0645f9772b25317dee11c82f5e22c18d5080edcd288ca3c8cd30385704d70d0c

Analysis

max time kernel
1605s
max time network
1611s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
18/01/2024, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Pixologic Zbrush 2023.0 Win x64 [2023, Multi, NO RUS] [rutracker-6308770].torrent
Size

98KB
MD5

794cda778c70c4c610dc7360c8fb023c
SHA1

d4d07e8fd8f0f2863ea4613c3ee49d0bf632adeb
SHA256

0645f9772b25317dee11c82f5e22c18d5080edcd288ca3c8cd30385704d70d0c
SHA512

aebf3dba790f4091721fb562dc0c9701c89fc18a9993b0464606da6aaecb1553c1793c04c95bf3d497fdc0d2e206a812d0947c414913d65e07827a731c84b8e9
SSDEEP

3072:p0P2FnfVwFyHeZTb3T5rhi2Qjo4SVatc3sE:eQ2FnD5rhR4+sU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
5800	firefox.exe
8280	qbittorrent_4.6.2_x64_setup.exe
5380	qbittorrent_4.6.2_x64_setup.exe

Loads dropped DLL 4 IoCs

pid	Process
5800	firefox.exe
5800	firefox.exe
8280	qbittorrent_4.6.2_x64_setup.exe
5380	qbittorrent_4.6.2_x64_setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 11 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1682406436-2801920780-981986064-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\qbittorrent_4.6.3_x64_setup.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\qbittorrent_4.6.2_x64_setup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4356	WINWORD.EXE
4356	WINWORD.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2348	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2124	firefox.exe
Token: SeDebugPrivilege	2124	firefox.exe
Token: SeDebugPrivilege	2124	firefox.exe
Token: SeDebugPrivilege	2124	firefox.exe
Token: SeDebugPrivilege	2124	firefox.exe
Token: SeDebugPrivilege	5380	qbittorrent_4.6.2_x64_setup.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe

Suspicious use of SetWindowsHookEx 56 IoCs

pid	Process
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
2348	OpenWith.exe
4356	WINWORD.EXE
4356	WINWORD.EXE
4356	WINWORD.EXE
4356	WINWORD.EXE
4356	WINWORD.EXE
4356	WINWORD.EXE
4356	WINWORD.EXE
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe
2124	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 1856 wrote to memory of 2124	1856	firefox.exe	84
PID 2124 wrote to memory of 4704	2124	firefox.exe	85
PID 2124 wrote to memory of 4704	2124	firefox.exe	85
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 2412	2124	firefox.exe	86
PID 2124 wrote to memory of 4416	2124	firefox.exe	87
PID 2124 wrote to memory of 4416	2124	firefox.exe	87
PID 2124 wrote to memory of 4416	2124	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Pixologic Zbrush 2023.0 Win x64 [2023, Multi, NO RUS] [rutracker-6308770].torrent"
1⤵
- Modifies registry class
PID:1920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Documents\Files.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.0.667089982\1086682072" -parentBuildID 20221007134813 -prefsHandle 1720 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34d28a4c-737f-4556-9b19-24d209ee02dc} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 1812 2c9598db558 gpu
    3⤵
    PID:4704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.1.999791072\871978588" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bef21fa-e6e6-41fa-91d6-de0f8af20998} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 2168 2c94e872e58 socket
    3⤵
    - Checks processor information in registry
    PID:2412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.2.1675478237\787635369" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2764 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79ec9e7e-158f-4bc3-bf9f-bd6a28ea8210} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 2812 2c95d996b58 tab
    3⤵
    PID:4416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.3.220540963\745791610" -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb56000c-8514-45f0-9eb3-898252ba0e7a} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 3580 2c94e867258 tab
    3⤵
    PID:4468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.4.370291680\518348514" -childID 3 -isForBrowser -prefsHandle 4128 -prefMapHandle 4112 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ae1b73d-94cb-4e48-9936-ca235401457e} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4136 2c95eac1a58 tab
    3⤵
    PID:1556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.5.967374396\1318599734" -childID 4 -isForBrowser -prefsHandle 4780 -prefMapHandle 2532 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9df7a570-2cc2-4f68-9c2f-89f231fb49d7} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4732 2c95ca4f058 tab
    3⤵
    PID:2016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.7.396720620\663206081" -childID 6 -isForBrowser -prefsHandle 4948 -prefMapHandle 4976 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f607929-2a95-4d3c-bd06-794dd90cc9df} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4840 2c95fe06b58 tab
    3⤵
    PID:3232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.6.1373886488\1241336163" -childID 5 -isForBrowser -prefsHandle 4940 -prefMapHandle 4936 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3913cc5e-1d26-4a7a-b321-0ecf27d46365} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4948 2c95fcd1258 tab
    3⤵
    PID:3036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.8.395037439\827560265" -childID 7 -isForBrowser -prefsHandle 5488 -prefMapHandle 5484 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffc1efd0-4979-478a-aad1-4e70281e0db8} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 5576 2c96154fe58 tab
    3⤵
    PID:4696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.9.1388982777\829151210" -childID 8 -isForBrowser -prefsHandle 5320 -prefMapHandle 5100 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {afa660b1-f5ea-4c51-9156-3c2905f8c3d0} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 5316 2c95c7d3258 tab
    3⤵
    PID:1552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.10.615600204\277556171" -childID 9 -isForBrowser -prefsHandle 4048 -prefMapHandle 5668 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23e2189b-0512-46ef-b676-933fe67abb77} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 5804 2c95fcd1e58 tab
    3⤵
    PID:4248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.11.121827223\115923723" -childID 10 -isForBrowser -prefsHandle 7176 -prefMapHandle 7160 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d70fcb7b-b050-4890-9805-18d47872072b} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 7148 2c961704a58 tab
    3⤵
    PID:5232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.12.340799831\1835169556" -childID 11 -isForBrowser -prefsHandle 5924 -prefMapHandle 6980 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b564730d-cb38-43d9-aceb-835aa92a72c0} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 9808 2c962ae7758 tab
    3⤵
    PID:5664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.13.26289227\1055261298" -childID 12 -isForBrowser -prefsHandle 9544 -prefMapHandle 9548 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb087bea-f812-46fb-a48f-65e7ac85959d} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 9536 2c96285d458 tab
    3⤵
    PID:5184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.14.802302566\1181297766" -childID 13 -isForBrowser -prefsHandle 8920 -prefMapHandle 8924 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23c7a7f8-3f56-4742-a7f9-1c05433a5d5b} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 9720 2c964159958 tab
    3⤵
    PID:6076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.15.1178048473\1280881828" -childID 14 -isForBrowser -prefsHandle 8900 -prefMapHandle 8776 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f909dbc2-03bd-4325-99df-42e7b0de2944} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 8784 2c964159f58 tab
    3⤵
    PID:6112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.16.254621258\1328257926" -childID 15 -isForBrowser -prefsHandle 7036 -prefMapHandle 3232 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de4efe02-e433-4f98-9099-eb093c542ef1} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 9660 2c96463fc58 tab
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.18.124248154\1896732662" -childID 17 -isForBrowser -prefsHandle 8776 -prefMapHandle 8796 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72e1a4a9-4f58-407a-a23b-5c640096d655} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 8712 2c959b74258 tab
    3⤵
    PID:5316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.17.568047938\1333319306" -childID 16 -isForBrowser -prefsHandle 8560 -prefMapHandle 8556 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c825444b-f5b4-4dba-87f4-f05bdf9e660d} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 8284 2c961b80058 tab
    3⤵
    PID:5284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.19.215011203\641200356" -childID 18 -isForBrowser -prefsHandle 6740 -prefMapHandle 6736 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d5703b6-58f1-4954-800e-337af4c848d2} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 6752 2c964f80c58 tab
    3⤵
    PID:6804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.20.1514580652\783740301" -parentBuildID 20221007134813 -prefsHandle 8304 -prefMapHandle 8224 -prefsLen 26729 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e0faf04-f218-416e-87bf-154cccfb5733} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 8176 2c960089458 rdd
    3⤵
    PID:6832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.23.1798112258\1362466012" -childID 21 -isForBrowser -prefsHandle 7952 -prefMapHandle 6680 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cd0ace2-0893-42f8-bb01-370a0195c224} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 7864 2c96537de58 tab
    3⤵
    PID:7072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.22.84840393\310537736" -childID 20 -isForBrowser -prefsHandle 8284 -prefMapHandle 6692 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee09f332-7c3f-406f-b5ce-1805cba600d6} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 6680 2c96537b758 tab
    3⤵
    PID:7064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.21.287018276\1827871944" -childID 19 -isForBrowser -prefsHandle 8100 -prefMapHandle 1520 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c89df127-b05d-4a38-af6c-9bcb84f664ee} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 8120 2c96537d858 tab
    3⤵
    PID:7044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.24.1681987747\147454306" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 7592 -prefMapHandle 5788 -prefsLen 26729 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d19a46a-6e0c-4405-8818-0cd446e0fdd8} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 7584 2c9652b8558 utility
    3⤵
    PID:5712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.25.1231043298\794579477" -childID 22 -isForBrowser -prefsHandle 7556 -prefMapHandle 7568 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7962576-1c92-4c79-b1c1-574e772300d6} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 8624 2c959ba2b58 tab
    3⤵
    PID:3092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.26.1137178044\1138318144" -childID 23 -isForBrowser -prefsHandle 7464 -prefMapHandle 7708 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ded59e4-176d-4c95-86ff-5fed7abe5eac} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 7348 2c962047558 tab
    3⤵
    PID:6528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.27.506425344\420622052" -childID 24 -isForBrowser -prefsHandle 6648 -prefMapHandle 8768 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90d4830b-8155-430a-b5a5-d6d2fb79bed5} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 6656 2c9620f7358 tab
    3⤵
    PID:6540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.28.483366429\487407810" -childID 25 -isForBrowser -prefsHandle 6312 -prefMapHandle 6320 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3de2f78-0975-46a4-99b4-fe567494c60a} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 6316 2c962769958 tab
    3⤵
    PID:3136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.31.170527929\1232039348" -childID 28 -isForBrowser -prefsHandle 5996 -prefMapHandle 6000 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e0b169a-6623-4785-8b34-b6dbb7324095} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 6396 2c962b10958 tab
    3⤵
    PID:5528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.30.1394786635\39402110" -childID 27 -isForBrowser -prefsHandle 6380 -prefMapHandle 6376 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a165c7d-d057-4cb5-8421-cd95b1c42e80} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 6392 2c962b0f758 tab
    3⤵
    PID:5920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.29.429718269\556038531" -childID 26 -isForBrowser -prefsHandle 6368 -prefMapHandle 6364 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5f76305-670e-4ac9-a3b3-bb3193873a46} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 6132 2c962b10c58 tab
    3⤵
    PID:3760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.32.527408456\1373067898" -childID 29 -isForBrowser -prefsHandle 6508 -prefMapHandle 7556 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1720aabe-c0f9-4cb3-9914-99e657e9d4d8} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 6516 2c962b9b358 tab
    3⤵
    PID:5808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.33.790556955\1176756492" -childID 30 -isForBrowser -prefsHandle 7804 -prefMapHandle 10272 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b1dcc80-d630-46ad-8f19-3f06c0b63b7f} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 10260 2c962c18a58 tab
    3⤵
    PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.34.2069401499\47064785" -childID 31 -isForBrowser -prefsHandle 10596 -prefMapHandle 10592 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2608f1fa-3150-44a8-82d2-2a03cedf9fc9} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 10512 2c962b1e258 tab
    3⤵
    PID:2204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.36.1114310423\466648250" -childID 33 -isForBrowser -prefsHandle 10512 -prefMapHandle 10680 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {539fa0cc-bb42-4304-9048-e55f4ec9876a} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 10924 2c962cc6958 tab
    3⤵
    PID:6716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.35.998747644\1967109740" -childID 32 -isForBrowser -prefsHandle 10700 -prefMapHandle 10704 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d5c8454-c18b-4abf-9c8b-169c6da8f3fb} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 10688 2c962c5a658 tab
    3⤵
    PID:5888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.37.1309477955\339037586" -childID 34 -isForBrowser -prefsHandle 6156 -prefMapHandle 6152 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e99149f-ab1a-42c1-b451-01a030fde8a0} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 11088 2c9607b2158 tab
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.39.1766589130\1205475527" -childID 36 -isForBrowser -prefsHandle 11320 -prefMapHandle 11208 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e2f07fb-e739-4273-9cfe-79147f7cb255} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 11444 2c96098bb58 tab
    3⤵
    PID:6668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.38.57336595\1317194041" -childID 35 -isForBrowser -prefsHandle 8540 -prefMapHandle 7448 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd47233-4f92-410c-8fd6-8bde2a8bf67b} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 11232 2c95cca4a58 tab
    3⤵
    PID:6660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.41.72456972\1989996308" -childID 38 -isForBrowser -prefsHandle 11704 -prefMapHandle 11444 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0338657c-7081-4aff-a225-6b701f7f02b1} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 11720 2c9621e9a58 tab
    3⤵
    PID:6708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.40.2058496561\2054850271" -childID 37 -isForBrowser -prefsHandle 11616 -prefMapHandle 11620 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bbcf5f1-032a-4f15-a4e8-bd26b110d236} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 11604 2c961bec658 tab
    3⤵
    PID:6712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.42.1113367035\2069377855" -childID 39 -isForBrowser -prefsHandle 11984 -prefMapHandle 11980 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6eab83c-f11a-4803-9534-4aa6991e18e1} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 11656 2c961704758 tab
    3⤵
    PID:8884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.43.497047057\644518941" -childID 40 -isForBrowser -prefsHandle 12172 -prefMapHandle 12180 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e77024d-3ec7-4891-a497-71151ce235b3} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 12164 2c964151958 tab
    3⤵
    PID:8940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.46.1288538307\2090504836" -childID 43 -isForBrowser -prefsHandle 4412 -prefMapHandle 4408 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {02a7090d-7df0-4242-a5a0-f62c7a5b7947} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4392 2c9607b1558 tab
    3⤵
    PID:9080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.45.1174055441\1211230628" -childID 42 -isForBrowser -prefsHandle 9932 -prefMapHandle 9884 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37569016-cf48-4978-a520-997147533f02} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 9892 2c959bcc158 tab
    3⤵
    PID:9060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.44.1501519005\1917850655" -childID 41 -isForBrowser -prefsHandle 10400 -prefMapHandle 10536 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51a6b07d-4771-4a13-b053-8186d19c86e0} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 10344 2c9629bd058 tab
    3⤵
    PID:8992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.48.672524591\712539804" -childID 45 -isForBrowser -prefsHandle 12436 -prefMapHandle 12440 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4666ebdc-6d63-4252-9ad7-504794c51732} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 12556 2c961b7f458 tab
    3⤵
    PID:6840
- - C:\Users\Admin\Downloads\qbittorrent_4.6.2_x64_setup.exe
    "C:\Users\Admin\Downloads\qbittorrent_4.6.2_x64_setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:8280
  - - C:\Users\Admin\Downloads\qbittorrent_4.6.2_x64_setup.exe
      C:\Users\Admin\Downloads\qbittorrent_4.6.2_x64_setup.exe /UAC:70240 /NCRC
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.47.2092499517\1887405758" -childID 44 -isForBrowser -prefsHandle 12384 -prefMapHandle 11720 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cd56526-b0ff-4ad2-9e1b-95a31936ec74} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 8392 2c9616d7158 tab
    3⤵
    PID:8216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.49.1771076786\325180065" -childID 46 -isForBrowser -prefsHandle 12648 -prefMapHandle 8432 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29cb83a4-7d1d-42f8-87d7-cd20f24844f0} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 12748 2c9653c3b58 tab
    3⤵
    PID:9044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.50.1820506882\145583078" -childID 47 -isForBrowser -prefsHandle 12820 -prefMapHandle 12824 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b18cb5e0-d48f-4873-a4d5-5b199ad3b330} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 12592 2c962e77e58 tab
    3⤵
    PID:9312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.51.1902902364\1450058221" -childID 48 -isForBrowser -prefsHandle 6708 -prefMapHandle 12804 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ea486ed-b1a5-4257-b80c-0e839451c287} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 13080 2c9620cf958 tab
    3⤵
    PID:9380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.52.1843961217\1038369794" -childID 49 -isForBrowser -prefsHandle 12688 -prefMapHandle 7460 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {326083b4-6ab1-4639-9447-7f5acff51818} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 11668 2c96c4c9c58 tab
    3⤵
    PID:9664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.53.1510086850\556553706" -childID 50 -isForBrowser -prefsHandle 8096 -prefMapHandle 6740 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26199012-c69c-497e-8808-6309ab876c2a} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4208 2c96144d358 tab
    3⤵
    PID:9432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.54.1002477389\1690005547" -childID 51 -isForBrowser -prefsHandle 8152 -prefMapHandle 8148 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14ef76ec-a698-46fa-ba2f-994a504cca71} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4232 2c96154d758 tab
    3⤵
    PID:9440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.55.2055631593\109182688" -childID 52 -isForBrowser -prefsHandle 9832 -prefMapHandle 4120 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e9c34f1-a2f5-4c8b-90f6-73e544e548e7} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 4356 2c96158a258 tab
    3⤵
    PID:9472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.56.244053754\449013485" -childID 53 -isForBrowser -prefsHandle 7176 -prefMapHandle 5296 -prefsLen 26729 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63c4f0eb-8253-4350-bec9-0b41717fa8ca} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 5772 2c959b77258 tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.58.1261060468\540701780" -childID 55 -isForBrowser -prefsHandle 13284 -prefMapHandle 13280 -prefsLen 26785 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68111749-829f-44f2-a28e-3caa9b789a51} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 13292 2c962b9b658 tab
    3⤵
    PID:5608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.57.1168055590\1485809043" -childID 54 -isForBrowser -prefsHandle 4712 -prefMapHandle 12468 -prefsLen 26785 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d8f02f8-4b8e-4438-8ad1-8567f4501c57} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 8176 2c94e862858 tab
    3⤵
    PID:5600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.59.396264497\998376240" -childID 56 -isForBrowser -prefsHandle 9692 -prefMapHandle 8524 -prefsLen 26785 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa78d303-3d57-4fcb-af6a-a03095c1e215} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 8760 2c962cc5a58 tab
    3⤵
    PID:9476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2124.60.1619383269\480197055" -childID 57 -isForBrowser -prefsHandle 12468 -prefMapHandle 4712 -prefsLen 26785 -prefMapSize 233444 -jsInitHandle 1332 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9d188eb-c5c4-46dd-8f92-a976a25ecc92} 2124 "\\.\pipe\gecko-crash-server-pipe.2124" 13840 2c96463e158 tab
    3⤵
    PID:5548

