b0-4dee-8e4b-bb4f3dacc71d

Attributes

encryption_key
17F9A06104A1A84BB74B1E617E0D5896149A2953
install_name
Solora.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Defender
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0004000000025cbb-1732.dat	family_quasar
behavioral1/memory/1448-1783-0x00000000000F0000-0x0000000000414000-memory.dmp	family_quasar

Downloads MZ/PE file 1 IoCs

flow	pid	Process
184	3220	firefox.exe

Executes dropped EXE 4 IoCs

pid	Process
1448	Awp.gg CRACKED.exe
5652	Solora.exe
5192	Awp.gg CRACKED.exe
5640	Awp.gg CRACKED.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
182	raw.githubusercontent.com
183	raw.githubusercontent.com
184	raw.githubusercontent.com

Drops file in Windows directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\Awp.gg CRACKED.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133833450710341491"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 51 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "23590"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "4725"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1035"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "3758"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1914"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "10494"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "8242"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "2881"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "2106"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "12200"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1068"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1068"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "2106"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "22623"	SearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "3758"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "10494"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "21520"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "12439"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "12200"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1914"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "7275"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "13167"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "22623"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "12439"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "2002"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "3073"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "7275"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "21520"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "11461"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "13406"	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1035"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "2035"	SearchHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "22487"	SearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Awp.gg CRACKED.exe:Zone.Identifier	firefox.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1472	schtasks.exe
5372	schtasks.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
5668	chrome.exe
5668	chrome.exe
6744	msedge.exe
6744	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe
Token: SeShutdownPrivilege	5668	chrome.exe
Token: SeCreatePagefilePrivilege	5668	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
5668	chrome.exe
3220	firefox.exe
3220	firefox.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe
6492	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
3220	firefox.exe
5652	Solora.exe
4212	MiniSearchHost.exe
5192	SearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5668 wrote to memory of 2252	5668	chrome.exe	80
PID 5668 wrote to memory of 2252	5668	chrome.exe	80
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 2044	5668	chrome.exe	81
PID 5668 wrote to memory of 5384	5668	chrome.exe	82
PID 5668 wrote to memory of 5384	5668	chrome.exe	82
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83
PID 5668 wrote to memory of 880	5668	chrome.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL "C:\Users\Admin\AppData\Local\Temp\New Internet Shortcut.url"
1⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9564cc40,0x7ffa9564cc4c,0x7ffa9564cc58
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2124,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1584 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:4476
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff616534698,0x7ff6165346a4,0x7ff6165346b0
    3⤵
    - Drops file in Windows directory
    PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4420,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5140,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:2
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5408,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4752,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1164 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5560,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5568,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5640,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3440,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=3504,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5096,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5588,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5292,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3584,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=4412,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5148,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=2736,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5412,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6008,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Windows directory
  PID:5692
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff616534698,0x7ff6165346a4,0x7ff6165346b0
    3⤵
    - Drops file in Windows directory
    PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6044,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=3344,i,9321113241245020842,2138607895653337710,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4848

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:808
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Downloads MZ/PE file
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3423a395-c829-47b5-9b19-822390d7b0b5} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" gpu
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2392 -parentBuildID 20240401114208 -prefsHandle 2240 -prefMapHandle 2236 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60439e37-52ef-4de1-9364-c3e07bd94491} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" socket
    3⤵
    PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1672 -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2772 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {489c0bd1-e588-40c7-b998-5cf4f8323185} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" tab
    3⤵
    PID:4684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2644 -childID 2 -isForBrowser -prefsHandle 3816 -prefMapHandle 3812 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9bf1343b-e7f1-4005-968e-dc4484b5a4a7} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4824 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4724 -prefMapHandle 4788 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eab8c01-ed11-421b-a788-f2c03c6e6d3d} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" utility
    3⤵
    - Checks processor information in registry
    PID:2088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4980 -childID 3 -isForBrowser -prefsHandle 5416 -prefMapHandle 5412 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d4e44b5-690c-40e9-939c-70de6953d201} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" tab
    3⤵
    PID:5892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 4 -isForBrowser -prefsHandle 5648 -prefMapHandle 5644 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f21119f2-1a6b-4231-874f-0bde6b976f36} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" tab
    3⤵
    PID:2144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 5 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbf5e66e-2555-4ffe-aae1-88c4b774f078} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" tab
    3⤵
    PID:2084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6276 -childID 6 -isForBrowser -prefsHandle 6268 -prefMapHandle 6264 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b712b47c-5fe4-4f1e-b732-5e8405de12a5} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" tab
    3⤵
    PID:4632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6552 -childID 7 -isForBrowser -prefsHandle 3444 -prefMapHandle 2724 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {847a7cbb-bb5b-44e7-b156-bdc9dc25cd7f} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" tab
    3⤵
    PID:2712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6424 -childID 8 -isForBrowser -prefsHandle 5656 -prefMapHandle 5672 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f220f75a-ba36-4aed-bb6c-5a7d662b38d3} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" tab
    3⤵
    PID:244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5880 -childID 9 -isForBrowser -prefsHandle 5512 -prefMapHandle 5520 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 972 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {45d4f0a2-e6aa-41f7-935c-1e31649c95d0} 3220 "\\.\pipe\gecko-crash-server-pipe.3220" tab
    3⤵
    PID:5624
- - C:\Users\Admin\Downloads\Awp.gg CRACKED.exe
    "C:\Users\Admin\Downloads\Awp.gg CRACKED.exe"
    3⤵
    - Executes dropped EXE
    PID:1448
  - - C:\Windows\SYSTEM32\schtasks.exe
      "schtasks" /create /tn "Windows Defender" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Solora.exe" /rl HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:5372
  - - C:\Users\Admin\AppData\Roaming\SubDir\Solora.exe
      "C:\Users\Admin\AppData\Roaming\SubDir\Solora.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5652
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        "schtasks" /create /tn "Windows Defender" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Solora.exe" /rl HIGHEST /f
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:1472

