modiloader | 9da9b6fa70e7983ccfb4a915fab3d111c52e6aa4f7b8ddf43585e1957ea55060

Analysis

max time kernel
39s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 09:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

123.exe
Size

397KB
MD5

efe9258e0c5211b5cad48a66cad1ecd2
SHA1

adf19cdb6795b50500429b0ff59d12cea477966f
SHA256

9da9b6fa70e7983ccfb4a915fab3d111c52e6aa4f7b8ddf43585e1957ea55060
SHA512

af6fe0787bae4722043c997ba5d871426adaed6fbc95fe53acb28e6ed75677d6ca2d27f5a81a53e9061c6f658a28f400743c5e1673898147bf5af2f1a4b51d92
SSDEEP

6144:MLy84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXm87:Y+u9nx2GjMY3XKfd/H/9Pj7

Score

10^/10

modiloader persistence trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader

ModiLoader Second Stage 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2812-1-0x0000000000400000-0x000000000046A000-memory.dmp	modiloader_stage2
behavioral1/memory/2812-2-0x0000000000400000-0x000000000046A000-memory.dmp	modiloader_stage2

Modifies Installed Components in the registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

123.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\123.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\123.exe"	123.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 6 IoCs

Processes:

explorer.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

123.exe

pid	process
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe
2812	123.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

explorer.exe

pid process

2684 explorer.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

Processes:

explorer.exechrome.exefirefox.exe

description	pid	process
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	2684	explorer.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe
Token: SeShutdownPrivilege	668	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

explorer.exechrome.exefirefox.exe

pid	process
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
668	chrome.exe
2212	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

explorer.exe

pid	process
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe
2684	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

123.exeexplorer.exechrome.exe

description	pid	process	target process
PID 2812 wrote to memory of 2684	2812	123.exe	explorer.exe
PID 2812 wrote to memory of 2684	2812	123.exe	explorer.exe
PID 2812 wrote to memory of 2684	2812	123.exe	explorer.exe
PID 2812 wrote to memory of 2684	2812	123.exe	explorer.exe
PID 2684 wrote to memory of 668	2684	explorer.exe	chrome.exe
PID 2684 wrote to memory of 668	2684	explorer.exe	chrome.exe
PID 2684 wrote to memory of 668	2684	explorer.exe	chrome.exe
PID 668 wrote to memory of 776	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 776	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 776	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 2200	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1168	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1168	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1168	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe
PID 668 wrote to memory of 1360	668	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\123.exe
"C:\Users\Admin\AppData\Local\Temp\123.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2812

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
2⤵
- Modifies Installed Components in the registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
3⤵
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef56e9758,0x7fef56e9768,0x7fef56e9778
4⤵
PID:776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:2
4⤵
PID:2200

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:8
4⤵
PID:1168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:8
4⤵
PID:1360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2136 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:1
4⤵
PID:1756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2148 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:1
4⤵
PID:800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:2
4⤵
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2444 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:1
4⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2428 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:8
4⤵
PID:3008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:8
4⤵
PID:1608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
3⤵
PID:2268

