hxxp://ldvu[.]bejazi[.]co[.]ke

Analysis

max time kernel
330s
max time network
332s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
22-03-2023 10:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ldvu.bejazi.co.ke

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31022260"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000051d6db365ce0f843a8e6cfaf226c4d2b00000000020000000000106600000001000020000000c0271cc12d8957c0d343f910e1905bc9837951b400b9d613b6d1728db029a142000000000e80000000020000200000003dcdc8814181584dae3b664e8a74c19f842f17d765d100a5f271dfdae4e42b4a200000003686d9f13efe8b0edff63122edb067a0b8d3c5a9cffac3c0c7ccbcd99d34656b400000007ef42a89b184d303e2c09c011494410bd7910a657375d98a1833ed814561931a489c80f1a8a6f51e5e5bcadd06ce70e6fe4dc89e775cecf28ce1a54429a08bf8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0587262b45cd901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9D36D39C-C8A7-11ED-8227-6E4EC519A222} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1914704488"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1914704488"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "386250750"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31022260"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31022260"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1934934876"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Modifies registry class 2 IoCs

Processes:

firefox.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	4116	firefox.exe
Token: SeDebugPrivilege	4116	firefox.exe
Token: SeDebugPrivilege	5880	firefox.exe
Token: SeDebugPrivilege	5880	firefox.exe
Token: SeDebugPrivilege	5880	firefox.exe
Token: SeDebugPrivilege	5880	firefox.exe
Token: SeDebugPrivilege	5880	firefox.exe
Token: SeDebugPrivilege	5880	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

pid process

3856 iexplore.exe
4116 firefox.exe
4116 firefox.exe
4116 firefox.exe
4116 firefox.exe
5880 firefox.exe
5880 firefox.exe
5880 firefox.exe
5880 firefox.exe
Suspicious use of SendNotifyMessage 6 IoCs

Processes:

firefox.exefirefox.exe

pid process

4116 firefox.exe
4116 firefox.exe
4116 firefox.exe
5880 firefox.exe
5880 firefox.exe
5880 firefox.exe

pid	process
4116	firefox.exe
4116	firefox.exe
4116	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe

Suspicious use of SetWindowsHookEx 53 IoCs

Processes:

iexplore.exeIEXPLORE.EXEfirefox.exefirefox.exe

pid	process
3856	iexplore.exe
3856	iexplore.exe
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE
4116	firefox.exe
4116	firefox.exe
4116	firefox.exe
4116	firefox.exe
4116	firefox.exe
4116	firefox.exe
4116	firefox.exe
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE
2508	IEXPLORE.EXE
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe
5880	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exefirefox.exefirefox.exe

description	pid	process	target process
PID 3856 wrote to memory of 2508	3856	iexplore.exe	IEXPLORE.EXE
PID 3856 wrote to memory of 2508	3856	iexplore.exe	IEXPLORE.EXE
PID 3856 wrote to memory of 2508	3856	iexplore.exe	IEXPLORE.EXE
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4600 wrote to memory of 4116	4600	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4120	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 4120	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe
PID 4116 wrote to memory of 3576	4116	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://ldvu.bejazi.co.ke
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3856

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3856 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4600

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.0.1751014182\1959951935" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3a21d24-774b-4798-9132-00bf27d09a9a} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 1940 26d64a18658 gpu
3⤵
PID:4120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.1.777906505\696506726" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfc8ec16-3a3a-4db3-8e20-27e861a9b6cd} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 2332 26d56972e58 socket
3⤵
PID:3576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.2.173492686\586599103" -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3284 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e4d9a4f-fefd-45ba-aeff-1508e59b88c1} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 3296 26d675fcc58 tab
3⤵
PID:3384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.3.1634292093\941208004" -childID 2 -isForBrowser -prefsHandle 1444 -prefMapHandle 2376 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b70b2620-04aa-433a-904b-3971d1d97489} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 1296 26d5696ae58 tab
3⤵
PID:1384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.4.1918343875\1976534884" -childID 3 -isForBrowser -prefsHandle 4112 -prefMapHandle 4108 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c89391f-c506-45a5-b26b-8dccb829eff9} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 4136 26d675fc658 tab
3⤵
PID:4112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.5.1076269791\1824075344" -childID 4 -isForBrowser -prefsHandle 2800 -prefMapHandle 2796 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59d93117-92ed-4683-9877-786c0e800975} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 4972 26d5695df58 tab
3⤵
PID:2256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.6.2023857388\1581328700" -childID 5 -isForBrowser -prefsHandle 5160 -prefMapHandle 5164 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7461828-0692-43a1-a968-8407ed33c603} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 5048 26d69731b58 tab
3⤵
PID:4476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.7.785276513\17714442" -childID 6 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26738 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d8293a2-c69e-49e9-aa75-004438c41334} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 5344 26d69d77858 tab
3⤵
PID:2704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.8.1557772903\1573977171" -childID 7 -isForBrowser -prefsHandle 5772 -prefMapHandle 5776 -prefsLen 26913 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {486c2c19-5179-4974-afee-5c03f306b4b1} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 5668 26d6b88de58 tab
3⤵
PID:5496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4116.9.1633945959\1789695800" -childID 8 -isForBrowser -prefsHandle 5956 -prefMapHandle 5952 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1464 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {878001ec-b7a3-4edf-8a19-89260b14087e} 4116 "\\.\pipe\gecko-crash-server-pipe.4116" 5948 26d6bdf9c58 tab
3⤵
PID:5728