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:580

C:\Users\Admin\Downloads\Awp.gg CRACKED.exe
"C:\Users\Admin\Downloads\Awp.gg CRACKED.exe"
1⤵
- Executes dropped EXE
PID:5192

C:\Users\Admin\Downloads\Awp.gg CRACKED.exe
"C:\Users\Admin\Downloads\Awp.gg CRACKED.exe"
1⤵
- Executes dropped EXE
PID:5640

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:6064

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3968

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4212

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:6492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa86573cb8,0x7ffa86573cc8,0x7ffa86573cd8
  2⤵
  PID:6572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,15249562536510816389,5956303315840184752,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:6704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,15249562536510816389,5956303315840184752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,15249562536510816389,5956303315840184752,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:6808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,15249562536510816389,5956303315840184752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,15249562536510816389,5956303315840184752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,15249562536510816389,5956303315840184752,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,15249562536510816389,5956303315840184752,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:6224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
883205c8c72a59af010552ad311f62e7

SHA1
626dbb16469339df3aecc88ece281291d1c9462a

SHA256
56028dc10510be6f9b2bc236fe26c790d3f3a851aa8a4420cb3bb74499d84c3a

SHA512
604ae32d8e37304b0b9735c225c5d50451796eea2526cc6c44b1d36a2af841d1733606c4797fd56a01f22922ad0094bbd7616262abf109e50ce332d916c444ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f4e6f3516b79f0a5e8400678e75a3ba0

SHA1
8fdd64a98c7caf2c8b59c4437931c6b1dbc30360

SHA256
f2f41bf83ac7569607071463ae37ab6c98d7059301d754e8d462334e0cf4ff9e

SHA512
f5712912eb6259b536c928a6fd6cdcabd6c7f1ee4d90a5942fab57a500458052e00b8224ec9550bdbfc2d43c5fc39f64e181487bd8d7d04ad4d3d8a9fdef2d1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
7978a9e6312aeef2fb75a5184b971312

SHA1
312d46ef07ed60cb3c48cd586a5189d4a7cb030d

SHA256
bbb5da7e7ba55a3059a77cdbad6147129d94d7ad45fd15f10ebea2bc4537f649

SHA512
e738bbf00a4218607c1d13aa06792bb3245fa7999a844cfdb251caeefe0c2df0be42b9bc2aa8497927161fcee6593d9e9f9d69cd02ca9b213350223c78ae5e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
649e6b1d69b737abaa828b635cc8fb6f

SHA1
32bb4d76f34421d8f30a0ceb18e5d038d143f294

SHA256
1fc72e0d74a372d818106c0acee78113a2e81e5e3bb83ca9ab0754f9cce9179a

SHA512
8bff09a8bc83d3fc5d333c57433838ec99bd163516bb0dd0ebdd298d370d70735139ca3c02dd8e55b89116a3484abc3a9a1dd5f44c3326a3f021ab333964c91b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
bc876d1768909c12fdf9bb0f2832e58f

SHA1
7c31f35aeb88782feb86450795e8419a59a82009

SHA256
5a3cfe90e548726ebdda70019aae414459c5e30112b2804d51d8d1b36f1a1ed5

SHA512
e8ed152f5c8a9570d85b8a025dd54faaaa40547ec914714173885bffbb1f9ea972e4d79e85de78a4303f08be371ecec900068637596a4ffc38e3f2e7940d5055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
776320da0a213286b190be836f4e40ea

SHA1
8c87fbcb56d21d1b466d38dc2c2c75a59eca5ac8

SHA256
6971272f05fc0fd0f719571d58566b33f30d4f395b7f26ddf74add803ba1ac20

SHA512
06c18736ea647c3b38a8087a315dff33e3161b7a79b246eb6047223532bd93bf4c1d259ad08fdff4a14d5942978b97842fd2b0d4b204c95ad7a9c3c9e138d819

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.86.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.86.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
b65c90f90fcfb4a313725a5961f649f2

SHA1
bc080cbeec022f5f2ede848bca03387a13cc1945

SHA256
81fd35cd342b9b254a662de586adeb5c48205f4513d10924fd11aeb37b6c5717

SHA512
207819ac756b2e118dc44346b736e3a145d0ccdcbea78fe7dca9407d52f2e2e5970e0ed26281613dec3eb91068c9f701efe8fc709d2ce8dc438b4e6d66f7666b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5a3582e4de9c8f7c4cca48a58971dfbd

