96349b4ca999a16f0e3b2159c41d25685e3dca999322b3a29b25369a24f63ed1

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
30-03-2023 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

modest-menu_v0.9.8_(Kiddionsmodmenu.com)_.zip
Size

15.3MB
MD5

af9c9de33a29273cae626d0f17969783
SHA1

dbd02372275e226a5bc98d3f40e59e217caf4a14
SHA256

96349b4ca999a16f0e3b2159c41d25685e3dca999322b3a29b25369a24f63ed1
SHA512

c5853928e27029c653d036e096cc5add55a32fc22d760e35fe20271e36d4e5bce4edc17be41f87b05ccd2de886c1222ed390040e4e767b4a6fc32ea8e1ed275b
SSDEEP

393216:SppNV85+fjQdAYnLHbcnM/tIMZTLmhvnq6LuuRopdp3vVoJocfx:cYkcdAcLHbcnM/t5Wh/6HpdpdoScfx

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 3308 firefox.exe
Token: SeDebugPrivilege 3308 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

3308 firefox.exe
3308 firefox.exe
3308 firefox.exe
3308 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3308 firefox.exe
3308 firefox.exe
3308 firefox.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

3308 firefox.exe
3308 firefox.exe
3308 firefox.exe
3308 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	3308	firefox.exe
Token: SeDebugPrivilege	3308	firefox.exe

pid	process
3308	firefox.exe
3308	firefox.exe
3308	firefox.exe
3308	firefox.exe

pid	process
3308	firefox.exe
3308	firefox.exe
3308	firefox.exe

pid	process
3308	firefox.exe
3308	firefox.exe
3308	firefox.exe
3308	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 4556 wrote to memory of 3308	4556	firefox.exe	firefox.exe
PID 3308 wrote to memory of 2252	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 2252	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 5100	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 4372	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 4372	3308	firefox.exe	firefox.exe
PID 3308 wrote to memory of 4372	3308	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\modest-menu_v0.9.8_(Kiddionsmodmenu.com)_.zip
1⤵
PID:1084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.0.147423870\704071682" -parentBuildID 20221007134813 -prefsHandle 1820 -prefMapHandle 1812 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae71cbb7-fc63-4543-a325-a9c3048265d6} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 1900 250318a7658 gpu
3⤵
PID:2252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.1.1423383755\1884851861" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {626d6561-0558-4e19-95a4-e70ea869a745} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 2300 25023971958 socket
3⤵
PID:5100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.2.1739739812\558040595" -childID 1 -isForBrowser -prefsHandle 2668 -prefMapHandle 2700 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e45c410-bdf0-44a4-8eda-31f6d792876e} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 2752 250344fb858 tab
3⤵
PID:4372

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.3.1232834275\1749844409" -childID 2 -isForBrowser -prefsHandle 2332 -prefMapHandle 1460 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31ab9059-f91b-41d9-ae82-6add80fb4f20} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 1088 25023971f58 tab
3⤵
PID:1632

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.4.2135052528\2116271510" -childID 3 -isForBrowser -prefsHandle 4140 -prefMapHandle 4136 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2be27ba7-3f68-4621-992e-3c9b87cad181} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 4152 2502395c458 tab
3⤵
PID:544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.5.748679915\1807178186" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84eedf9a-6b7f-43ce-9872-b2c20d1b140e} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 4916 25036d6ba58 tab
3⤵
PID:1292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.6.429976832\528085131" -childID 5 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c3629dc-4f5f-452c-a1b8-bc1ee37c565d} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 4936 25036d6db58 tab
3⤵
PID:4288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.7.898506237\911393385" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {178844c2-587f-4b04-949d-4ce8dc22d465} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5244 25036d6de58 tab
3⤵
PID:2216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.8.556860777\352091407" -childID 7 -isForBrowser -prefsHandle 5652 -prefMapHandle 5648 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01800c3f-e05f-4926-b379-977ee30b63ba} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 2804 25030af9f58 tab
3⤵
PID:2744

