7267a08112fb350eb8a635fa17ea86e1dbcf7d55d59709cca2417e2c247d9470

Analysis

max time kernel
934s
max time network
925s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
12-02-2024 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ва.txt
Size

1KB
MD5

d7700a2064e24aa15ed6eff834a0b30f
SHA1

e0c32082c913a9505e9715c06ceef2d9c7661142
SHA256

7267a08112fb350eb8a635fa17ea86e1dbcf7d55d59709cca2417e2c247d9470
SHA512

5db898f12c7f9ab4886b036e8119472b240c95db9a27dfaf84957e07613a3fc91fa7ef1450669ca800af3c487f50c89dd17198ae620bbd9d0c635b0ce4de3cd3

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

3704 firefox.exe
3704 firefox.exe
3704 firefox.exe
3704 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3704 firefox.exe
3704 firefox.exe
3704 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

3704 firefox.exe

pid	process
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe

pid	process
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe

pid	process
3704	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 96 wrote to memory of 3704	96	firefox.exe	firefox.exe
PID 3704 wrote to memory of 3760	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 3760	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 392	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 1256	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 1256	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 1256	3704	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\ва.txt
1⤵
PID:308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:96

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.0.86617781\1384388150" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4133bcb9-e97f-4829-a5af-718e9a2abf2b} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 1812 18331bb3158 gpu
3⤵
PID:3760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.1.1444392862\2006972199" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15ca15cc-1798-4509-9107-fb91814b970b} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 2164 1831fb71558 socket
3⤵
PID:392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.2.1529994644\1804033808" -childID 1 -isForBrowser -prefsHandle 2672 -prefMapHandle 2652 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e47bb7d-64b2-40f8-82b0-00e419386546} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 2544 18331b5c058 tab
3⤵
PID:1256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.3.368026369\1096597496" -childID 2 -isForBrowser -prefsHandle 3212 -prefMapHandle 3216 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5407ee6-b094-4f13-8e17-ef723a143b9e} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 3288 18334911358 tab
3⤵
PID:2724

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.4.770296468\526371795" -childID 3 -isForBrowser -prefsHandle 4148 -prefMapHandle 4144 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {564ba7fc-c8af-452f-9844-2a7e88c25f29} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4160 183375e0858 tab
3⤵
PID:4312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.7.1306741225\1764470677" -childID 6 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4137dae5-82b2-4c9c-9c28-ae82b0191b24} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5176 18338375c58 tab
3⤵
PID:4272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.6.1396900193\758684311" -childID 5 -isForBrowser -prefsHandle 5004 -prefMapHandle 5008 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77128853-968d-4c3f-b25b-c71796d13869} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4996 18338374458 tab
3⤵
PID:656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.5.185564999\1792855089" -childID 4 -isForBrowser -prefsHandle 4760 -prefMapHandle 4744 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {debfe1ca-9e24-4ef9-8022-04c10f64c1d1} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4768 183375df658 tab
3⤵
PID:4380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.8.301244899\1526219966" -childID 7 -isForBrowser -prefsHandle 5544 -prefMapHandle 5540 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfd727de-54c0-4837-8271-f731f7fe0192} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5556 183347aff58 tab
3⤵
PID:4320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.9.289886508\1684610451" -childID 8 -isForBrowser -prefsHandle 5696 -prefMapHandle 5700 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01a0efb2-ac03-45d0-a9de-c2129bd63b74} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 5688 1833a5b4358 tab
3⤵
PID:1704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.10.651096000\1936742628" -childID 9 -isForBrowser -prefsHandle 4612 -prefMapHandle 4204 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdf5644c-a108-48db-a015-f1a5e4609435} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4624 1833a875858 tab
3⤵
PID:2556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.11.793124366\715322286" -parentBuildID 20221007134813 -prefsHandle 6164 -prefMapHandle 6168 -prefsLen 26768 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {081307de-d79b-422e-b36e-fe585aca8190} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 6156 1833a8b1158 rdd
3⤵
PID:800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.12.1405156877\1387688498" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4264 -prefMapHandle 6092 -prefsLen 26777 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {679b6aa9-4ee6-4873-ac03-18190abc9dee} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4252 18337f31058 utility
3⤵
PID:4440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.13.465598187\811393681" -childID 10 -isForBrowser -prefsHandle 5456 -prefMapHandle 10284 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba8749dd-dd9f-4c24-a35f-ebbffce3e469} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 10296 1833a97fe58 tab
3⤵
PID:1160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.14.1256741211\284341299" -childID 11 -isForBrowser -prefsHandle 9836 -prefMapHandle 9832 -prefsLen 26777 -prefMapSize 233444 -jsInitHandle 1376 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46b1d3e8-fff5-448a-8cb2-3daf94548c13} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 9844 1833a97e658 tab
3⤵
PID:3608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\cache2\doomed\30869

