15d2ef2e0905e5bca529006cb17d215c69c1516ba656c30c1ddb081dc885bf15

Resubmissions

30/03/2023, 10:33

230330-mlh3sacc32 1

30/03/2023, 10:24

30/03/2023, 10:16

30/03/2023, 10:08

30/03/2023, 10:04

30/03/2023, 09:59

Analysis

max time kernel
452s
max time network
454s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2023, 10:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

PO # IF23029361209.xls
Size

237KB
MD5

b961980c1ffa928b21d080672e0cfc72
SHA1

115415db7cddc5d1051cf18c6189186a730b955c
SHA256

15d2ef2e0905e5bca529006cb17d215c69c1516ba656c30c1ddb081dc885bf15
SHA512

97f01226cf88d955df1db048e5d1922106b58211b4a6103701fae2b940b1506ded46422028d27262287413dffb4519cc581cb63e0573aa2ac6e2ce8f034b57d8
SSDEEP

6144:DWaFJkKXiDU7w5dW784kELJc1b/SmtARG89Y:yaFiKXKbEdch/SmG9Y

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 11 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2592	EXCEL.EXE
1236	WINWORD.EXE

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	1848	firefox.exe
Token: SeDebugPrivilege	1848	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2592	EXCEL.EXE
2592	EXCEL.EXE
1848	firefox.exe
1848	firefox.exe
1848	firefox.exe
1848	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1848	firefox.exe
1848	firefox.exe
1848	firefox.exe