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.9.789589788\900983018" -parentBuildID 20221007134813 -prefsHandle 6100 -prefMapHandle 2636 -prefsLen 26930 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d17389be-d576-443b-b5b9-103d3d9a2596} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 6092 25039336358 rdd
3⤵
PID:1536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.10.1438872059\2039380368" -childID 8 -isForBrowser -prefsHandle 5140 -prefMapHandle 5244 -prefsLen 26930 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bede843-19d2-4bf9-9172-88b4ca474301} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5124 250394e6158 tab
3⤵
PID:2484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.11.297426048\239518919" -childID 9 -isForBrowser -prefsHandle 4932 -prefMapHandle 5032 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37b85695-8091-49c1-a540-098df1f7ee5b} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5216 25036d6b458 tab
3⤵
PID:4272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.12.1195388615\1301902250" -childID 10 -isForBrowser -prefsHandle 4964 -prefMapHandle 4892 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8ff4d00-6726-4b65-b612-8f7876b74ca2} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 4976 25037064758 tab
3⤵
PID:1912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.13.853355760\739019092" -childID 11 -isForBrowser -prefsHandle 5232 -prefMapHandle 2692 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {353927ef-39e9-4cc0-9f20-93a7249fd4f2} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5332 2503973fb58 tab
3⤵
PID:2480

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.14.608892236\401689459" -childID 12 -isForBrowser -prefsHandle 5512 -prefMapHandle 9896 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbcc7a33-201c-4f1e-b9a3-6bc5d8b0f831} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 9916 250398a3458 tab
3⤵
PID:1160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.15.472275069\1936540172" -childID 13 -isForBrowser -prefsHandle 5176 -prefMapHandle 5144 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4013f38-7612-401d-a11f-6bd164548e65} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5188 25039f4c758 tab
3⤵
PID:3924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.16.568347444\1410770276" -childID 14 -isForBrowser -prefsHandle 9740 -prefMapHandle 9736 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cd1353a-4d96-4dcb-a391-9d55f1b66f0d} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 9748 25039f4d058 tab
3⤵
PID:964

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.17.2105641008\580480897" -childID 15 -isForBrowser -prefsHandle 9416 -prefMapHandle 9820 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f6cf828-6761-43d8-ac36-6bb44c2bc6c0} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 5304 25023962558 tab
3⤵
PID:4344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3308.18.27287600\986423117" -childID 16 -isForBrowser -prefsHandle 9296 -prefMapHandle 9420 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1452 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5161fe2-7cf3-4440-b593-05360da0c2d0} 3308 "\\.\pipe\gecko-crash-server-pipe.3308" 9800 250398a3458 tab
3⤵
PID:720

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
Filesize
148KB

MD5
925f406a071c4c2d8f07d4ef9b904f16

SHA1
2d9ef286351bb78e1c7bebd43d94eb49aa0445de

SHA256
9dd20689a0c7b05dc52d4245d87f123541050288ba784e1cd9e41f0897870423

SHA512
195035e16d1852fd68191a7646ea9ad5c83ec8615f56edabd37ede64111f58cfb302f4b345831eb10371f28caf2af17bc68e4dfbb7828667befd658ea3bbe5a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\24665
Filesize
56KB

MD5
d589ef93c053e6f5d0ad86ee48872017

SHA1
edc315ed20b1c5320ea2c68d111d873061540920

SHA256
62c8d5ed3bb4192e917742cb1a0474f8345e243881133d058b59a3b4ef19ead3

SHA512
e33ed56bd2b7cbab7b756afab4997ea294784aa4bcbde20bb04b112b640bc264133a1056d6d5fecbc3f01e291ed6fb138078a1b7de0fc95a8ba66abeca160313

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\25571
Filesize
8KB

MD5
cd80fe7c65a45c369ecad97629561fae

SHA1
82e28af3ab0e06406ae39a80562a44d77fae3b8d

SHA256
cf4dfa57454b1da0d4c35b71b081abd06493b6d48a1dd2e563add737c15abb93

SHA512
62d46d832758bdc0e27b6d3cfbfde2133267a4eefde599b780ae6a9946aff6f76f5ddf118ed50d0bdfceea484f30aa9f2b26091d1d39ea06d2ab9336320b7451

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
50cfb5c97373db8e3a3b717670754546

SHA1
0a049af16cd5e48567ab1965f75219ef6350fea5

SHA256
8a568a8e4bb9037192fd50207da57747f9d4ffd3898873057694ff936053bb63

SHA512
4afa64c8969163c6bcb4707d4853eeba4c2cfa26b75454089dc5e9336912299c66a852e4d8d06a357fdb43a9aa96b890477faff298ca3ff69711dad065201318

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
6KB

MD5
11ca79e8a77215d60f718d1f521076d0

SHA1
4089fc57f5754c67a7bb06468d45a69cd1d8ab16

SHA256
0d7dc1d8408e5bbfbec5e38fee0817aca6ea306a1a304c048f83ed39ed1397f9

SHA512
1b6c819e001da69670fb813066ba64f643652ff200bd3690eb96ef1932d90f500ca1e4e734a20b011b99ffac13f9c59101434b75e0f48ac64e888b463f2c82e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
09f17df541526bef7438d6bca9e3e3c7

SHA1
ed134f7aa47bd87fc3b1f88f4ddd6efd4ac1b649

SHA256
b68dd15215d55d1a53bf9acdfaab11ad3532b34b3369496cdca70b42f15bc656

SHA512
dfe1662f2de9e82449a2d2070d9f7efaed9cb0542777a40c26ca53dc3b575f9bcb6f05d09a976d40d0668d4f8f964a52e917d8cf74cb09b066bdc133f494d03b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
150bdf40c265d9042873d31286af0be1

SHA1
372767b19c9ab1e986c03d96da652f970bd105ce

SHA256
2c62f838b13472bf597d49560f4d191fff703cc3efa6a13ae07bdaa5d7d98158

SHA512
b56f1e424153b83398eb9ad0eb619519aa736bd80427efadf600c043f4d5b8a486a89dfb9411f17d9bd3bd4cdf213d201da623c9f852fa5facd007a5c300be0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
Filesize
7KB

MD5
4bed681703248b7de516778c01d843fd

SHA1
603d8993fab04c85d442fa3bb8195be43d9e67a6

SHA256
519db3a79b0a4c510d5d19de81c2a141ae33506814e13a9283c3e4dc707a35d1

SHA512
9f7c9ba0b8a791f3d8210346958f0377fcafdde3a5f13e6159aa64c0b1b3282a793b3a4c3c07f7c81dc7f314df0e26f96c6346017c28ae9635a4d5f0bb88809c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
6a642e63b16a8845b6f7a655504f4d33

SHA1
8bf1187656cdbd5d9422525de5ec67368d7f59f8

SHA256
3b73d0a046b09f5d6e537f8ea937cd144444ba72ba26243f1cf5991245405ec9

SHA512
24bbe9c979da4a2847651b35c5fe4b42ddbc377ec790ff126fed49e1cda6281f452829aefa9d4b988f0f951be745a396cb665e487b2177bdf1098fada724a86c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
9250c8d2d95900d684bd2a248a35ad2d

SHA1
2ef2d4d95331ad9752f40aaa4b012156789a448e

SHA256
7268f578dd395ab342d8dfaae4357588acde71f4e4ba758367fad7976c6a72e4

SHA512
0d4463ddb620751abc0815ff37a5b31d6546bcfa3d14bc57c19c3ebbd3d10d9564031804acafcd156b1d2074c574f894b25875ad5c3c808a21889a621a904aba

Download Submit
C:\Users\Admin\Downloads\modest-menu_v0.rHGPBcZJ.9.8_(Kiddionsmodmenu.com)_.zip.part
Filesize
15KB

MD5
82527eb1f14c5954b326b63defec43e5

SHA1
005de49885248897264072ee0c84deed886ef7b9

SHA256
84bd0c36e90f7a0af9c974d7d66db2f0b37d05909034eafc2805513d5aa21387

SHA512
0cde8a27c8733196203d7494b2e3b87d03668dca51ab2ee445dee417de4c090ad6453bdca0ddf75845cc118d1e41513910e699176246eba90acd3b3bf6dd846c

Download Submit