Filesize
10KB

MD5
150dd2c64ea5c0712805da845124021d

SHA1
d81ad891962c8c77042cceaf8ae0bc5896f91d99

SHA256
94225c9b1b5b60b8f4d6540f91ae636b1edb3ac8a320b0d5258e6677192fcb9a

SHA512
9f5b695b45304277aceac5b0fb8537b97597b5245bfee709141e800f6b438dcf61fabb07824c621deb1b543e5897d8bc9d2c4ecbdf5a95bfc82dc647e90e77aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\cache2\entries\ECE8DB12662B4DBEEB8497D92BE88CD825F40B98

Filesize
204KB

MD5
ab86be562548c1aa2eaf5905da204a60

SHA1
f1e87e317aed6add8fdfbbf3d17dc02788102431

SHA256
81e72edd48d84770cefa768ee19476dc64548b747a92f08430732efcb5a2f478

SHA512
41a161a5fab73f1620e0e0d1a1b16e3b42faec7ab9ce066b4f9abb6f2f48a76828014e5f432a0d690e0e8a342f1ac266e21fac8d19f66c8eea6684fe1c4033ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\thumbnails\0032a491319fac9a9e28db0aa821c9bd.png

Filesize
1KB

MD5
a4e3dec615867334fc01bb2b71796edb

SHA1
6ca3970f02d7ab704f5b82849c2f9163a9bdb9e1

SHA256
5fa0608bb3291da5006676cc5880c90c3d591c29e0f96ffad8a35cc961522560

SHA512
ff4192657fc611ae0938c3962a541eac877a66d372924a8df62aa8e99f6be4431c6b706df232aff96269746a448fa8a23e7d1c8a9d809d74782baa78a0af62e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
6.8MB

MD5
ab6ca6cac20b427cd12a1f768bd8480c

SHA1
c50c50e7326865d77d4e6bf61f73e73431456acb

SHA256
e7b29c3918d847ca60549a383d9cc7e1b40884b681b5bb5d84e8afca903a5712

SHA512
4c18377866aad7c1c853307f67ca00806d857517c8a7c679dbb5e28672b6a587a2b70c40316c0837c3678fb8976a4ea63e7146ac26a3612d804d74514744b7a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
5c1ffe3cb9fbbe219b92a0aa03a365c4

SHA1
1edda768161726f5a2ee4981efd7a6c0933c9d70

SHA256
8de4ed18dd9b018ad8b173c9434ce15dd10f4f03d7059f85f1f09abc396c7691

SHA512
4e4f894565530d74777e606b9762a330fc1ab2c4594ea1297fec3a40efd7d04ab4c19587c8f9c9f9e6ed34e77de01697e248f65def69ab777ac6149f62d378a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\SiteSecurityServiceState.txt

Filesize
545B

MD5
3eeea1fcd8c33c00851ffbf7dde63d16

SHA1
badc6b8cf6580ae3d3f3e884ba4564f814a8c8b6

SHA256
7ef58bcbef6c2288faf1c2f3b6736d0a58942e8d4014de8c39d3eb2709c2cb57

SHA512
be1bbd12c07e575bde8468ed704ca56f077bf4678c958dd338a44c91c044d72daa5117f9b73899d32e8efafa3463500be14d8b7033240e1c464773fd114cb61c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
240ba8559eb2129c9de23ef68fb49e6d

SHA1
bc37cc5e3dbe368918d503e4304aa90006fd99d7

SHA256
b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec

SHA512
ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\bookmarkbackups\bookmarks-2024-02-12_11_EhYMFe9OERdOkFlkorlm3g==.jsonlz4