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
4⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.0.1293139776\604576816" -parentBuildID 20221007134813 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4188d10c-854b-4269-b533-f5a19b0242ed} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1296 4208b58 gpu
5⤵
PID:388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.1.711453247\158397607" -parentBuildID 20221007134813 -prefsHandle 1532 -prefMapHandle 1528 -prefsLen 20752 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32ccca20-f685-4b97-a374-e40b399aaeb7} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1544 f12fe58 socket
5⤵
PID:2372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.2.2080679712\1131973393" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 20790 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe55502b-7e8f-4ee5-a166-2ad2022724d4} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2084 1a663f58 tab
5⤵
PID:1188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.3.1840322545\1290760721" -childID 2 -isForBrowser -prefsHandle 2752 -prefMapHandle 2748 -prefsLen 26033 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f5b4fd1-9bf8-4a18-9375-2ce4d816fb4c} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2764 1c4eda58 tab
5⤵
PID:2884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.4.1936856813\937021294" -childID 3 -isForBrowser -prefsHandle 3244 -prefMapHandle 3240 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63fa201a-26a6-4795-9a67-c151f04cdf1d} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3260 1c6a8858 tab
5⤵
PID:3108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.5.986521903\392634360" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcdb1536-85df-4272-909d-2a08989639aa} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3812 1efd1358 tab
5⤵
PID:3644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.6.556962076\744841819" -childID 5 -isForBrowser -prefsHandle 3828 -prefMapHandle 3776 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb9f2580-48a7-4987-b16d-dc26197de487} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3852 1efd2558 tab
5⤵
PID:3656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.7.1599674780\961329596" -childID 6 -isForBrowser -prefsHandle 3948 -prefMapHandle 3940 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {577f2704-f231-4625-b15d-b4b54fa24bfa} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4024 1efbcd58 tab
5⤵
PID:3668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.8.1984353644\751182102" -childID 7 -isForBrowser -prefsHandle 3052 -prefMapHandle 1944 -prefsLen 26251 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b448e6c2-e4bd-4bee-94d9-b35ab9aa6fac} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4080 f132858 tab
5⤵
PID:3276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.9.1790541616\2008880620" -childID 8 -isForBrowser -prefsHandle 3052 -prefMapHandle 1944 -prefsLen 26426 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcc3a108-fde8-4893-aade-08305a6a4bb8} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4420 21c54d58 tab
5⤵
PID:876

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.10.421399743\413753619" -childID 9 -isForBrowser -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 26426 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85565641-abde-4a44-a344-1aafeae8b436} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4804 21cfcb58 tab
5⤵
PID:3188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.11.1966554808\79161524" -childID 10 -isForBrowser -prefsHandle 3892 -prefMapHandle 3904 -prefsLen 26426 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {808b823a-26b6-4ede-9013-90a3c7f31b28} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3884 1c17a558 tab
5⤵
PID:1940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.12.1565054193\1644176200" -childID 11 -isForBrowser -prefsHandle 700 -prefMapHandle 4308 -prefsLen 26426 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57009b12-a68e-41db-8156-4e7abeb229f6} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3768 19fa2b58 tab
5⤵
PID:3328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.13.1654341506\565261095" -childID 12 -isForBrowser -prefsHandle 3488 -prefMapHandle 3472 -prefsLen 26691 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ef04a2f-22cf-4836-ab35-450fbbedfcad} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4052 21c54758 tab
5⤵
PID:3592

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
3⤵
PID:4744

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
3⤵
PID:4832

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2216

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
9c548c5fc666c8f9f0a3cbb3c9bf91c0

SHA1
9cba0bafb1772d8ef433ef5c7100226b52c9ecb6

SHA256
d0e2aec6873d5d8e5d567b8d7aadca32648ff7f5d677762da4ca26700e73b77b

SHA512
9a792a2bb65bb1920d193b5ad50451b4ca77376f9b0d99461633a95778df0cb7c2ed93e8658fd41458685fc186bebe20b167ca23153c070f0a55b35718e3eb3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
f06bf5b179d52cb73f167326974e5536

SHA1
4edd9ac63c44365a80736e2ee416697890284058

SHA256
1490e813eefb48e201e11506bc43444e32bb3c95b00fac4a20f0a5cd5872ee27

SHA512
d57b9c7efc3cf134d0c7729aefc8c04e228d70546c3bbfe93c60b4a346ac5a97bf44820ee46f1102ec905a5bde3ed6b419dc7838dec3bff344987d50676feace

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b5c80798-8070-46eb-acbe-97ab64cd0bf5.tmp
Filesize
4KB

MD5
019f2198992efd05f4073688c6faa933

SHA1
f3655701f8e78b98c835914316ab255f6a03967d

SHA256
5f062fd2bb3b84b70c9a2491dbc0b8c648f7dd93692588657731bbc6cd8003f6

SHA512
0087de5b25c6c38b65375250ac75f63d7ec415e9a9f4314186f7cf3b3dd41cc2d80edc2a9a1af5097c966270cc9796549b07364135a634573852efb6aeedcc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
271KB

MD5
9fc6a4b437b2a50193ce7699e67d1d13

SHA1
1383dca42a74bf716be88c1eae3f8fc8a900abbc

SHA256
cab99e4b2487317e5378d61e9ad6ef702d9dadddfa1002f93ce789efb02f9578

SHA512
65a5eb243c4a75d5f19592cd9f21f28c4fcb125ac92c7e6389bb53f0d6749f9ebf6a885ae73b08c41aee5953fe463e13f7f636a95613d3da0d612ef537f25541

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\10962
Filesize
16KB

MD5
4e6a32d4d53d05e26c20a801a8fa6de7

SHA1
cb152fe8d1fc332c764a32b756e0f8fa2d298688

SHA256
d364b87f64e325aa25e11ea13d2229eb21304434c2181ec2b018bbf4002f2d03

SHA512
03ca39c233a3a147e9cc5e295d9381f28ece687eddf74db22b07c1873a9a90d5aacfe0c550a797bcae04062684b48064ae7d3a672174fe34c43f9ccc918ee2f0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\12116
Filesize
16KB

MD5
49bcbb210852332803974f5416d08c6a

SHA1
ef5473865e2e53ce2f516bd81ee966e2d9571350

SHA256
0a9a5a2921191520d7d525f8c3618e880335102766012929b00337f7375faddc

SHA512
2efc3434b5ed7a93a2a8c448140d668cf9b371a05eecabae4e45feff91ac123901e282683a3d602ef6abf4bf5b960ef11d43a3e25bdb4545dfa0b7fb656e3d7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\15606
Filesize
16KB

MD5
fc34e890ae509996b876571976568232

SHA1
ce4833c787cbf9601ff8f75650c2a16f50915ece

SHA256
6c1c55a5b57dae09d54e576cb3b0a30fe86a60ec6f4e2e5930064ab2075c771b

SHA512
6f3b518f3ade6ae3edab94c5d80ab36eafbc1231ecb0a28580bdf1f9614d6bbce566029c80637796b6ea75f32aa06bf5f6968b12f9b0a0668d00285ff4854e40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\18650
Filesize
16KB

MD5
85850151817145c422568731c3177936

SHA1
df08467843de35258f295273e482ac32874f859f

SHA256
b4b4f22b9dadf07ab73bb103f877f336abbbbd66ce70d1ad2e02e589b24c3b4e

SHA512
5392e0d2d95389e9953a5104a4900f1d9157273a1249cf4eb832a739632d5d695a456f2f089880b8d46554543bae6dd51e3b205990f596bd74c1f5af16254fe7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\18759
Filesize
16KB

MD5
ed8c0198771f07e43c8a221e5a9c542c

SHA1
85f82a9c813fc5fe66b390b392d9af2a225de0f2

SHA256
88bea66d1cabbaadece335a0c3318a2e44de2e3825e5c798f703ac6605284d91

SHA512
686924d84d3f63b4908c34ed994888d271aa2f8c3dd5c1f5af6ee4294461d1670a2c7c1e8956bffc5ad86c61d2b094aeb059c3f7b39b3172a80d74232c14334d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\2109
Filesize
16KB

MD5
384a1b485b081ee4ef9405480e019978

SHA1
149e94c1292579e0241c1ae76f52d17f2e72bed1

SHA256
cb2a6c6b8f6078587365f2c341e8ecadf21f07e8f90ba8937bbc3b2b9c5f7995

SHA512
b80af1ba8d9fca928c5dbe914467a9ecbffd0da03c89f2e3076b82248c7c4dab83f7861521d346996277bfd9deba9be493efd08294d2961510f454a95ae11c40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\21366
Filesize
16KB

MD5
7fdf32c6a6488a067de2842a4c78cc97

SHA1
0beb571befcf62a61969d6b31a92756effcc7284

SHA256
9f3f69b7532475dbe37b5d558e82b10b315db9e2fd3b3ba1b5d2b80c48eedc37

SHA512
9859d00f5af9c6242c5e4566db9da0f30cc8be01e7f9fa586fd1b805419827413fa723d48189073ceb456dabe8b0dfd6198c8f43e7979c13ba39dbde78b5262d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\21576
Filesize
16KB

MD5
8f5fdab121db83f756126eff193df117

SHA1
ab488418ed7cb94d6bbbbabc717c9481d7423108

SHA256
aa47b6cf538d265aa5ae142720191ba3e358b502ace6a23166e33b4a432101de

SHA512
8c83700a7bbe54566aed849102c421161a6a3b863b08e5c883efc0b64473b51f82938451ca05aa9ba116962bb6797aff56477a6171841eb4ebf38688a3ade2bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\21579
Filesize
16KB

MD5
3c6f0a1dd5d51270ec289622ad5c34b5

SHA1
62a5ada266a460b4b597299f618642cfe5d80fa9

SHA256
b158e8edac57c12d444ff96ea1a53cd1308cb1429091eb9b10509c8ed79a2652

SHA512
d9bcef4b99420781ffc6d6451af8e6f015da427ee03a0cf59ff814562969d1b7854ae289e7c4c3a83e9e436b2b85a709192c4bb34889ec7e4d9362d8b87c2078

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\24102
Filesize
16KB

MD5
b1a81ecc0df9fbaab1234f3911903c42

SHA1
84c2e0671dbfc2280315db0c42e9cc40261e73b9

SHA256
8901c1fa992f67677e1cc7b236105285a02b705ac98230e19467ff4bfc8195ea

SHA512
6fad78d9ab2cd640ad9de225e2f115bc2b65e875a4238157612df076ee0843242fcaa821305689807abc78152d4a4b555e985ad0a7a88f0f3dfa5b8f196e057d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\3231
Filesize
16KB

MD5
ba89408611ae660c10ff651ca7e9c502

SHA1
eb48fa03d614578805c349bae0eee9687b27d330

SHA256
f040729226b9de85996e3f2c3793ae859e37bee6899ba9168daf45a53b32084c

SHA512
e9a97e741b822e67f3811b989bb090ea5f6ee228b36695e07ad3ae63ec529500cb916d056ccad968b8c63ea9bf2f719dcda6676c52d986ddfc3a9dbfb921b784

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\4195
Filesize
16KB

MD5
ea9a813b8b33004e59076b6acc64b47a

SHA1
c5b6a4590cae9ad63fe572a3e9fbec7cf4320e0f

SHA256
1df93c9970da01e760edb51d9c72d831ceb8bd9cf3f2ad5d4ced44bf9b56636d

SHA512
352af3b1d150d9f6304868b662619ba1d7108d79e4186cfba203c141fed0ae01c3608fbf516d3ad2872bfefed7cb49be969ea852b7352d25e4bc04c6295d7984

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\4621
Filesize
16KB

MD5
dd1a661ec79e83730f91b41c9e0c995d

SHA1
99742f8572e15282590920044fe62a1147a5d035

SHA256
339d05d8f399f621ccbc265b2b45b481530d426f10e59352dba0a47f52d5f73c

SHA512
f9a03a6c04759e73d594c583d99a12d9c79803e8a41249a2dd754f24e240ff04c29ad058079e7ac5cb82e3e59ffdca6c344af66c850d78d28631db8ff4fdc618

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\4768
Filesize
16KB

MD5
fa63129c8b4b5db6622704a562b71c8a

SHA1
55cfe929fdb8dad1b94d43b2ccb6d521f6077336

SHA256
3ad857a67c76583f046038397df729d54ca7fbff6166876e300371f3e1791de5

SHA512
e72a6a32b80c7906317a14937e6eb22e50f9a41638c98efb5a22f34c8eeb9f8843fa09b960f250f4c5a6e53790aa1ad9fbb928c9afe7bc6057c4273118f5fdb8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\7256
Filesize
15KB

MD5
dfa36c6022936f70ebe5e48767fd1575

SHA1
e5de4f22319294ed6e570e5e49d1e1687a2ede81

SHA256
5962c3971a06c24f12615ca0ad889274f646c0bf9c5c746ef64c7621b5b24eea

SHA512
8dfb8b07d7dd266baa7840bee3c9e7991c58bd5ab13617764f825ecaf99e95bcea11afb9addee1921217445c7df823be50a5e2c750aa2823f90cfddce528e535

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\8513
Filesize
16KB

MD5
07724211a6b4aaa836aeed14a6e4defc

SHA1
65a09ee528cd520b7a21859723245441032ddc11

SHA256
ab8985982233992757c76eed5f584ab3c690e8107c6e7c48248026852112d795

SHA512
9da9bff77b409b655f2acfb6c000d5ff9aa8b6964b48d08813374aa5584059cdd1e68aabd0fff1e0acc4e86fa22cd72deadf39c751fa93f0e6c06a6b1f63b5a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\8939
Filesize
21KB

MD5
8ecb8644a55de9375dbcbf70f822f0cc

SHA1
23ab8b690783610c389b35383296e0af9f5acc9a

SHA256
4637bd8a11f4f59828ccb257c83f5c9b3b03cfb1ec405d47944a83a6856ef2de

SHA512
01c90f4920186eea7ec3fe273a15c103f3abf0dddf4895e1639a41dba18018b3dff0cd7cfb147a509c91fef93225ab6ccfcf3dac3f917d131678184392433b74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\0F845C839511BFDC991F31D0F1523DE4FD4B0AEA
Filesize
83KB

MD5
dee50b4d247b3907d17790aa21787718

SHA1
35d59d6d724072dc91e190b10afb33e6299a7276

SHA256
ffbd3673d395af8b6a649d7c682aca8783f55d1e747e086956e2e7120e3b1286

SHA512
ddbccc09729f5a389dc8b836deb28406b3ba1b24e358ef46800d6fc46d6266f9004ab756a217862a5cc02053d3d0921447eb39b51551d6cbaf6ce0650357a7b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\3994578C81707B9E448F98AB811619CF633DABB4
Filesize
79KB

MD5
dd05932c265c14b6e09600aaa5220675

SHA1
d64070d5d5cab80b8c40c6a969b157eed68b45cb

SHA256
62bc20e37322dc11ef978dd35d8ef5e250a325528c86af32789d2ba250910f32

SHA512
c79c90c01dec030f2e2cf9df496822f123d8329a0f26323b45d3bdf07d834fd3b577c4380d312ee3c3ac7aafd70aebc36fb9c60249922f5d47e1bc150ae54cc1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\4A2050C8B5C28513F05ABCE4241F5119316D955D
Filesize
826KB

MD5
6168fe2e18dbdb70f2b25d090260b80a

SHA1
0d6856c09ceba33fbe0439f66bf80fe782f6492c

SHA256
b41ab7e98b5eb164cec6855a2df8a9bd2bb6de8f725067077d94b3914e982df0

SHA512
e41289b7ce1fe3f89d93f849d885079f2e1359623c7d67882582efd99f7a78ef104ecd3a04a88493ad0bbd68a5b06dde24f5d97b9b6934833f790e656dc48e0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\AB4867986879A35D430DDD267F1FC1867DC104A2
Filesize
135KB

