Malware Analysis Report

2024-08-06 14:34

Sample ID 240530-k2swtace9y
Target 123.exe
SHA256 9da9b6fa70e7983ccfb4a915fab3d111c52e6aa4f7b8ddf43585e1957ea55060
Tags
modiloader persistence trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9da9b6fa70e7983ccfb4a915fab3d111c52e6aa4f7b8ddf43585e1957ea55060

Threat Level: Known bad

The file 123.exe was found to be: Known bad.

Malicious Activity Summary

modiloader persistence trojan

ModiLoader Second Stage

Modiloader family

ModiLoader, DBatLoader

ModiLoader Second Stage

Modifies Installed Components in the registry

Adds Run key to start application

Unsigned PE

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Checks processor information in registry

Suspicious use of SendNotifyMessage

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-05-30 09:06

Signatures

ModiLoader Second Stage

Description Indicator Process Target
N/A N/A N/A N/A

Modiloader family

modiloader

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 09:06

Reported

2024-05-30 09:09

Platform

win7-20240221-en

Max time kernel

39s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\123.exe"

Signatures

ModiLoader, DBatLoader

trojan modiloader

ModiLoader Second Stage

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\123.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\123.exe" C:\Users\Admin\AppData\Local\Temp\123.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Windows\explorer.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\123.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\explorer.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2812 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\123.exe C:\Windows\explorer.exe
PID 2812 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\123.exe C:\Windows\explorer.exe
PID 2812 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\123.exe C:\Windows\explorer.exe
PID 2812 wrote to memory of 2684 N/A C:\Users\Admin\AppData\Local\Temp\123.exe C:\Windows\explorer.exe
PID 2684 wrote to memory of 668 N/A C:\Windows\explorer.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 668 N/A C:\Windows\explorer.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2684 wrote to memory of 668 N/A C:\Windows\explorer.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 776 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 2200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1168 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 668 wrote to memory of 1360 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\123.exe

"C:\Users\Admin\AppData\Local\Temp\123.exe"

C:\Windows\explorer.exe

explorer.exe

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef56e9758,0x7fef56e9768,0x7fef56e9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1612 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2136 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2148 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1480 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2444 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2428 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3500 --field-trial-handle=1268,i,10569720797753135799,8484978850213159019,131072 /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.0.1293139776\604576816" -parentBuildID 20221007134813 -prefsHandle 1200 -prefMapHandle 1192 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4188d10c-854b-4269-b533-f5a19b0242ed} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1296 4208b58 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.1.711453247\158397607" -parentBuildID 20221007134813 -prefsHandle 1532 -prefMapHandle 1528 -prefsLen 20752 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32ccca20-f685-4b97-a374-e40b399aaeb7} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1544 f12fe58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.2.2080679712\1131973393" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 20790 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe55502b-7e8f-4ee5-a166-2ad2022724d4} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2084 1a663f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.3.1840322545\1290760721" -childID 2 -isForBrowser -prefsHandle 2752 -prefMapHandle 2748 -prefsLen 26033 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f5b4fd1-9bf8-4a18-9375-2ce4d816fb4c} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2764 1c4eda58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.4.1936856813\937021294" -childID 3 -isForBrowser -prefsHandle 3244 -prefMapHandle 3240 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63fa201a-26a6-4795-9a67-c151f04cdf1d} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3260 1c6a8858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.5.986521903\392634360" -childID 4 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcdb1536-85df-4272-909d-2a08989639aa} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3812 1efd1358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.6.556962076\744841819" -childID 5 -isForBrowser -prefsHandle 3828 -prefMapHandle 3776 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb9f2580-48a7-4987-b16d-dc26197de487} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3852 1efd2558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.7.1599674780\961329596" -childID 6 -isForBrowser -prefsHandle 3948 -prefMapHandle 3940 -prefsLen 26092 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {577f2704-f231-4625-b15d-b4b54fa24bfa} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4024 1efbcd58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.8.1984353644\751182102" -childID 7 -isForBrowser -prefsHandle 3052 -prefMapHandle 1944 -prefsLen 26251 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b448e6c2-e4bd-4bee-94d9-b35ab9aa6fac} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4080 f132858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.9.1790541616\2008880620" -childID 8 -isForBrowser -prefsHandle 3052 -prefMapHandle 1944 -prefsLen 26426 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcc3a108-fde8-4893-aade-08305a6a4bb8} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4420 21c54d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.10.421399743\413753619" -childID 9 -isForBrowser -prefsHandle 4792 -prefMapHandle 4788 -prefsLen 26426 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {85565641-abde-4a44-a344-1aafeae8b436} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4804 21cfcb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.11.1966554808\79161524" -childID 10 -isForBrowser -prefsHandle 3892 -prefMapHandle 3904 -prefsLen 26426 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {808b823a-26b6-4ede-9013-90a3c7f31b28} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3884 1c17a558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.12.1565054193\1644176200" -childID 11 -isForBrowser -prefsHandle 700 -prefMapHandle 4308 -prefsLen 26426 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57009b12-a68e-41db-8156-4e7abeb229f6} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3768 19fa2b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.13.1654341506\565261095" -childID 12 -isForBrowser -prefsHandle 3488 -prefMapHandle 3472 -prefsLen 26691 -prefMapSize 233414 -jsInitHandle 580 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ef04a2f-22cf-4836-ab35-450fbbedfcad} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4052 21c54758 tab