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\c970f495a0c74efda89be7554043926f /t 3084 /p 4116
1⤵
PID:4544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.0.236687436\1011571755" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20890 -prefMapSize 232727 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6fabca8-8ecc-4775-bb9d-0a3ca2f53a66} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 1960 1dfd90b7e58 gpu
3⤵
PID:3108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.1.1876997046\338191070" -parentBuildID 20221007134813 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 20926 -prefMapSize 232727 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b6d98df-7a02-4ae1-98c2-73f51e83ce19} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 2352 1dfd7df3858 socket
3⤵
PID:1668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.2.720860386\385160042" -childID 1 -isForBrowser -prefsHandle 1584 -prefMapHandle 1480 -prefsLen 21009 -prefMapSize 232727 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fa0c311-4d1a-424c-833d-60621aeb19a1} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 3120 1dfdbcd0458 tab
3⤵
PID:5928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.3.1424610551\1387635880" -childID 2 -isForBrowser -prefsHandle 3480 -prefMapHandle 3476 -prefsLen 25686 -prefMapSize 232727 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ec5cb01-e908-4e93-a6e1-0b72627f7b67} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 3488 1dfcb261f58 tab
3⤵
PID:1276

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.4.2027931096\476281964" -childID 3 -isForBrowser -prefsHandle 4480 -prefMapHandle 4476 -prefsLen 26525 -prefMapSize 232727 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b83c13c1-415f-40e6-87e9-e61e712481b1} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4492 1dfddca2e58 tab
3⤵
PID:5672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.5.1343866701\307401006" -childID 4 -isForBrowser -prefsHandle 4760 -prefMapHandle 4756 -prefsLen 26525 -prefMapSize 232727 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d7f27cb-8239-4761-9e13-86d80fbece5b} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4772 1dfde020058 tab
3⤵
PID:1608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.6.202023136\526952361" -childID 5 -isForBrowser -prefsHandle 5416 -prefMapHandle 4668 -prefsLen 26860 -prefMapSize 232727 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fddeccd6-5bd7-4f6f-81f6-932d1967241e} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4612 1dfdf8acb58 tab
3⤵
PID:5112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.7.602251678\1700940175" -childID 6 -isForBrowser -prefsHandle 5600 -prefMapHandle 5620 -prefsLen 26860 -prefMapSize 232727 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec618a9c-6ce5-4bb8-9421-6b288262246d} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4484 1dfde03b058 tab
3⤵
PID:5256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.9.1355586979\1402222113" -childID 8 -isForBrowser -prefsHandle 5852 -prefMapHandle 5856 -prefsLen 26860 -prefMapSize 232727 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6c20215-9364-471c-a974-daf871e1c657} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 5844 1dfe0573258 tab
3⤵
PID:5728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.8.461343190\1234456249" -childID 7 -isForBrowser -prefsHandle 5412 -prefMapHandle 4592 -prefsLen 26860 -prefMapSize 232727 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44ac2149-0ffd-46bb-9dd2-068796d72122} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4668 1dfdfbf1c58 tab
3⤵
PID:4112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.10.1528706785\1421764025" -childID 9 -isForBrowser -prefsHandle 5020 -prefMapHandle 6132 -prefsLen 26860 -prefMapSize 232727 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02314827-8190-43e2-8f45-259e9a733d8e} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 5592 1dfe0a6c758 tab
3⤵
PID:112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5880.11.2036991362\1669838887" -childID 10 -isForBrowser -prefsHandle 4672 -prefMapHandle 4688 -prefsLen 26860 -prefMapSize 232727 -jsInitHandle 1092 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2604c9dd-c690-408b-8753-e86b66a709b4} 5880 "\\.\pipe\gecko-crash-server-pipe.5880" 4684 1dfddca2e58 tab
3⤵
PID:3296

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json
Filesize
145KB

MD5
40aac8c8d46fcbe3612daf075c8c2671

SHA1
7a6f928a3491b36c50d1d9f6680ee7c14680a5b9

SHA256
f59fecefe1c32e480e57d4193f564de8014cfbf3a1c9964a47dff2764c6ed79e

SHA512
276b7cdc7c48633e92ead2ab1e202511081a6c4154310dc518412cf89074d6485f77c85cc1ad4e40ebfa923d4828f1e859e0a21d73b773aa428507b00f40f64c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp
Filesize
145KB

MD5
b9e469563ae0cf38db30f5824da9ec86

SHA1
8b7283cb5d50cad2068239972c00538c7db778fb

SHA256
adfe183d32358acc80e9bbabd32e276ef43b6a8cb8bf08b377a519e4a0f18f74

SHA512
2a376aa1b727210d1568122f8f11a19ee3669a0e4bd3cd899a8992b2461f826ba1d1d2675865f18571880e87f8691ea89748689fd2583916b7a761de688cf1c0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp
Filesize
145KB

MD5
00bc5a64ac6a904e3313816591d67296

SHA1
ed7861c3912e77068704bdeebe50ff38993aa50a

SHA256
698756835573048bb68b3d8abb391481e3fe32f6caf65b71fb31dbbfc1ac8f82

SHA512
f015c6ee6dcced0593754cd092436621df80a3b0d6c5511951de6920af67aa28cc4a4a48d99d3881e09411a9d278058f35b98ba79c796fdf8dc89375af2c7f59

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\0067324608D9D298E75814A4318CE9F0131D65D9
Filesize
5KB

MD5
5201109980078edf26641f72db2a1a2c

SHA1
05d204c61abd10abfd83729bc92699bf13c627e8

SHA256
8cd7d29732075acbcf1beac00f028f17a2967477838b703c6cc2f553638c2d37

SHA512
c3df57698505a1903bef62cf3b97c00b3f5913f5060d1883ca5ef2b53d87322041d36e5a5c9c858f616eaf05f8249aa5231e6d75d8bddb2e3e28c76cb857a802

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913
Filesize
9KB

MD5
097fb85c376ca3f9b5a4eccff2b0cdc4

SHA1
d99e78a13d61338b047c29caac38ff2dd23ca8dd

SHA256
7ab25504a76833a526eecc2338e428a102858d342216959203342ca97d08f6a1

SHA512
ed9ae478f92d47db145d4d4ba07c1ecd7dbdd538108e3d3934d6151d9c7e8489bb3248f9020da2219b72efe06d26cb5f5681700ea29b583baef755695ec13d35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\0A6BFF3E845E283354795B380CA61F1D6B9FA81A
Filesize
7KB

MD5
ef4ad2dda66ef60cc60a04c45a45b886

SHA1
6adb897eb58419a875f35d76dd6f005ac9831c58

SHA256
f14a6dfa1d17b2203b25ef65507def8b2da0249e36a8c07e36c73d0c7c5bd5d7

SHA512
764f0cc13338002dd31cf9a4344adcbfe60cb7e6ee575bdbfc4bc361a067f9e5c9d41419666ba2d2a744ee5e5d9d78d4d79e1b42fef7ecb2541d579ccbf52698

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize
9KB

MD5
cfe5a9a214a54aef532b9f12e1ad2f58

SHA1
f63211c6ff24a4c6af9065ce278d0c9b8644ba89

SHA256
47bc389113cfd3036484832818af58b2b9ea29d2dbcf47ab980daa90e8f3c7e6

SHA512
7fb5082eae5896c62137a9e7462b6376784c334d183c21623ef3d03b91f4bb1505552139971b6e11aca33d571fa62c84b06d530b602e7d8f8a4379d785a55511

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\2BC63E97A49CA7F69AD8DA742A89019FEA548742
Filesize
292B

MD5
2b3f5cd1621063456c93e3466da26067

SHA1
068b8a4f9ff5ee6c03c9e50a7f8cd57f6a15b27e

SHA256
319d9ad479c736201ebd7f91a27063097bcfb1bd7e5462a182e4ec5b4045debb

SHA512
c30d4fad5d2a218edecf06ffcb2474baf495a759e8d98fab825803de358e64326c779f0ecd6f7b38e8896050c1b63c1bff7e1f055230eeaf4c8116772d77afca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\3251035FC42872B1269D18FB31FF846B6FB70C16
Filesize
206B

MD5
31613a7d0741949068c91fed1a544500

SHA1
375fd6719869d055d7325beb57f4932ba83126fd

SHA256
40aab9bd869dd60a62df87bd9fab5c88b838e55c7ea306586cb1ac4d563166e9

SHA512
ec673fb9dddce070796bbc7157f12e2ab39d9c99b1cc0fc7f5a6a8331c6d8052016fc53ea4deda748c577eb649067d43c71f53a516a7237d350c3d5a133ed4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\38FF788A718C79DDC3D1E23EAA975517D9BA3BB0
Filesize
9KB

MD5
3dc9b6f9132929fdf4ea20ce12ef729a

SHA1
b09e9d1769c74fd1e803531a66ca9c918fb34c42

SHA256
dcf799d3197ad5668f7d9789feba29ce4f65ebc5c51c1cfe9593c2fab4164e63

SHA512
b063d41ec9f91bb59100a2bce9449f245540b3b62eb8f0fdb442bb8d8f428498530d9a7235477214a7c2318bfdb3d93bec6fa7fe3226cfe6e669f6632d7e9c6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\5AC7BE8EC03B1003CCA33FAA8B454C330AB2296D
Filesize
31KB

MD5
993ccda371279efd0fe3770395ceb457

SHA1
78dadab1d28bb327f985ccd3f104025310623a80

SHA256
3dd6085e08b22533d9796713ecce408ff8d8ebab3f6fa84f0011805565a78b8a

SHA512
37be0c2fbe170bfc966c05a96dbab8a569488045ab7daa4c5fff4a1d89ff1307b53c4fc4afdf5b1c826761bec8938e3fc02cba088179a48039f0482543e144d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\5DEF8FAD9F2854D45CC55DBEBBE04B639373F97D
Filesize
7KB

MD5
d96fb7b38a119eae429a025469cd3af6

SHA1
08bffac79e5410baadb1e44c5e714da49b5daeb2

SHA256
b1ce0cb2869c148981f997c4c721c842aaf7aa7f4d8493bab798aefbc4bee567

SHA512
4d4085ecbad7866881dc25fe250b250c7ae084788c52aef090212402c39b88327208af8a37b0f723c3ccdd1cc3ec7c51ef640f48ac58a1f99c54a7105b3dcd40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\64977F8BF3BEB157A6133EDE4EDD6637401F1AC0
Filesize
15KB

MD5
951de43541c645083c65682296894c6c

SHA1
c649a1ed80a915555b618f1c69eac7410a82a413

SHA256
1c90ce5fd36c759798e03af363bb3697896b99d97297bc80c05aeed39703fb28

SHA512
74b5be8270dec4f28b7754f1a547afe419f3f3ff33336c8ac73c000f133ce91be5a1b5a145aebbef42e93b32720620130b186ffd4ba0ac84bcad073632246063

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
9KB

MD5
6af14c4706966b48c9f0728b4d54a04d

SHA1
da8d4029ed428c57bcc81dc886937ece40c77124

SHA256
e319a9130af8b5f5da677c3b5b724c4074372f9219fce8aa6c09b01d94d6d51a

SHA512
cc8962ead75c6d0d92fd9c6d88b07f0fabb1a3c923f9b005a822f1e254fc10cfd00bed4c20fc6ceeae8c352853bb2b2d1f193bb62611cb249afe866b4479211d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\6FD37AC98027A44BCA081A69579E8670CB6D9516
Filesize
60KB

MD5
95e9a93359824479dfab15e7d48fa3f2

SHA1
fb4d21202cd0b69c0af468a63cb423abe4265aba

SHA256
2a102910f7158f2a05a0b8d58c4e6a0d39ad518321d80cf91c95b248019cd296

SHA512
93c906c9295aff517908b293f378a3049652ffc3cfb2663d06f56d4cd4e66caba64cd66bff17bbe9a590a328ff4eb6c1031125e0dbe75ad22e9b4a6ba2046804

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\7FF28439B86762E46A90933A8D8CDB61D5BCEE02
Filesize
20KB

MD5
1b0890a02aeaa40d8aa7c97d24ef567a

SHA1
cb1935acb350fce80046dd0ebbcace6fdc926ae4

SHA256
2d67b5d919b358b1bf1ba294010a5aeedf0f40f758c6da39018a720d1a9cc722

SHA512
c4e6b16ba88f3c2985f657274478a59e6d71c465c2c1422fafb5c4a7f27b81c64627744c2655c235e9aad757691c84114d47b8ffcc444ba2b0e7fb7119ec79ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\812C74B082E63634047FA15D206B4157FCE88C5D
Filesize
53KB

MD5
d9aaf4db3498c298a2d95c464b9caf50

SHA1
c8354f5db04c6fa3d7a518abd2e2951d8d519cf3

SHA256
961219db651fa3542dae9d996f8dcc39ab79f6a44da0ca0c5beacb8e2d250fc6

SHA512
f16079719bea09b546b0364b994bbedfdb943d9bf00b729b80a46eef06fa755ead4a98a60c72fd2fe6bd060833ad4d0206ba6f4560c737647a21de9a59582180

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\8CF8034E526CB7E01D59FF8055E66E2997FFB9D8
Filesize
2KB

MD5
8f9b9a6a6461f6ac2f9c2bf2a8b4facf

SHA1
9b6cfad1fc0dec1adb96cb1d29d0f04dc45542c7

SHA256
ffcd7e4c66b3df0a2ca43e100d4ec1662e886c4a899094d9600ae86e1da2488e

SHA512
44e608c020713b000dbaf8241aa40ba253bfd56cffeab51c87fb18282e927641c378bfc66c6e822de41c0cce37d3fe515a630dc943a4e173b87e0938ff5c10bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\9648808B6C63CD1AAD97A7B68F84F35C95682143
Filesize
9KB

MD5
3e0692f586a34b000874a42cf93dc552

SHA1
351c28fce38aa1c8e0ac96c3b7d2fbf700d7ea53

SHA256
c352f660813c904be84da1cc3215c71206166e70fb97679bae8560ef24cdcaee

SHA512
b77c7343d0623e0eba03b2835aab383e3836282272d288498235dd53e51f1550ff2f48bf0697d9a722c674b8aabc2ecb27d21a7a3910b784282437477f5da49b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\A128EA606332297A14B35D0FDA80C8B54ADCF09F
Filesize
3KB

MD5
42ae4a2618ee4a9b9edda3d6f2e449f1

SHA1
fedb5c113583332b69d8f9380256cd87740f9fc3

SHA256
1b9139bfc0349684a96c92d74d59fe280bc22cb3ab2016407a4c38124ac8c2f2

SHA512
58617df3a6b215b19ede8b350e79fdc67788a04e6bb3c0759783a91ce7a8acf0a30af7ce404bf994819fa361c3024268d259e7138995ee3269fc58ea6e93b763

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052
Filesize
14KB

MD5
c1d0255d50dafd27f96afd8639e1faca

SHA1
5b6af1c831e486237ee9a566a8d5e870e0497747

SHA256
5f41c8fb01b1e16ae26add5c5fd94fcb596c528f5b36e8477dcd87137519b62c

SHA512
72729c51a1a99df8187aad02f1e32fa29225ef4e1300d07986177f29f649faea641d468aa7a2b5d1d13f5a0871404a9aa712405018555b08f6195b667b99af54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052
Filesize
14KB