SHA1
3a6dda3003886769bed142462f4ee7e96929a5d7

SHA256
9292289c7ff20912bdc968f867fcc1ebe12bed5b7c8903a16e4442b8d0494bab

SHA512
74d1cc6c2a6a7d20eec0bb720d5ad784c5940cb512c93f6ab84bd88bba0c20c3428e6067d22ab901809d9cf40fc7c5f77b48126b84f23f039ece60a477076291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
117dd3df68ce4302788fba42e8e9dc91

SHA1
9a1c7cedc306919a825579dec9d1a06528d8c071

SHA256
c3820d5957a28048f55f7f61f77a26a00dad99c5b5af4d5f137f3a5b037752ba

SHA512
552a60f183aaeac61ec3eeef3fbca36fc47734ddfaec0eb2dc16a2515c0a3ced650be4b28b4285d92c8367cf03f328b6f00f6ed903e5a840e4ddd9c49446d149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
035ffb542451d54003d44f0ab35c8c6b

SHA1
0f0c6401f386a1f5864745cbf66fcdb7b550fb56

SHA256
371445c1769df8922b2c5923585419f6352b6621239f199728aa69187d318608

SHA512
78993a29d95141a1cba50a21923fad2b42ecc53d381e284fcb68500e7320c4e4c686c45ecdf34d4acf39697fe58a4536bb05df41716d58177574d3d4aadfa5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8d4f53603c5ff24eeb083bef485ea999

SHA1
cac4cd496acd32e8b8eda1e59046e5868a210c81

SHA256
ca23e4e0ee1a4f6f3a26da0218efeaa8ec1871a2648dd16730bc8c61e69e20e0

SHA512
f7d660d989705bcb7c860cac346b40b0b289ebe59a1e944f0d24674dda78f409151b75e813289dc79f8114dfd6d2421412aa1976a27104df1189b111dbcfcbd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
09065a0434f5b5fce4e5c42c7c4d16c4

SHA1
0bd00f76f068fca017286749e273ee84d7744709

SHA256
9e9cf422b46f55d2826cb6f3a92e7fc0017119047dceb0b662b652b30cbfa704

SHA512
cc763d4d0c18851b038083cc0c1f44f3f70796c5af21c601ce8b4ae695aa6dd056f95e0f7f3b307a43168301356489a1ad83519cf9e53d2bcb2c58c88aee1971

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
254278ab4a896a27f786e291ba3a3981

SHA1
c8f75ed2ea1726387ed5fdb54977bcba440da9cb

SHA256
8c00b9c2dd1be56758b95f657f0b6f85f2ec0808d7e3bb7d1fcb8035cdf91b85

SHA512
8ca9a61537084581fb2e364169131cad1fe1b5882868a9d9f1ce4fda04189c09b53666bddac0707b296fa86395ea9b19352100292a672f0349d302d556fc0212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3c783f1f58cbd7e7579dbe9c8b9eac89

SHA1
932b65dcc1f86bb1370316374340859112deca18

SHA256
43f5ee63519b7d88dd8493a703f5c640a4cbc3e78a2ab465f110f8802121792f

SHA512
e8074fa254cc65c0d8433dbd88cc1c7c2d7a40ad362ade825c30c1dd5d053423d67de56df9013edecf4f0864bdc917ec90beb9469b83a22cc8640f1fc1a1891c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
54389d59fd74e74f0b636db0ec2a10ad

SHA1
a673195889939bb7c697a1e1b13b4430f7f16053

SHA256
51f0f81130b8382816f4a937eef2fa03068511c43ef0fcfcd233fbf303e5a56d

SHA512
b2183da77c73ebe5d7bc2b6e05eee589f49a5c0e708fe64c1766a7ee556f8938487bdaae24795dd8eecf1dcceeaa3a3a57bb9d427a06397dfce2bd1af8a300c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fe6aad8892a436a53a77e035b004f3f8

SHA1
6479ed2a227db109a6c10ba7152e5ba8cfcb2385

SHA256
cc42c38b2d89058acc11b61a8894eaf44736e4d46fdd1484f989ac6649f7ce22

SHA512
cf87c83d3ea02059f5cb5726f4b28e2dc33d3501dfcb7e40c74b24a45fff0159ad5e2494fd80f5522cb49bcf183473f5e893d55a884d7e821b6064590127fe6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a41b178772a61d0198dc851b826c2881

SHA1
f331c56091d78679c1f1c6604ce72d45c0d0321e

SHA256
8a7ff3048abd65a7d724184729dc2e186b5a26eb17ddf32de26247f77f3670f5

SHA512
499913ac374fb1f78cf3e27bd94916fb407f9dfed0330f25e5220572a619c201dea8d482e464be014f9c07075c0de681630f452fdc617ca2ff7bb42acaec14f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3db189e1f2b0f78b8e1b03839d69730

SHA1
6daf1fc0f606b15e2e0f09e90f535348dd1ce313

SHA256
ee3ac210bdff0434513d4db5d26485ad5167cb7130809b3b3e3d494285c5c189

SHA512
960d1c96d895263f79cb48727261dca743adf500b9cd9ae6f21204cbce6dceaa36b90c5dc793873f645bc68f11ba340bef8eccf21463f66b3b2f2373ada5f911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
10a12b6ed21873f2be469c71c5f71185

