hxxps://www[.]dropbox[.]com/scl/fi/pwjuj9wrsyejao01hz201/Fotomulta_Comparendo_201247433602pdf[.]bz2?rlkey=j2zw3u6zt9dmpjejkau83pxlj&dl=1

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2023, 12:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fi/pwjuj9wrsyejao01hz201/Fotomulta_Comparendo_201247433602pdf.bz2?rlkey=j2zw3u6zt9dmpjejkau83pxlj&dl=1

Score

1^/10

Malware Config

Signatures

Modifies registry class 56 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Fotomulta_Comparendo_201247433602pdf.bz2:Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4432	firefox.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe
Token: SeDebugPrivilege	4432	firefox.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe
4432	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4608 wrote to memory of 4432	4608	firefox.exe	81
PID 4432 wrote to memory of 684	4432	firefox.exe	82
PID 4432 wrote to memory of 684	4432	firefox.exe	82
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 500	4432	firefox.exe	83
PID 4432 wrote to memory of 4268	4432	firefox.exe	84
PID 4432 wrote to memory of 4268	4432	firefox.exe	84
PID 4432 wrote to memory of 4268	4432	firefox.exe	84

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.dropbox.com/scl/fi/pwjuj9wrsyejao01hz201/Fotomulta_Comparendo_201247433602pdf.bz2?rlkey=j2zw3u6zt9dmpjejkau83pxlj&dl=1"
1⤵
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.dropbox.com/scl/fi/pwjuj9wrsyejao01hz201/Fotomulta_Comparendo_201247433602pdf.bz2?rlkey=j2zw3u6zt9dmpjejkau83pxlj&dl=1
  2⤵
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.0.1801586530\1739018462" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05663e46-fd41-4917-896f-66de2fcf5698} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 1952 22bd86c5458 gpu
    3⤵
    PID:684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.1.253631751\1161013989" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20ffdcc1-9f63-44a9-8707-513c296f5db3} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 2376 22bd81e4058 socket
    3⤵
    PID:500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.2.255165778\372582931" -childID 1 -isForBrowser -prefsHandle 2968 -prefMapHandle 3116 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3110f50-4be0-418f-ac63-3cfc844ec637} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 3032 22bdc0f3f58 tab
    3⤵
    PID:4268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.3.1907748514\1491133252" -childID 2 -isForBrowser -prefsHandle 3792 -prefMapHandle 3788 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad3b0015-ea7b-46b6-a996-df1ee3f60b92} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 3800 22bc4770058 tab
    3⤵
    PID:4104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.6.58289602\1299281391" -childID 5 -isForBrowser -prefsHandle 5316 -prefMapHandle 5320 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8b64b4e-5256-42d8-9848-f7d6d4dc2619} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 5404 22bdeff2c58 tab
    3⤵
    PID:4328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.5.1782600374\940472867" -childID 4 -isForBrowser -prefsHandle 5052 -prefMapHandle 5048 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33b2b3c8-2429-431d-b48a-fa3e646df36f} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 5076 22bdeff0858 tab
    3⤵
    PID:2140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.4.826328643\298583622" -childID 3 -isForBrowser -prefsHandle 5032 -prefMapHandle 5016 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11417670-83d0-4ccf-8e77-459e7acfce7a} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 5044 22bdc4e9b58 tab
    3⤵
    PID:2900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.7.1136477960\82917253" -childID 6 -isForBrowser -prefsHandle 6012 -prefMapHandle 3952 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {834fc220-54d5-4a53-b86f-8f60abb70741} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 4608 22bc4771858 tab
    3⤵
    PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.8.1798758038\1035010215" -childID 7 -isForBrowser -prefsHandle 6236 -prefMapHandle 3292 -prefsLen 26871 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed5d21b4-84b3-4331-873f-d6bb535ba1e3} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 6224 22bdfe5f458 tab
    3⤵
    PID:1872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.10.651408335\58325763" -childID 9 -isForBrowser -prefsHandle 5388 -prefMapHandle 3188 -prefsLen 27136 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54169183-c5e5-4fff-ae40-8686ac1afc9f} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 5088 22bdfbcbf58 tab
    3⤵
    PID:5072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.9.109530481\1919920554" -childID 8 -isForBrowser -prefsHandle 2924 -prefMapHandle 5552 -prefsLen 27136 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fff518f5-44d4-492d-82da-94c3eea18445} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 6360 22bdf9b8d58 tab
    3⤵
    PID:4308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.11.2140878849\2025510891" -childID 10 -isForBrowser -prefsHandle 6664 -prefMapHandle 2928 -prefsLen 27136 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c4c92d0-9194-401d-959a-e9df61786b17} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 6652 22be0ccc858 tab
    3⤵
    PID:488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4432.12.1355334396\331927330" -childID 11 -isForBrowser -prefsHandle 7420 -prefMapHandle 7408 -prefsLen 27272 -prefMapSize 232675 -jsInitHandle 1068 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5f794cc-8515-4224-b68e-00eb61e42e4e} 4432 "\\.\pipe\gecko-crash-server-pipe.4432" 7016 22bdfbd6858 tab
    3⤵
    PID:5896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
015e7ed02ff8ac377996374d8d54c0a2