MD5
6a4bfe3066f9bcfcc62bdc0291d5e5ac

SHA1
84f3e0b69405f8410df122ddcdacf73c431f6b90

SHA256
25f39f51168c8d8c4407a01f9ee3f9d38633a59b1d591f9aa1a4647c156520bc

SHA512
bbf52035adf44d56bc361648967ce9ed5f5adcf350ef0770ca3e1248eb77250f28c21953290312a5406236669159334d0fdb36da02fbab95668028920d43aaf6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\DB705143F5485A53F917915CD933E1B45FB0D9C0
Filesize
14KB

MD5
b3542b2f483c949244ffd3d49d1a3062

SHA1
acfe0581e2939a6ae0b92b25f9312f0728aa5628

SHA256
761581ff76ce6d95888361ba16d29ee10a895c72bfec6dd2db52e1e610f39b4c

SHA512
dd96f4f1c2a6f175d5f682dcfb59ecc0933d427fc3fdbeb0528c0a2969d46a6c46f6ee0fb151d305d500bd170ce9f97ab254eea246c3ebbb587c1a27b6104e15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\E0DEEED0B1C3A07DC5E9FE886F749ABAC6207BAF
Filesize
19KB

MD5
284903ca6e0b63e8c5148849c76f1d01

SHA1
026f9f0765f9f710c298eb9c644e72cb83094fc2

SHA256
f382de5aebc987559d5b92fbdefa19e72ce8b7684a9c4780e9c9eaef86ed219a

SHA512
2eba1b51a45b89c08f1a7dd4a30b1099c37bd0b5981d0334f1b6e1b028b312e226d71e6ba2cadf5eb3fd1804daa400d311d4df433ace0b3848f67da1c1e3cce5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\E6122B54C43564F21406EA07769527D07CBC7443
Filesize
45KB

MD5
f8b2dbf7612ab0cb7490918816c68daa

SHA1
15cccfe1d32a00f81373a7e5e06bc3692940c5b4

SHA256
b10e1458d10e56f09b8f393a32d4a88716999dc78501aaeb21494b9df5b2d1cc

SHA512
70132e105f7532323edaa2f45acac5ceab794fd31a59f8b457438d4ea166f8b15ac212b0cb62a5768d7cfcf07237d073898492923f3ec194f03b3dafcd00d7de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965
Filesize
52KB

MD5
5726f8ce6a3a42539991b7818031454e

SHA1
faab698d92a312fece219f489600e579a89303d5

SHA256
b3358c0a7d3ba0584280f38463605cc08aa2aee5c4a99aa04ce345955c44f635

SHA512
8b7d958dfaf0a86983f3e233f3fe6e68aed14519d9fcb7292d98cd082b9d3e6e76aa03f3733373775610dc1390200ce7b471b8b9ed916268defef2896d3111db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\E9288097D1D54595D8A35E96EF5BD08B1A40DADC
Filesize
12KB

MD5
4f0f6fd99f7e92eba9452ea9a4f97270

SHA1
13e64b4e12c80c460ebe0fcc4bc58e99631ebfdd

SHA256
54dee5aafa72d1953090f79dcdd1145eb3d4bf368d09d4116c5b264fa2fb261c

SHA512
0c23f732e281cc706ff8cabadc952b1cd7386c7a9678877bc2e8b474b49797319296ab53b658873b37326c0fc113590d80dcc906e3d374052bad37cc693e2219

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\F158AEC307252C678765FEC13B6F8BA7578F3CBA
Filesize
11KB

MD5
64d867c675d6da56a4fe4ec89ecbe114

SHA1
58daacfbf7cd85c6464812b3479d1c465f94e1aa

SHA256
d76e37d79101f6263b517214447f04ef5f2af6e5d69ac1dd09ef58d1b64f4aa3

SHA512
575887c0afa2293f436f8e7129abce962c3029d261b337c9299e4ab4f904b6f949fcdaac207d492f48871f02088ebc2abc18e59dbe8841e993785dcaca6a24ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\FA54F961B8D22F1D03073CEE25685321176CFDA6
Filesize
15KB

MD5
5adf4a0bdf2ad238f73a4d87bc70db7f

SHA1
479dfc445d04653819410e4ee3f2893c25d838fa

SHA256
8288b5133153d521f5b5b34699395131978e227cf01e72ae8ff0ad20d0ef3175

SHA512
e9797bf6cffd94172625e1acce5972b1cba650a91764c5c97be6ba5e4904076beb2c59b1880a3dc0528207b9fa8b411d17767e17a3813fd2e37330b9ea305e12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\startupCache\scriptCache-child.bin
Filesize
464KB

MD5
5b6d9966d20791c38f3948d133bc4014

SHA1
e033078a3e395fa5ac0c24c92ba9e0d2f9129887

SHA256
181aa6dae48c54c9e5324f6810a4bab386f426d6d90d69f3c99fd03edbb77fe4

SHA512
568ec26dddb29f09c182b16af91f3b908e2890e1c3261547b70550827633719047ca0d7fbc0d2846c7bb1da1ef1a3ee278b4073567348d5d8e02417c8e439d88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\startupCache\scriptCache.bin
Filesize
7.8MB

MD5
c25d6147120bec6dd0c61af4ce61782e

SHA1
32cb7def1744699207c3d5c2c7413d9aae62e210

SHA256
3a441b818db5b9ecef045602ef43a3b7959baf17560db4589a76c2a05eb8ce0e

SHA512
a882c90499f05c1d06e44bcab4b406cb38b05a57851a4a8ab78c882b71bee0fcb9e1871d5ede17b0db94ed84d07ec63b89870c4ddefbc4f3bcb21801f4e17127

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
03a6575591d4387ca77b6cf7e193fde6

SHA1
f04d06b16f43245a8b5c21472d8ff18e0aeb44e7

SHA256
4959c27e1a8bb1552abdd7913ebd9581c8e6de51e9f5433a2227f4fb702a7408

SHA512
f7a6499ea7f2f0a80f38fb3a2eb337107f7783ffc970afb09dce70f69ab9e125712e4af28f2103a2f8a7fa5db6ce6acd4db709f5a42f6d177aa1e77c7f72f72b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\thumbnails\0354034248f444cdb5c48a2ff9dded6f.png
Filesize
7KB

MD5
87ab2b1f28ad59eb7221aa9056a148bb

SHA1
4b4f6fb2318cf2522fb509fb92dbc5b530a8ea47

SHA256
75f3c59a090ffd45f5dd99b7ae454944eca6733b79a5a20bb79865521516e499

SHA512
2dd6beada173e75f83f94af110600492aa83637bb42585701568adad70d34f1f8a3fc2fc63d984b148e50e99fbfdd4891c29314c6772d290963a1b0d833f066c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
15KB

MD5
2d8456404037fadc02361ef83a1d61d1

SHA1
7c19b812d72cb361a9fcc7688a5a8c7eae34a20f

SHA256
dd401248236d9cd611f6934f4d2bf1f5286d4eb453ccde3dd21cad5b5aee15dd

SHA512
c377323eb7d625b6b2d6ed92d5a762a254b7df961b8d6d3af549d9073b02e524079457125fabad668e0a1e63db5fb8137d1f52c14123e4718e9377ae94007e25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\addonStartup.json.lz4
Filesize
5KB

MD5
f250c684a241935c2794c30ae164ae52

SHA1
ea384bb1ba6744718b3bb8180800365d19887692

SHA256
ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7

SHA512
e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cert9.db
Filesize
224KB

MD5
ed48f66f635f222dc342fdfedb033d62

SHA1
16d1f8cec35afe9f55567307e5e352fce3193a2f

SHA256
0eaa546c836ca046a9a1c28a2b4009bfed1acda544974de54a7a6a47b5835da0

SHA512
a033a967c0bec5c3c186a3c5a206b92baca97c2a35def20a3bb56ea99e2150ab9a840ee43b42c7de1182a04f944aea7ae77acd494237d5b5b2735fed9804184a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cookies.sqlite-wal
Filesize
192KB

MD5
24c8e26e9029c89a55ee49da7c56def9

SHA1
d5eb1cad133146ddc84c4b5c771658b256ee01f5

SHA256
025e3d26e82b6b28caebb06fae6b178df04178aabbb9c2c40dd445961d031246

SHA512
d31515fda45f3bbbf696e1e770c13a5d27369b6f1ef45e849e1612d2b5e37db57e0d6d04a019c15046765674c98d795c511aed31347bbb700358fa673ad7878e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\favicons.sqlite-wal
Filesize
160KB

MD5
e072e38438ea97baa82cef39c04cc470

SHA1
456cad514c5694d134d66aa48101cc0d7bb0bea3

SHA256
41dfb00f93d8bc9ae612fa98a6c6bdec4a5fbd61f0c75b080d8acc09d8c4481e

SHA512
09458441893b6f8dcd44a5814c76f69b99257df074e056c0c84e3e528a835223b88c8347ca70b12a0c46c46a2fb8dd4a9812ccf12f6d5f689f2a0f2c90e30bbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\permissions.sqlite
Filesize
96KB

MD5
46185dbb6a251eb580b7c4d91dbd7a72

SHA1
2ef7ab947393b18c2fb1d5fd5e263b25655e0a01

SHA256
88e3cdee7a4e46e9bb30a072d3d963df7dfd4d4d778e1f88ec52927daea6e931

SHA512
b0e978add2c9afc375bc4ca7d357394fcf9868890d23d6c01bb4931052dbe64cc39dc07bb930688c83e7e20a9cb5e14c0e92ffb61896673a52ad5093d6ec8c8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\places.sqlite
Filesize
5.0MB

MD5
87493f2acfc6c99e1f738025c3f3b5b3

SHA1
0f63874487002caa19621632c0fcf526046151fe

SHA256
befd48e5573a1f249bebd37a3bf571d21dd6a70e14144d03e63e8a653bdead8c

SHA512
a9b799ed048adc5a639b133ef85de79a09b0f0421bdc8e5e2614c17a25fa77aa1e5d819cb3324cff6d88feecbd077c0a0b17e7270babc870270eaa97c3528621

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\places.sqlite-wal
Filesize
2.2MB

MD5
c2739087b81dc3d9d1da46abda80ae96

SHA1
939c74dac5754be2cdadb04f140a7482b047c581

SHA256
c2076964a453b513f65e1ba8ce5f9430e97ee6c6d1278042c32fe01a9504c198

SHA512
baa9c5b772e21aa8b5fb2a6a1049a315e9963e794b0f43fdf587507512bfea5fc8531536eaa23f59a8b57d082e4a3881c9ad3ee96e97a778e2c67de3165caf83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
d8aba67bb7f3df62c32d6b01841bcf0f

SHA1
606c01603165a017c5bfdf1c0b848c6ecca467cf

SHA256
bf94ee9eda7ff9b5d5967e4aa7da48264f97e0e6d001e9322494b39fbe098fb6

SHA512
08059f9f78cbfa0a82bf2d5cc014adba6f2df0bac67adce986ea7c124467ae49e88d63e193d368191ca4d6175efbb6fbc5b36ad0239dc9ba0b9e1005bc235d5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
264f45c1e3b1b012a171f772da4ed151

SHA1
79ee41e00b04854ab681e40561c36ec3327d9684

SHA256
31e40f5225c988999f99c66893384d5de4a49e4a41784cc365e8b8911af5b5d2

SHA512
aa975b70f2d0d7ef2075f8f3010121a59855288fefdda3d93e59966d76d3caa9582f399133bcb06a1a2f1334ea046f2df4dbf5358def8969c4e69ecbdd0548ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
f40124685599648dc5f52cc12c5487c6

SHA1
ae4a4be4eca3ef9b57a2d2ac1c93924f675667f5

SHA256
8ea338bb359df83dd5ed044eb146109838bb9e98b035693476ef612fa09fc264

SHA512
01f22f7394aa7f66f7fcf972746d2498cc8291aa0a4f16a1f5d80af8bbe8f12cb67a3179c6a31281dae12dba07b61d1b8ac9072c5038e90f1385259c148ff4fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
b6eab31c0e18de70dcf5c5b9ed76ed8b

SHA1
ae462ece7fc6f3796481736c3b2c83cfd432c471

SHA256
f7ba4942fc5616add395a3da90bd0a2efdfe680d1da1210e38a5b75e3efd037a

SHA512
b601c93a27b51eb057f402196d3ef1bdc0ae95861b3ee395ce7a2ff5c127bf651f4c4ea783fbfe3117aa3ffc2e21edfae1a6fff4bfbfa4c5dfbaabe985eda94d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
02afe1d5e2dcc9329b0c8481134f1548

SHA1
17bff13f91ae6fed8aea4244220d18a46f13a3d8

SHA256
cc18ae9ded1ffb71cd8a7a7f1cd676d0d56f7f65f96234be3b4ba382a8f44027

SHA512
56d789f2dd2dbd8930a97811ce0ca40e8200524ea8f4b957c54f8f1d6b8d7cdfb699b20d8eff691924d61b697715685c09c52348c7c5e9e9aa796c29445e8cc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
172d400d0b06117195b25bd030cb6f05

SHA1
cdd18962af748543395317900e5b90ced31243c9

SHA256
ac532d8e5d05d3c0fda6c4c84f2d9a6d5bdfce890cb9d353607f7fcb8db708c7

SHA512
fb570e2ce53cc36fead5e25a8442383a8e3cd9e7ae904b548b782891c271bcb2d40b5d230d4d363186e10bb09129313a76221ee7cd66464d74fc4f711033fc6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
0f98873e26efd30df39b4db437d6b976

SHA1
ed4b13a011ba35157ef150567ad319aca8b4ed16

SHA256
038d0e9deb52aaa970a79f80a2f584aa3d77fbedcb09146511a50db3907755dc

SHA512
3d7177c7809a7052b81b67a582fcb00215e6ccb17ffabc390c3c7782647484cbedf893401c14e7732e4c845598f413bed7fc4edfdabd2296f8acb7fe280f1628

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
f66bebcaed257ce2c592c6457d4b8bc2

SHA1
ca4513a96087d09efdaf8c0405573aa27540b104

SHA256
bb8c9f2b23ac82204252a22e7e3d04324021c76b57c3d0d0409daf466c935ee8

SHA512
6d91eb8224e59dc8a99ae335c436ff61c1fcfdfdec8aad11a3c049c82aa09865033b7804996b7bd377834fa97f645cb7082448c6190616adc3a1127beb14cb12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
8KB

MD5
b1dfcfa8f8e0623d79a6edd130ebbdbc

SHA1
54cb239e4145060e4dc963907e1e302f58684cff

SHA256
3e5de063534b0966b24de32628e3f6bc02f3fa7111c96146491108488c1042e2

SHA512
aac0f2f930ecc9229bfd0f33d4fea68d4a8c5ac2497be15c13cc837e9c57ff705e309209be9c907070cf6661a71950baef19e12b0d3b9ab6f0d538de0f5c92ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
9KB

MD5
1b8410d9f4ad347e22721b156914ad67

SHA1
d2a670fab95dcf5ddd5c10fcb21a72d946521863

SHA256
29ce3884a7985faa61e121e4040d0ce8aacc473746d0effdfb60fbf6d96f9f25

SHA512
c925218a1e0be921acf3e6dd835e1d2ab48fa557730b10ba7b29d3cf1636ec0cfffe00c2cf149cb903ea6e2fe6991fec169ff657ff355406338f60f7b32cf366

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
f40bc091f9a2887887fb5ea1bdf568d7

SHA1
a1aca695322e243aa9316530169a325f4b53e14f

SHA256
3a4725e9f910afbbe2413e26343745e55955bca10de694bd1be227e6db6801e1

SHA512
118a10c1fc59f1b1dd3c91134bf4518cbbb48193c0523d11f16d472b8dbf1f09a19894c04ba553be1da565d0670f0c9259482ce83e38270d507d6da32f17784d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js
Filesize
6KB

MD5
fcd5f37e5e4066f7cffe8eb106b6ce19

SHA1
b0a1c4d3d5c96271429fb09cb71055d177c13402

SHA256
38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

SHA512
afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js
Filesize
6KB

MD5
fcd5f37e5e4066f7cffe8eb106b6ce19

SHA1
b0a1c4d3d5c96271429fb09cb71055d177c13402

SHA256
38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

SHA512
afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\protections.sqlite
Filesize
64KB

MD5
deeced8825e857ead7ba3784966be7be

SHA1
e72a09807d97d0aeb8baedd537f2489306e25490

SHA256
b9f022442a1506e592bf51284091a8a7fe17580b165d07e70c06fd6827343a54

SHA512
01d303232d6481af322137b44fef6c2a584f0643c48bab2836f9fe3193207015da7f7514fe338500ae4469651e3d9618293858ae507e722198a249257677099e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\search.json.mozlz4
Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionCheckpoints.json
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
fb3eff2c8ed124b62ef1990a60056876

SHA1
51e2ab7c7c1b84f67de0e6f59c988be3ac1d9f6c

SHA256
d0cd9a2db713d5ce26f902bfacaf9499e1bb3950f23bcb3d11cc1398fd77057c

SHA512
dfe741a17d80d74a8ecb2068e277737674d2715801c871cdb38e3d4e4e82de1d4ac5d2bb91c76a708f098d36a6ba9d923edcd023919890e0b013964a2785f3dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
12e2acc2f34fc953e1b177affae4558c

SHA1
7797e1b56b54b5911d9de6c48b80917df24cd384

SHA256
9b15bfcc594b98e7fae2541fd0770c4679f61c76def25290bdeff559673effd1

SHA512
fdd2a7dba414017861d9a25a3df607486e28c080766ba5a0a4bbc89d4ad6069d370620e4db3bac71611acd8024b2309b872572d8d1680c8f7b07084ded059a4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
12e2acc2f34fc953e1b177affae4558c

SHA1
7797e1b56b54b5911d9de6c48b80917df24cd384

SHA256
9b15bfcc594b98e7fae2541fd0770c4679f61c76def25290bdeff559673effd1

SHA512
fdd2a7dba414017861d9a25a3df607486e28c080766ba5a0a4bbc89d4ad6069d370620e4db3bac71611acd8024b2309b872572d8d1680c8f7b07084ded059a4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage.sqlite
Filesize
4KB

MD5
e754fbe11ba0e708fa319a0396ff4274

SHA1
46687e5fe95275f8d9512e64659a7ad985343553

SHA256
33f31db8b6798aad9d7752c69ddbf9c4b97621fb924c9171f7f8c4d4e6c59704

SHA512
e02fc85d8b3bcc22c33e93dda90993122df5be0dcdff02302577978f47fb202ecb20cfaa899c2c67f4d09c6381b076eae6b2e0af682de10b8df7e187e735bdab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
200KB

MD5
9365a6ea232906da5c897e161993e122

SHA1
65521716abbdad2257ec01b86df44bf09f9aa563

SHA256
6511c6ee8de32aa1596c83c2421ab0e9acd1703782b277abf2bb623d4ec67128

SHA512
d55bbceb2a1badce06e87d562eb2518d2fe73ac05706fc2d6a84ebcafa77689dafae569a4f70962f3980f52b6259ab24887b540bda2daf0ea6cdbab7bbc03e71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\permanent\indexeddb+++fx-devtools\.metadata-v2
Filesize
77B

MD5
49e36409f542f31376b7c901d825bd71

SHA1
657a090b05c797752b0870b6b39821f9848ac9cb

SHA256
74bf33de40f0b09c7d0ea3fb47a763af54d98411477c60c77fd23b6a9426087b

SHA512
9671e2587ec55089b371f4bf89c1e8382f2e7b74389a244619100e5258f4b1e98b8c1edb313f8872ef9f32a299ce8c0e8d2c1953288215f16e33d845f82e98b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\permanent\indexeddb+++fx-devtools\idb\478967115deegvatroootlss--cans.sqlite
Filesize
48KB

MD5
23b461cdef6781c556922d9bada7ca3c

SHA1
26684e550f765d78c7db8536c02109271ca382ee

SHA256
a41b035b4650baec1dc1d222358773471a77a122ca17769885fc6ca1f84f87bc

SHA512
1af5efefc44accbd7acd3c7d18033e3915bf708c687bdcb94c435e26b7c04eb44a6e48688df715f23a16d6e7e9842d58b40e9eb2abf42fa39ac4d38ff8cb0f9e

Download Submit