SHA1
9ebc6e75f4cc0f88645e7a9a9c83df43e6239459

SHA256
0f088a04686ed5a8204c5f143c0187b11e01ad3d3dc23c6dec3e6df673ae0c54

SHA512
5bcfac12dc59a9244410c282d67053153181d0187835f6e4ec6c710f5b2c25595443665ff1d3e0fe6af7202317b2551840170796bf4ab7245a1fef2711e97045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d25b7519e8bd98b0672c08e38ea43ccb

SHA1
293b6dead4bb89d9752a1beb2ff0bf2bfe48b963

SHA256
4c5bd95bb3d60eab0c21a6bc715aea5febe27d12e225fcbcf6706dae9a94a409

SHA512
dafb0423416f26f08c82ab3192da57bf3784e070405b5ef0165d248a8516456b5713fa651f614ec4089c8927e6279caa48d4586e049084b6db9ada66653e4982

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1050cfd26958b97afd15c4e4aa7b3390

SHA1
5a6c3c8b6d8598029c0bd105d3c3f5e6633fc093

SHA256
00272dfb16cd04b00fe2443bc9e8d8c3782c714fe6421972e8122ff1819fda14

SHA512
301dac5f803a8b5b24f77ce132397ca4a53793a3bf1a0b9ab3408e659686003e83476b8ad4b0acef121eb4dcb006b3fcd4a74097a336a3d0d6f870617d4e8995

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be1d2d491010d3652624231c3d9a4398

SHA1
35625d437b6f80d3f8c7001b8b1ffc6551a8cde4

SHA256
531e66a5fa408ff361482e7a23229af06568f49f515249dd8254340f3c014e5a

SHA512
fa6e824e9102364795ae1f2b7886d9e0ec6c2867b4283f58cf92196cf8251de60ec1cae95554fa258c6d6b416d7401fa47cb01beaf5ef16aefac180ac9b9a063

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3dca5ef9ecbdcc8cd85e69a17f53de1

SHA1
00df6f681db148c697a86a5fab25f2670cd92819

SHA256
302326cac87ea77156e315dc708c79b3b1f62d68d107d2424a3dcea9f095a6f5

SHA512
5b36fa05234036556bff23489f1a8dfc2589a76e31e23ab8b54814c1de4055e293b8ea83ca7207dfd0609cf733a4fda2d8f23111b866648ffb26ebc99cbcbcd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
774276bd44b1c1573d8d2fd822b89810

SHA1
7667d4aa99455b7ece02dd92945e394c734888cc

SHA256
014428d047fa9c884d028916ccd9e621c1cb3fcfba3115ae844153bc9c1e7d41

SHA512
7cd44cbbde2a6bc942cae21b18ce50d6c7b2ce74a379414380f1773eef75bd9b2e24a90a6311f77c9c849f0f15a09c753283fdb2d90dc2466f94f2eb7e4f1032

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7da1ec27c9f3dd8a074b9312a5f3c969

SHA1
b155837b1a70233d8fe53ddaaaea22849b1cd054

SHA256
3aba7fac82fc4151552414afb3856108e8ba8004773cdd34ca195887c10fb9f7

SHA512
9bb1b1c74f23722b90f8899ac45fdfa77f309ecf35a1ebdd51aa78b541263fbf12e29e51ca51c0b697420ad0d4d8aea053a1081f8b6449ceab295f8966a9d9a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70af8ded3369c21816b700696da82b86

SHA1
9605aef9b9ad53bf2ad29c5d2c9ed7be7400160d

SHA256
7e2ceef4a95bd78f8dffd80fe51fee68286d70bcb0bda4392c137bf535686a88

SHA512
59445834260a70089d51eba4052cd6ebed111c5a8475cdbad034652d5bcd803aa65fc20f6f4ac9721b5e85692bddef955ddb0ebc7aa564115e29483b6ff5d0c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
651a2f99711dd884a73e645760424de3

SHA1
57448f87eb439f33fbdbfca28e791984f51256e2

SHA256
5191c9b9f9c61572ecfbbf9a694702f767331f4cf31f130af00f4758b1a86d3e

SHA512
317ec0f3af6020b3f5dd4856365bb1a8d6df208bd050c3b4d9f94e70193f3c10ee15d4992a1cb36f8c87458b0bf78568384506126dcbd3259613d8cf0bea689a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e701eb9162757583dbb2176c7bdeebdd

SHA1
782c600e7f96cb939a8f0aff0af9a4415616ae84

SHA256
9684c8ed21cbd2385574b9bc034e7df83dd9fb38c2b20132c73bf3f00436bfe9

SHA512
2a94fda257a7222cac2b7a96d419c753eff10d0782b533ef00726c0e53a8f3567f3ee6705041124d8fc3433e252d9b5366edb45b64acdbaf45651a1483f77114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6ea6e2d681d057b8f93e391ba495bda2

SHA1
9610478b59fc8f235bf4ac99fd6a68241d65364f

SHA256
21af8df12d241f8ae5ef965f11170fb261636e742f50cb683822c5406e68a13a

SHA512
d351df78816974c9579393c1c81632ec0ea08610f6cde736f36b31789ad57a49728cad6bf264bc03f82a9bf00799e69451edbbcb7ea8e0854114a0abecba66a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e6610f2377c80d8839ec75df5005f30