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 44.237.65.238:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.107.243.93:443 autopush.prod.mozaws.net tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 2ip.io udp
DE 195.201.201.33:443 2ip.io tcp
US 8.8.8.8:53 2ip.io udp
US 8.8.8.8:53 2ip.io udp
US 8.8.8.8:53 ipv6.2ip.io udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.226:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.187.206:443 analytics.google.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 analytics.google.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.206:443 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.187.238:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 www3.l.google.com udp
US 8.8.8.8:53 www3.l.google.com udp
BE 64.233.166.157:443 stats.g.doubleclick.net udp
GB 142.250.187.238:443 www3.l.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 csi.gstatic.com udp
IN 142.250.206.99:443 csi.gstatic.com tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 csi.gstatic.com udp
IN 142.250.206.99:443 csi.gstatic.com tcp
IN 142.250.206.99:443 csi.gstatic.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
N/A 127.0.0.1:49261 tcp
N/A 127.0.0.1:49274 tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp

Files

memory/2812-0-0x0000000000230000-0x0000000000231000-memory.dmp

memory/2812-1-0x0000000000400000-0x000000000046A000-memory.dmp

memory/2812-2-0x0000000000400000-0x000000000046A000-memory.dmp

\??\pipe\crashpad_668_GXUIIETUZTYIBPNZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/2684-55-0x00000000044B0000-0x00000000044C0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin

MD5 c3b793c05836ad78af7b0c8b8c314469
SHA1 47e3a80ca729f8367e002e01543d9f6b33f123ec
SHA256 0d774090c10389b9bb33f4721cbf0c7f6836da9c4f2321a2b1b859ddf14171f3
SHA512 b5e2be56275407693439c4309733be8414bcc3b78f5d61a5767297b9d87e9d9be9f53ddb6e378ecdbf56a24ce42fff9d76426f50116d540e2d5d57605efb2c07

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\1bf6aac3-3117-4035-b3d4-fc83d106af32

MD5 ba7fddb55c767dbcace2734431503759
SHA1 ddf7284de694957a9402d34d0150ce51280dae46
SHA256 3850a75e5661b8df9e0822d4efa2c9eb70d35f66d5f200c4347c978e078e0450
SHA512 00517e8b9e585234c542997e8379ced13db236a0555e329286a0f3be84f4e2204c0f372969948c3515e21b846499314194e9752bf196f6cdb1d2ccf859da8a00

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\pending_pings\ed2bac44-3ec9-4c0a-9388-9564d8e01b28

MD5 589e2e3aebe49c75a9c7aba7371ae2d0
SHA1 bc9789ab2473b4593d64d3d5af81cc880b8c9625
SHA256 6ecedc88636dda7525a46de7670bf097d04040a9ec9110a17561f3d8696a4346
SHA512 716e4b6304c90edfaecc4d6ac409f1ae5fc215380a232c8921deed90e846fb7dadf5dae03de2d6ac5b725e8981eb4e05feb4ea89f75b057da987cb95bf8aaf93

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\datareporting\glean\db\data.safe.bin

MD5 83b31d2b1f96066f0e3560b119ffa819
SHA1 70a04d7708973be10a9abb9d9640046a4aa6eac4
SHA256 c8af33c991e52986dafd8349202c7dc50fe6b0fa4e8dc1cc20485823318e011f
SHA512 235ccba0bf355febfbba3ecc26a441c3b835589b25340321ba6ce64cccfec62b2bff4dae5eb2015be5e2fce586dfec5d1f1c1acc05842f1471fbfe2880bbbee3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs.js