SHA1
9321ddac2a6c2c961a7adbfca26c5279fc12bc84

SHA256
a378294c2319efd58a15b842ac80a19689f6e351bf4566b1e7e52b82efeedf3d

SHA512
dc732b9fa5a778fdc2ad20a02cd1612a7d5ce4edbe56f7382d6df3633edbfe18c6146d51c382f3021c52e132aa9690dc8da2ca6f393afb82c9731fba39b90566

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\cache2\doomed\17300

Filesize
15KB

MD5
e06d92f4717ee225176314551f168b56

SHA1
5314aaedff440c035825cfb7f725d30b26da72b1

SHA256
93a59e894f176e71887051e7a81c0a2edb3e10024dbc6af077aa32d77de6e992

SHA512
09b9c4ed8ffd8f109d0c956745aef20bf343afe02d5355ccbb6d2dc324646a0381c596013c04f60b5dc13318bb2349c4c7cf135279de88d2a015dd68032937ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\cache2\doomed\17381

Filesize
15KB

MD5
0c5477fd266d2949910279ff22507372

SHA1
af61e97528c33bfc20b00992a18f01c25212895c

SHA256
7b87e8a7f3e7c80f8c5a434c694d30fcd3f578bb3c86b9bb18bc57410ea7a716

SHA512
14948e7c6f4b1e2f559a39ac498c6b06e23a690c74254e1fb068535e2bcca6070f29ca3c0de8a87f7d8e9a794fea7218b1b77f3fbfd91e85378f87a9b4506c1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\cache2\doomed\24624

Filesize
9KB

MD5
666ba4c740ecb0214f0e5a9091d9be75

SHA1
0874f3c2691226e164d22152b394770b09a84f72

SHA256
ea68d8fe25034310a1ad1dc7dff923bbb0019e9b44006cb25451e3edd0573185

SHA512
680d5515aa0d7d128383207f199c8098125be04af586c8d6f81acb2d71dae1fcdb411e9d61f9ad1fc0277ea43ad6a64323b6994952675b9ff1918cb830467d4b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\cache2\doomed\3267

Filesize
11KB

MD5
e1a472ba9c36ced314bcf656e04f79a7

SHA1
93e244e8070a12ea8af197de04451b370fc965f1

SHA256
80decd582d9418b6ed29119a6a5fd2982b689a94965ac883bbf210ce9325e274

SHA512
1f3bfd470cefde0ce815035067fb53158305a959994a443a4d5ac8da97ae0dc50c038d9dd2c1e2f4175bcd4333a73e63c45d06bc86136f20638370c9ecbd4985

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\cache2\entries\418CDE4456AE9F0EF1F8E9F1D16995D3203318A8

Filesize
189KB

MD5
b709a26ae2b61ad9bb769f5eb9b44d3e

SHA1
0c8afe6ced7fa857df66c973f02d666f11e44fd0

SHA256
f6aa15ff5577857f492f5354b9937e3229df4d638b526e1318f70a547f77d66e

SHA512
1a5e894a05fd982fde0c5f6f83296d3313784a5d95615eb14658187f5cdad96f09ceed04c7aa87a30a9bd78c50dbef189bbc25e83126047023f6dfe5a20b8164

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\cache2\entries\FCC030F57940296B4C989D2C74BA07DCC70A995E

Filesize
13KB

MD5
2c2aeae8ac28daa97c62268f202fbc40

SHA1
e66d1f5fcba6c03644ce59d8189a492e82c3fd27

SHA256
e37d7b688ee27f0e0f08cbe84e28756fe0ee64d65633c6a1d4de871ae9c372f4

SHA512
3216e6604dd9c290aa95569fecc597270e4a0559a9cb33e01f847841bcac25891c5bcc3c403db00a67ee835df215728e51ba8a6fa687ca0e9302e6e6e063d63a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\suuk1m1w.default-release\jumpListCache\ciHnUTCEP4Hh7bWnXGJ2mg==.ico

Filesize
15KB

MD5
a3c1306e53848dce3a3c2fec6e1cdff2

SHA1
87f8463535c624202f9b6efe26e993b0b1f3157c

SHA256
d2d32f8573ccc7ad555d258c8362cfb0b699eb4b004f93dbeb171f3510df055f

SHA512
871e877c73990e372a7a41d9851e9dcf301efdc543696aa4dbc35b8a121e24b7fcdf76d426b5f90fa3a14253440697de01ffa0d82d417e5490560ce7d9740aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\prefs-1.js

Filesize
6KB

MD5
335cfb0ec4d2419f64f0e4aec98afd9b

SHA1
f7ac4e0b7b82a06faa294892093e7ef46bbe100f

SHA256
e1f0efaaedf9c4ef43fc141c57d43801ddc89ed3d56368df6e0a5b0c50b54b05

SHA512
107a7969eac54116e8c56697652e7213aaca812f9c8e63e4a1505f53fd45be64e36192c035db7fda4f432cf09b81d6a8fa38ba688ad442f5c306610af6b1b9a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\prefs-1.js

Filesize
8KB

MD5
c3951b6a071ca2393428d82689c31c08

SHA1
abd00f7e43b98c91efe2ea47ee1caad1e053949e

SHA256
2d9ce5efae6e94f68bc598d288721306aba9b8c85ff7670c8c18796bbc227807

SHA512
ef09b8020d7922346cc752d0f4ea6a784f8870e4b6f19e91a11dabb204eb681ac9bd650279808795c7fa74cdcac114a890bdf65fb8f7e65227c9a94278211618

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\prefs-1.js

Filesize
7KB

MD5
a835cd922b4556b761aff7b88fb4ba3c

SHA1
4023caa65a8799b8c639d56f8f29ee4074bda33a

SHA256
2f0f31b549b30b48c2a3bdfe3dc385fe50edf6cd609590445c640b6d4e5b772d

SHA512
7f88cb4c63ef7d8ebb4a364c724de2d9d73cc43ad6263d07a30b5600d4e4c3949b7e742b8a18e943d5e3bb71998b7e239c12f4e567ee6f0dff68e1043ed50867

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
326d5c97ea7be01397035608e0743497

SHA1
ee55dd62df5f582328ba3c4d5f9e3dca3c1e13f3

SHA256
ba32cfeda044bd75e9ff65cd7d7085bd88478866f43e9e73fe42ff91b1c80b9c

SHA512
8b7ddfdae876add25efe0a7d5e04db8aff84dc01a7d90ef68600db8251c2ff99d07cb9b9233a0057f83c5f08dc8a71eace6c0a03c2c545fd38c3627534ac4163

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
51a42769634210b4e3b6dea8ea7b61ee

SHA1
8feb75e95cf8248fa482bd3618ec51dec103ca58

SHA256
3c0d5314ba18c6c89d1bb3e6e832e4df76bb3cf7cc032be0b1b082a1c3de49f2

SHA512
93f84f447a1f36fb3972aeba420d87d23d729c35bef540ae7ef1c75dfbc71f0fc5e6379359e33345b7ed582ef382979859c4897d103927c17b8d2ac1b8e0c89a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e33021a0ed757c5bd5bde2d591295ac5

SHA1
83a22fa4a04d1b5958a3fe715dafb5fccec61705

SHA256
84dc7dd971b03807cdf95b163afae1e11cd8019b5e94594ae9466368db130ea6

SHA512
091d330cd5332eecddd21286ecd78b869abd2f260e665076849a7890d8d0d610b456076652bf60f65d456ea8f4c06221ffa3ab7b8ac71ba02fd712690c7532f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e3c05c883cb173d1f8c096887fb84d54

SHA1
ed2e6ba58c1ab34eb291c5393d2d0a66fa00ae63

SHA256
a59e08599f2461defffe581921317246aed27195ff07df5cc7976c5240ce1967

SHA512
c2695080e9f9bb67aebbfebd6f3621379054f66c8857265201845f00bc652011a8680380dfc54422cc71143c8cdbb465dcb68a5ec7403e28b91df87dc17e4dfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2b8d500448c1d39dcf9591d31a678a09

SHA1
7ecef5e9d4738afd7e167c1760a3145f3428110b

SHA256
f1c6a59b7d6686f17e80c4c3019ae32ee88e398ec160f92650c9943892fe561a

SHA512
428c734ee2d5a66842c0eda8db593db9ec50dfa4de653559a1cef54a3fc0669d121fb100c10fb00c3d99aecb07ed70683a5d087fb8f183a5ce083674d20f3751

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
daade1008142218781270f9ec6113a24

SHA1
9e8e52043017abf2e7dfaa5a09f3d10e9b07db60

SHA256
c53fa911b983141ccc2b36ee72446beef4ba6e50eaf24afbc5145416c03765b6

SHA512
045a7fd8d10ecc8c5afc2f90464643847918ee943eb2af7b99e2603a8a32a874cd90f3343eb7a1987f7e06697d127b8279d4b625026b9fb83bf6841453437d44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
3ba5eb1400062ecef7ed0098f054f95d

SHA1
531669c54c790c064154e5bc99c8a349e160776a

SHA256
77ed468b1e94cc66ac2cb6e104feb68e1be63e425620524d0a4730cda4557b26

SHA512
0c8b4d62cb2acb99411b420b14bc34a5fc037ccc896aed2dc5f8b1808adb6db0ae97b0bfddad8d63b270b4a26f6be661d8efcc6843bdc4c4871f66f3359c7008

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
559fe9a337c6abd02e9fff1d06909fe8

SHA1
62b2078b65ded21adebd1cce61669a86e83df999

SHA256
49bb842df788cc0ff7df11b84fe1a6e740e358e867db7e20c5cb0e3fa13969c9

SHA512
701f100caf807e994ac41f7fe4d2e3a09053dc1f44fe7c2da138ed41c169a6fa1c74d1c2343997fe04fa5bd6adfb107675df7f9642ba4e446bd680895f7265bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f9a713278179f19ef601dd8933352aeb

SHA1
b71fb1071c3cef2150e63b735c4a326aa05cdb4c

SHA256
b9d90d885ee6556a7456febd6644cd506fc8f258c06a6937e3f9d91ad06f3fcd

SHA512
2361ab8b3fd60371286a70152fcaa06cfd65fe29c9cf5a82d9db9cbb785e6792ac6f32567e88bcfa03b5c0e34817d13cd2423cf0e360367d13081db2dacde817

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\storage\default\https+++www.virustotal.com\cache\morgue\201\{2d600bac-32eb-4b47-8d9a-ea671959bec9}.final

Filesize
44KB

MD5
1b36ccf1a75b2e51b20f057702d049ef

SHA1
11a219094d4cfdb592045488e8f66b71f91550c7

SHA256
4294b406ea8c9c57d02faa3a9e23a7f57ccc954e73973439579bcd166f5a0994

SHA512
86d6dcc6c070bb161581df7b0c517c434904128bfb4ccb52418980ebf14a0d2c0857fe81662da829688bef2c4e11bf9f129786b0abf071ef0435e5d995ca0f88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\suuk1m1w.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
03916f1b4c3dfea38885fff94891cd73

SHA1
757865074a5715dc2320c637d1044c1645274e4c

SHA256
acff68798e1515a47dfed08d928d67f757fc9c6ca7e46816e2d800fa24e053d8

SHA512
aae8c60d30b5aa216acb4821a76aac339de583dddedf579693d5c0855fbc314d9c4f2f9133a0b91900af30d4fa7b3d9248939be410dc3769abce9ec4311521d9

Download Submit
C:\Users\Admin\Downloads\EFzSWtOW.bz2.part

Filesize
15KB

MD5
8f94f94e7a54746353d65bc7f5f707f3

SHA1
c297e9440b18786f4dc76d907188f8550aa41440

SHA256
d38d5189e32982a4ffcaa0537a59b42d4a1fe5c3bb1a098a905f59842edecdf4

SHA512
bbd9aace09ac008836267c1c7520a5481092555b7f8c7d36abae8cce73cbdc03b4c878ca3092753d9b224e0f94a7358af30d803226faebd64b6b56e8fc9a7946

Download Submit