Suspicious use of SetWindowsHookEx 57 IoCs

pid	Process
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
1848	firefox.exe
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
2592	EXCEL.EXE
1236	WINWORD.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
1236	WINWORD.EXE
1236	WINWORD.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE
2592	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 4476 wrote to memory of 1848	4476	firefox.exe	90
PID 1848 wrote to memory of 3584	1848	firefox.exe	91
PID 1848 wrote to memory of 3584	1848	firefox.exe	91
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 3216	1848	firefox.exe	92
PID 1848 wrote to memory of 860	1848	firefox.exe	95
PID 1848 wrote to memory of 860	1848	firefox.exe	95
PID 1848 wrote to memory of 860	1848	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\PO # IF23029361209.xls"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.0.304345411\1856345027" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1832 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1479491-cc99-48b3-a241-cb8de0515b8e} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 1916 263ebc16b58 gpu
    3⤵
    PID:3584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.1.54660357\1560903091" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7cfedab-5d9c-47e1-97d1-bba4dea034a5} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 2316 263ddd72258 socket
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.2.1429137606\315510813" -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 2912 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdb0e50b-f3f1-49d5-be0b-97458afc7732} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 3200 263ee904458 tab
    3⤵
    PID:860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.3.886463277\572345084" -childID 2 -isForBrowser -prefsHandle 3520 -prefMapHandle 2980 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fad52eb2-0c8c-48b3-ad43-dca2e720097f} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 3556 263ddd72e58 tab
    3⤵
    PID:460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.4.1851724063\1897633973" -childID 3 -isForBrowser -prefsHandle 4084 -prefMapHandle 4080 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e59e57fa-8641-491a-9ea1-96719e6d1d32} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 4100 263eef3e958 tab
    3⤵
    PID:4228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.5.110787142\1646855465" -childID 4 -isForBrowser -prefsHandle 4960 -prefMapHandle 4968 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bc50a86-8424-4d33-85be-4b94f47516b4} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 4964 263ddd2de58 tab
    3⤵
    PID:3804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.7.818516219\2118352268" -childID 6 -isForBrowser -prefsHandle 5300 -prefMapHandle 5304 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3296e3b-e08e-48ee-a0e5-eb537ef47aed} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 5292 263f1669658 tab
    3⤵
    PID:652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.6.968561815\1309594436" -childID 5 -isForBrowser -prefsHandle 5116 -prefMapHandle 5000 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d53047d9-8254-4c03-9e07-9f5886416747} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 5104 263f0ed3358 tab
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.8.737563170\822401304" -childID 7 -isForBrowser -prefsHandle 5648 -prefMapHandle 5644 -prefsLen 26595 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c54f59bf-5c4c-4c5f-9646-7ed355aa1e38} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 5656 263f30aa258 tab
    3⤵
    PID:2164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.9.2058526541\924688056" -parentBuildID 20221007134813 -prefsHandle 5976 -prefMapHandle 6012 -prefsLen 27035 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {036437c7-8259-4bbc-9fb8-fabd367eaa4b} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 3612 263f2e86858 rdd
    3⤵
    PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.10.216955902\1054954278" -childID 8 -isForBrowser -prefsHandle 6072 -prefMapHandle 6068 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {169e28af-92df-4b1c-9a42-e292f4bd0b6d} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 3460 263f25eab58 tab
    3⤵
    PID:4968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.11.1240187259\878865180" -childID 9 -isForBrowser -prefsHandle 5472 -prefMapHandle 3648 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9422de92-42bd-4374-8226-0898820bba0c} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 6164 263f318d758 tab
    3⤵
    PID:2508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.12.379964924\318369170" -childID 10 -isForBrowser -prefsHandle 9744 -prefMapHandle 7724 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1dd4f61-d2cb-4705-95a2-f36368b79e83} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 9768 263f42b9858 tab
    3⤵
    PID:4648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.14.574524323\967820844" -childID 12 -isForBrowser -prefsHandle 7532 -prefMapHandle 7536 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d56becac-2a4a-4275-a31c-63b600fa188a} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 7588 263f49c5b58 tab
    3⤵
    PID:4608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.13.1727734753\1701259264" -childID 11 -isForBrowser -prefsHandle 7628 -prefMapHandle 7624 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {380d17e9-4acd-414a-904c-06bb6ae28ea4} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 7520 263f49c5258 tab
    3⤵
    PID:3452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.15.199022889\476338441" -childID 13 -isForBrowser -prefsHandle 9336 -prefMapHandle 9340 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b93093f-8426-4bce-99bb-b632e0773b8e} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 9356 263f5162658 tab
    3⤵
    PID:640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.16.438749250\1569336315" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 7556 -prefMapHandle 9104 -prefsLen 27171 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {558efd7e-f64c-4efc-976b-2d8721d0880e} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 9080 263f3d11e58 utility
    3⤵
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.17.156093638\489751507" -childID 14 -isForBrowser -prefsHandle 9364 -prefMapHandle 9340 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5643483-bd8d-4a64-8fca-6f8af3c34a16} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 9172 263f5cab258 tab
    3⤵