C:\Users\Admin\Downloads\qbittorrent_4.6.3_x64_setup.exe
"C:\Users\Admin\Downloads\qbittorrent_4.6.3_x64_setup.exe"
1⤵
PID:5800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\10820

Filesize
7KB

MD5
9a4fc214383e1c452a6041e5e676e419

SHA1
8b2ce25790508fbe43a448876020294da542ad4a

SHA256
7c4e48a21456f975eea4ed0d577db8c3eebe76a222a903c98c8f365f602d17fb

SHA512
927270cb8307cf358f946259017ee866fc3cdd825fc63c364e2df2383f00fd0da371c2f54799222a9d9204e185b7f5ddad893bd2f64ec84d6bf1ad424d9d7839

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\12387

Filesize
21KB

MD5
b34e1cb29364a9617d49fda22e20efa2

SHA1
ca901be0350a624267d98e24368baf228b12dba8

SHA256
5a66f23625827b3c4922f7822de059d7abd6197f6ce0d113ce76a819328b253d

SHA512
5a84e93ec3266781e1d4a9c46f668f6a4e1e8772dcefd49e6d10ff9ddac14dfece512c288b49e739a9c79442ae41e41e4cb0acb656692a9decd808fec3912d22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\13401

Filesize
11KB

MD5
b4e754f199e9cb6f61ef864f4d257176

SHA1
f329df6a22d8b07dc75fe32899deb0bcdb861c62

SHA256
962c54ef3d527b82c36807d61f832d9a989eb6eda3361f7896891b2dc74d495b

SHA512
91311677bb3146cad20875e940eaaeb09e5abe0d45eb6db030b4daad0fe5053910e72d65a2b3b7b5568773e55c266ae9245c79d5d1763ef684e5acbb5af36d6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\13513

Filesize
9KB

MD5
1a5365fdab958e7932a14ca4bf53a4f1

SHA1
dfad815530413b643ce4917849570121bbbc4646

SHA256
800c62ac282096c3be81a986f4931c6b41ae86f0b98cc0619bdc95d5e37b17d5

SHA512
c5e659dbc737cc195af35e96f52bbbf8e09e9712f0986f4db36e6804eb7c93b2c58a067fc80687e1c1b8177d215810d0f65d4c2a9329b444fd9d8caf638e15b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\14349

Filesize
7KB

MD5
c6e7d1ca0c3f9d76fc1dabfb54f67e4b

SHA1
8a305560d699a820d30490d73eb0d11b18a01723

SHA256
50fef0efc80f36f6a78c73d2e179281cd849388caede7882af9eb4e6782463cf

SHA512
e14f3b021f7856986bf0947d5e9e32153ceedae75f16bdd093b19fcac6562da16b738384a3e3320449f336ff3c2ad469964a68fc19549d57d0c7f467e085d10b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\14413

Filesize
13KB

MD5
37ee5fdea9380010ed8df7506c18a0e6

SHA1
548f9c2aecd5d94b49abcec7a528fa205679646b

SHA256
641f5618aff51e1798eccdbdd5b7cd7ff43d42b4d050dac33b2bf6fb83b32538

SHA512
a3515ca22a91566bbb2aa154610d8dc58a3a6a1a478ccd565b9ff7e49b2fc85a3d516925a9efef702557a147a3a3162819ef87e1db89830d1b1d760bc6ba759a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\14917

Filesize
8KB

MD5
7297b8ba36b6c338e53941dc09254a73

SHA1
99ce97e71130e7778efb62df5321c7e2e27f6dad

SHA256
d648637033dfe297ee7a1bfdfa102d538723eef989c2d0c36140c4f77e7591cd

SHA512
1d838bc3a47fbd8f3ba1a6ad9937ef74228089bd2ad0a2b8eed624ff875f65ada37a07063b44eaf036a784bc3985c6185589f73bbf8758bc0401c3aba496e7b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\15653

Filesize
13KB

MD5
30f19594a8278f0de0a745b1a7c4bbb9

SHA1
80d17a5d770428414d1c851cd3a3b7ef54db75e3

SHA256
299b9db9ad2833c667c2f93218e32040a213894c17cb3effc1ff06ec8fcdd237

SHA512
acfe7272f55a979ed11a65d15c0b4e1fc7490e49d312d426bd87f82ef6b59ac479b55ba33692b52c7037fd3f4b9fedb482767400164d64609e0b8b9436f11c1f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\15808

Filesize
13KB

MD5
ee12a6b7196370dfc0d1bab21c05fae5

SHA1
ad183da38fd6138009a6c6824acc9d0e5a4ea593

SHA256
6424ac4eaf1a8e4599d22b1fedd091a3f900088dcf275a9d1bb2a5acb423bf15

SHA512
8424f54db632339750cee4d94fef5fea027d71f6d06936f3e42641504edc3750869d79119d3ecb1becbb6e5ac1f7e2a9a4d3bc0232415872749256deefd3cd2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\16357

Filesize
9KB

MD5
6f55672a7f48a28dee6d3d85c8684498

SHA1
562b8d46d68d1bf3abc58d4dfc3db5bc618c8604

SHA256
87ce22f21c4eec1fadd9082ff10873f06f56de6a2159e5c2a626e30b1a940b48

SHA512
a14691d6483aae07f04df6fa9bf4009fa4374b73090ba2e44fc58e8206ca311a7d41131296fb8faa4dca755ade60db5f2cfaaacceb58ede36afada9ed6ccd073