Filesize
953B

MD5
5018da0e495d3bb988a448388e524a3e

SHA1
95565138baf6c01cb1041ae23ae37719b0c7e493

SHA256
ea4551d8a468ff65121ba40bf53243dbf398bf8c51b20791a18e4ed3a3a0ee86

SHA512
13ff07f3d946abfcde88306535e87db4c37eccc1f2367d4c2e10bdf47274c38b05ecd52c156090e53adc4002ff85a151de15e37f9f22154be560c6bd20e8e8b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
630eadced9e40f5fe172ce8b67bc0875

SHA1
fe85df86a99999021f153d18acd2a0802601491e

SHA256
2745acbd65e5888a3c721e028ef07839ccc2278824dca1008ccda997af26b028

SHA512
0428dbd72af4cff8419fff8e04c2774bb981912526d7bfe4b88cdabddf3cc9a1e037393a9145c81870ef40f1c67f1512b4bcd6e53284f809e5eac2ee0fb62e99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\datareporting\glean\pending_pings\69808046-9886-4ee3-8935-ec4f822f28b5

Filesize
746B

MD5
bdcdb62fe104d75ec7d0ce6371369d89

SHA1
8e51352b088171e7018ca9dcdf344835e74a3236

SHA256
d0a5b98e0e8eb3d1da42aaec97a4f6559870c0e3aef1b28f3bd3ed2838916262

SHA512
9fc530a37fd915d95bb4f10b2657cac78921198920809d91bc40f1a89c94274750c12aa737a642bb32c316b16922ab11d11885dbafa4685ec81b66372b0d5fe7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\datareporting\glean\pending_pings\8daad309-5767-4f76-a73c-42738d60b3bb

Filesize
11KB

MD5
32ec4aca19a985dab52f237977d10675

SHA1
884368e1b6415c7dde0ced72c55abb8873b1b0d6

SHA256
e1bac8cdecdf29f94b72707b013a62404f3219bc1f5e65f02af960b19ebeebb0

SHA512
4ee256a9146c0ec44f38d9df7258fd32f0c42977a87cd990988e86b8a9de20151389c6a227b8147a2ccb69e10c110e13578e04148d4ed39cbb29230a31ff7aad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs-1.js

Filesize
7KB

MD5
9d554df7331ea56f2cdab2698c767a8a

SHA1
840d29bd34aefdb0071e52ed42f8744064163d5b

SHA256
a2aef82907188e12d7282a7a265e67823f14aca4f2f4e6c750aee29397d8b2fe

SHA512
8bd7fc77d1bacca89b0e5fbaf09d261f74b7193f72a3d7500178eb3d99b699663401df10b54d9596946ca0c88c42d28ef54a115aeb2e6bf0a65ce64500022d1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs-1.js

Filesize
6KB

MD5
7ed1e1222968bc84ccd0a5a378cb508a

SHA1
d688c76e809c3b05f2714d0937d7a42d237151c6

SHA256
a46f9b64e623ac5813820b50e0bc0953654bc6a6dde7a420c04a9be5a0b7f355

SHA512
ad5bdbc0e1f6b88ea81b13730c8a22ae4b93a8fa773172467c73698615758dd9b9cbe9e618c49d54414c4394a10af655010f74b5f460ab63f94a31cdf6464a85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs.js

Filesize
6KB

MD5
f09655f3ab15465a50737c4707c5c0fc

SHA1
12f0ff2cf710b6cc43c9e48a76dcec684ef949b4

SHA256
5b48de3695e78afbf3b31a6376123ea56bb40a94a9b897f63dcdcb3ec7e4f562

SHA512
abbcb239c181628ab2efcd427bd51ba74dd37bdc21e6c006e98fd604bb93ba20f3228c59831de285147c6087b2d43a7fd7468566ad2c33b0a3f235ecadd8d18e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\prefs.js

Filesize
6KB

MD5
e4c155dbc9b068a5e99d5eed4e5cf8cb

SHA1
98b67bb7847713cb475c50b7e80c696d5421d6db

SHA256
8dceaf592487c6945b1077d85522a3927e745083a977de78a671af1e151599d4

SHA512
5d2c26abd15757fe800a282ffadebc46724ad3dbb23c80e5990edd672ff0ffd0f4d00950434ade3a5cede74d0061cb0d616367da7bc5b3c03498f3b06327263a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8d017510b01374c1306ba166bdf6b33e

SHA1
0f21a2f3876ad9d917b51b2de2177fb51c6cb152

SHA256
82a85e8c0d3fc35d4d7bc8c305639a57ddbc0d6175db208128e3b9c041e4af21

SHA512
87eb4062f47e29654011668a8e41d3156f976e7d0a61671b9ad71a8802ebde1e01e3804015ba41c2bc56d20ae6d44ca5651e6944e825b7cc4b5c443b00b46909

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
3f904aceed0c53c9fb6e18375a873761

SHA1
942b1e418126c61246281a07855fe15b4e52c89c

SHA256
f49f61148010750ccb289232f89eba85829e4555f1f0abe0803f383f43e8f2d8

SHA512
ad5e83cc258bee0038d7817809ab54f2c5725224c01632250e502ca079257ea64c269621061bf29933c24ba8a0f798794d80ce558a66dae2d02f274f9452bc53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
98249c9e4d2cf627bea1a5bb96135126

SHA1
a9366835e333e4c1bb0d114ea99e8fbeef627e4b

SHA256
7794b475394f1764741beabfd28689b4c18a2b743c1c106dae8bcb402b0aa3b2

SHA512
d76b036ea9e38f60f46af2a5dd7eb46e4c72695bc586964cd36b9a05b83618b30e911b1a0cd332584c292d6a6de0da2db6362cc5b8085143d4b17b8cac3dbb08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e60352be50719b3414d079d08f4f1b34

SHA1
d018522d9e07961c4711be1c42da417f26f6c764

SHA256
f57cb3af822e6a3c6aa613083396bd977656cc2186e78a5093935f6e87305177

SHA512
5a8d16daefd725c4f89b83e897098a547c30d26e31b01a4b1e4a4eff44ba429e9ee1ef9850259ed0d71418f61ebed87251e012976092f278fe56a28b280c75be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
6cc478a6b1d8a7852cdaa36ece21b77c

SHA1
e99b8d3228b26bc4d1eafdfa62abef95d6fce352

SHA256
850910cc7b511ad9a987a734da085be6910ec293a1dc324856a0e20b0f0404e5

SHA512
b54c15f9cc36452f3f3b5f8062f19dd0509c6b064ea3aa16297642513bd40f3454d62afa1e8e6218e3845c0382885c43c966a054976a63060b60d3e1a5e4b66a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b4ba90246b1667c72bc41757db4fb333

SHA1
2ff5fd6577c8ec790becdaa41c2aa735094f48c5

SHA256
37b4117aaa3a15480d3885b08dd4737c14f8521abd5b8b644512f1019ef89283

SHA512
f350f79fe97d1b8e7aac0122d65a59ec14b25225291d3cfafe5fada2f2d2a137871e556bd754219184bb0cb911d7481e626fe8338f16365f18d55d4dc131fa48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d8f337ad29de455fd267e73a8e75d39a

SHA1
affbdba1cf9a5cbb977d61c659893e0fd9162d74

SHA256
07f86cf7c1431073b9a616db196f939efa1129ff683a77eef63cbf8533cbc04e

SHA512
fb016eb58076f0773477ca084d028697a872499c10ef7f791ff976efc2e1ca56b2c3279f74f1cdd18e322b610351aace03fc3e8eaab41555a722ed59e15952e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
281778d00cc36611c7d470fb26fc5dcf

SHA1
3a69f1924d4e76186413fea0d4c6b8296d09da99

SHA256
9afd897b52e1953f995f5fa3b6c03b29250a3fd8296f69da1302d748cf114bf4

SHA512
d7fa1c6e920b0d3be2c049f106867eb2e277f8bdeeeb2a4e1063e55a9ee83cfaeb62715ee7289952247b76fd0e7b81aee61712a6cd665f413ea7512507252b4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
7a94ff990a869aa62149c2dd9387cccc

SHA1
26fc9185bcf98298234c5016ae0285637af1ff10

SHA256
3fc2e5464ce0838b4a15d24ccb0fa816a5521766e26534653a7181fac2ed8652

SHA512
60f4b546c35cf5cbfe360963fbb8e36cc786a275fcfe27c4a4a82969c3b810c618566075e7efa9f109ad77c7d817c83538c94338b622db359410ca4069e1b709

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
3e38252583bc6dbcba7581a7ac3e99f0

SHA1
5a21f7f187a5171a3a1dc8a26b90cfb7cd0bd938

SHA256
8cb89db79ce3c882fb4547c130045471ec034778e76602bc6c0d2611d066862f

SHA512
a038fa2004d175bc9b1b60f5e0534246c7a4bec7bbef29dbe6e345fc2075259565c67a8e58cb0e07d126d7ab3086da3d376e35d12ab34ad9ec3e8d605d72cd96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a37cc3736b2c84cdf61dc4780144ed64

SHA1
5840c86876bfa5d4ddefbac09de171210a408df7

SHA256
239d51ce9ebe23552b754447ed05b2d589fb61c2f37e574fa854d30549e93071

SHA512
5f2394171e69b5a46e53cb1b8ed106d51341cb89ea98a317fdd7087624a2485336d66d2fb78baae07dcb2be71f37a30d2d580a11225fbd4fcb4cec0d1befe8d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
05eec92ac21fde5cdad5266c186151cf

SHA1
7f7dfefbb84517adb2176b3e10a3e991a10646b7

SHA256
d74fd38b04a342aa533cc2fb6770195333fbfc5d41b2144bc10cdbe430836dc7

SHA512
536836969458f98f4642a94f4016d0e17eda6e95ff2673e7ef4a4f02f8f0e0245c6493c93027b327287e3b31013f8bed8098053bcf95b9337b3005b2bb883cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
847173f2058f43f798e69c0a7920abbd

SHA1
66a5ccf01d98639ce84a79eb1b5da0d8f51de03f

SHA256
769f872f4e9cdff9bf1f54980feb99bf4f9685fca7454d96be67927a4c9a67c6

SHA512
f1f4af39efd3b0e818f66d33f5a4318958d17e23b16c53b316d244fc3a4691cc2327a284e94d68b0cd0fdfac9974c3310ca4d76fa72462777fec60e882cbace5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1e8f48670f05cda5ab4628ed664552e9

SHA1
3a50413ae1192289b34b107a52c78a8bb94893b6

SHA256
77d667669d50aed361617506426379b92c3a38b7d6a2651a268c3ada061fe7d6

SHA512
a195db5a2c7436d5b7faedf4a6cfc32b2d56cd199106d41aee0046dc38a99170f9cc0901e29ac256ab3b5cae677b64578eea332170ad7edd5fcfced83364f418

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
ee75dd39fc6ade31e194095311a75f1a

SHA1
72fcf7d5076046f1e55d8b26e51e2eb6a0fc25a2

SHA256
a7c2e41e6d0702d4106d7366f1f2c8f6147f09d6a95d61506ec08b0dbd9b1420

SHA512
842b3d18bfba9713bae4f3fe815cf92ff3f586c5c55c18936041d8552258b0c76bd3d683b3de0e43c7b64489a1e5987075c41ad229ec5cf0df275f10ed09089f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
47099cec9dd469439b418ef10a75b823

SHA1
2b941bd8e07a06ec0c40bbbd571f11269dd56551

SHA256
7f46ed45263e85d3d1d52908f07f4e57337aa6a8b885cff5689d816ce5ee598c

SHA512
cb5361b2c0dc2618f05cc35f0297ef1d6d22580c6cd8b3f9ab4fccfb49fa5117c3ac5a3176122a68933fd5058cb2f216c4d1f34e9d453ef4949500726c1c4ed5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
079ee2cccc4eee3b2e3011eec417e06d

SHA1
6653947f5a920193ed1b5a102374e9cdf8878654

SHA256
cbae6f3bd9a0fff08bcd5f56320fa737f0d120d5b180a7f5168818f6ca100a7a

SHA512
d22ba54e67070aa5679d5a0d90afabe930f2dc81ea661323797b3645e7f383dd62a58ffc91a94a270a73e964ebdd1119998e74564a61c6659db2928a041825c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mk4n3hdk.default-release\targeting.snapshot.json

Filesize
3KB

MD5
a1c5af7e3a68ce9421885d37d27201b3

SHA1
c08832314d31284ac02b10a7602ff278a6199c90

SHA256
885a8f9df9dc05c9314b9b10b38b082239ee082a222ed65677868c4f7b84168f

SHA512
dc8d6dfc4dc27c236e7f2ad713f82fe1257586a355ad13cca18a2a4ba0edfd9163311b816b02d8f3ff1620bfa0570a0944c60c86969489cc8f1b5aaeb508b5d7

Download Submit