ede2c92c1f495c71b29284e4da9dc02378c22a622bc918184f4eb6640905458a

Analysis

max time kernel
1615s
max time network
1617s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29/04/2024, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

monkey-mart.html
Size

475KB
MD5

ee5cffc7fb7d59f56be7ef66395e6947
SHA1

528dffaa41ee4c9e6bf468ce03fd2ac09f29b7f4
SHA256

ede2c92c1f495c71b29284e4da9dc02378c22a622bc918184f4eb6640905458a
SHA512

6b5fca3dd2d447fb3c828823cd251ec6bf6c474a2c3b957bbbb7626a3c096ab32f4bb08dcef15677a0615f982e1dbf9e0832ceb0881e8ca69b7f4d97ade98253
SSDEEP

6144:IhFtaaz65yPLhiAFl+zZqWeYaXE4RzJPOuOaLqVdqVVMs+:MSfIlPWeYX4RzJjOt

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
83	sites.google.com
86	sites.google.com
88	sites.google.com

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	5112	firefox.exe
Token: SeDebugPrivilege	5112	firefox.exe
Token: 33	5964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5964	AUDIODG.EXE
Token: SeDebugPrivilege	5112	firefox.exe
Token: SeDebugPrivilege	5112	firefox.exe
Token: SeDebugPrivilege	5112	firefox.exe
Token: SeDebugPrivilege	5112	firefox.exe
Token: SeDebugPrivilege	5112	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe
5112	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5112	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 4584 wrote to memory of 5112	4584	firefox.exe	72
PID 5112 wrote to memory of 3612	5112	firefox.exe	73
PID 5112 wrote to memory of 3612	5112	firefox.exe	73
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4540	5112	firefox.exe	74
PID 5112 wrote to memory of 4108	5112	firefox.exe	75
PID 5112 wrote to memory of 4108	5112	firefox.exe	75
PID 5112 wrote to memory of 4108	5112	firefox.exe	75

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\monkey-mart.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\monkey-mart.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.0.807966089\1500232830" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1656 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b344514-2211-4b0e-83d9-237b471f01a7} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 1796 1f3bf307c58 gpu
    3⤵
    PID:3612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.1.1784304589\124059359" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a46fa2f-c67c-444f-a1b5-cad34c575870} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 2168 1f3bddf0358 socket
    3⤵
    PID:4540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.2.42666248\1737010529" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2732 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eaa6327-f706-4eb5-a466-c7c3ed04c7c7} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 2792 1f3c1ed5858 tab
    3⤵
    PID:4108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.3.1012600186\110669792" -childID 2 -isForBrowser -prefsHandle 3416 -prefMapHandle 3480 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73eceecf-6226-4978-8c17-277c6c0c4c2a} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 3492 1f3c2f17b58 tab
    3⤵
    PID:4240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.4.354334792\1118846508" -childID 3 -isForBrowser -prefsHandle 4896 -prefMapHandle 4804 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ff7c9ac-f4dd-4bfa-8eb8-a185e1f0335c} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 4912 1f3c5127c58 tab
    3⤵
    PID:2988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.5.924944186\794493051" -childID 4 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc6dd92e-7f54-4d55-ba41-956f80436af9} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 4932 1f3c5125258 tab
    3⤵
    PID:2420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.6.1604894822\1799739533" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5740e195-2bbf-4a89-bd68-235ced61f90c} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 5236 1f3c5128858 tab
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.7.1973059673\1115006821" -childID 6 -isForBrowser -prefsHandle 1592 -prefMapHandle 2676 -prefsLen 26247 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ec1cfb5-3152-402c-92df-1983b536014f} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 2680 1f3abb6a058 tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.8.1060212291\1415854324" -childID 7 -isForBrowser -prefsHandle 3992 -prefMapHandle 3988 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9729da52-ef9e-41bf-8e1a-5496521dbdfe} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 1356 1f3c41db958 tab
    3⤵
    PID:4704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.9.2135888427\106028706" -childID 8 -isForBrowser -prefsHandle 3196 -prefMapHandle 3220 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b132441-4809-458b-9c83-bfc617f01d47} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 4620 1f3c479f558 tab
    3⤵
    PID:3844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.10.30679312\687974596" -parentBuildID 20221007134813 -prefsHandle 6012 -prefMapHandle 5728 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20b0da57-5636-463d-bdc0-70f0a373ed2a} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 6028 1f3c55bfc58 rdd
    3⤵
    PID:3676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.11.535192406\314391995" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6208 -prefMapHandle 6204 -prefsLen 26503 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {214acd47-7096-4b4c-ada2-eb7cf67fc82b} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 6192 1f3c55be158 utility
    3⤵
    PID:2092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5112.12.989727800\363924626" -childID 9 -isForBrowser -prefsHandle 6572 -prefMapHandle 6512 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1260 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cda5a7ed-62a0-42d1-b343-183d6d52a760} 5112 "\\.\pipe\gecko-crash-server-pipe.5112" 6568 1f3c60be458 tab
    3⤵
    PID:2592

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5964

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5156

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5236

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,Control_RunDLL C:\Windows\System32\mmsys.cpl
1⤵
PID:5924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\1738

Filesize
19KB

MD5
f2740f8c3d0a672729288262175f00b5

SHA1
bd40a833de85712716e1d0d655bbd88d6f8fbca5

SHA256
8885f03f307da29071db9a14382c16c804e25dc6a2b670498f80de9d9c01f8e5

SHA512
10572bf4794ccc33aab43fb4417804b3dff0be4cc0f0964d38b2a4b41053fe041a6470f04d7be721a733b0c352ba6a1ba0910faebd607c0c3e18aff9b5e7686d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\20288

Filesize
15KB

MD5
1c6a3613fd29baceea8a264e284812d9

SHA1
557419b805066360f3d5ecdcf57ee4330497a7a8

SHA256
49f44161ec6186860b692533d7a68916cddc71c8e8299c7f5a5c1cc570ec49dd

SHA512
bc5edebf9b694108ce059a02bb69e12295ba57914d59a35db1c98c1d234eaf8117f7173632de74dc6942f3116aab33da88f0eddf8c4ba944b6bba006f908110a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\32278

Filesize
9KB

MD5
f6b115e2756113343cfa7234b5dbf299

SHA1
cc47b338341e7b345f571a717dc50309e7e8d243

SHA256
95dad400598b4af8a2d9016e8ca4105c81525e08cb00a5ab7976928541190cdb

SHA512
7bc6de6e6310c2c07159a61c9afce98b00af674977b775393424d502ccf6a7ec281ce08bf50838296cff8faa665d53f8849d0a2928c2100c307562dd8f4d8e55

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\doomed\7455

Filesize
11KB

MD5
6d960cd38c7d223d47d85d68d0c3f7cb

SHA1
623753d95d9ac01e1706102bf497869ae9609c90

SHA256
f42e9486b29b05705ffa5d1d549007d42b5250d58731a38c732549a3e4ef6e0a

SHA512
39c608aac1ca56114487c3672e8a87176fbec865bb701b1904e8fbe116a35a75679725f313542b2e5b6ff4a17ba50b1f7c0d004913c6b3f7a29f95aa19ad6056

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
12KB

MD5
58138a65d1943613e7ac670761365eb0

SHA1
1084d4d6eb8f1c11d486f2999455016c09c03410

SHA256
b1d03355f8acbf4dd63097e6d56107924ecee777171dde04d2e4feb36c78914b

SHA512
6ff452889de3638c2338f171a6d6099a38b9cae6a327f9c0e6fb091a6b5130a3fb4a450e68328980e73471280302569f12bac0d79f3b2aebd5bddfcce68f1707

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\SiteSecurityServiceState.txt

Filesize
538B

MD5
326f1323d7126f2bcbd9dc3f0c64cd41

SHA1
00e05c7717ad0d1f35cfe6783c2847bda93fc19a

SHA256
66a058f354882b82f80e3d26b308d43090552c97daba4bb890643b18cdf7431a

SHA512
2ca4c7be488d25194476720654b6ce98f74341f19e6bae1f85b70f237a3a1abcfc220fdaaafbd00cf27719dc5949b4e9cc7607292f16a06ce90c07a8d8d22881

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
dfe3b31a92da177310be5c8d5822144f

SHA1
916c9fb06d027d609e096cad65567b308c296f82

SHA256
bad4e384a93ef73912df809d8716d96cfa3780e367aec88cfd5da4b06ad19af9

SHA512
e8aa17dba155f0327d11a37e6c261b2e6a046b78f1f4b4820b7f7e6dc1c1dd99fc33a87b5b34709ee14060c4e0569a521d159961d3b6b7ef573523597a43ad0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\bookmarkbackups\bookmarks-2024-04-29_11_zkyArsjCOU--EPr8Tsic3A==.jsonlz4