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\19074

Filesize
9KB

MD5
dabf8e30bad52131572e7b3eddee55ad

SHA1
ffe8f5a92607d1b880e4cd49e7533657bebb05fe

SHA256
ce9ef2e4ea8dfcbba0d1751999b7ae252f9ae8974ade0b853708076c11be18e5

SHA512
27030753b9c6f8a6a9a2bb8286d9e62bfd53978b9c94df1d686ffd635742aade8ccd08b6433b0622e2597b32878323f63f4d79d4578e7d0b73f923efcf4c02cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\19206

Filesize
21KB

MD5
0ea79a504b061377917de22720a4016f

SHA1
11d31fe0cbd6589ec2ed56ecbf0b4c47f79211d5

SHA256
4bfde97155201df1125e486927987d0d7a7dcd3f5707ae032b60db96fb4fd570

SHA512
eff0d8d6a1f3fb328bd88c0fd3153e13ea75b21a79e0a414db066f7e940c21146fc8ed5d3777a0ce989a6a58ca1f8345674a9dfefc628aa13385638f4ff9450b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\20151

Filesize
20KB

MD5
d4e7008caa72121a06f06d1999c08c73

SHA1
2ecc5bd811d1632abab2bd425c9de28d1a10678c

SHA256
6ebf9bf100d078b26749d28f12591a77728f85fb99ce8d310a06f704d59b4691

SHA512
b23e1cccb5d94e3a425ef5e8cb95b5ed060407b92e472bae45bfd5341e06f3e56dbd84be38c30527b3eb166bcab76e0f483cd2da2e0709e45dc7e1b655d89052

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\20880

Filesize
7KB

MD5
c18c0fe3697bb27e1747267e88e96ad5

SHA1
59301c30fdf8260e8c6c1ea8f028b31f5466643a

SHA256
dff27f572efdbe75d75fb125afcf58ae1307aeaf345e26ef665a05040cdc8a31

SHA512
b0736f9679f3e128b19b7332d1d4e65d63e110dc9d2473107222b882045ec3b4846317c9d7c91741af60cb89236a579ac01c5e246544fb6e4b7548369e04429e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\20964

Filesize
11KB

MD5
d8a88601ddb1592e1201d9378312eb20

SHA1
2d0397bf0d06e039cd1b36f2b71e7bcf3df0fc27

SHA256
e96437e5df87be8bf5a52137263058941c56e2d541333c2aa247e351d8780b64

SHA512
2615af5da6e10c6f8798ff31f7f119a4e575210f81a6fb70f7960e86644c7afcf6cac7e47e3f9cd23bb542a199f0856c863920f89753ac4d91a9ab704e290608

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\2256

Filesize
7KB

MD5
aed0f4c3f2d803e856cd2bf541affe77

SHA1
27e4dbc33aebd68902879a032e2bedd6ed96b3e9

SHA256
eef6c8ea0d84c82918a4cdf80e13c0a87ca0a7dd5732d89c8a45ac31aff6f250

SHA512
02c83f4c1bfb4f16a6afc4e1ddd9f825e7cda6c063361cea7dd68ff6f00970cc8fab3479ac66513add6a77f979d7bfdd3d902a18f3968c3188ed5f058b66abc0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\23461

Filesize
9KB

MD5
2c6af09689abc6b4c54cd3d141fad3ac

SHA1
22ddceada7086aad643565a4e5c6f75bb4233fa6

SHA256
d33e52355ed3d0dd959336e38e70f6ba0d1c2d3c39ac3ef3a26a58a28d5394e2

SHA512
24d27912a2cc9a87a8c847e25370e18e0bfb68cd5e0bd36d811114d8403b00ad6c31d6cec7a88f987ac8b436c463ad93064a38d434809bd7d1c3122f8ece97f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\24229

Filesize
9KB

MD5
2622217f3ff8e4142665fdcbf6fdcad0

SHA1
aaa8c183c97150edc8bf1a3098ad277938ccc4cb

SHA256
fe1530f9a198e7e1386c0952e0b132ca9ddaedb30533dc31fb08d5ebfe6c044b

SHA512
68e65416eb3a6618340c3b5467bba39bd368814f9d81c6f6201dad1dad9762e3928754c60fb4f5c481b497d4495cae2c37d35ab91be1176a071705b5a87290d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\24707

Filesize
8KB

MD5
21286834f2171a875f26c2a45ae2cb18

SHA1
8384bdf698c519a89b4e97cb3d2d8d1b8050d8bc

SHA256
37d620e5cd8104b605ae76aabace525025eca96a373e55a0ee82258574ce4671

SHA512
8e30155770e61987f4f5a61908545983bc0527ce07e06e4cb504c89000f1b596d4344daee27b15b00180be19e209d011c8e22f9867edeb1a06ce3b88563e0eae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\25678

Filesize
13KB

MD5
b057d9351bea474beb4ad219ba921e7f

SHA1
5fe35ea76f7e7dbef17f2da5f9d0e340f3cf0c87

SHA256
c508a0a9627af5a908e7d0843c2c9196bb28f3aa24d7917e8c2a5ed0c41b94a0

SHA512
1c7785418885b8edcf469bd3d9b5111d36d27de94861c1abddc1decbe2d91666466dbf5eb11fcf7360c2725a10a713c25e6d8661d69948b3e2e3780b97d84aa4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\2633

Filesize
13KB

MD5
c12319dadb1c0a90236941780cdb080a

SHA1
1a2ef03c56ed590c196fb4f3cb5155abba93fc99

SHA256
470ea3ea6bb208a306568b0530672c5f76e9d0e7691bfe2088039c2ec1639363

SHA512
a77dd3e90732e2bf6ead0d8ac56a31f29529c3fa9ed79b238ee237c8d7e801ae11221d3ea89721181f353e23351ff2dcebb0dc81c08085d723bafc0c1b3fe869

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\27108

Filesize
9KB

MD5
8130a13bfe659a27ba3541fcd3456c84

SHA1
6c054b5a6a1e08b26214be79f05e8db4dc5cf447

SHA256
dbe1ab6c1341b86bd5508a090a13219165161928c4eee499d9fb7c6f4fabe00d

SHA512
16d7bbe8af26850f778d043b4f1bd861ab77cf82fb73f88236c7e88b92521731f6a57670bdb2838e098363634c911a5f69642bb835c34f940badc87caf7e6927

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\28716

Filesize
9KB

MD5
40edf8b447e04e5808a6b8083ddcdeee

SHA1
19c56378389bc6245155aec781eb3bc3d5b0b323

SHA256
220e2f567cc36f71f6930d26a5e7eca4b7cc4dc93a96241f92cde6eaf6857df4

SHA512
98869d2e2e493091ba4ab81ea092b89c81748ef39af9de21d496d302ce10aa48c01737f6f006d18dad1498c1c04c85a9e985bb59981ec5995a741b7a996f55fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\28944

Filesize
9KB

MD5
e62c644e0e02bb6b31743c7d3e409c92

SHA1
3f13ce5c74afaf331fbbe3bbc5a9e1c78f9a07a4

SHA256
60b5f3c346a2f01c046d68f879397839127825ac1b41f1685a297b5601da8e05

SHA512
b941a14eeb8f8cad085557905518f79d79886fbeacb7812e30b2369de7917c40556a6778c4576a2a2a35c81faa65136524f5358b1616bd59563a94cc0a27e2e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\30457

Filesize
9KB

MD5
e67830a348ebeaf9bca2a0af8d75471a

SHA1
ee7e32bbbb65dbf1fac824e167d31b18388572a6

SHA256
75ec6181482686ba22b673a45387af81c51624e0ad07f53a0ebb7a4fd1bd5cca

SHA512
bbb78307eb07acb9c07c46ea776883eebdda7b300650f445dad456d578c50e265e1883d480a254c22b105c0406928e920b46e64def37fbce55df61048827bc7a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\378

Filesize
11KB

MD5
ad013ba64755a9ee2fcf36e7b1af5099

SHA1
32ccaf9af04932471633aeee62485822dbbf64d8

SHA256
41fc3522ff26b2671d3d7888d30bceed9ee04cc7f96b671e90b5af15515af436

SHA512
b5ea16e6aeca416de91d5f62f198df6ea1c16629a9b2c19b26e65ba4f6c76bde970851875c0c032ba0c667af7a2486cce48bff41981ddad96f8a8072b393df25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\4150