    PID:5532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.18.1106670392\1843266598" -childID 15 -isForBrowser -prefsHandle 7344 -prefMapHandle 7340 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1328be5c-ec17-477b-9e8e-4f1af329fe53} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 8792 263f579e858 tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.19.784258638\674323156" -childID 16 -isForBrowser -prefsHandle 7288 -prefMapHandle 7292 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77eced89-c88d-4f0a-aca5-c3132440be71} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 7280 263f47cdb58 tab
    3⤵
    PID:1060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.21.1011286356\305366688" -childID 18 -isForBrowser -prefsHandle 7108 -prefMapHandle 7104 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f14d18a3-980e-4452-8bd2-f4abe87fd034} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 7116 263f60f7158 tab
    3⤵
    PID:5788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.20.200569407\1633512975" -childID 17 -isForBrowser -prefsHandle 6072 -prefMapHandle 5844 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d462b4f8-3b3f-4966-8917-4cff54e71af9} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 5840 263f60f8958 tab
    3⤵
    PID:5780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.23.1168821961\252254140" -childID 20 -isForBrowser -prefsHandle 8388 -prefMapHandle 8392 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bed77e00-1028-4501-83df-cf324ae7362a} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 6944 263f7330858 tab
    3⤵
    PID:5448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.22.913066102\1476365942" -childID 19 -isForBrowser -prefsHandle 8500 -prefMapHandle 8496 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3ebb673-c978-4ae7-ab74-9681a49ddcd4} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 8676 263f7330558 tab
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.24.1473984100\484459860" -childID 21 -isForBrowser -prefsHandle 6916 -prefMapHandle 6288 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {679f4ff3-d83f-4e95-93ef-2f26db9372f1} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 8388 263f267c358 tab
    3⤵
    PID:5936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.25.200045835\108295346" -childID 22 -isForBrowser -prefsHandle 8568 -prefMapHandle 6256 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {264e18c7-d992-43d3-a846-4f2a51d89758} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 8560 263f16db858 tab
    3⤵
    PID:5776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.26.1071633292\1710348786" -childID 23 -isForBrowser -prefsHandle 8356 -prefMapHandle 8548 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6ea433b-dd62-4f6e-9add-9fc458a40714} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 8368 263f16dbe58 tab
    3⤵
    PID:2284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.27.1473257924\2031893666" -childID 24 -isForBrowser -prefsHandle 5492 -prefMapHandle 5484 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25ae5c05-1207-4b9b-84e2-a949383d4bb9} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 5256 263f30d4058 tab
    3⤵
    PID:5348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.28.1177944482\1113115175" -childID 25 -isForBrowser -prefsHandle 8928 -prefMapHandle 8936 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b2dd41a-8f52-4544-ade1-644c2241378b} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 7568 263f3c53a58 tab
    3⤵
    PID:2476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.29.134012383\2143370214" -childID 26 -isForBrowser -prefsHandle 8988 -prefMapHandle 8992 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {383e70c2-288c-490f-8c56-8e6c74d353dd} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 8920 263f3d13f58 tab
    3⤵
    PID:4768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.32.1976964215\1087003915" -childID 29 -isForBrowser -prefsHandle 7016 -prefMapHandle 7024 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {774aa6a1-4986-4079-a401-4f8da11115f5} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 7492 263f41ad358 tab
    3⤵
    PID:888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.33.603353604\1574264204" -childID 30 -isForBrowser -prefsHandle 9532 -prefMapHandle 7528 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5fcaf9e-0e71-4525-bf54-82ad65e5b7e3} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 7504 263f41adf58 tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.31.1246767946\995790695" -childID 28 -isForBrowser -prefsHandle 9504 -prefMapHandle 9500 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {702536c3-a392-40d8-b945-fa75a11d0e03} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 9516 263f41ac158 tab
    3⤵
    PID:652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.30.71393927\207464671" -childID 27 -isForBrowser -prefsHandle 9528 -prefMapHandle 9520 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a1b066d-7760-4fa5-a449-fe13313f31fe} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 9356 263f41acd58 tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.34.1205157265\1741949916" -childID 31 -isForBrowser -prefsHandle 6720 -prefMapHandle 8220 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d46817a-2a70-45b6-94bd-0a072a1e9ee4} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 9344 263f5ac0858 tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.35.1017631461\1981458146" -childID 32 -isForBrowser -prefsHandle 8232 -prefMapHandle 6108 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa115ec4-9370-4b84-8c81-619b00c68b96} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 8204 263f60f7d58 tab
    3⤵
    PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.37.199048341\1877866088" -childID 34 -isForBrowser -prefsHandle 3648 -prefMapHandle 5536 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {521abb98-dc9f-4ba7-bd7e-dc32583b4c3e} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 7920 263f18f5558 tab
    3⤵
    PID:4688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.36.1306277429\220727243" -childID 33 -isForBrowser -prefsHandle 7856 -prefMapHandle 6364 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fce748a0-1e28-4abc-98ff-7706c3299b2a} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 7872 263f18f5258 tab
    3⤵
    PID:2772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.39.1830615436\880002400" -childID 36 -isForBrowser -prefsHandle 8104 -prefMapHandle 8080 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ccba6b9-28b6-4e4b-b154-2f4c5d32aadd} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 8128 263f3dedc58 tab
    3⤵
    PID:5168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1848.38.1535997190\1774391170" -childID 35 -isForBrowser -prefsHandle 8152 -prefMapHandle 8824 -prefsLen 27250 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfb9bc91-4f7a-4ecf-8824-30370f21eb6a} 1848 "\\.\pipe\gecko-crash-server-pipe.1848" 8136 263f3deca58 tab
    3⤵
    PID:1520

