0944eed35ee25254bc85e3f7382d3173fcc1c6bdebf573ce8208561dc0d7f9a4

Resubmissions

19/02/2024, 21:46

240219-1m4b1aee49 3

19/02/2024, 21:43

240219-1k2qdsdh2w 3

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hl2.exe
Size

401KB
MD5

d8eeb8064c8fa75efda9f9d74b7f3b8a
SHA1

6a081cb785ca6dc48b5f3bb7339f671b778f0626
SHA256

0944eed35ee25254bc85e3f7382d3173fcc1c6bdebf573ce8208561dc0d7f9a4
SHA512

e19148b56d9ba1e860c3196bbbab289dd9aff1c28b6124a5e56e0396e8d45c95f983ad72d5ad9af118a6fa7c481e2e742aab1ac70d067d4f2821077968e23b6d
SSDEEP

12288:yLhPYU6oPyNICRpLmxPto7W4xwf5Ki//8VbLwY5:aRYboPyN1mxV54xqKi//8dLwY

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2964	firefox.exe
2964	firefox.exe
2964	firefox.exe
2964	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2964	firefox.exe
2964	firefox.exe
2964	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2964	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 1500 wrote to memory of 2964	1500	firefox.exe	86
PID 2964 wrote to memory of 4000	2964	firefox.exe	87
PID 2964 wrote to memory of 4000	2964	firefox.exe	87
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1632	2964	firefox.exe	88
PID 2964 wrote to memory of 1960	2964	firefox.exe	89
PID 2964 wrote to memory of 1960	2964	firefox.exe	89
PID 2964 wrote to memory of 1960	2964	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\hl2.exe
"C:\Users\Admin\AppData\Local\Temp\hl2.exe"
1⤵
PID:2492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.0.1558093905\1867620374" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e191741-dd0c-4283-bdce-c3da938dccf9} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 1948 1a3ea9d8858 gpu
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.1.1028048280\835975027" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00ed58ed-649b-4d9f-aacf-a0b86da78ef1} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 2348 1a3d6c71c58 socket
    3⤵
    PID:1632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.2.481415411\703789111" -childID 1 -isForBrowser -prefsHandle 3336 -prefMapHandle 3332 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed60df5a-e43a-4f63-b3ac-c1e916856a59} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 3172 1a3eeb04158 tab
    3⤵
    PID:1960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.3.1902242307\1434218543" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75673e5f-7ce3-4272-a0f2-2ad9830b94e5} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 3576 1a3d6c62858 tab
    3⤵
    PID:3632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.4.1740461480\376846485" -childID 3 -isForBrowser -prefsHandle 3916 -prefMapHandle 3912 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a33f31a0-5269-4db7-a954-58cd8ccffedf} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 3928 1a3efaa1158 tab
    3⤵
    PID:2992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.5.1048094348\1196015162" -childID 4 -isForBrowser -prefsHandle 5056 -prefMapHandle 5048 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {071791fa-2d0a-4e22-8bc7-9ad0065b5710} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 4824 1a3ed1aab58 tab
    3⤵
    PID:2528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.7.530199454\445291041" -childID 6 -isForBrowser -prefsHandle 5400 -prefMapHandle 5404 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1678fc28-1c6b-4bda-b5de-6bd896ad4d85} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5392 1a3f0ef4258 tab
    3⤵
    PID:3316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.6.2134318246\376868150" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19829f84-bc9e-48f4-9d80-0adf58a3a894} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5200 1a3f0e09958 tab
    3⤵
    PID:1532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.8.1158872975\1488014091" -childID 7 -isForBrowser -prefsHandle 3516 -prefMapHandle 2968 -prefsLen 26550 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a62f4bdf-d523-44fc-b545-d727a820b63e} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5240 1a3eef35858 tab
    3⤵
    PID:4920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.9.150724963\7812187" -childID 8 -isForBrowser -prefsHandle 4928 -prefMapHandle 5312 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f30c268-7ad1-4d79-a486-55e1941c205b} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5416 1a3f10cb558 tab
    3⤵
    PID:3388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.10.101350068\1238976252" -childID 9 -isForBrowser -prefsHandle 6152 -prefMapHandle 6156 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83c21b71-8758-4ffe-8f01-9b96d04d3182} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 6148 1a3f1fd1e58 tab
    3⤵
    PID:648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.11.1566815283\2013465016" -childID 10 -isForBrowser -prefsHandle 5512 -prefMapHandle 5456 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c270d5a6-e072-4ec5-b791-f0ad4fcda066} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5500 1a3f17aa658 tab
    3⤵
    PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.12.1640324368\1253374868" -childID 11 -isForBrowser -prefsHandle 6484 -prefMapHandle 6464 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bc6c75e-e5b2-40d8-9174-3171e7938880} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 6432 1a3ef472558 tab
    3⤵
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.13.1420244401\1844887474" -childID 12 -isForBrowser -prefsHandle 6844 -prefMapHandle 6840 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76d69436-bb0e-40bd-a17e-516b74a9e114} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 6832 1a3f33e6958 tab
    3⤵
    PID:1500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.14.1591737242\1462315178" -childID 13 -isForBrowser -prefsHandle 4896 -prefMapHandle 4696 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {935a1208-c460-443a-a4a6-918daaac34b6} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 2836 1a3f36d8558 tab
    3⤵
    PID:980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\doomed\17505

Filesize
8KB

MD5
ffcaba35871b558e7ed4708a3055d615

SHA1
30da8c7cbc648580774466f2162ff1d38343a23f

SHA256
421c65110dc1a98fbfaf3e8760c9741528afb3c9618e6ac4ee43669ec116f981

SHA512
af679126cf3e8589e4a287074b02c3da7d4a40a1be2f93cd7984bcb31543df7085ac9b3cc6188314eff512ab76b750b0a6c3a7b2dd3c9bf3ed4db0eb57a8ae24

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\doomed\18323

Filesize
12KB

MD5
b72c4c3956dcab7fce1d230553abe21d

SHA1
7ed74677af324ea608411abd4efda035e27c925f

SHA256
37660ae6278fc39b58887a408f8c56e3d2b9e715bb6fe291f323d51094fc7ff4

SHA512
160776e919498386cb5cc9bb8dcf1e382413a9aae8d725329d07960d5acccb08a4c552d926615c346ccfb9c19fc5cf2b343ede38f1c640d2cee23083a71d4b6c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\doomed\20859

Filesize
25KB

MD5
49575f607064aa704e17f3513e33c706

SHA1
a491efbf03736ba25187865310e0ceb96ea036ff

SHA256
0e2a0d452ee72cced84e5acd4dd0b271bf28c59872689a3a15126704e12cd31b

SHA512
f7dd3e3b7246dd4c69eea1225a9a071f565630f7347b24728e1253dbc9cb5dad61fe76cb771f75d31ea77ff0d41aae8690689cf268da5f92d169cedea1e3dd8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x3x6afp6.default-release\cache2\entries\75B901F051B4092F2680872A54DEC70DDB600F4D

Filesize
33KB

MD5
bffa4904d560c8bb62d368bf6cc6151d

SHA1
da76d0914e14166f0e565201b9007dfd87f9a8f6

SHA256
e4adf492cb77c198d46968eba9635803249c7544626d3caec9d456fc60999a4f

SHA512
7b2b3f58e7ef2516088be0bccec47178e9b1f53833f597ec62c05172d64aa74dc19d062f888736ae536d70ac55634f9e2e1a22f9475299d29ddf9d32860b1750

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
6.5MB

MD5
d148fe475ac5762dbe03f5e368aa50a6

SHA1
ffd516754f356e01ec7dc2e021d811d03ad14cb2

SHA256
5871f61c3f9aaa38b8935baf738444ab2df4a51f3ad49c4a0751d9732d4fb6b9

SHA512
c3e697bbd7b21fc3702249a381769f45a41f7f68ca6871ac1f7ff5491f0b93ecf745a2ec14c45143e01fe8035be34074d8398d0e90ec4a297a1d10476d04a1d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e0046af1b602c468044c1c6495f649df