Filesize
943B

MD5
78124222403db4c8e2ca3bf935365332

SHA1
2254fb36f2c34312a92ca3ea3cb5f87d6722abd1

SHA256
28a46f0d7961fa57b84cd7f2c66de99cefc6b36b106b3c9e770373acc0a3d95f

SHA512
5fc58f9dc76d8b677e86d0a7c32b64a6e11b953176f175955cad3edb85f9cc4ec6d057b6fc2d3080d0b7cad11facb5ca5362a3aaa081963a45fb6f2bfd07c78e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
610be8f5bc9dc5762c5af02d1c37a9da

SHA1
de65098077ab9d53e327c6e625c8995a2e47fc6c

SHA256
6a2df0ac73ca2849b2be66c97345cd53cc678de23704fd8c293511c80eaefbc5

SHA512
997b0f2c6257d32c3ee852ddd77c43883d5d1d91a1924834ffeeaaf48297e203794e4c647dcfa906003948cc606b96fa3ab7e7790db345cb0e117d4fc9271950

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\219ffad6-c8a1-43ef-a99b-b5dbf5bfd77c

Filesize
746B

MD5
9b797f811a5deafe039e3da21f5e7742

SHA1
2a4e6dd94349ccd4db965ec93e9dc88028fdc19b

SHA256
4900230e44439149c1371dc05e191cb8361b1643ad995bfe7087978373b0f062

SHA512
88ceaf92ea0988edd84f8c8f6e9823b923fbe65b62d8f6bb4076a8a0d12ad80cac36bb3ff88da79bc7973fadc1f72ef4b4311ca7369af69f02df79a93e1131d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\ee055c05-6f65-4d8b-8bc4-debb4b981fa9

Filesize
11KB

MD5
c9fbf1949efdcbeb83b20e76ce244022

SHA1
5fbc475b68fc47175f19c500fb16d77ca0c67ea0

SHA256
95f6b29dfb3901661821aa2fa6caa52f09447542f68a8e50ab66fb5b9a565a9d

SHA512
95d9bddf8cf861778fda0fd3e079494e169650aac854109d8360d8fd7ee44b7ba085a3221a823a6d0edfe19ab5bf181f9e46430c1be2257a6152abd5d0afbcf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
28034d990e5c0ab0de1d0e37c6e62fb2

SHA1
04f348bd9d10d80280e3f92ad806f45ede22bac7

SHA256
8ab05ce8be7497895dc9a3709a450d688770f65ef7efdef87e0c6985cd9b0550

SHA512
d9f2653d95bb106988fcc504040b1466f65329dc8bddfa96b95017876b73e72d60319cbeda6e8440a2347e006e43d169f639ea7b9bc96e5e17de3cb4891cdec6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
7KB

MD5
67c792adee0c18c290fad69098607812

SHA1
c18d6169d3520b64ec473c894221d1aaa3bd9a7a

SHA256
dc73ecfae30433568d87fc85d7175591a7ee20d0011307307f8355e210eb2feb

SHA512
9028714cd71a030171ee284bdfe08c3feb79e8cef81af57c1c02776ab402d488a6768a9013f2852deaa615b2b2f68b76676093c9583af1465431924b59cee8d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
7KB

MD5
069d22ac62a502e3c6c4ce2a08cbadb7

SHA1
37ee8293d61e85af6b98e70dbdd3b5f8dbeb4b6e

SHA256
1b0372f166f6e743035d58312e1ed5d531a00ae783f94c0983509661ae5e0633

SHA512
f8dfaa579e5de021701a639bb471b5bc4b246ffe7212f146dfaf7490968e2a036a6f41f7698b7d42871ec7c91412528f16c799bdaf5738885e4057465bd0177d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
1b2a5dc2faef238bf15ed431a91f535d

SHA1
f62f660c0bfa397a179f08a94bdb24e107e53fc3

SHA256
659e0059cef922b9a7de569ac7f975a09cb5ac3ea2b0d0a213dda1538520c54f

SHA512
3804a0e7cee57d98b38ffa6ae361adf5b2f3f762a0fd723744699f10205d51947f0140ca392b98785faba69446b77d145b6ad6a022c4680bfc4dc0e57e5ddd1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js

Filesize
7KB

MD5
d2bbefead10544528ee1a3041a3d42cd

SHA1
cb8ed10d62b6f4ebef19950e9b1272d288247786

SHA256
bb4f08974a1dd7dd787082d3f9ef66362412f5a7735b0ab259951a3ff10ca614

SHA512
52ac3adfba04f3367a8a1b82ce6cd46606f8d6333dfaf012d6d0e144511cbddbaf13a72a484e7b5c65782ae6f5a5283a0e7c141c47d4424c940ef2b992a49d30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f0432810613aaeeaf2c445d73b912e23

SHA1
54c90a248b8dd477779d2e658f198981080b5664

SHA256
ffe373edebc98d9423eaf4194c9dcd48cbafc6207ef2ac6ea0522552a7b3f696

SHA512
56e97744c659dda4faafc9eaace5041072932de30a2fcd03d4ef02de10065b0213cc15cccfe1845adfd2963075d80a90f7cdc161aca8a8e1b8a2284367f6f4ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9a48c53a7cec9daba3cc71a84107473e

SHA1
4318ab49ffa4ecffc5bfc2727e9eff4b9102d7a4

SHA256
e726e6620c010051878f5a23a7e4dd952c1b061f5e588d0b1b04bb2b3ddba64f

SHA512
e54ee7c8d325d279066db710266d863fe7c48cba51c9f59af621300d69e0a75733280399c207b583e3d2d16d4f123478d60b3ad062a9633781cd7eb5d023ae41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
67ea2b7facca08f2685b35145a90e2d1

SHA1
ac5c80fdae5fa2f1407ecf114c8de30fdf96ed98

SHA256
2380909fe15086ecb2b1220dba30b44b34e47da8aa6a4a6b4fc813fb986dcbae

SHA512
b7468761b25d3e8c7fd2e9365f248b2ba6ba4f34b15d6e52de816f74f9137d53d45429c4af7f1f53a493c1f66536514bbd0077798d2ffddc584f1ffc730e3ff4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
09fbddc0dd58befb547550184767f0d3

SHA1
8656b5be3e1fa8dd641cc1fc2a58abee3c11b5f0

SHA256
4ecd1d0cb407488d2840ba2daac36ca7264761c06fffadf16ac1abc40ad170bb

SHA512
68ecfd1f69cc5f245ba291a3b33d68c8218770c0986820bb5d4cc3a629939380cca81d9c4735f7525759032d328b33bc7c0e08946581f257556d3f12d37cde84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
2329b7dd1f8bb4ec29a49744ecb4a77c

SHA1
ed69e643a7cd26265361c6231aa7bf5b7449bdf3

SHA256
08f25cb120a20046533d20b57de4908d301d53650d09278368c4f7d5939dee9f

SHA512
4ae71278dedc3e78bf92368c1fc798bfbec0acff6afac25fb886155133c065ac30f997995b0d6b2618818602cc869796d063b0d81cfa833ce0922e847d85728f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
04e3bc1f4411ba50f38a90797b73b4f7

SHA1
3038bd551a39c5f09a4b95294a09bc26afeade3d

SHA256
8cd956ce233d6e0f7af18f6d9fdb361020f9385e3f8be0077f382ae5bce56991

SHA512
be590024312c161a0ff359d42f8cca1de839710d4dfc77563360f38c7af994172848041537d6b5d15ea202b15849b59ea01dd50e7a582fa19910a35cd3effdc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
802cba49638cfc2053373e341dfd6d73

SHA1
4ca6f3e1477ee107a3ce31245704c0760e8d16ff

SHA256
de24a9c04eee4b4f968b2ac4dc33004579eae7b6d5b1a71c69e7598f72b218e2

SHA512
0fd8c8e2147b3b83154a8f33270552592d50a71217210f27d54b7333c04e0c5fc80209f0b4ba4c6f9e9452e9f721a1ec5189fc7a8afff710ba522e5b980131b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\cache\morgue\135\{b3c72529-fee4-4011-affb-2cd68a6be587}.final

Filesize
4KB

MD5
f21794b76974d52aa1462b353e02e2f8

SHA1
8fe2e3ec5af0476440d223e355dc7aad26d91446

SHA256
e55d9fc37c1a795561af54e7b7fee3d08d6018add9f57a5b0ca019e80e47ff1e

SHA512
cacbaf4637926c7e8bc052f88fe7e6b4edba883a7eb48c62912f26f7dc67e6326e4da4979bfd6abac31fae4edce56d712d8c0a581c5cb9d7065b2d7f1dacacd6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\cache\morgue\205\{60591530-c426-4327-af14-752fd1b601cd}.final

Filesize
78KB

MD5
7996f5b56bd7b7bc32d8706757a0b5c8

SHA1
9315756113f12808c90a1d15c952295e0ce229b6

SHA256
8edcc45f51fad9387ebfaaa70639da1b488667167d5d4fd9b76840a6f0fb478d

SHA512
297ca95671f9c3ffb19057df1ac1236c30c538abf380e14a0a2a682b2ce6f56e5d3577a8c9914d1d09e239f5da6d54f316b799284003a37afbdd476d4584ef87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\1554190565LCo7g%sCD7a%t2abbea8s.sqlite