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" -Embedding
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1236
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:2328

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
471B

MD5
6490a9f74fc7bf7d08c0b39b7ae964d9

SHA1
6593a2e374d9c7e4b4d4ce4fa74a062be3b1c47f

SHA256
015bfa46ef79e0f2c18eab9c3d31648ea6b89ccb0a9f1a5b2a2febcc0d627bec

SHA512
77f258a1acf4bc25490b4748c764efe0db9ecac527a5f61bba504cc8c41ede199d1620efc0fd8940853de86050c8c50c438fa371b7ee6e2cb152011ac0647378

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177

Filesize
442B

MD5
33672b4cc613ab65f9f61b12389f826a

SHA1
b668d94514382433e20ba8511fbe2d65c11d34b6

SHA256
34a7240ad492e3b92461de3801f6cb98a3d232e1b1c543f1df9afef1deeecaf1

SHA512
9db4845b5fb16de6672b8745d79e6d329044f39c5651cedd8991e2cdd8b095394503a8c19ad061097afc8dd7cba6a60251b2d9d7cce2860f82e3bd2a29ed35cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\TenantInfo.xml

Filesize
76B

MD5
0f8eb2423d2bf6cb5b8bdb44cb170ca3

SHA1
242755226012b4449a49b45491c0b1538ebf6410

SHA256
385347c0cbacdd3c61d2635fbd390e0095a008fd75eeb23af2f14f975c083944

SHA512
a9f23a42340b83a2f59df930d7563e8abd669b9f0955562cd3c2872e2e081f26d6d8b26357972b6d0423af05b2392bddbb46da769788e77fd169b3264ff53886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0001.tmp

Filesize
66KB

MD5
c227ed7765b376af3dc2296813405191

SHA1
fee04009774478e423cb10d51719575fd2e119b9

SHA256
cfcf78cec42f2e6a9338e0f0fdb9e44fc1bd0959f18d37df843b8fde9606ddfa

SHA512
830c345779f6d2a74179fc6dcb7617cebd895b2116cbc195323a00bb5a476f845cd41bdc8c1a5f1484e9bde1f3dab8599d55d8e85fa6608972633805553376f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0003.docm

Filesize
66KB

MD5
ab49a653f5e9069e6ef569a1bf864116

SHA1
32618f334bd65ad1aab45f5414c616ff0272a06a

SHA256
a63c57972b92cc1024223939b351a238b95760ea2ef7276bb6d68e27fffafa0f

SHA512
ef1d2cc64f7145375a1324c4fc4a2551d699bdd205f8b465466debbfadab6d8f65e6d924ceaf5bd6913597ad8cab00c307b79e1a4f3fd65ad22f6c4459d7b49c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRO0000.doc

Filesize
64KB

MD5
27fd0c13fb7f47c6c84fee8a8a05f0bc

SHA1
dd77debc08033e59d6472266baa04d255d17e354

SHA256
16cdf872b4084104e682f17e718d0d981c96047b953d3d4e5619a3b5a4f8b109

SHA512
dbce5fe3018d989a3ab1323b0814db504e4a3568dcf0a49aa5525fc30d25c69156634d651ab670e34a296a6d8db97d51a0c4f570b386bd9e1d6c09b2b6cad5a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp

Filesize
152KB

MD5
9cf6dce32a82cbcfe9adf8b46f53db0f

SHA1
0ed6f45bc4f9994872c7902c0d0cb320f896aeb2

SHA256
d607cac9a61097f1cdf271602b8a1d8c2a606bb4d782b98ae16b8ce0b17e85cd

SHA512
99db3b972b97d4e3c32581000ebc741db4a3da8950284d06d32f97ada63aa7860ebde7d4c02d766b97ef7fb05c11f2bddeeb3fa68282c9aefd81577adfd70a72

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\1214

Filesize
17KB

MD5
65321a55504a9121ecb5911a22f85fe1

SHA1
b399adab5f46230b97c3489b4f116aae6a4df8d7

SHA256
8bde52f1b6a44d6b042ed22431156b06c1fed2a5bcdecf058a36d9aa01d12f51

SHA512
0bf4fa1143c6a7abe3ed4e602e557ea9eadd2f74e487c44c6d334a713a57f39d7cd278e2b8cb0a95dddfdf0cd0796982e11196a90b572fc371987e0e938df442

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\13600

Filesize
41KB

MD5
6a612610adb42fee239a33f5523d6e80

SHA1
befeaa78d7d22a45fa1dcc2dab429468b7eea1da

SHA256
f6ada550997bd9e1388d97d4ca8f1466f77186792a9e08d71b2134bcc00c323d

SHA512
1e357934f244b42b8ac3c6f4c738561bfd0e74c58a64e8dacde5c0102a9cd67de757ddd55c876940ccb5c6f89efd667b9130328cb2538e9b01b6cc08a1ce9ed9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\13963

Filesize
13KB

MD5
97823cfd9024d39c6f0c8f83fb2a531e

SHA1
74783f210bf4e9973cbebfd8c7b40672d9e2bf4a

SHA256
a60f983501e6f98ebe3c18805a8687dda47068fc50d7286c0967d03db9493f33

SHA512
78484d748651e90be64e74ad6e88ac2c7758f31a83e71f810334176913112ff8f37c7f22ab454792195fc468e86f8913c48dac4f4b4fff898c2bd98d06efefc0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\14850

Filesize
14KB

MD5
6618fb87b4bf6db74e17b64e2c48faa4

SHA1
e8ee58230847e83a0bf237c8f77103ec94d5ff75

SHA256
ffc0f2cd97a1838a6070930efab89e99968f542a418d7e8a43f71a787c482586

SHA512
118f2c759b8f240e01bac30fb1edf4046b58b6ef109420897e113addd045879ca287c66bb9e9ac42e78212f864470e5d4fb24dbba81ef4b02289956f57813547