Filesize
11KB

MD5
43ac557702a8817712678d708d8425ef

SHA1
451c79b75245b781b9c0976a6e7aff781b0a7b6c

SHA256
3f946c1ee70feba58e537d6b84172f4b003ae53e39273ddd47e824c4d8554231

SHA512
1c5c14adae09a561a37667dfe7e554c7a9a7b19244f8fa53274fbcecc4b2dedc25191f0dde80ce8618a5f9112fce39c7db1099a1798998014fbd945d88063bd1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\4515

Filesize
9KB

MD5
fb77d60b0c4992fdd41801b4a8f66ae2

SHA1
5f64a82bdf6c82496912a2b8f310510a85be51f5

SHA256
15f8ec0e12934e7d0f741facd236f6ae29b08c2b78b5de313e6105af23fdc034

SHA512
bed57fa12328734cc663fcad46e3fbd7b85e0acecd806a7019c8796072a4bfa61ce184bb03a7fa317a87faf00cd796e1a64bb0bc462cf7b4f15a93707ab56ce2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\4835

Filesize
9KB

MD5
c4862e996e2fbaaddc5a8285273c66b7

SHA1
6ca892f641593d45d62bf0ef5d0c2f02cbab3cbc

SHA256
88e36a9986807eb8ec5bbda78cad1258973c90064ab44009631d8a6beb204f5e

SHA512
bf5d7adbd8e086454ee0b8e28f9b29429c61995cd4496c430cbd73fdc77e95e240ff634d61fc00ec4900f0ba268fe4002d0acc86f279352b7ca02f5d9aecefb3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\6224

Filesize
7KB

MD5
34b2b5b8f988a704e12cb280a327d8e3

SHA1
de2290409018bf4363d200bb361eea9ad450c997

SHA256
8233206943756bf13b8cd4a167e701dbf58f2ab3378f44aad5488afa981fe8d7

SHA512
57d8d9955e552f1979f56740bc9a2619df5bfb254d13e4610188c0a884631c217c20dd7db75eb8815c25be09dd3882f256635fc6a159b5ce68641d54d62f2f28

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\6235

Filesize
21KB

MD5
a6422cd1c97c9a6bfe0cc6c45d8810c8

SHA1
528dd5407be1d0517c1ff0a145e359c8a628d415

SHA256
f3e6320d13bbc309c43e0f6f781df5e92895175fd20eb2abd225436c2d4235c1

SHA512
06970b3d7205ca6e5648b6001164dae1ac59d7a9ed8cf30cf190a9d56027cf7f254f04dc7076f983c41e0c48de599e3254707a247930890789edecbbfb090440

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\6785

Filesize
7KB

MD5
d3932d5815479a0390a183950cdbe011

SHA1
d3f7b330f7f0d09120b29cf28800bc44e3aa2651

SHA256
ad994355fbe4d0eb178df66b0b387ae5def98fc399e07dc99099cb85b68a76f5

SHA512
22272458fa5c3b983a0f9656a8dd6834071d9fde014b341b34ebcd496adf273a55f1751730e2b9e2784fde745a27a6c093319d72def760c98b5472bf3423be37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\7044

Filesize
20KB

MD5
e425efdba62889698214b39990ed33de

SHA1
f54f669338fb5c08ab09c7ff175a51a70d0c1088

SHA256
289e44fd4533d7b482a2acc375e0a9f093764d1fee4c1272eff6788ac8614498

SHA512
76264770b84d17ee3894919ebaeb37224ba0fac19949279aad8adf27dac5020ab69f28559b263a7764b677d425c51c2f0609df2ef47cb7e53b87539412d6ad21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\8116

Filesize
8KB

MD5
ef16fa9149b00229ab5bf67fc26269bc

SHA1
971b40b9ffd03c7ecf5876e2a6c6761b53d1aa81

SHA256
5bc97fa5d0fbaf6d278c8939ab210074867023ce1eb7b9d47727d48cdc56ea82

SHA512
5832fa93fb89119988c129ece8843cdd92d10f0482ed28ee2ec4c66172505a19c481f73c10689d0da1ab0d1404a1c28c75147881b2d05d651604d445374f07de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\doomed\8950

Filesize
8KB

MD5
f7d884947eda2d2b49b06c4a9019c3a1

SHA1
f0e948512522bd3c8ed8071cd9a26bb7db927774

SHA256
75aca50cab7c50b3d7dd4ffd3cd10212f4531a8036b92b56ac2d1efd63b898f4

SHA512
64c0ea6a71f654766eb97a43b35c081f4d3fba51c8a9d084896cf26fc9df9991d3447476e88f3edd1e9fab86d95a016c6dd71a86d768a502549670bd184678da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\0A85430A061C1C1A2D09290A8E0A62C48B884D8D

Filesize
14KB

MD5
1e9b470583928345e247cdf990c8de01

SHA1
f0a4b525cd6a7862bb2e905c2489f3fbce27887f

SHA256
5b219b500d2862f0dcbde1df3b2420664d43ce02f9d23a04dd20c801a802af90

SHA512
d3032b74563c3a1af91050694b94a78a3c0e4268c11c7273cc7e31b90e7131d8807541e149c119878acdde0956347ae7ecd07815b16d06dc720bccba365bf5d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\1C672F5A141657A2756D771651982232B937763E

Filesize
78KB

MD5
9bc203e60718b8cac3f11f876105a2d8

SHA1
500ddb13e7c564ece5676ec473b569271d97cdc8

SHA256
b9041cb482b22de8665084231b92e970862ac38681b7c1836563002e663e5bbb

SHA512
0345635c7f961d1d1fb53fce41b9115d5b0ba30172068f3ca5745ed5c35fdfccf1ab9e49684eb9a8c6795b1c6b1a8694e0cf50b856545cab98fe3401490261bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\2189907AD17ADA4AA0BB314EA4E0C6CA0D73F9B0

Filesize
250KB

MD5
db10698cb2ad773e6556a2b53edf3785

SHA1
2158082e86b15cbb3e2fbddb27127aeb8868b8cb

SHA256
970617c03667f8dbb0800773012f913682178580a7ad97ceebfaebeb3972e7f2

SHA512
c756eb79b52f0a9eb2738d28a05b19da5e4573c6b84f79db6af0cc7068cfea2bd8e8bc3e2358323fd04a0f0ab57a7c872581c0e1b68370ec37885d51563f8f79

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\2906546C5328C44F7499CF6B2B2711F159D94166

Filesize
200KB

MD5
dba6c3c72e155d79e2ab3227e5c10158

SHA1
33c1ce518f5f90cee2b10f363119cb1d73ff41f7

SHA256
7354a50fe9edbf8b54da2d4cf5d0efdd0eea11da5a5868f5d5d07eb86bffeb20

SHA512
f8ffde861fed76c41a124e4d87fc8709466d3f9c7ef04e0155c7a0f60581287e40d08dcd36fe7bf9a62af966529f3c72ae205d4a130b7f60754d51883277b3b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\3D9795B818732145C885CED2F0F89E682BB0A124

Filesize
64KB

MD5
4f123a38419a3c199ce1a3702450ee36

SHA1
bfc41c132bb9e8ab56a125b3c54333afa0512713

SHA256
65ee06757c458ba675fe2a724983712b2ba6453475eadef9dc744fb2f84e4707

SHA512
52f4803f54c38802c84a6d69529cb983b18e332398c8653c2143e0d9f58dc0647a658fb735168b56de44db0dbbf1c845dc194688c62432cb6a2fdc3f302fb506

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\3E7CED8A5313256270FF568DB1D1C842C887191C

Filesize
74KB

MD5
fbd49f7ce7cea27235b4446bc1c7a0bf

SHA1
5ad7a41fe7171c2abd8bbc68c3a2fa13578495b4

SHA256
ef8b75a2d88f5700272dc513cd0bde6c0b1000be3a32aaac09826d5ca04be9ed

SHA512
44a887606d6103204017b573dae1d096dbfea453047113bbb0b6b79c92ccca1554ed4a03e537307e9f56ec73705e22695820aeb716e1e53579b1d6b840aaa67b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\407C848089E9A6D3FD30ADCC27C2E03B00F19BD6

Filesize
15KB

MD5
82327ed53e4434508fbc58b64f5ad456

SHA1
23cba3dd68fa902a64f2a8f89f881e33769ccedf

SHA256
c72bb6b569dbdd3c77849b07dc44383e4e25f26a606e34449b8ffbb1d0d4eddc

SHA512
3fbc8570bf15930383196eebe9ff4bf87a208e2d536bbb5b42a404e69877139fe3fe2efc9247666626182b81edebaa2dae0930b83dcdce0bb247a04955da5d06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\456D04540C56FE79C8B566C669E803AD292CBC8F

Filesize
214KB

MD5
923e3291155f2ceec19f2cd3b198cdcf

SHA1
e2c2a98858dffc64a3221dba7838bb5a01282ce2

SHA256
4f40ce0dbc6154fd5c26096abaacaa90fb28d598316d04045a25cb80b5919198

SHA512
d63c84f20f24cd4554fea81f315c0f9cb5c4501b19a65a49800940af037ccf8e8229c0ef1f507bae8e9d99393662ee3b1eda3e3887e48714532df7d804be56d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\46F02B7E79B1A4EF1AE5E627F5789A9160CF0A88

Filesize
28KB

MD5
82bf462392f530f6c60082dbfde9fbe4

SHA1
0343823166160941de21ca615f93111027ff0a09

SHA256
071795aba8fc63f323e362d1abf0b70c6fb1c543a8973c2d15926b0d50092d80

SHA512
a0f28a4b11fe2b525ed936970a0237f6d3ecfd448dbd95dbc7310c7f9964bb9a321513d49231c470b5d7a44f40ab6332a5e98dd2600fc89473cfe0d6e63d4a23

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\4C1A42221F1BE381807D77BFDC6C45A99B2A7C54

Filesize
64KB

MD5
defb311a233f292d0ff9470bac519f91

SHA1
b7044f36bb2b5f65617eed5004dbf3ee3d792d31

SHA256
90df7f88cb8c41a1821242da166593e426f8ecb65ff608c533712c6c188acaba

SHA512
273557ffbfcefa5dc214536c8dab55fb807bb22c868c7e31bc08feba2d4d272592dff23680b001406c77e1e1eb218eda31e029b06362c17a91f98259f7e23b7d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\84E5D4640B470B663F6AF392181EC61CAE0DD72B

Filesize
192KB

MD5
8da3501b0c9b02fb7560102b102a7f37

SHA1
6daa41dd0d2427d466d50697e045327a715e6d27

SHA256
db68985360a4d27d537f14ae12b296dd57b28b888c738ddc712f42411f362148

SHA512
572e047fa8ec050361be46fead8ae01ee4da27973fea4f11024844c2bc0e7bd92fe0f767e7597d1057a303af488a7f30546b4a59ec93e7d2bd17c19f2907fa4b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\8FD72DE553199ABA390AF38726ECA9F5B3786DE4

Filesize
145KB

MD5
65b966ca5b420196942005b487fc9686

SHA1
a9083c477ca774daeaf13989d4ef7450d35b1027

SHA256
4a8383ec02d629bb635205cd5b95deed9f1b7fc58e2b6be5f2bc846b1edc6461

SHA512
3ac0067af153c8f67fb31bb4d2278a420a114808c0ba67e9be73150c9da8ef5c8fa4b8ece59a08053cac6145d56e1692f59449b25d0a4f9b8006a84bbbe1a346

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\93042C7529E0859C6707F131E751E402FD67B24D

Filesize
131KB

MD5
df36bff130169f7dbdd8784b10a32a63

SHA1
320f76a9d73f7425ba8951e225751105adc3e473

SHA256
9e64fc573565a4c30482a14a1bef5b912b407d8cb6a0aad68d359a24c87e58b3

SHA512
4d7213d44c926df9a2dfd208422ee34436fe2f1ba38dea1e9326986f65bd0256a88e4eec5e6395c8b6298925680ea33ab1480cdb8f491bbc13faa41ff6471907

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\9858C49B17488F3B0D88D3AA1AFBC5BA700977DE

Filesize
104KB

MD5
67f2f6628a22bbd1e89a69accdcb83e5

SHA1
bdaff7132888ee2a1ade0952f59d3dd45d4a2f55

SHA256
364399b053454bae7faa8c8762a9fcaca6011031240acf8153462cf800f3e50d

SHA512
5d743cfdeb51c574e6c561b2e1e859c5004bd22710801285fedb4e5577e48971d2581cf50c0641f5b7641eb2362e3f325524cbcfcd19db89ed397f06aa07389d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\AF5E468DC1D4B3E61BADABF1F4B315EF62DACE5B

Filesize
59KB

MD5
cf135ccb9a83ccd08237fbf455737186

SHA1
36ccc47c9a3c6dada7812535f7b1fdeadce7d392

SHA256
4e2a3a7b7309af4e62cc4e51f30bbd17702428c4a297cf5e3c1e98ace0a8e5c9

SHA512
f2af4eed77bed91324d707a4bd6905e301d5d6f47fb6ff0d150df47d7ee31bdc05a17d33f586ed5ed39bdb92f025009146a87c7787b0fbfddd475bf5850b0ac2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\C057C497B1A44255ABAC218DE37CFB2BB7CA3534

Filesize
116KB

MD5
ae7a88b51ef5996c4f96ec24d0a799b0

SHA1
73d9ccccf64dda6af30b20dfe55870a0fcc85189

SHA256
097495da9d1c4a4f2936ae384689e5561162e5b76675143eaa8b2482ac7c926a

SHA512
618f2d3564289de5a5b422ec56a24805bc527fdb38acf8e12d8aa53a0942a80ef2c04157dd362230f166fd1ca65dbac37d4ef3ecb078d7b6827185c37ffbc873

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\CCA30632546AF14F66746EC58FAE40DE0EBC8351

Filesize
122KB

MD5
b3a27eca8b359a8fa8969218a06c6b07

SHA1
770c495581929ea5c554650bca3286479c09d59b

SHA256
0c18cb5126bdc75cc5a480c77b7da4c58f76b62c4356256a8991b731d048c372

SHA512
af3af9312e1751354130007efb2a5caa8dfaabae6555e4fe90a3154d6e8b7fe4441575f4eb79744176ffd53d1e85cc782c57ceb812f6be96596d2bf94c45a909

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\D64116C28677D89F86BAE19FCB268DF06AC64351

Filesize
16KB

MD5
f7d173a635e330356d8ee0586eff2320

SHA1
ae06943a6b33cf25ac6624d4c0333d415489cedd

SHA256
3200ce122b5e199aa6fbcfc7372541034105d39f62ff2572fe21c8ef84bc22e3

SHA512
941c422da83dc0d5dcf788da2148a5122c0a2413153f88195c71b9eeb51e32c5dfd85e88a90f497a4628dc899a62f48223a9df7ee8e8f2a63693b14b4b7ca3fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\D9117EDB35C93C3D4BFA425B25658728DE208261

Filesize
64KB

MD5
83cd472be36fe5d5766ba3c928d44e27

SHA1
12d4833af56609b0de4d29bebf94737f522be56f

SHA256
0651bec0760415a1d2e4350f1d4f9e5b5266a5cb1e5f3dc0db5c03975043aec9

SHA512
35757e34f95efe49075001906c07abfa4c501ca3593cfdfbad66d85fc2447f8531f9efc6d4cf0bec92b9a1af6aa4232d563fa45877abe05502925e25062e4a9d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\cache2\entries\EAC7251E8D002956208152C0EB0525354EA5D30D

Filesize
18KB

MD5
9cf30cf25d81becdad0317860bc3ccd1

SHA1
a36adab5ccec16db49c74f22aa41c184c4fed07d

SHA256
c3b6b91ab631c48bae9f34ff49d57a990aab4940808a97ea4d49925c959b24ed

SHA512
d4dbe3ef5a0b736685d028f20e61746b15b5eddc8c0df28e0f529b114cf661cbfedf7f206b6a448689982a5d302cea4aecbf06b15062b0ed615f2bb0cead1bf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
4.2MB