SHA1
765849b9dd2d5861f3890bac26f2156d183dd902

SHA256
b488ddcb2969a7fac53302e3d3b696ef9f99931dccd6e20998dfc4b80a449350

SHA512
79ce1e837925372f70bad663981c864a9aada9da48f64f329a4d0123b839cfe2822395482e8035a2f07d0228747bcf369c54603e3c179731459f9c174c8f8aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8f90b7ee740537675c385b296314387d

SHA1
970ea5220c99e56003f8b8d5dcb781231a3500ed

SHA256
9dd043d068d25db22d8f5a62790a335487ab81c548e4b2479d6df2221da9e662

SHA512
2445ca66af3c69df0110f1190bb1b929fd05821356f211bce228d030294814f1a492151849d19af50de1e186ee451448939c1b7b566b0ff2c785f307950d27f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

Filesize
72B

MD5
487adcb259f1b24cdee9699f9c6c0a3a

SHA1
58694d8e248024c5c471ffe96d872dcda0be2cb4

SHA256
8ab6dbe6d57d856ed3d58817d3445f2f5877787bff1e183de503796da8f792d2

SHA512
8fbac19a1ef208a200c74a4aa80092feade653e0850fc9b306f88f7decbe115c690505f3f59a6ff73798bcdf89318552fd349c05e5dce016b72955c40780ca5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
a8d4970b2e154af45ae5eb105d1a9761

SHA1
8a725fc2f927c08eb3d67163990ab33ee1beb2da

SHA256
399b228f8c1068d8c60dc7fdc69adb20083e66241d976bca18f2c5f78ee343f4

SHA512
fefa71b15db2e019363de8e49986957e2441e626b7758946d2a589ba2887073e483182cedfb27da65b07a485fc808d4e85921161d62932ddcd6d42c78fc46098

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
9a583dde1a78b197204a01f734b276e7

SHA1
7bc645db103c3c70c3273e0414695d749d07b22b

SHA256
d2b5656e72c878ea54e2bcc7a315bddd5c49b13ae316eb58747d5812e686b83b

SHA512
3bad5c20c3cf44b1b116d6df72aa36a52a0372de658fdd883ef35113473f34a2b2b18bcb0e46743b211b7ce3ffa4a122793a29bf2c6694347e12e3cb2891597f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
25dcf517f0df69d2a923a345815f34f2

SHA1
f4ba094747cf43d49d149e2059411fc4c5f31e30

SHA256
d9448620ad377a120e0d2e71dbef45e4179222d763b9da81dc483f856bc2b45f

SHA512
72c7b74caea803b5cc3ca5d334bf332ceb6bdcc94980c626b033e801030d4a2044c00c6281cce0b26353e18c6092c84436c77ecd6e5ead700586205895b9c308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
f90d575ed30650446cfabecde64b90de

SHA1
3d4c5acab4af53c0ef0ce95a57d704f33cf1c4cc

SHA256
dc6cda8fba60f33c19c44e3026bb924a025be163807c4b591057d21ca4ec171f

SHA512
03ddbd3234590edce81c36054907ac6d64b33a4049f254d0620931cb119e1773b7bf967b87f201c6b043e43185de87580741d29c65bf4ae24cc3478b0504af3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
82a7ea282906e7b1ab74f81b256f00d0

SHA1
56a203fd8aa962ba91bfcb274fb502ba522e7c6b

SHA256
14f16d20ab4ea3f4f1b9a9f313a74ae14ae8c2ed209c882a8178c3eb012efd2a

SHA512
683df03b7eac9174bbaa33a7def29beb3a578b931a5b15b41aa696fe3a0e4dd8e361b206e4630056ebc30719017fafb19c428c6ef6ff7512b4d129deb75c5ecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
235f889edf71a5d418be9febf1c3360a

SHA1
bf9bd47d7ac7ebc601ec100edf005896ac2001d8

SHA256
a481baacd0b15ed2cbec306788be70db42193a949e41c248e739fc33179b382f

SHA512
8f33bdf3f43f072089937123d5bdde809736775e3c8df113af342292e58b8a26972349674af1816b723452113b3299d8e63bd05e2b02daa4ebe8a49bb71effb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
2985580845fdf7ccf413a8751c240ee1

SHA1
67a4af80aa85f8e172bbb784ec353a66577923b6

SHA256
908e6ddc3c43bd55cc3bf183db68259511e685add89a8a8ffd22f7a7207e00ac

SHA512
d4bc0b4e915417ac45c450f3c2a9a00b35a7322bfdf07253c6c296c5ad08f2400d4c2ebf0f8953164d9b36e4362c3f2ed6464b488c3145ea5b66d67397d42e1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
2a744612bd64445eea4465bf3a7919a3

SHA1
dd5f523d177f8ebe2f998ddeb04e5804cbcd64e5

SHA256
4a0875569c1ea0fe4332ab68dce08520c27138a55142b6ede94a0c22679df3c1

SHA512
3b28259b08ab13d182191afa10f927c3711edf9b14a37a4c8d6ecf667a6d4752dc2f4c0ccfc4808dbcb96cdccb89860373d01a2b03af1544aa554b7bd47022cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Awp.gg CRACKED.exe.log

Filesize
1KB

MD5
b4e91d2e5f40d5e2586a86cf3bb4df24

SHA1
31920b3a41aa4400d4a0230a7622848789b38672

SHA256
5d8af3c7519874ed42a0d74ee559ae30d9cc6930aef213079347e2b47092c210

SHA512
968751b79a98961f145de48d425ea820fd1875bae79a725adf35fc8f4706c103ee0c7babd4838166d8a0dda9fbce3728c0265a04c4b37f335ec4eaa110a2b319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe1db85adc91f9e125a249aa6398e761

SHA1
18addec243be0625ab18dc05a5acc53aba3b0d00

SHA256
e7bf8938254de90d027aef456dbb1464dfe4b98c373dfde47e7dc0be2946249d

SHA512
a7f252a2fe85d185bc40f52a1d6925f0d3bba375069573081a57e385299c253ffa4104ca6d2ba867df9764b202fb23fe38fe42ba4018a78512dd1fa1dec9e306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ad112e73-cf87-4741-bf4d-2f03a21efc60.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
2e84d39aa75ffe6a7674a45326af838f

SHA1
1ba26c6d1735e8eac397edd209bc486a6c1ad431

SHA256
76ff262c2bec5069732c10064fb93100fda686d699e8210218b5938d3ecd8796

SHA512
d39734617d70137a4a49c2704af824d5197c9e07facb42df2723cd8ebe6ded8c8cb1c8010e3aaf1a0fcde34378efd0e282c2613fe08d7e6d989ab4f404695056

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\32SG6NM6\www.bing[1].xml

Filesize
15KB

MD5
196c53e799d05aed2831129df97542aa

SHA1
42ea44f86bd2512d745a75a262a33d21fb1931a7

SHA256
87a438119ac3c7c82fad898f1c4ed107d6670b610ea24476a79c753c188ad1e5

SHA512
8fd2077f1cda81749899d5317b4789ae581e89a18a254c00e9560eeb4697857a4d8d5ad3925ee52eeb307125ef2827bb4d19d3b18ef0843be586686b9e471f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
3.1MB

MD5
b622196e254ed84e5b1f59f1aac2cfb1

SHA1
f77a050aaff00d2cc3da7f11fb35e0bd2c0338be

SHA256
1d55a256b3519b624f19c81a9b9f0477d8ad45a967f853e723a921194ee585f0

SHA512
5a525dda3785449a3770f98ce105bf83a417654537a70e6f8a4ddfcba938dffa029e11161d1ae64afed48e78e6bd3336777c97334c7c1a453e9e742506520fbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5668_1733722571\748b7517-19b2-4af2-98ea-beceebaa4650.tmp

Filesize
150KB

MD5
240cd355e89ec1f3566bb2ef1f361dad

SHA1
2ade60eb20f0fb16657a4fb024d207a931dc927f

SHA256
1f0388d23a4d8492e2f9839392b22a6957deae8750b60ff860ee939811594295

SHA512
961fe2017949d185761d8491ab4f7f2ec3b0562cfb6fef202c34d685a87f2ea032f53d653e4c1d492dff1fb43d738e7727985738c1a956a1a18aae77a3d7f3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5668_1733722571\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
6KB

MD5
eb37dcf6d4a470e73ce4f6ac4770359a

SHA1
b929fcf04aaf5af0f1e4db2ea2f78dfef7d2f0ba

SHA256
fdcd68ba4ccce8f442216bf97057e6c8603c61d676baecaf8f8cf1802dea4fc5

SHA512
e5cccb36a9b74103d00f1935d61d2c3fc91d02f189be2b4d7176632f6d08cf6ce225925e349292118f5fc7067f4fa72ddaa3eaebeb58ba57fc69a35c84ae0946

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
8KB

MD5
534c4d7af7a91bf647fb06a02af2db44

SHA1
1e3f06d7e74a3035f65ff53c5a6aa3e896d5361e

SHA256
444f1eee04bef62f18b6bdddd3eebde3495e3e93a26d0f5df2c86040969510a5

SHA512
db01297c2111a24d019593002b04e0b68cdf16e72f8052e1e5dd1f4a1479e856fe418401ba3fcb4c7edde8bd41622d8a5b331992119a0bf1b5e4c72bde2174c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

Filesize
15KB

MD5
2f327138b7271ab366ccabe8cf68479a

SHA1
79826c72e877e1e002535efb49be3fccf90223bb

SHA256
3c5ba27e7d2c1125ffd7971bea56336a2f8186a6e6b9cfd952bb7e8e48a591e2

SHA512
a5a7c7ffb0bdfa5ec360eb75543f037cfae636f9e1e65e86c653201f8d5fd8d60d88939d718f7c38e5f3b3bfc5382f9119c026f9fbc4648eba5be89984033e57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
288b3520f374f342f8aa5fb63207ce3d

SHA1
41832515671d6e79bfaade795c103c2bce966c7d

SHA256
c374ada2267b51b76fcad5ac0dae4a944387dcb78aca70b25e25f6eb91b8dfe6

SHA512
a8311e412a27d94cadb83fd705e862fee703dda6f997cee7fa1b61b11011990b74acb74f198750e2d1e7d48dd7d4e71506d6a801f24bfc6f67a8bbc4786d6c28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b6bdab5b88e10d4546ebcd0d8923b291

SHA1
1ea63d88566db1e5336d7ec742067f0f4d1834c1

SHA256
f1e43f81e054d8b05c8f8ed135ecdcb9dc23feb9cb0b25ed65f89aa431319c1f

SHA512
65eadf4eeb336b9c5a4473375670212a05d7ff7f534121fdb1731f0d287dcfc23054ad84958191145306f584d5084e50e588e54d17769a94844ea3e833ad040e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
19fb213010214766fcd89b670f32277d

SHA1
396e7039e975010c57cc8529bc8937bdfa5aec3a

SHA256
c6f8556d8f050f968764cd72d87f0569fc7932fd4f623abcd9584b09af3b4415

SHA512
9e3ad4f12f7e828643aca53968d98a6c4d809fe8736c429f59b10313249625f7d70f532ba6d1228249b528658ffb719d403f71163c98d4b249d0027949493edb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
43c53af2f6a1d5c068b4ef48ce831ca1

SHA1
e34248bc292b7aedc8c2dbe9c97d85b8e7202226

SHA256
0cc24495b0ecc091103624b482a4c0ee9b436f771fd8fa868e5c3ac0ab5d91b8

SHA512
a61382643e2002a3ade347ffe611414a32c61bd3a71ec71ebe438b407c0c1187d4af32bd1846b0d622882b0dc6d819f02f6ca1f82b22ff23158d1c13f9942d96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\0f1070c8-3d67-435b-b465-77bbaa2c5c02

Filesize
798B

MD5
40d61738e40625a02834da1b9f9681d0

SHA1
9dbf68fefc39f5c3f85b2ae61c8fdca0eeebcfdf

SHA256
cc638b3e0242eef0ceaa47a8e14a4ce04ecfbe46db381e5d6715d02877677ba4

SHA512
2988012f0998bdc0490a47d73668c7a1c13696fd53ddf0d861fc49a5521dadfbeebd34cd75e93fa437f5c3dae039a0df6626cc93addeab6fb385c6bc1eb2feb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\20da7530-8af5-4e09-879b-6146c6be53c9

Filesize
24KB

MD5
98ffe35cbeb795f92323c25eee7ed9fe

SHA1
3b67c6d5bd2526ff403e8d381a09b5f15fee3b8a

SHA256
4976741804e8c9cfeb0032da16fe953d2cff5a3a1c59ed2e868a947ad45706d4

SHA512
db05631eeb0412454d36b84f1e954f08d9d228a0d017bf9a63b994597d374320862c539c7e56b901f3a7fd2ee8a1f9adfd43d6373be7e4b5613cc85c6c9e68c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\225b4632-b9c8-4a49-9e8d-055822363cbe

Filesize
796B

MD5
554d88cddd8b01882747402fc498bc27

SHA1
d96554223ade0727bc023a7f457a7af2b52d7d37

SHA256
6a5668d7d72ba5043cf0b0c65abbe88c17ad08265f6507a3d6191c69e665c1dd

SHA512
a974e513beaf67b6a367c891a5804546a3d8a75129e8c9bd5d11b509fbc1ac8ccee3573f26b4d713101438844a58cd9c902dc06da8f69f25096720b3465e8ff2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\9a1a9ffb-ac80-4daf-8c8b-856d6828ebdd

Filesize
671B

MD5
f3cdccb5b323683cacf16558faa9307e

SHA1
7b19038c0f9ea7a95df99638e8b1ec39bab0344e

SHA256
66f959e2025b1e1df0a1a29224f91641de3414e7ebd1dbe9c865d3aec8287358

SHA512
1765d2530deae1d2bb090ba395dd2f2464b749ad95ae603df092897a29464cf743e03f0b9e4645785a2d6cf74c16c71147be4c10637382b8c165c7ef68d4f735

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\b5ec1ca9-7c97-47f2-b8e6-6e07d84fbe38

Filesize
982B

MD5
40f9d6d2ab5ff737e4349ef5986f0aa4

SHA1
215079a19233e21bb476c058a39bd0016650cc04

SHA256
e79c31a6bfdda72f7b8a8043f843707e4a5f4d873b7b13106f908c67c84e6c73

SHA512
1ba0db424b51acb82f71aeed69cb3262eb08d0fb0b92189a88bb7243bf2383e54d4a4c5e98bd1b94c4791312635715a4df3a3380122604606ebf2bdca9c665fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

Filesize
10KB

MD5
d7493d858ce390365cf0c0d78a9786a6

SHA1
286604465cbf94d01fa7ccc31aba29c604ce7832

SHA256
582ec52a246520c17b8c57692a4131111c931d0463825e5589fa5c5f3ad6e063

SHA512
bd8de341c9182cceb4cfead789be11a323df8d35b4ad07a72475391e0f46a1861781f165f3b74204f2d5219fc2c809214d55ed084cda5a37613adc4cb1947f4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

Filesize
10KB

MD5
efb844b1c9d9ed4f1c5afed2c57f9804

SHA1
13d863e6eda25895cebac769adc1c86c5696c7c6

SHA256
3c965c569100b8452663d70eb31fae517d76f0a3f89111cfd0afc65ab7b8d157

SHA512
62d70f402f440552f5b28735a054a038fa0149d26786789e2ee0eca5f7ad4d29e86807238d7c7ebc4f455cc6aa784954319279bf7e61f5488768a9c4e26b9a96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

Filesize
11KB

MD5
84f3b87c74a1933592037ce91099d2ee

SHA1
b60e350cce3862088c0f6041bd2f26fdc80cc372

SHA256
b2678ab3d4cda1572a5781ff286aa18ca7cabe72c39c2e7aee8e36a10a0c997c

SHA512
01934355ff396dc2d9207f5c9583910d888c0a64d50be5efcc42d3fa1d04884991ba5c73f89705a6e83836c69450a0e80f174b2fdce47c226a81d4268ce880dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

Filesize
11KB

MD5
bd34936813210f12ca6cf392cf6a06db

SHA1
53768ec13e80f78a8a40516589ede53fdf3d48f0

SHA256
8558bcf1a4223f03342dbacc95a99e50e61e6aaf7bd3659bbb76989b81c0b4c9

SHA512
1b4a16ed0606fcc25c9f3ecd77388a60c0a633fc4df4b822477e701a2e2b3955fb0021cd7f1ae31da530552f302775abcf7256846ce6bd788c42b8bf848e9c39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
f6cbea5fec1d6eff728d6dcffc837000

SHA1
69db998ad891964e7f4624c0d4d18d03bb1128c7

SHA256
8308dbb5e8eb8f4cb071203fd5ddbe1f9145698c71ed7aff6b4d3f91ccc0f7a9

SHA512
354aaf93d04f737bc5213ced554cf05f77af102802d6f7b72776bbf0f6fba749f474c3ff2cf5e916365a6d99e65bbe5dacd8a288999e9ec2cfdc2e690c0fecfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
282ae25ea911b9d00f442f2659b746f3

SHA1
9b68b1db4e2a2e57c5c57e69189c950c8e054bfc

SHA256
0f61e8300dfcdd2ceb82331fcfb355a228f5a27bef0d8bc41a91cd81ea3df093

SHA512
cbea0e51cfab4aa24c6d9ecf35c17d2d0ff519695f748426adc6ae22508b953c7cb1c6f10724a95963bd57ed7ee7447d14d656457eb07aa963ef3da2da288432

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
20ff5cc6ddd23e0fe6c718c15948cdc1

SHA1
394e99a667fb5aa623680041f62c761723c119f1

SHA256
afa498b8c114a012a2b9ade2b61bef8fa0ad5768329fffc006be1230e7dcf69a

SHA512
c0b523ce12a00626447a9b1de8a647afc0dd27838aa0e2b99f403c1ce6aa6c25759fdbc1a531e75f3763b46912b7555a7dc5d2e378d6b5bfcb798b153154ea9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
43d8b5e920dfc7a58a8b27df40240514

SHA1
be2447441d74a1942866558fe4293c7aa86b9b04

SHA256
e63c0c180ca3d780ddc90291529ca3595e3027b85379999cdc88aa86b130ecf1

SHA512
d60d5451178387830635994f31e7b14a427ed97e1eda47a06218537e185748310fc075be3dd26b83bf8c56a51ed392ada45f1eceb45bffc8dd3b21b4456160d4

Download Submit
C:\Users\Admin\Downloads\Awp.gg CRACKED.exe:Zone.Identifier

Filesize
50B

MD5
dce5191790621b5e424478ca69c47f55

SHA1
ae356a67d337afa5933e3e679e84854deeace048

SHA256
86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8

SHA512
a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

Download Submit
C:\Windows\SystemTemp\Crashpad\settings.dat

Filesize
40B

MD5
5ea0af3df0a58bf83db24d7521c3144d

SHA1
aafb9d67aa452da608434ec3da86f564d4297d77

SHA256
bc1bd356997ebb74c1f7a4a6516aa179c4c03d9cbf1ff6759ca4aca6e74f31d7

SHA512
e543f28992ee947278fbed6e2c2f5844403595d3aa1f17fd0652f3a9a4d5823398342811dfec958a5946261f44564323bb802b0c4598d4384212a15974a467b2

Download Submit
memory/1448-1783-0x00000000000F0000-0x0000000000414000-memory.dmp

Filesize
3.1MB

Download
memory/5192-1876-0x0000028B5EC80000-0x0000028B5ECA0000-memory.dmp

Filesize
128KB

Download
memory/5192-2108-0x0000028B60700000-0x0000028B60720000-memory.dmp

Filesize
128KB

Download
memory/5192-1947-0x0000028B5E820000-0x0000028B5E920000-memory.dmp

Filesize
1024KB

Download
memory/5192-2678-0x0000028B5E3A0000-0x0000028B5E4A0000-memory.dmp

Filesize
1024KB

Download
memory/5192-2728-0x0000028B600B0000-0x0000028B600D0000-memory.dmp

Filesize
128KB

Download
memory/5192-1874-0x0000028B5E340000-0x0000028B5E360000-memory.dmp

Filesize
128KB

Download
memory/5192-1875-0x0000028B5ED20000-0x0000028B5EE20000-memory.dmp

Filesize
1024KB

Download
memory/5192-1814-0x000002833AF00000-0x000002833B000000-memory.dmp

Filesize
1024KB

Download
memory/5652-1791-0x000000001C6C0000-0x000000001C772000-memory.dmp

Filesize
712KB

Download
memory/5652-1790-0x000000001C5B0000-0x000000001C600000-memory.dmp

Filesize
320KB

Download
memory/5652-1804-0x000000001CEB0000-0x000000001D3D8000-memory.dmp

Filesize
5.2MB

Download