MD5
a99be0993f7516ecd7909096cfd7e0f2

SHA1
2c31a87f292886c78bf1a75c1cf3cb0f5b01f6a2

SHA256
c1d52804fdd7e41dea0e5485b8fd2845c97d24b4463133f50f3e6ff66f65ec42

SHA512
30f0d9816d6987d8fa7a5607c90d4719e6281dafdbee71c8838ecba10c58e87a345baa4ba9c1ccb0128872f42a674041d678692995917367396914002315f8dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\B91855D1F776978E3AA7095084ABF77F07BBDAC7
Filesize
130KB

MD5
5c35c841655d27a6daa9b1409681d02f

SHA1
d56b4da371f7482732dc85a5340a982d57838340

SHA256
5239fae1112f1f56f2a27fd0183a3c8b1c06a34b54e3b66f8f08b271433e4898

SHA512
de85196af16d2baed87b7c4bbc3e6148ebf33fda3310aa8e862ae256b1b533fd92fb528073a056d0333313f7038e78472e848c9c9f3704cda48718d3a63b76a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\C12BFB84DC80FB5460C8FC83DCA2D3B4D65B6A50
Filesize
90KB

MD5
4cd47009c07c47852f14f302a601394d

SHA1
1e82ba2c1baf506e9c61899b67af6af59949d2a4

SHA256
7692ea08dbea28a9c632cbdec52f9c4d0603df913884f7b1573a0e1b0c386126

SHA512
fba9853ffe53d3796cdd9eb3d2378b4a1024e6f024cdfcd0df89dd8e81045a074d4d5429e971e7f370c4d8ac930cb8ddd61438a741dbbfe5b47b6678184fd379

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
Filesize
3KB

MD5
c3b793c05836ad78af7b0c8b8c314469

SHA1
47e3a80ca729f8367e002e01543d9f6b33f123ec

SHA256
0d774090c10389b9bb33f4721cbf0c7f6836da9c4f2321a2b1b859ddf14171f3

SHA512
b5e2be56275407693439c4309733be8414bcc3b78f5d61a5767297b9d87e9d9be9f53ddb6e378ecdbf56a24ce42fff9d76426f50116d540e2d5d57605efb2c07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
83b31d2b1f96066f0e3560b119ffa819

SHA1
70a04d7708973be10a9abb9d9640046a4aa6eac4

SHA256
c8af33c991e52986dafd8349202c7dc50fe6b0fa4e8dc1cc20485823318e011f

SHA512
235ccba0bf355febfbba3ecc26a441c3b835589b25340321ba6ce64cccfec62b2bff4dae5eb2015be5e2fce586dfec5d1f1c1acc05842f1471fbfe2880bbbee3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\1bf6aac3-3117-4035-b3d4-fc83d106af32
Filesize
11KB

MD5
ba7fddb55c767dbcace2734431503759

SHA1
ddf7284de694957a9402d34d0150ce51280dae46

SHA256
3850a75e5661b8df9e0822d4efa2c9eb70d35f66d5f200c4347c978e078e0450

SHA512
00517e8b9e585234c542997e8379ced13db236a0555e329286a0f3be84f4e2204c0f372969948c3515e21b846499314194e9752bf196f6cdb1d2ccf859da8a00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\ed2bac44-3ec9-4c0a-9388-9564d8e01b28
Filesize
745B

MD5
589e2e3aebe49c75a9c7aba7371ae2d0

SHA1
bc9789ab2473b4593d64d3d5af81cc880b8c9625

SHA256
6ecedc88636dda7525a46de7670bf097d04040a9ec9110a17561f3d8696a4346

SHA512
716e4b6304c90edfaecc4d6ac409f1ae5fc215380a232c8921deed90e846fb7dadf5dae03de2d6ac5b725e8981eb4e05feb4ea89f75b057da987cb95bf8aaf93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
Filesize
6KB

MD5
3a825b1efc2b8836fd43c115903fad79

SHA1
49780c78c3e1b444edda18814189145b7d613a06

SHA256
5c34e556243ab09f7e169e7e62a18292de944b21eb2c94f4e02d5fc457d6ec32

SHA512
d205ccdb814382e6fc4bd4f7628c51195eedd6e26f796c9767f280c5168e3d9275efa5086d538e93935cc7883f52064db9eba8e233d74f64e8778aad66c0cb76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
Filesize
6KB

MD5
168e458a2c4198567c0cc812a5db0b98

SHA1
f5b56479b188e3185f909bc4c04a2c8eac3aeb45

SHA256
ca6ff4fce31de2dd0959427ce987323cb82aa05aba05fa73bd990e1d2baf483b

SHA512
4eb6c2133e01691167256e6274ef57622d7c0e005c8e5ab027ef6c5f3393e76f57e0ee994158fc62fc6e06f916dd1f9b8335664244a6f8b0da6141185508070e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js
Filesize
5KB

MD5
7bc2dbf7dba7fca172e617397a88ae01

SHA1
6d604d422d9202c595eb1973cb44de6be4634992

SHA256
8e001b49d8b1a2ee95c360a0a9d9a7a525046d32fe785396716c889d93e96e3b

SHA512
304e59daa4ebf80687d1cecde3b0aa88dae7315527e107af4cb3082727fa0e16e46f2833b9a2115b0fc833064b1d6405b777524effe7800dcb7467f6b36366c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs.js
Filesize
5KB

MD5
b935da57d67137dfb49699039cecde2d

SHA1
48131f1af0718e24eb438248c5bd6071c402bef7

SHA256
73f8e7dcb7e2129b93da35961c74fc1e770e04955b6361f765806ca1d03f06a7

SHA512
7f0f07845ec1d751172021003e12321157c0b1b795bdf08bf503a379c47361c507d9131c7ed9244e3d9057120d79bc71b7e930329808737120e10a5b66acb516

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
4206451fd51ab18e20eb705f8058303f

SHA1
dc8a33eab0abc24f797e3d8b10de72025a8758c0

SHA256
04e9a1d2ae09c63749eacd8ec400e02e062fbc3d7930fa0ff8b1532c0ef13838

SHA512
824853a58eaaf6000d0800c6db279343e47dad6d69e9c84c35f9a2641bc05dc9bf695c179d99d149cd99eaef086c5999ef8aff353189f27ee6ff7fc5f1bec1ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
641322b916f3afe869939202aa7a43e1

SHA1
5ed0981d0db37d77109fe185251fa96513b4e64a

SHA256
7a33176e7b559771e9546ff3b0c1c0a8c5065ddff871bc7d1bfd64133aa89c82

SHA512
029f1773870f033ce8ff0ea8db3d38d88ccae83663fd53e6ca784fb77369fd5cb45241b774a84207b35608dce03d82165a6cf6825ee7ba1dd344ace8013bd456

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
053492c668c635cb196b97ff0d2cb987

SHA1
3e83ae1f46147a5ff4e0b6759535626d154072e0

SHA256
4807cfd8d91219dfd2e96f7026039adcec6bc6b58d2f09fc136d867c655d158d

SHA512
31e0b89cfbea9a3086ed906eb8dab4c91e0948ef798779908d566c78e98405ccb3c004779b9ca7022d230221e812aa6435d51b6096f3fcceed91f3e48dc5ab98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore.jsonlz4
Filesize
5KB

MD5
b779c6141445531d0cb098f22820af9a

SHA1
57c718e458768ab83be5117bc93f7db42a5d270e

SHA256
87054414c2f6c5bd37edfc16da1d988fe438b87b13edd00b69d2cae39d5cc480

SHA512
f3e179ff52dc3257fc8eab7460aafcf835347a4c2cd4c19bdb4c35e582dbf6fae3d6891220648705285806f1f19592265805dbfee879aeb742377701d7bfed65

Download Submit
\??\pipe\crashpad_668_GXUIIETUZTYIBPNZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2684-55-0x00000000044B0000-0x00000000044C0000-memory.dmp

Filesize
64KB

Download
memory/2812-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2812-2-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2812-1-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4832-940-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/4832-941-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download