MD5
e184e1ff5f57ec109e7d7a90e359d014

SHA1
efc133d372a80f40fec96b9af8cc2b0189d6a6e2

SHA256
b5691f00bdb42c4dd06eb54a6a6ac2bdb7f346d48859a88d3fb4436e8f046aae

SHA512
9a8d7248a0bd2967c0a7336a3f4e874c3639cbaf82167bd0c96e3d375fe3f6bc5e0a48bc8260af91e21631e16a2217a024ff8490034d14d089af7333d1803bdd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
223B

MD5
0089a450ac0d5daa3adf503ff0a4729a

SHA1
d0878bd92572f94d86b116f9bf0b14fe8732ebdb

SHA256
475bc454dd4fe83f3039ff97e98878dcb591ce8605b4d4c171775ed6bd392850

SHA512
458edb0f29f7e7d92dfb46981a59d8ff3a9c47ab2f09077000ef03ad063ebb94361adfddeb1e5dbc3857e6c639559bf1a14968ac905fd1d3756bfb786fd362b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
20cd592b49e89d7ee6eb6153bc912c91

SHA1
56f6e42ade302d16b94b65e36886705aa60d4f81

SHA256
9172ec8abaa9e3b0efb67d29264b0bef4ed29014e108d1b2c61ddea1ca418c1b

SHA512
154ddf90ff2ddd54c1843c72840eaeadec6542c25fbff54d846303e32fcfacf3becdb0192e17e889c6fdc15c72a03dce49d72af28cb6ec7da91b33413002387e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\datareporting\glean\pending_pings\645f342f-dfb4-4176-8453-892620250d49

Filesize
10KB

MD5
908129ad06dcda1e118a609b85d98f0f

SHA1
953305dc9dfb8fd4674677eb98674dc74905c561

SHA256
d9aec1a29cc07cd1d265afd21bb6467393dd057458c320794097add903ca94d0

SHA512
dbf3f75622366d1f3f1f32d78a47686420720133b156eb69b7b2e0cb0e8500c18b362acc641db1c8a6bf776ec1e6d6d220a37d7e56b5053079fe7aab39892261

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\datareporting\glean\pending_pings\82a93c9f-ce38-437f-98a5-3ffebe65af61

Filesize
746B

MD5
d35f9f84e0e65976111bb0ff15ef85a6

SHA1
a2cb8d6fe434a3b19f3243b294388dc50e094e58

SHA256
e1d4af0466a99de019772b86613ff20c85a9e7326e7de516c73862afcb23a677

SHA512
32561794289956a6f984f445a815096fe2b98969a54df193f1914eabcb6f4274eed8adc57ed1663de38f4b322138242bfe50525cc51be3b12d4c37cc7289b637

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js

Filesize
6KB

MD5
630f13ad871395f62acafa7d3aa05bde

SHA1
4b91ae8add96a6724738a92ad7801b9d47cbbeba

SHA256
c6ecca73c2ffe0666981740fb33ff3384ad6d253264a4f444f52646e7626d976

SHA512
8a16dcdab1bcb5f7fd49a68518d6d217a5e54edf86470bf91fddd9a751d3dfb6fee743f452ef054397aa482950933c29d000e3d1ff8dc6dc7202c9441c9da03f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js

Filesize
6KB

MD5
0a6ad6c7ae075a786029d83f93e6e256

SHA1
4777c70b483ee55a12974216635620c14b3ee8b8

SHA256
f5395891f53d8c2b19145d73691f563ab4b1c780f07f2c2e89da6fe613588d27

SHA512
07d0f0a3da6cf41756fff4ce179dc2252ca30db02a93508671b280c9bb929b7514859da1d10f03cb7e0cd36408fe08f7bd2b95ab51180e1d3b2e7dec3bcd6ba0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js

Filesize
6KB

MD5
de645cc252892c0416d766ec633131ca

SHA1
a7b28f6f70ef683ed60035fac30a1ef8813b3500

SHA256
2e45c4e9be9194bff522338ff4c1edb571644b6d4299484502770cc4db4043a5

SHA512
f1cd0ad8cdf782046fbc8e40b83cfde95dddc5dff25a5c534fca9c5e8bec53b26c917de59987fb7444c0769f453a54534c77319524ed1334ef44b95b4c2cf2bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs.js

Filesize
6KB

MD5
89d8a98dce6ef3556e72bd8de3501088

SHA1
2f034a8677d9b16912cad4d2af6347f6e6742026

SHA256
574e66e70bac5c5d7f0dc669bcdebbe3f31307f436087b4db8134a842e746900

SHA512
e1d01dfd0d7e9c3100e480c0183496d12a58019c6a9c3ee9539a8fda31d5afeee084928ae66100532e4f6f8ffd9fbdce65b896b25e4e06c166c1355d94132feb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs.js

Filesize
6KB

MD5
134479e7a1ac06fcdeb473619651663e

SHA1
c7a08ce8706398b42bf8700bd1c08702c348cbd4

SHA256
01fa9ef89a83382480517cfcdd121c4e8428db14fa28b610cce77b3ff3db6ba9

SHA512
e12f6836279a671c848f6ba222f7e181e1739f854b2e086411360c9a71350c6d3be6c96e14357879ad8f616ff32ded63b2d3508ca6416dfe706df36cd47766cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
46227bce91d059ecc33a9936c3315dc7

SHA1
93841b56c328645ac1d3ad63a8bdde6e7e240329

SHA256
bad9624611088a477bac18a7f36b66da64a323467593b8a1219c7fbf93eeaa08

SHA512
a745389c293597525bffdbf170814a1f3716fd5c6aaaf680d80c51fefb64bd209336fc4e4e52098256e5e4f242db1a152d9750c8c743d1cd78628aa5c6dd437b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
7b8fe578b04519b0f88122bdceaca390

SHA1
d401e0b2582a8311e7a812f649e8df9d38944b34

SHA256
0be65f4e6cb4f5fe56a8d9da9d1399403daa30e4ab83bf189fdf3f42cf3b5f65

SHA512
3d1e848e9d5ac7a5fe08094e3543a44c0419c454cd0ff3f7aaa44352a3d18addf2527b410855df839d7d1cc72d5e639ffd06c73782b8c9e25d9ba43c00b31abd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
cf66847b33a800b7a79c083de7702ba0

SHA1
fc73dd34da824658a618163e3f5188b66d016e54

SHA256
f0b0429f7295b324ce281b075e1880d4fab6d2ed848bdf97f3e283629e988acf

SHA512
2d40c13fca926a76a2e4dcd12205900a171332405ba629213e0e5a24d2f6ac1d840e3b19e0d4229f6d94183fd1f9960b3c0485fce83422f42221420d12d080d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
865c9c4e2d1e8dc8328580f49defa70a

SHA1
845e2683e350292392f42c0ef342d2406d6f1d83

SHA256
fa8d391f079e7518cb23acd35f0c06b4fb17971054e58e1b9b36df920e79dc90

SHA512
050e0588db2dbcdc3b624722c9a293f0d5788384f5a2761747789201b05df5662fa422fabdac63c2befddb3d304f6745ba95bece46282d1ccb72f9cbb4a33197

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
2c691dc6c077fe26b6d84201c7b3b99f

SHA1
f8a766bf61b34a60a78427d5bc4659a95e4c2a43

SHA256
7a287429d98d1540eab32a9b17f7e15eb7fa861bd041eafca533d7d86cb8c06c

SHA512
93b1881a81d6f0091d286caf64fb9babd2b80ecff86aebb16bc2842665c15c179c6d814db29e966e91edb8c0b3564c926a27ff1fec15961add42346b6539c4cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
01dce807a494216fc6698241980f6d26

SHA1
007bb6dc4e06f6d21619c04e62d47a2b8d848f97

SHA256
97bbb2e02b20437596de4a768bac9ebd253b16d5f83937e6f287fff285669c77

SHA512
fa98b2291f098bbc5b70f5a1ffac7d837ed2b54a5a7288ad2dcd5ec9f2cba7a4c2c7212738e1cedf554917098a7914636a6e05a4c5d0fcc214c7c3fdf305d872