MD5 b935da57d67137dfb49699039cecde2d
SHA1 48131f1af0718e24eb438248c5bd6071c402bef7
SHA256 73f8e7dcb7e2129b93da35961c74fc1e770e04955b6361f765806ca1d03f06a7
SHA512 7f0f07845ec1d751172021003e12321157c0b1b795bdf08bf503a379c47361c507d9131c7ed9244e3d9057120d79bc71b7e930329808737120e10a5b66acb516

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

MD5 7bc2dbf7dba7fca172e617397a88ae01
SHA1 6d604d422d9202c595eb1973cb44de6be4634992
SHA256 8e001b49d8b1a2ee95c360a0a9d9a7a525046d32fe785396716c889d93e96e3b
SHA512 304e59daa4ebf80687d1cecde3b0aa88dae7315527e107af4cb3082727fa0e16e46f2833b9a2115b0fc833064b1d6405b777524effe7800dcb7467f6b36366c9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

MD5 641322b916f3afe869939202aa7a43e1
SHA1 5ed0981d0db37d77109fe185251fa96513b4e64a
SHA256 7a33176e7b559771e9546ff3b0c1c0a8c5065ddff871bc7d1bfd64133aa89c82
SHA512 029f1773870f033ce8ff0ea8db3d38d88ccae83663fd53e6ca784fb77369fd5cb45241b774a84207b35608dce03d82165a6cf6825ee7ba1dd344ace8013bd456

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

MD5 3a825b1efc2b8836fd43c115903fad79
SHA1 49780c78c3e1b444edda18814189145b7d613a06
SHA256 5c34e556243ab09f7e169e7e62a18292de944b21eb2c94f4e02d5fc457d6ec32
SHA512 d205ccdb814382e6fc4bd4f7628c51195eedd6e26f796c9767f280c5168e3d9275efa5086d538e93935cc7883f52064db9eba8e233d74f64e8778aad66c0cb76

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9fc6a4b437b2a50193ce7699e67d1d13
SHA1 1383dca42a74bf716be88c1eae3f8fc8a900abbc
SHA256 cab99e4b2487317e5378d61e9ad6ef702d9dadddfa1002f93ce789efb02f9578
SHA512 65a5eb243c4a75d5f19592cd9f21f28c4fcb125ac92c7e6389bb53f0d6749f9ebf6a885ae73b08c41aee5953fe463e13f7f636a95613d3da0d612ef537f25541

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\3994578C81707B9E448F98AB811619CF633DABB4

MD5 dd05932c265c14b6e09600aaa5220675
SHA1 d64070d5d5cab80b8c40c6a969b157eed68b45cb
SHA256 62bc20e37322dc11ef978dd35d8ef5e250a325528c86af32789d2ba250910f32
SHA512 c79c90c01dec030f2e2cf9df496822f123d8329a0f26323b45d3bdf07d834fd3b577c4380d312ee3c3ac7aafd70aebc36fb9c60249922f5d47e1bc150ae54cc1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\AB4867986879A35D430DDD267F1FC1867DC104A2

MD5 a99be0993f7516ecd7909096cfd7e0f2
SHA1 2c31a87f292886c78bf1a75c1cf3cb0f5b01f6a2
SHA256 c1d52804fdd7e41dea0e5485b8fd2845c97d24b4463133f50f3e6ff66f65ec42
SHA512 30f0d9816d6987d8fa7a5607c90d4719e6281dafdbee71c8838ecba10c58e87a345baa4ba9c1ccb0128872f42a674041d678692995917367396914002315f8dd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\C12BFB84DC80FB5460C8FC83DCA2D3B4D65B6A50

MD5 4cd47009c07c47852f14f302a601394d
SHA1 1e82ba2c1baf506e9c61899b67af6af59949d2a4
SHA256 7692ea08dbea28a9c632cbdec52f9c4d0603df913884f7b1573a0e1b0c386126
SHA512 fba9853ffe53d3796cdd9eb3d2378b4a1024e6f024cdfcd0df89dd8e81045a074d4d5429e971e7f370c4d8ac930cb8ddd61438a741dbbfe5b47b6678184fd379

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\B91855D1F776978E3AA7095084ABF77F07BBDAC7

MD5 5c35c841655d27a6daa9b1409681d02f
SHA1 d56b4da371f7482732dc85a5340a982d57838340
SHA256 5239fae1112f1f56f2a27fd0183a3c8b1c06a34b54e3b66f8f08b271433e4898
SHA512 de85196af16d2baed87b7c4bbc3e6148ebf33fda3310aa8e862ae256b1b533fd92fb528073a056d0333313f7038e78472e848c9c9f3704cda48718d3a63b76a3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\4A2050C8B5C28513F05ABCE4241F5119316D955D

MD5 6168fe2e18dbdb70f2b25d090260b80a
SHA1 0d6856c09ceba33fbe0439f66bf80fe782f6492c
SHA256 b41ab7e98b5eb164cec6855a2df8a9bd2bb6de8f725067077d94b3914e982df0
SHA512 e41289b7ce1fe3f89d93f849d885079f2e1359623c7d67882582efd99f7a78ef104ecd3a04a88493ad0bbd68a5b06dde24f5d97b9b6934833f790e656dc48e0f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

MD5 4206451fd51ab18e20eb705f8058303f
SHA1 dc8a33eab0abc24f797e3d8b10de72025a8758c0
SHA256 04e9a1d2ae09c63749eacd8ec400e02e062fbc3d7930fa0ff8b1532c0ef13838
SHA512 824853a58eaaf6000d0800c6db279343e47dad6d69e9c84c35f9a2641bc05dc9bf695c179d99d149cd99eaef086c5999ef8aff353189f27ee6ff7fc5f1bec1ef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\prefs-1.js

MD5 168e458a2c4198567c0cc812a5db0b98
SHA1 f5b56479b188e3185f909bc4c04a2c8eac3aeb45
SHA256 ca6ff4fce31de2dd0959427ce987323cb82aa05aba05fa73bd990e1d2baf483b
SHA512 4eb6c2133e01691167256e6274ef57622d7c0e005c8e5ab027ef6c5f3393e76f57e0ee994158fc62fc6e06f916dd1f9b8335664244a6f8b0da6141185508070e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\8939

MD5 8ecb8644a55de9375dbcbf70f822f0cc
SHA1 23ab8b690783610c389b35383296e0af9f5acc9a
SHA256 4637bd8a11f4f59828ccb257c83f5c9b3b03cfb1ec405d47944a83a6856ef2de
SHA512 01c90f4920186eea7ec3fe273a15c103f3abf0dddf4895e1639a41dba18018b3dff0cd7cfb147a509c91fef93225ab6ccfcf3dac3f917d131678184392433b74

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\7256

MD5 dfa36c6022936f70ebe5e48767fd1575
SHA1 e5de4f22319294ed6e570e5e49d1e1687a2ede81
SHA256 5962c3971a06c24f12615ca0ad889274f646c0bf9c5c746ef64c7621b5b24eea
SHA512 8dfb8b07d7dd266baa7840bee3c9e7991c58bd5ab13617764f825ecaf99e95bcea11afb9addee1921217445c7df823be50a5e2c750aa2823f90cfddce528e535

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\21576

MD5 8f5fdab121db83f756126eff193df117
SHA1 ab488418ed7cb94d6bbbbabc717c9481d7423108
SHA256 aa47b6cf538d265aa5ae142720191ba3e358b502ace6a23166e33b4a432101de
SHA512 8c83700a7bbe54566aed849102c421161a6a3b863b08e5c883efc0b64473b51f82938451ca05aa9ba116962bb6797aff56477a6171841eb4ebf38688a3ade2bc

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\8513

MD5 07724211a6b4aaa836aeed14a6e4defc
SHA1 65a09ee528cd520b7a21859723245441032ddc11
SHA256 ab8985982233992757c76eed5f584ab3c690e8107c6e7c48248026852112d795
SHA512 9da9bff77b409b655f2acfb6c000d5ff9aa8b6964b48d08813374aa5584059cdd1e68aabd0fff1e0acc4e86fa22cd72deadf39c751fa93f0e6c06a6b1f63b5a5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\12116

MD5 49bcbb210852332803974f5416d08c6a
SHA1 ef5473865e2e53ce2f516bd81ee966e2d9571350
SHA256 0a9a5a2921191520d7d525f8c3618e880335102766012929b00337f7375faddc
SHA512 2efc3434b5ed7a93a2a8c448140d668cf9b371a05eecabae4e45feff91ac123901e282683a3d602ef6abf4bf5b960ef11d43a3e25bdb4545dfa0b7fb656e3d7f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\18759

MD5 ed8c0198771f07e43c8a221e5a9c542c
SHA1 85f82a9c813fc5fe66b390b392d9af2a225de0f2
SHA256 88bea66d1cabbaadece335a0c3318a2e44de2e3825e5c798f703ac6605284d91
SHA512 686924d84d3f63b4908c34ed994888d271aa2f8c3dd5c1f5af6ee4294461d1670a2c7c1e8956bffc5ad86c61d2b094aeb059c3f7b39b3172a80d74232c14334d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\15606

MD5 fc34e890ae509996b876571976568232
SHA1 ce4833c787cbf9601ff8f75650c2a16f50915ece
SHA256 6c1c55a5b57dae09d54e576cb3b0a30fe86a60ec6f4e2e5930064ab2075c771b
SHA512 6f3b518f3ade6ae3edab94c5d80ab36eafbc1231ecb0a28580bdf1f9614d6bbce566029c80637796b6ea75f32aa06bf5f6968b12f9b0a0668d00285ff4854e40

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f06bf5b179d52cb73f167326974e5536
SHA1 4edd9ac63c44365a80736e2ee416697890284058
SHA256 1490e813eefb48e201e11506bc43444e32bb3c95b00fac4a20f0a5cd5872ee27
SHA512 d57b9c7efc3cf134d0c7729aefc8c04e228d70546c3bbfe93c60b4a346ac5a97bf44820ee46f1102ec905a5bde3ed6b419dc7838dec3bff344987d50676feace

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\4621

MD5 dd1a661ec79e83730f91b41c9e0c995d
SHA1 99742f8572e15282590920044fe62a1147a5d035
SHA256 339d05d8f399f621ccbc265b2b45b481530d426f10e59352dba0a47f52d5f73c
SHA512 f9a03a6c04759e73d594c583d99a12d9c79803e8a41249a2dd754f24e240ff04c29ad058079e7ac5cb82e3e59ffdca6c344af66c850d78d28631db8ff4fdc618

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\24102

MD5 b1a81ecc0df9fbaab1234f3911903c42
SHA1 84c2e0671dbfc2280315db0c42e9cc40261e73b9
SHA256 8901c1fa992f67677e1cc7b236105285a02b705ac98230e19467ff4bfc8195ea
SHA512 6fad78d9ab2cd640ad9de225e2f115bc2b65e875a4238157612df076ee0843242fcaa821305689807abc78152d4a4b555e985ad0a7a88f0f3dfa5b8f196e057d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\4195

MD5 ea9a813b8b33004e59076b6acc64b47a
SHA1 c5b6a4590cae9ad63fe572a3e9fbec7cf4320e0f
SHA256 1df93c9970da01e760edb51d9c72d831ceb8bd9cf3f2ad5d4ced44bf9b56636d
SHA512 352af3b1d150d9f6304868b662619ba1d7108d79e4186cfba203c141fed0ae01c3608fbf516d3ad2872bfefed7cb49be969ea852b7352d25e4bc04c6295d7984

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\10962

MD5 4e6a32d4d53d05e26c20a801a8fa6de7
SHA1 cb152fe8d1fc332c764a32b756e0f8fa2d298688
SHA256 d364b87f64e325aa25e11ea13d2229eb21304434c2181ec2b018bbf4002f2d03
SHA512 03ca39c233a3a147e9cc5e295d9381f28ece687eddf74db22b07c1873a9a90d5aacfe0c550a797bcae04062684b48064ae7d3a672174fe34c43f9ccc918ee2f0

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\4768

MD5 fa63129c8b4b5db6622704a562b71c8a
SHA1 55cfe929fdb8dad1b94d43b2ccb6d521f6077336
SHA256 3ad857a67c76583f046038397df729d54ca7fbff6166876e300371f3e1791de5
SHA512 e72a6a32b80c7906317a14937e6eb22e50f9a41638c98efb5a22f34c8eeb9f8843fa09b960f250f4c5a6e53790aa1ad9fbb928c9afe7bc6057c4273118f5fdb8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\21579

MD5 3c6f0a1dd5d51270ec289622ad5c34b5
SHA1 62a5ada266a460b4b597299f618642cfe5d80fa9
SHA256 b158e8edac57c12d444ff96ea1a53cd1308cb1429091eb9b10509c8ed79a2652
SHA512 d9bcef4b99420781ffc6d6451af8e6f015da427ee03a0cf59ff814562969d1b7854ae289e7c4c3a83e9e436b2b85a709192c4bb34889ec7e4d9362d8b87c2078

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\entries\0F845C839511BFDC991F31D0F1523DE4FD4B0AEA

MD5 dee50b4d247b3907d17790aa21787718
SHA1 35d59d6d724072dc91e190b10afb33e6299a7276
SHA256 ffbd3673d395af8b6a649d7c682aca8783f55d1e747e086956e2e7120e3b1286
SHA512 ddbccc09729f5a389dc8b836deb28406b3ba1b24e358ef46800d6fc46d6266f9004ab756a217862a5cc02053d3d0921447eb39b51551d6cbaf6ce0650357a7b5

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\18650

MD5 85850151817145c422568731c3177936
SHA1 df08467843de35258f295273e482ac32874f859f
SHA256 b4b4f22b9dadf07ab73bb103f877f336abbbbd66ce70d1ad2e02e589b24c3b4e
SHA512 5392e0d2d95389e9953a5104a4900f1d9157273a1249cf4eb832a739632d5d695a456f2f089880b8d46554543bae6dd51e3b205990f596bd74c1f5af16254fe7

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\3231

MD5 ba89408611ae660c10ff651ca7e9c502
SHA1 eb48fa03d614578805c349bae0eee9687b27d330
SHA256 f040729226b9de85996e3f2c3793ae859e37bee6899ba9168daf45a53b32084c
SHA512 e9a97e741b822e67f3811b989bb090ea5f6ee228b36695e07ad3ae63ec529500cb916d056ccad968b8c63ea9bf2f719dcda6676c52d986ddfc3a9dbfb921b784

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\2109

MD5 384a1b485b081ee4ef9405480e019978
SHA1 149e94c1292579e0241c1ae76f52d17f2e72bed1
SHA256 cb2a6c6b8f6078587365f2c341e8ecadf21f07e8f90ba8937bbc3b2b9c5f7995
SHA512 b80af1ba8d9fca928c5dbe914467a9ecbffd0da03c89f2e3076b82248c7c4dab83f7861521d346996277bfd9deba9be493efd08294d2961510f454a95ae11c40

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\gdoevwuq.default-release\cache2\doomed\21366

MD5 7fdf32c6a6488a067de2842a4c78cc97
SHA1 0beb571befcf62a61969d6b31a92756effcc7284
SHA256 9f3f69b7532475dbe37b5d558e82b10b315db9e2fd3b3ba1b5d2b80c48eedc37
SHA512 9859d00f5af9c6242c5e4566db9da0f30cc8be01e7f9fa586fd1b805419827413fa723d48189073ceb456dabe8b0dfd6198c8f43e7979c13ba39dbde78b5262d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore-backups\recovery.jsonlz4

MD5 053492c668c635cb196b97ff0d2cb987
SHA1 3e83ae1f46147a5ff4e0b6759535626d154072e0
SHA256 4807cfd8d91219dfd2e96f7026039adcec6bc6b58d2f09fc136d867c655d158d
SHA512 31e0b89cfbea9a3086ed906eb8dab4c91e0948ef798779908d566c78e98405ccb3c004779b9ca7022d230221e812aa6435d51b6096f3fcceed91f3e48dc5ab98

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gdoevwuq.default-release\sessionstore.jsonlz4

MD5 b779c6141445531d0cb098f22820af9a
SHA1 57c718e458768ab83be5117bc93f7db42a5d270e
SHA256 87054414c2f6c5bd37edfc16da1d988fe438b87b13edd00b69d2cae39d5cc480
SHA512 f3e179ff52dc3257fc8eab7460aafcf835347a4c2cd4c19bdb4c35e582dbf6fae3d6891220648705285806f1f19592265805dbfee879aeb742377701d7bfed65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9c548c5fc666c8f9f0a3cbb3c9bf91c0
SHA1 9cba0bafb1772d8ef433ef5c7100226b52c9ecb6
SHA256 d0e2aec6873d5d8e5d567b8d7aadca32648ff7f5d677762da4ca26700e73b77b
SHA512 9a792a2bb65bb1920d193b5ad50451b4ca77376f9b0d99461633a95778df0cb7c2ed93e8658fd41458685fc186bebe20b167ca23153c070f0a55b35718e3eb3c

memory/4832-940-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/4832-941-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b5c80798-8070-46eb-acbe-97ab64cd0bf5.tmp

MD5 019f2198992efd05f4073688c6faa933
SHA1 f3655701f8e78b98c835914316ab255f6a03967d
SHA256 5f062fd2bb3b84b70c9a2491dbc0b8c648f7dd93692588657731bbc6cd8003f6
SHA512 0087de5b25c6c38b65375250ac75f63d7ec415e9a9f4314186f7cf3b3dd41cc2d80edc2a9a1af5097c966270cc9796549b07364135a634573852efb6aeedcc83