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\18479

Filesize
15KB

MD5
eb94f9ec436c2691b89b476f495e9d8c

SHA1
4c7a24841610cf0e3830b4783f7372b03d0d3999

SHA256
a4e516863f42032b7b04913c2ab1aa74143c9ec287ea1f91f7bb756e56c6d02d

SHA512
aee19962f875a54990baf34c2a3e6c0ec979815736c4488e71235bd0ca6578a6aaeabc6675aa0e234af932fdb559a385622b4239f4f36b985ec5015f167b5bb3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\23855

Filesize
15KB

MD5
22464c6e5b824223db39d7e2a0c67413

SHA1
637511f5d02cc540d4f304b78211310b17323da0

SHA256
bf6dc1144f807a9d7a8a76e99e71c7d88950cb747745d241c257d16b2ce469e6

SHA512
91b02d0bdd92ed5c50a21136dd699f4340e032482611f77d74b412065262f4bd42491a246100f351d40a414217cb2bb8ed9a6c385aabc55d5d96ed0441ac3469

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\25561

Filesize
15KB

MD5
e89c8c4ee900fbc2bef726ad1d336111

SHA1
6da001d9d04414653eb39a9e68a7003a62637d9d

SHA256
c43d72ad198330278b4355797a9ccc2763a1a44b3018f9b0b0880aab70f42580

SHA512
baa58bf87360df0502d82f01c242b3c34acde723f049b8f261a5c8c6b86b428cce3fa172052ac56391cd19162a9aec8c1511496317ce0ce818c4f6432fe49976

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\29857

Filesize
10KB

MD5
921f7e4876f28fdddf84aa0d3985bea7

SHA1
c165488ba3a78e66976d5102676549fc1dc23e5f

SHA256
725a5b6f4cbf95ec2200c5ada4b48fb2121171890827635c24cc86d6fbb63936

SHA512
4f0528c9e7dd2bb0a7cd488eb90afaa0d634e163946e58991f87025a6921c9c35c346b7efcc6ce4111905d26861cf384cf5859f0dabbe3d25bc15660aaa724aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\30490

Filesize
8KB

MD5
f223b0912f7693e50fa3c064623bc7cc

SHA1
98d1c78923bbf0dda0a5b368c1340ffa4e1b1ad1

SHA256
3ab7c03df00ff1575039190852e1c659b1622091acd8d4bcbe5b2f8e8f640076

SHA512
dfc08971283d5063c3535004a12d9184fdba1260742d9f8bbfe5a1c4f52fe3acf181dfdc4ec33ce21c592a4c904de1ac2ab3f5724cbcb67e8d0bb0bb93a39f85

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\7583

Filesize
16KB

MD5
649ca4ab97aff6985636a8eb3963e067

SHA1
f7f69a35c654d3c0566ee299c99d0fd109265fa2

SHA256
ff13300c6ea6b209a5525613a2291ff5061c12d373f2177757a451a78e3a33dc

SHA512
c21d29b02a41959b98b19736f0efbbe934f77c7f7f889170cccd9a2e2566f0ef823f98daef070615d825becfea83bd19d2227385d4985bf92aeae9a76d469e9e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\8059

Filesize
26KB

MD5
e5f912748fb7bff843c219f218562c11

SHA1
84c9762d4097636cfaf9541962a9cd275cc10cb7

SHA256
fd26563d76335385712ffac520df50f4701c2375fbb4933f79382b893fc2606b

SHA512
daead150429024d8b96b02cbe9b13ff41477498e79e5286dfd8970809b48e15c98a41a20382d9577d1215dae2067530e47e35c4cea4acdf27af2ed422886a857

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\9243

Filesize
20KB

MD5
0b6c0f8a75d4fddded6aa71e35a5fba7

SHA1
10d3bc6f6a3c7031319fd8a249fc4ecbf62ba1b2

SHA256
22c31e4b24fba7fff627100b853e84c3b0c0929b8486e6c47c7e66d7299c3d26

SHA512
7a8b8782915cbe2fb524a706d812028ff64dc3b9f508cfe76656d0787e1e3fa37ef787bcb9d918b02d923cb58d07f32ba61d15b7d0765dadb492dffde24dcef0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\0D71D277B2C3B540F6F645163B0C25535091491B

Filesize
24KB

MD5
fb5bf6c9c0ff9a285ccb935ab1411966

SHA1
5942d392240e0a44119479c21a4fe412f058455e

SHA256
1baece9a4f34a8cdef9639b93fc8a570b98115ccf53bc823405b1ad6fb8ecd67

SHA512
4a3d696af981f46fc24a839131f978caa862b020a6dae3e418e428bc484a0ac75e1ca671e219df13f7242a17c7557953241eca87f204deec739a45dd4876cbd4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\1808AB645059FE3E0FF128F7F2A76A5DFADC08B3

Filesize
115KB

MD5
dbb75a7242405664d575af8ff6f5b6f5

SHA1
b147d3551c6fcdf388de8d8ef1a37ff540a19f25

SHA256
3b3545ce7233e8dca504962d228b08add92663802cfbcacc33f6a71535828263

SHA512
fcf0cbaa2563b772c5cc3b803bf4fa48685848b93901a00dbde0dd6b9ed92d687ae76ffa7ba19562489cf2a5e408330fc88e46c8e3383c2dc9f17b0447b82673

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\2364153C0BCCDDD6AD9E9BD497FDE51FA7465F8A

Filesize
90KB

MD5
62b948df1eeededa33f09010b6441a40

SHA1
9286bce91ea0440a7ac26d0a7a62280df7284e71

SHA256
c5ee5917be033a26435c1dd42c32c1a803ce198768b2e7cd604642920ee8bb5a

SHA512
176a83ab37378f61a2bb8a61ac10fc55f85f6c118ff12e4b20de774bb57c2e9f87f9903355c70b7e9fe96dd544d7115e9757fb5ca7f0d6cb7287a4b3378ce40c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\5BF5365BDAE7270AD3FCA266C2B6A09599364654

Filesize
806KB

MD5
4f77338866b8309f7410f9ab4720f622

SHA1
8f9e5c8f28eb67fd79286e785538fb5ac3cefcba

SHA256
1104295a42afcaf8da2d17354fef7282c37a940130c7453ca5a93c96123e9969

SHA512
6b29308f4897e03ec2f38457f17c5750ed06e51120026064c2b15e1b606f8c733ae569435f8766409b9a8d8f3dbf51877d1a61b592b7b6f5002fba0e0509b678

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
1aa7577bcbd1996ea58f3394a3c5e222

SHA1
a6b5f97f2d0c0651a75dd6c96cd7de44c84e4487

SHA256
1a2a27e9ca5e6ecc71cc9bda03dbdd5b561dc0f2312c5934db3b178a6a665734

SHA512
6d37795d96aa936c73255e93cb78590917f4aa6c8db3f7923b7fe1e66a0221fdac15d80bbc1d75186730b37af288381c045e3f4f821ac5ab9d334244d325e43b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\82572880A6B723E5B9814831D0AFEBE6E0A06F45

Filesize
24KB

MD5
e3d2e7921b2dd346ed2d2990dc740e27

SHA1
5a667492b0de475718ac529ef6f7a3e4f034739f

SHA256
c903f24dfe8883b379c99c46cf8360c6b9edaf30b205e8bac1032c7bc694c25a

SHA512
f81d7d32a3757163ff6ae7b47e8c23ee1528aa1a866718af68feb280538ace2f06275a052c1e00ab28c039167ffc71bf174a21588229b8c0666f6d762771a4c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\A87A3AB457E8137EBB71466A687FE89D9DFBA2D8

Filesize
17KB

MD5
6ef6412228f3da65ccbd01aa36ca198c

SHA1
81f26c41c75078a1c064a060fe3ddcda4e52b120

SHA256
ed023a15c47817b14370eedb3531cb282a658b90f574cea5541f4dba4fcad608

SHA512
63c4c98ecc535ea20b3e7cb7f6de92a78fafa33aa3e551d451906cc40da542d377c03df11ea85458ab5f3765e226f375fd7548bdf85aa425c7d5357fe1631a81

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\B6C0DB1ABD7DF1F9132B3E538545648530BC78E4

Filesize
24KB

MD5
e0f856947dc98fe029a7b57c14128c49

SHA1
60c56d1a63dd43ebd078051d9c09eca1a604c18b

SHA256
4106e7db915dccf5e11ad5b5ecfcf788ca9bbe9cc0ee651070d734165b88ba99

SHA512
36d5137245f80bbf2b5ee345e00325fe7d6d9727931be109db683b23ced094b541deabca2490a693d2e749d430718b239bb123194fdfde4dbe7058de78d3736e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\BCF670B9E2ADB9D4D5B70A50C57F8BDBB3703D20

Filesize
24KB

MD5
b8245e8b651a7f1acb33d14aef0f60f3

SHA1
c7ff4006cd69dd9817d56c9c370d26cb53d9ab1d

SHA256
5e075447dd9e2ec1b28e0f97e4a3a2ff3188fe7f5832789417e23d1bed2ec35d

SHA512
fc8e4d83150d200646825d2f490d185a78346f210626ccc99ffeff9a71446b022f89a788905160a18f533053128d7795a0cde1cde110a2376694683ef38292d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\C2BEFA1ABDF2E61AD2F0C50DAFD66F5F5A9CC4F9

Filesize
24KB

MD5
7cd662ce2c93647af0620c7c47b3679c

SHA1
cc8543c033100649d4662f88da8cf9ad8312dcbf

SHA256
fe3c2d4c2fe8811fb90b443b71c8997040141eaafaa334c3aefbe849d2b79a5e

SHA512
e714c44771fbc2ffc0b0f18f72f186951a9228938d4568ed676fbed19a40d2b1f596cd2b9414b9a46dac985f602d17592d10b0e61e7b839d47ba6169b2662d16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\D11C3786EEE42242C594BF8F1C6276220D0D3882

Filesize
171KB

MD5
2b568157e2374dcff76e0d2ed15f76f5

SHA1
be49c2e131a5013f657691df78a607c648fa9271

SHA256
600851224809d1bfc9fc973f939e6fdb7cbdf9986748e475924b3c7d6fdf5aca

SHA512
0db368e5a3f13f853abdf548d36b5bc17515eae3bf9ba93955746865f8f5529d40255ef4a776e8edf9ab5ad81169dc2992bebd8c1d69c2a564a7191af140f1e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\jumpListCache\N_oZqmEbhrctGG4975Vu4Q==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
70cdbf6f2b3d907940503c0c6c7ccceb

SHA1
62de3952f24b0b7be022c789236f8c10fe90b963

SHA256
46c16dc18f53e1ddca1fb8d4f6a1906bd29efc247cf6472b2a9df9f8ccb52ec4

SHA512
40e3d3d1981af8d14ad9613b3f1171adb9e6ab1ec3ef224b2d2cf55c816d4690109642bc8f11cd0a334c91f64b5b72e226b4db478fbc182c0ef781720e97143b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
6KB

MD5
42983d9ec35c5747fddea01f462ff5cd

SHA1
3a8248753041c260a8b20b1c03ad424760f14c9a

SHA256
7e03cb212eb8571ac9cf8e842dd203ed321e9c1ddb464879e9441784cbb04d19

SHA512
403896a191ef2379ae06ba439545153a9f07356cfdd11095a3495a27ed6eeb05f4da20a34b140faeb7836e290604a02f885f18ed8be8d16b0331eefad9f6ba04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
6KB

MD5
88163f7a32bf3e3f54e4e723998eac09

SHA1
46891c9bf62ee42f73746c246f72d08a062bb120

SHA256
fec6357687dee572c550d1eae8d9257095033a55000fda10d348e12a2b8ddcd4

SHA512
d25da95ebfed3ad9efe060d86b9137a59577e03600359faad80bad5426390833a9b0df8983e397b0482c22554d7a05c5c409947cddcd57e0f5dcce77db937c8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
7KB

MD5
a5eb0fecf389c93456e7c2732681fe76

SHA1
0be8474fcbc823c4ada89331253a5175acfe2253

SHA256
8c4ce1419ed3f73aea6d420c24c084382dca1d5362d34dddbbd19ce2f5aa19d8

SHA512
47203bef9d6fec493186ead9ae131bc1788da8aba76352d9bc30975c4e8d7cc47f3b599183b8154b2e7fb72e2dfe0bb849e05ac6f8c41b30b77bd8f2b8c2a341

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
7KB

MD5
13ce6e113b59809daac08152ffb5c033

SHA1
abf6b8e5eed992ae3ee8c08e16fc9066d5b3b5b3

SHA256
23ca46c6a7539b55bb7fe0a9fbc2df57a5b086831b3f8545267e7822e9693462

SHA512
f36a4b8bbddd9831b08ec4b745d86c1b3a08e3217f5f9c4116264e73d6680341bc9df1dc7a4c4dd2a1f655e2d8dc5ec4bd4ea7489f321b5f8eac92df5cdc4b36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
7KB