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
8091630299ca3035c6b7292bdc10cf0e

SHA1
19a3b6ec0eb9a419918fba36b1c5bb2da0682d52

SHA256
cf42829417aa2d7899ea7454a49be0d5b5db59e27aded2084905118cd65cd21c

SHA512
ef5ce77950e6f7eb3f45b86dc14085f5d6e4efed11ba57cb2165a462d19b26723c882b4b140f99bc82330cab74163a18fbe1f4c7dc4274f23f71b88677ab79f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
544ab970b2969fe559d1a23ef91d9247

SHA1
25ae464e057a5a1127e5792fab5bd7b3169b6cac

SHA256
b7206ae5ed71a54e86550e480b1dc961c6e6f09ee17400fa9c878bc86b8292b8

SHA512
471522af9fdbbfd008cccb5a19b77489172ae6823475d0e8abe0ed5573a97f8e26619603e39f06287073d4a0e42095aa08ffc0539056e3510878f7b504c40128

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
4d7994aaa94c4960e0b2cb92ea2a9a1e

SHA1
c55f26e7dfd505914b9a4e28bd210349e86b4c77

SHA256
c4524d27dbd29fce90600265e9829182b839b8f42d1a58a56660c819c01971fe

SHA512
0c65fd5d8bb60c437862ee84b14da5759c5216f10c6888ed0427bae9493e00dafde120b128183885830685012dafceb4adce4f82c1c7572ade5a5d41cf4cfc15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
663a4c912aa0b796f06d471d8d767a03

SHA1
311c761e3a3b2a2c3e44788d8f159620d832a2bd

SHA256
67477da256170ae1eaeb3417d2347e1ae669afc75e55b29e93791768bc866b92

SHA512
195836835d9a69f58037aaa574757f182bb88326012f898202a14fd1b589f02dcd923b74b4cb8b84236989913b18743d1902d9b950ef1644b2a29eae337eae1a

Download Submit
C:\Users\Admin\Downloads\qbittorrent_4.6.2_x64_setup.exe

Filesize
384KB

MD5
bf2863f4c2d00353886d0b2ff45172d2

SHA1
a0aa4271ee19560eb6d36c5252b9b61e3f516c26

SHA256
423b0a6be4a3a3eec7af947cf72b201803caf27f411f172a5556ee4cf193e075

SHA512
a66b4c0aeb90eeefa78f72b9af6f2afec585e0cc4fd362214853e863426cc4e34fecba3e0baea8f96ec6e90b2343a04af184b68dddbf710fd39c3270f14a04a0

Download Submit
C:\Users\Admin\Downloads\qbittorrent_4.6.2_x64_setup.exe

Filesize
448KB

MD5
8ef3c88bf954431c0a5e109325d9b26f

SHA1
f30e24d1af575dca90acb4a669907d350b79a8d5

SHA256
d546ce7007f9d441a1f2e3f3566af83cb285447c43bf489076611d70eb525aec

SHA512
3494a6d8661c7cdf983e30a68cea841fd802cc868e4a04e21b45501cda217a5cfcbcdced6740b7fe6171400a618242aa84d88aa03e9f1cdf3752b0b5eb371252

Download Submit
C:\Users\Admin\Downloads\qbittorrent_4.6.2_x64_setup.exe

Filesize
15.4MB

MD5
67a8cc25166a9d07757319f137036449

SHA1
5d0ee9d5810c78d2a6f97de48b4a25114c0699bb

SHA256
8177a5753ca11a1683c2248145e9ac94f360735b7189d0a39fab87e6bb7d7142

SHA512
5aef7b8a0584d2934f8033cfbd85faa33b3ffe1ca2aa396db9f7f1d29a0c24adf00f761dba205ab26e120da818fe12b924966814102d0b15219b2afbae943045

Download Submit
C:\Users\Admin\Downloads\qbittorrent_4.6.3_x64_setup.exe

Filesize
1.1MB

MD5
8f451298a14677b05adbe8d53e8389a3

SHA1
1c959a984e0d1f867f0021d99e643018d1b103a8

SHA256
936247ee3999a89d967683969a435ac0cb471d38b59e89fff445721d2877870e

SHA512
b1cf4778e8fb7107b18d702a8e518ccf13c62b595995426c72f359a596680d2c1983cc075b04901eb8ac3f4f2f15461b2e053f7e699c90d22145a38ef88df890

Download Submit
C:\Users\Admin\Downloads\qbittorrent_4.6.3_x64_setup.exe

Filesize
256KB

MD5
ed4d90c230be63908712abc2e0c154fa

SHA1
67abbc2c54532c65752939bd4c6bb452e9263703

SHA256
e1ee85cab8c487f4936e69eb07023d50fc3f870fb62581343085b6034b7f94e5

SHA512
f3e5daea24a5105e46b0acce99f5632c50e798d09ccded6c0bc1d8127e19948bca98226fcf96279b31484a4437bba367ea9a44431c1e94d7c4e579705a03eca7

Download Submit
C:\Users\Admin\Downloads\qbittorrent_4.6.3_x64_setup.exe

Filesize
1.4MB

MD5
1ae102a85849dac6d3808f7943a93411

SHA1
c218d32bc0d1839b95b48635c78ed1bc081cb418

SHA256
bab205f34febc62184c68cb16b16c78423dee8bf8ec466f69a76f3d41c02704e

SHA512
135dfa904dcc2b3f9211c8383775d006f0c86a849aa5ee04c59fa40199a990d5e1e7667138e66ab7d1beb6e69d1c24e7886d9d6a22e64bae74c5921245846c58

Download Submit
\Users\Admin\AppData\Local\Temp\nsy7E9E.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
\Users\Admin\AppData\Local\Temp\nsy7E9E.tmp\UAC.dll

Filesize
14KB

MD5
adb29e6b186daa765dc750128649b63d

SHA1
160cbdc4cb0ac2c142d361df138c537aa7e708c9

SHA256
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

SHA512
b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

Download Submit
memory/4356-24-0x00007FFB9BA20000-0x00007FFB9BA30000-memory.dmp

Filesize
64KB

Download
memory/4356-264-0x00007FFB9EAF0000-0x00007FFB9EB00000-memory.dmp

Filesize
64KB

Download
memory/4356-19-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-20-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-13-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-21-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-12-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-11-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-22-0x00007FFBDCAF0000-0x00007FFBDCB9E000-memory.dmp

Filesize
696KB

Download
memory/4356-8-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-7-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-5-0x00007FFB9EAF0000-0x00007FFB9EB00000-memory.dmp

Filesize
64KB

Download
memory/4356-23-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-18-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-15-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-261-0x00007FFB9EAF0000-0x00007FFB9EB00000-memory.dmp

Filesize
64KB

Download
memory/4356-263-0x00007FFB9EAF0000-0x00007FFB9EB00000-memory.dmp

Filesize
64KB

Download
memory/4356-3-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-262-0x00007FFB9EAF0000-0x00007FFB9EB00000-memory.dmp

Filesize
64KB

Download
memory/4356-2-0x00007FFB9EAF0000-0x00007FFB9EB00000-memory.dmp

Filesize
64KB

Download
memory/4356-6-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-1-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-4-0x00007FFB9EAF0000-0x00007FFB9EB00000-memory.dmp

Filesize
64KB

Download
memory/4356-0-0x00007FFB9EAF0000-0x00007FFB9EB00000-memory.dmp

Filesize
64KB

Download
memory/4356-16-0x00007FFBDCAF0000-0x00007FFBDCB9E000-memory.dmp

Filesize
696KB

Download
memory/4356-14-0x00007FFB9BA20000-0x00007FFB9BA30000-memory.dmp

Filesize
64KB

Download
memory/4356-17-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download
memory/4356-266-0x00007FFBDCAF0000-0x00007FFBDCB9E000-memory.dmp

Filesize
696KB

Download
memory/4356-265-0x00007FFBDCAF0000-0x00007FFBDCB9E000-memory.dmp

Filesize
696KB

Download
memory/4356-267-0x00007FFBDEA60000-0x00007FFBDEC3B000-memory.dmp

Filesize
1.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads