hxxps://e[.]customeriomail[.]com/e/c/eyJlbWFpbF9pZCI6ImRnVEFvUWNCQU9TdkYtT3ZGd0dNc2dNM2dtVWxnZnBoSTVqRDVPZz0iLCJocmVmIjoiaHR0cHM6Ly9oZWxwLmdvZ2V0LmNvbS5hdS9lbi8_dXRtX2NhbXBhaWduPURyaXZlciUzQStBcHBsaWNhdGlvbitSZWplY3RlZFx1MDAyNnV0bV9jb250ZW50PUFwcGxpY2F0aW9uK3JlamVjdGVkXHUwMDI2dXRtX21lZGl1bT1lbWFpbF9hY3Rpb25cdTAwMjZ1dG1fc291cmNlPWN1c3RvbWVyLmlvIiwiaW50ZXJuYWwiOiJjMGExMDcwY2EzYjMwMWU0YWYxNyIsImxpbmtfaWQiOjd9/70136c0b5712a2c3b847339f42900a91aa2b37288545d58f501c580773ea84c4

Analysis

max time kernel
298s
max time network
311s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6ImRnVEFvUWNCQU9TdkYtT3ZGd0dNc2dNM2dtVWxnZnBoSTVqRDVPZz0iLCJocmVmIjoiaHR0cHM6Ly9oZWxwLmdvZ2V0LmNvbS5hdS9lbi8_dXRtX2NhbXBhaWduPURyaXZlciUzQStBcHBsaWNhdGlvbitSZWplY3RlZFx1MDAyNnV0bV9jb250ZW50PUFwcGxpY2F0aW9uK3JlamVjdGVkXHUwMDI2dXRtX21lZGl1bT1lbWFpbF9hY3Rpb25cdTAwMjZ1dG1fc291cmNlPWN1c3RvbWVyLmlvIiwiaW50ZXJuYWwiOiJjMGExMDcwY2EzYjMwMWU0YWYxNyIsImxpbmtfaWQiOjd9/70136c0b5712a2c3b847339f42900a91aa2b37288545d58f501c580773ea84c4

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1492	firefox.exe
Token: SeDebugPrivilege	1492	firefox.exe
Token: SeDebugPrivilege	1492	firefox.exe
Token: SeDebugPrivilege	1492	firefox.exe
Token: SeDebugPrivilege	1492	firefox.exe
Token: SeDebugPrivilege	1492	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1492	firefox.exe
1492	firefox.exe
1492	firefox.exe
1492	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1492	firefox.exe
1492	firefox.exe
1492	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1492	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 2988 wrote to memory of 1492	2988	firefox.exe	89
PID 1492 wrote to memory of 3600	1492	firefox.exe	90
PID 1492 wrote to memory of 3600	1492	firefox.exe	90
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 468	1492	firefox.exe	92
PID 1492 wrote to memory of 4016	1492	firefox.exe	93
PID 1492 wrote to memory of 4016	1492	firefox.exe	93
PID 1492 wrote to memory of 4016	1492	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6ImRnVEFvUWNCQU9TdkYtT3ZGd0dNc2dNM2dtVWxnZnBoSTVqRDVPZz0iLCJocmVmIjoiaHR0cHM6Ly9oZWxwLmdvZ2V0LmNvbS5hdS9lbi8_dXRtX2NhbXBhaWduPURyaXZlciUzQStBcHBsaWNhdGlvbitSZWplY3RlZFx1MDAyNnV0bV9jb250ZW50PUFwcGxpY2F0aW9uK3JlamVjdGVkXHUwMDI2dXRtX21lZGl1bT1lbWFpbF9hY3Rpb25cdTAwMjZ1dG1fc291cmNlPWN1c3RvbWVyLmlvIiwiaW50ZXJuYWwiOiJjMGExMDcwY2EzYjMwMWU0YWYxNyIsImxpbmtfaWQiOjd9/70136c0b5712a2c3b847339f42900a91aa2b37288545d58f501c580773ea84c4"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://e.customeriomail.com/e/c/eyJlbWFpbF9pZCI6ImRnVEFvUWNCQU9TdkYtT3ZGd0dNc2dNM2dtVWxnZnBoSTVqRDVPZz0iLCJocmVmIjoiaHR0cHM6Ly9oZWxwLmdvZ2V0LmNvbS5hdS9lbi8_dXRtX2NhbXBhaWduPURyaXZlciUzQStBcHBsaWNhdGlvbitSZWplY3RlZFx1MDAyNnV0bV9jb250ZW50PUFwcGxpY2F0aW9uK3JlamVjdGVkXHUwMDI2dXRtX21lZGl1bT1lbWFpbF9hY3Rpb25cdTAwMjZ1dG1fc291cmNlPWN1c3RvbWVyLmlvIiwiaW50ZXJuYWwiOiJjMGExMDcwY2EzYjMwMWU0YWYxNyIsImxpbmtfaWQiOjd9/70136c0b5712a2c3b847339f42900a91aa2b37288545d58f501c580773ea84c4
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.0.1180164552\1423375781" -parentBuildID 20221007134813 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea441fbf-89e8-42ee-bed7-aa478c2a508d} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 1996 186edcb5858 gpu
    3⤵
    PID:3600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.1.485723558\492976129" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9defb949-c993-436c-9ff4-b69e8a5111b7} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 2420 186edbfa858 socket
    3⤵
    PID:468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.2.275483623\519391733" -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 3232 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e2cb14b-4c08-4f85-bd3b-3a47c0c41d45} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 3020 186f1cd6658 tab
    3⤵
    PID:4016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.3.1455275227\1825596145" -childID 2 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6e20333-9ec6-419d-8f5a-268bf8141674} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 3876 186f2dafa58 tab
    3⤵
    PID:4020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.4.217529938\816793427" -childID 3 -isForBrowser -prefsHandle 4664 -prefMapHandle 4484 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e22f593f-9ab3-4f48-9117-de92028bac03} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 4676 186f3f24258 tab
    3⤵
    PID:3592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.5.1138474509\258996631" -childID 4 -isForBrowser -prefsHandle 4928 -prefMapHandle 4924 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {caba5822-c108-4d7b-a78c-092559f41ed1} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 4844 186f3f25458 tab
    3⤵
    PID:4548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.6.2076467432\1049120215" -childID 5 -isForBrowser -prefsHandle 4904 -prefMapHandle 4848 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bc761dd-718a-4a81-a65b-9acf20c1884f} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 5092 186f3f27858 tab
    3⤵
    PID:3680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.7.1854588895\493298283" -childID 6 -isForBrowser -prefsHandle 3312 -prefMapHandle 5464 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d93b1fae-6f72-4843-b298-cf4688b2be15} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 3276 186f3c11e58 tab
    3⤵
    PID:1452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.8.513009743\654005042" -childID 7 -isForBrowser -prefsHandle 5724 -prefMapHandle 5648 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f0c96e9-58aa-483c-9d00-38f5b9743f23} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 5712 186f5358f58 tab
    3⤵
    PID:220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.9.130050767\1351055187" -childID 8 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 27346 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6aa2689-bc33-455c-971e-71876b95e3c6} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 2864 186f3c91a58 tab
    3⤵
    PID:5224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1492.10.1860793462\1706050216" -childID 9 -isForBrowser -prefsHandle 4676 -prefMapHandle 5208 -prefsLen 27659 -prefMapSize 233444 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f0712c6-18b2-4efe-97f4-87da7fd47480} 1492 "\\.\pipe\gecko-crash-server-pipe.1492" 4128 186f5358958 tab
    3⤵
    PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
281KB

MD5
5688df2bf4363076614c55c9d8fea022

SHA1
f2a3dc72f23fbf9d093bf3aaf67e4376541195bf

SHA256
2f1efbf2bb128187d2c6f0fd981b1a918298fa363b9232b06137c1895586ee4c

SHA512
44106c9b5a607fd2908623e1d9998a026060df2219e8016092d0fddfd3796fb3408774e97eefe9753b1b59793ff9350352d4a0fafaf1156fec12c34c757100c1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
4fcd94eb7cee3835141160f4b4da2f51

SHA1
94926952dcb7424417a1a15c42d9ac17bfe7c310

SHA256
944862450545ce18c1e5f7aa94db0a78a5c88e5b6f1f042b41dc72c51aeec5b1

SHA512
c799ae67bc400bae7232d05788c939b620e090c30128938f6ebf84126c0d1d0812ce870386c473d545cc6409ac9754f8b2d62a4b04b8c783e75eed207af0d7d7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
ea0e426a791ed7a69437d11e0bb6d9ce

SHA1
dbc9d8b20d418582fed36fe906b3bb3b7ebcf8f3

SHA256
133f8ff9c91b0aae6dc56c7a4a34840babdb5b54cf6a437981b987d9fcc05693

SHA512
c4262efdfab1e7f21628bdb644ecf4f6beea3f7dc3e6302d0b03a9aeebf39323a840879a2c4ec91968d472b9c73f013edd369e7cd1f7a53de956ed6c70e13a91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\bookmarkbackups\bookmarks-2023-12-28.jsonlz4

Filesize
942B

MD5
990a779e41ef21495a18baa1cd6c9d59

SHA1
7a627193f490947a0c201138915126c325d4b997

SHA256
63fb4e23fcd9028d79aa2ff0e2dadb6754e459b8272275686da3a6c323370de8

SHA512
309c98a8b8fed798edbe48cb2cb039a182e86c8e70ad658a6feee43cba3544d850c925564c089795959f6f3fa166ef80b2d1744aeba776a30fc4523502461edb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b9333da915536335f7837155351d8785

SHA1
9cbdd9f401b4b6efec90fcc56880319b13e0a01d

SHA256
04066027f8684cc7e6fb152326048b3514928e0527eb749a59226f35805dd410

SHA512
634dcb8efe6071b27304855f70c6a1c7ef34a9e654900041abd359c46b1f2f695a980487c04e43fc3fb07c25063bda974540b02e9ca5ede7b06714d6a0cb0ea0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\18c637a0-8b0a-460b-ae62-2898c00659ed

Filesize
746B

MD5
39fc83dea503179eb5b8f4b0c40b2c90

SHA1
eab3e6310f5ee868c2b759ba2c8aa4a41f27ef55

SHA256
5dff246945b5446acbf78c73884cd394b709385214e89fb9ea50cd9a1f2a6a4d

SHA512
551d011af06138be1b7405185a0707da04a9d0efbde51fb3c4e2c228f17c8b9bd16921150c77485938578102fa8c54e3fc25da5911261f2319cb8a9d55cbda4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\c0e96992-51c4-485d-b94a-986a3a53f66d

Filesize
11KB

MD5
113dbd767b8c3805e2041184ebd0c8aa

SHA1
f23a8659e9d84265cf1f46039e74c7af4392a63a

SHA256
8c15b1a67ba9dd347ba7801f0a4df26af642e429a932c1567383d78beb8bc559

SHA512
47c4a8793e88724b31937dc5efd840fa0784588e1aee6c9fce5f6a2940872acb0d9ceafadf2fce1ea2658ca7fff1313699d0f6441928b1129cb434dbed75b558

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
732KB

MD5
51d466d26d007ea4b606241e10c9ca42

SHA1
da3948af23149c4e422eeebeac69dd881d69f65d

SHA256
61a91a387418776a2a1fc8cf4e8fe8583987d1f3e927e429abeace1a0a9bd3ed

SHA512
300234445689f8771f3335f026f7fe591c041dec1ffec41127dba1557480927cd735f92b80ceb5387c7b2d4b78ea9468f63ccf2b846fd7caf03721ff65eee631