Filesize
48KB

MD5
1ec3ec3eff11db1672a409fb4ed6e575

SHA1
2cc695fcfe4ab5bd81af3613540ad0108cf28d7d

SHA256
1f586a4e2898736fd428367c280e37cdd1070ae959527ee009c4ec244bad225a

SHA512
0ded5b8580816b44a4e51ca32db2b578607be22045472ca6bef89078ee50ad58968a6d9c0ab893cbd30100f401e0e98354ba8b7c809d84756f8eaf5406f1af60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\1784162020yCt7-%iCt7-%r2ebsep8o.sqlite

Filesize
64KB

MD5
368fc751a6cd88d54aa87fba92706b63

SHA1
964c0be1b1344d72b44f663c77189f79e0bdf505

SHA256
ee1b0707505bc8ea1a7102d4441dadef92c85800092da5e66807878df05980c6

SHA512
da8f8ebc2362d9f4781e9aa2756b68c0b5a1b842a24006be4c890a8feb565ab9ac608ad8b8e29acd77c46dc1abf5eaf556433cc7d87b6dcd1484746629c5402d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\2584287006yCt7-%iCd7b%-2pbree8f.sqlite

Filesize
48KB

MD5
6cfe04b73111d0bba74e566823bc066e

SHA1
e5213316b59f48d2e086c8628822072a8afc5fbf

SHA256
7393433e03a243bb6269cec16afb5efe19d1fbbc057e6966c6f31c8c89300ab0

SHA512
19b60ae981e4b56f79c020fee65e6c5b04ae96ffadf6198e2ea5e7f22134c1c6758fcf6b85c03368a4d948ad96261bd7a0892dfa4ddf42459c5222df10fd41e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
2c71f412e10be0a7c6a48c9edd6c62e6

SHA1
ba67263b1964ee2c1b01ea15c05888c550461f0f

SHA256
b512f3f67511df4412dbe8aa93f8e46d818112365457577cf4020eee43a300a4

SHA512
4acff0589ecd35bf8e26a812e5881aa88320049050d98648328bb0be0cdc5c910a9a7c239d1ce758345e9bc9ac0ea3e7f1624c69d4994522c750534895ab3688

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\default\https+++www.youtube.com\idb\3599208519yCt7G%cCf7C%o2nbfei8g.sqlite

Filesize
48KB

MD5
0210b9b42f49acf6f7254f9937a47a0f

SHA1
1b3f34e0ff0b19e44b01a2f14dd362642c30b994

SHA256
1dba3cbd91480c1a3c433546c4fc096bc949d23b1de1ceaf40e04a222ff3dae0

SHA512
68e3e3aa15eb3585737fd8df84557a8a8ef89cd8e183d0cfa031731e71dc01d327bcb6ba6d54ab2f749ebc9a9b2a458169aeaf9e942e24701e4f6e7577c57f79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
eccfe9eb733b4b87aeb91f7d08f7fbcc

SHA1
a281bf5923af8408459854ec02309b4778eea3f2

SHA256
d666671da15f0a3415a28443c8d5ef9bd5b04a794cf2de9b8ba1717cbca28d7d

SHA512
e9fac4d89848dcc7c7ba7c2958027fdb3df6ca27df1ee7938f27cb48949d7ff2116a3de4ef3948384c1a9a891767814e0bb74b1236b20e03dd6f3d803fa819e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\targeting.snapshot.json

Filesize
3KB

MD5
fd07f0da0eb50c84e786992b39e84c68

SHA1
3f9494435f7a76941b3117fcdb8db6445d34439a

SHA256
bbf08d2a7e6219e1d3c4b777f3c7c7d87ea3caf708dd5d11527246ca80225c1c

SHA512
b28fadffb977b10edbda8f8b1e58166d8d16816fc5740f23e922d7a3e3dbaa66ee789563194c611ee20d0a5a79872092fc6117bea7e4b90b29df0f2419878bab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\xulstore.json

Filesize
141B

MD5
1995825c748914809df775643764920f

SHA1
55c55d77bb712d2d831996344f0a1b3e0b7ff98a

SHA256
87835b1bd7d0934f997ef51c977349809551d47e32c3c9224899359ae0fce776

SHA512
c311970610d836550a07feb47bd0774fd728130d0660cbada2d2d68f2fcfbe84e85404d7f5b8ab0f71a6c947561dcffa95df2782a712f4dcb7230ea8ba01c34c

Download Submit