SHA1
87a74df60c50dd02d0a8c620c9cc8925593e18e2

SHA256
0a782f77db571d5fd36985eb76f316a1387075eeb5d536655b4ac88b29ef4340

SHA512
b622a4942b9c2050bc8a92b4a2c3f07a11e8a349e809869f496ace67e7bf080608096c332f196556a4a0f31c6279c287e7ad6e0e2b8be1abac750c1750e70550

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\52ff0f1b-716f-490c-aa67-bf3f2e222756

Filesize
12KB

MD5
7075d61e7037597a18909f745ca1a679

SHA1
ed7db04d87dd787f55ca7821572d90f888a7964f

SHA256
2b25fbafd4b6ca549831bacddd3b5af52a244f22323fd2c82540aa316c3b58fa

SHA512
b753cb15cb2dab1a847b4fe700a1ab22f9bc875c8efa661c736c6b9b7104f2d37385638a6025ff2ba11c1e7197f3f3e95ba1aa7594ec62683beb22c7278f39fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\db891204-700f-4214-bfd3-e77ef218fe7b

Filesize
746B

MD5
f02607470dd015c0406b2ab8fe3df43a

SHA1
96e000018bf9686556f3ba47aaf16ea4bf62ab64

SHA256
155aaed690fabb3fd8dec160ec5dce2e787cd7607ea7e97719f9408451cbab1f

SHA512
830d0a3f5fdc62199e89f20e31e0d17e19296c9bbaa93a46413d7265aeb022731cfc46011cb5dd18efc852bcc0f1116f8a951d60a8e874622bc9bb1b4fb7053f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
6.7MB

MD5
90141de3a2f5bf81439ccef4f722c5ab

SHA1
2ce7f040831c18f465d0feeb9a47bb374fef6411

SHA256
8b11bbdc35d012dd755f6b5f430160f0bab6014bf9f9e6094a2b141e0a7f9554

SHA512
f3682c3c9e30ce5d419c209d98afe470a86c724ba571cbd071af338953c6d0bad6f957eca6418e732de638a218a4f7d582e1d71c490b3d29ba292a5d1d57255d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
6KB

MD5
d01e5f77fa432c67aea034e453341e2a

SHA1
983e97eb937b624ee0bf59e7fd888cb738e2e7ad

SHA256
76dfce0cc8d564033cf1a1d4cbed09c922e9c4daeb46e40ca95cf513fc0ce3d0

SHA512
1af6c7b0cc9c4553e4fbf0a2cd7e763259f1fdfd7437fe7cfbe22e4b2cdb61f64e443bc119cbade026a118d4bdb2f158a6e4b8af64370104412b621d1932d38b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
7KB

MD5
d571d701b0ccde9d069048e9ec62f059

SHA1
46e6aea958dc3bf74672808e0368180ef36994b6

SHA256
4c83c7de729191b37ea1564e1ad890aa3d8ab65bf5051537f6e82215cabccb4c

SHA512
f53d2d425efc82a6291e42fc826f4b0075b94d749c63090fb0089207eaa1d2061eb84579c6ebc071b96d84ce1e4fbe8ccd1c9a079b8ba5f49723f7a113a57f7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
6KB

MD5
9c9e2a5dd37536edeacbb951863c5f9d

SHA1
5dff93738352c68a1f0ae4f16c8e6438f37d6ea4

SHA256
2c39d2fcb89d3d4355dd1528f8e85b2542328cd7c39691f667108b000f95dce8

SHA512
fd218ba72545fec58e815bebfd830422bb27c08dcb4399a639f31134f4eb6e6a175ac81c8e845943a2c78457d58f450dd772533823589fc399c61a48beb12a33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
1280efa2d94e912a909078bbc76a48f0

SHA1
4430c026224a0799fb9d4b9b854a3d0700329ae9

SHA256
3bdefecf7f7cb0bdc039edd93d7a46e6366dd14f2378efd3076c8f3293defd23

SHA512
d8e6f1a43c455effe4b1b570ce20f1347c8713df1d46c0bdf09546dd50f873402bdca03f4b52fb3364e399883e81cc94a38e92feeaa11f5875a4a6901546d314

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
1b51132c951afa68497f8e04fc4c5547

SHA1
62dd75295a60899cc5b2490c8551a4b44bb94f0f

SHA256
2438713d77b67c5056f7fe80faf5dace26d3b4c95315ae789eba894dc74e6292

SHA512
83cdeb32947bb7d5e6ab9d00e22aa520134278b22be0323f949a84457c6f98beec75a296448c24544f073215b83bc065004508a84d5ab98d7e1959c0da1eb4f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
5147d1e47ba01ebd5ff6a3b1477388f3

SHA1
636a71c70c4c90ce7a472cc2c0142addea7e5b06

SHA256
8180888b3b894e1c23b6d2c573cafa9d72e2577c3b41f2615cf2a8f270f53231

SHA512
8ea4f42d7df7afe568b8bc9ed77dc83deff564940bd00e03cf459b65a90d1ff0abe7aeb1c5aa1bfd65750892e4378c1577988f31096393cd8400d769b6d64812

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
62af5ffeed835d6d9f481a04a02e53a2

SHA1
01a90db8afe0c419bdbf2e677b12163f0cdd4024

SHA256
e2abe0553bdd8bcbb7c99fbf1e12ef87fb27dfbe541efec31852e255b4451871

SHA512
298d858b7fea83306bd22225caf5efcb2ceec90ddb2fc82e6de337f6bf03507dfe1833e88eab30fff05cbe7816664c17bb38cb0d7e7c76fb8a170133b4b9af76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
07146c8d550094410b8d7f504c5e52af

SHA1
8167fc2149247ecb769315f8f0832cae71d9d104

SHA256
2fed246722abd84d77b02492cf4680bdcdc8d241ad1609232722c9d4e6f8f079

SHA512
ceb0e72543bc44dc4a45fae433d0cfe5b3cb78a0277dbc9fd5182c0cd528e6d1396f2ea219dcdf890c8033986762b2a4ee65ae89895cb4fb466e0e4d9c02ee3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
66083bdaa6756d1b28bf4a6c270e8f44

SHA1
0833c83d7ce46c25bc25e11ee58a38602698a7c7

SHA256
5df64b7e3a0db35d0e114e6b353be2a10d667cb1f1cf8468d0c7fa722178735d

SHA512
c270fe2f7f88b177497c5c4d77989e0cfb3b6e927031b1427e3c613576107ffff98eb518f28ecd1b1e86221b2d8539a58acbffd81e06d1f57109be14d37c5b03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
cd82faebf6f4d7da95288c6ec2d79d7f

SHA1
512ac27700712a68d21575e29ec4b6a6e75bea04

SHA256
02eb82e3f155caf7b01526dc89e650e1ece4637e280dfc5a5e58f429a091b888

SHA512
a52f6ae678500a7833be6ccf898d30863301f494eb65ed751687fe4cddce64536636bde86abf11cbb2d45ff28ba252acce5ee0bf1aaf7cd0fcf621fdd458f1a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\default\https+++best.aliexpress.com\cache\morgue\79\{b263897f-440b-473f-8f95-6a01de579a4f}.final

Filesize
285B

MD5
e2527bc63e45dbfc2cf7ec5728797a87

SHA1
93c02f9a8cadcbd5900ce4588b04cf7627588f5f

SHA256
fa67414bb76d48c26c8c639b2b7862a126c82bb93b250fab3eaab56aba72fc60

SHA512
f1fc442ccdab5f08be97ea45f4cdec109dca5ce2c46ff24c53e707e4dccf0e6709c3d93af69aa4fc62c535d3b8c5cc70604d650827e3bb116c962a10b239b220

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
32c66d355168edc7ca70086708eab2e9

SHA1
2569636b2b8e76542853c0d9b567dbc932baad6f

SHA256
c1aea2dae53f3f9ee512aa2ac0c81ef294e9b40e0b2bd15d61358bd494b5e2b4

SHA512
2cd7a80feca4c35578a9d797cad3275e9e320bacb235c2076649ba6ce9f969ce649d36cd2eefaf2b3f81444d5a3c2061f19186299b1f03266ba5ccd0f11c235d

Download Submit