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
90KB

MD5
b0657361e8581b6bd2c9e0bf3ea2ff6f

SHA1
a50945237dc34db17cd836b7dd90f999d8ae8121

SHA256
5cc0ed26f93323d34f6ff10ad96054eac92324f3e68c61dd2e91078bc3fb3546

SHA512
bce7eac289fa6bd439bef4bba1122c514714d41086f754fb5c5c6251c78853ce62453de99a2a7ae4845154560975d1bcc61f4b0ab2f35528ff510d1913fff22b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
6KB

MD5
77ac6ee73d5053d045e201caeb7156cb

SHA1
fa29325b6784451589e877f87edf484fbb3f749c

SHA256
4146f467e7580857f9f0e45756e08ecea2e979038f7e622667c72fdab3355a86

SHA512
3db4aca95fa86dd680b4f238636218e2e7d47d94c30b383db4d8a7e124a1ea8e454475bdee29090eef28b0de6b9a00a2b157536ba3dc8e1cb31d3403d727120f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
7KB

MD5
01498ca9049b7f82ea58793bddb4b6a1

SHA1
a8d02ea8e32a3df5c3a6ebdc6ed55ce0e4149fe1

SHA256
3b1fb6754ebab1d6a36ecd47ec473f1c89e2cbcfa995b3cfded02ecdf6b86b4c

SHA512
c3338ba982acce3fb01df7e8ab4f67dbe4d0d602661dc26604ea241772a558d15282f7fcb666fe6b0397f4bc74783775c9ce29283f4bb1cd3daed7d3b7440418

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
6KB

MD5
ffde72ff05339905a5e397acbf06c50f

SHA1
6ad08f385d207bb094457dda802480dec2c3914a

SHA256
a96c9ac442eb68f35fe129628069f278e5fc72661422fdc4351e4d8a16bb09bb

SHA512
8676068b1be03329d8b39cf0171aa0898dc7d1925d429e15459d5c73206855987ddbb86e98188d11042f2cd1298ef5e2365c39dc26def1d7e51cde123aa60e86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5951c2b43625d178aa99a144a5f1b408

SHA1
07c639dc396086f6f3830a18842c590ed97b941d

SHA256
9a9775f3ca283ce2bc134e18b6036991e98fbdeb5984f7776c13b3d88942bc28

SHA512
1cac99aafbb6b71c75429262fb140f8d9faba2e430e12b64a9214e5d43e45756351a831dba3e082dad400dcf6b5f9f7129838f17b713585806508605bd360fa5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
caa0c35d2cff6e903ec685ec24e3268b

SHA1
a5b358c3e7471496e8c80778977eda1c05878bb9

SHA256
bf51a015daf37833d30d3f13e962e922cfa907c2bf10252be20dd18e212d9a90

SHA512
2347622d9871998f9c337f82ce72fbeaba4a432d342ffd10b6d44c26f48f1b831ba53cf437fa405583ae901e08d23b861fb7182921b405077e98a9334d27af93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d97ca30782b04f7aae3452a4a8288798

SHA1
b3936f8d6271c7ebe30dc7ad9f9c53362155a953

SHA256
e4742f3de3cef97994ae90b128acdf0551ab372ced7abb3fc4f72cda39642aef

SHA512
3fa0e326da756070410db8c385d8aa2f30e2fc871340df3ef5666b5c77043fdc727a9a99b06bbb9dd401ad6a5443d1dc3ea402b29d89d24b9ed32c2b5bbd1e19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\targeting.snapshot.json

Filesize
3KB

MD5
51a23b9b3f34ab90e5e7db9e26a981fc

SHA1
01f80d3af63f364cc8ad107586f12a34fdaa5b76

SHA256
7d69c2a88f7730932e8406330a9b25a4f862cf3012604bf5cae0c0cd40eefe1f

SHA512
fdeeb6f0561070f0f90f74c6c653e2926a5963b687f6a7a610d00c49de88ac9fb2aaa5163fb5eabe00c2017e87090770297ef91edfe310df41e11a7e9f0eadda

Download Submit