MD5
24514098e7880e34a9ccbab36ee03b0e

SHA1
9bd4185838e283f566dda4fea1f442e46c47169b

SHA256
6e45caf241eb161742c9dfd383f0b42d777f794aa6617271d774de5038ba5d1c

SHA512
38dc2c4f633e06f5ca377216f8bab40f351fa888e97b76ebd12c316dff3d73c39dc24e91e8f02ac2dc63f69f8315e0359300def373ded62086698270a4d3c783

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
7KB

MD5
1e23e88da73993c4102a3e6212743ae7

SHA1
fb7a1831884902104976e08416e181bdc62e831c

SHA256
8fb728a1f99279a4d1b5546f8215ceed33a73da7e2b42c1844f70036fcb445d5

SHA512
0b74b8ad4deed895eb23aeb6c05f9a2a64317f406b080968d1fd16a74d0e0e82fb90af09763e8bd5cc269e5ace1748d18fac107990449c783a6b4c5b9d4b4695

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
8KB

MD5
9f6757f8665a99d60a1769f10fc3a0b7

SHA1
63da7b26f8cd390f44afa3050f60216837b1fc8e

SHA256
e5286a82ddc830455663ef651cde26d424d9c6e6183e27ce1adbcd92d687ae63

SHA512
4200b9fdcc7d5a9419201c67703470731bb376a5aacc4d1c7ab82b6c35edcd9fc7ff2c7842d50945bd0b06d4c9b326af7ea4dc93218bb2ee33ca7cda2c2e91d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
10KB

MD5
852b51176a8ec3d5c0b1921380b84beb

SHA1
063c671f4ba7b6bd05bc2bce6e9331eb321ad367

SHA256
dfeaf6a3e40d205c043660f8fc42af9511fd4deb5fc6a575df156a7d15e0cedc

SHA512
80f8bac37e2cdef908e5b969fdf3b120c01d884a59112b483f35688999bfb92c9681072b6c9907f72415a0f12206817abadfcc3ab2b4a86bd59e306fe78a1c36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js

Filesize
6KB

MD5
fcd5f37e5e4066f7cffe8eb106b6ce19

SHA1
b0a1c4d3d5c96271429fb09cb71055d177c13402

SHA256
38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

SHA512
afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
79bd2c79901fa9331a27e97b2d676a4b

SHA1
e9c0d7347758faf02fee35447910632856e53074

SHA256
3471ab987c4ecc171abac00ea6efa152fe62de5e1374c783c6fbf94c7d98da9c

SHA512
2f1586f0b0fbc39469ad74bac03588fd0e771d0dfbfd7cc5bb5754c92ce60ad297179d5734e4eeaf44f802f47651b200eae2fa64c665ce38dba6e027792cf070

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
858f9d376725c2df91e0474e404f77fd

SHA1
ff4e71e465328d6078cf2635b72fc84b1a69278b

SHA256
df756c550f66e5c811f2d4e6a59dc33da755e6b895c90c332e7465d2041874bc

SHA512
dd2db88da13d7919ade42e4fafdf3fb430a41a2a7d8ff384bec230e2e62e44a33b20b707f8a66fdceb6c4d1f7d11f7a63c3b3c54645cc69c54cc1c5a957cf4f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

Filesize
48KB

MD5
fc96a7947dec27b27a6b31e1e4a42831

SHA1
1064888e120a0236a444af6f1efd17299d2d8a7d

SHA256
a3dbf79598200c2b2d87c6fd8fb670cb16fa68850012cd662f6e7ea07e665bd3

SHA512
1bcd8b64cc7143a0a4e815685ff85365ac22bb1e0209d95020e00fa9fe7da157999477119183c7ccd0ac1122cec1b083b392ba12b275a36bb6e974f4a84543e7

Download Submit
memory/2592-135-0x00007FF7FA810000-0x00007FF7FA820000-memory.dmp

Filesize
64KB

Download
memory/2592-134-0x00007FF7FA810000-0x00007FF7FA820000-memory.dmp

Filesize
64KB

Download
memory/2592-136-0x00007FF7FA810000-0x00007FF7FA820000-memory.dmp

Filesize
64KB

Download
memory/2592-137-0x00007FF7FA810000-0x00007FF7FA820000-memory.dmp

Filesize
64KB

Download
memory/2592-138-0x00007FF7F7FA0000-0x00007FF7F7FB0000-memory.dmp

Filesize
64KB

Download
memory/2592-139-0x00007FF7F7FA0000-0x00007FF7F7FB0000-memory.dmp

Filesize
64KB

Download
memory/2592-133-0x00007FF7FA810000-0x00007FF7FA820000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads