hxxps://dpulclqbyay[.]s3[.]ap-southeast-3[.]amazonaws[.]com/dpulclqbyay[.]html#5RzuIn6786WgUJ486onfvsuxzya1681JDBDYGYYKSMUQHF248372/729434E21#7gkrgoxdn054py1aedraq4xk2pqtlkj6ncm6o3tfnq0bvhvfsa9y2psuagztei9bf

Analysis

max time kernel
613s
max time network
632s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 00:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://dpulclqbyay.s3.ap-southeast-3.amazonaws.com/dpulclqbyay.html#5RzuIn6786WgUJ486onfvsuxzya1681JDBDYGYYKSMUQHF248372/729434E21#7gkrgoxdn054py1aedraq4xk2pqtlkj6ncm6o3tfnq0bvhvfsa9y2psuagztei9bf

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	2916	firefox.exe
Token: SeDebugPrivilege	2916	firefox.exe
Token: SeDebugPrivilege	2916	firefox.exe
Token: SeDebugPrivilege	2916	firefox.exe
Token: SeDebugPrivilege	2916	firefox.exe
Token: SeDebugPrivilege	2916	firefox.exe
Token: SeDebugPrivilege	2916	firefox.exe
Token: SeDebugPrivilege	2916	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2916	firefox.exe
2916	firefox.exe
2916	firefox.exe
2916	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2916	firefox.exe
2916	firefox.exe
2916	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2916	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 3256 wrote to memory of 2916	3256	firefox.exe	91
PID 2916 wrote to memory of 1592	2916	firefox.exe	92
PID 2916 wrote to memory of 1592	2916	firefox.exe	92
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 532	2916	firefox.exe	93
PID 2916 wrote to memory of 3092	2916	firefox.exe	94
PID 2916 wrote to memory of 3092	2916	firefox.exe	94
PID 2916 wrote to memory of 3092	2916	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://dpulclqbyay.s3.ap-southeast-3.amazonaws.com/dpulclqbyay.html#5RzuIn6786WgUJ486onfvsuxzya1681JDBDYGYYKSMUQHF248372/729434E21#7gkrgoxdn054py1aedraq4xk2pqtlkj6ncm6o3tfnq0bvhvfsa9y2psuagztei9bf"
1⤵
- Suspicious use of WriteProcessMemory
PID:3256
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://dpulclqbyay.s3.ap-southeast-3.amazonaws.com/dpulclqbyay.html#5RzuIn6786WgUJ486onfvsuxzya1681JDBDYGYYKSMUQHF248372/729434E21#7gkrgoxdn054py1aedraq4xk2pqtlkj6ncm6o3tfnq0bvhvfsa9y2psuagztei9bf
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.0.957987598\1120950145" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1844 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f27d0a63-4aa3-4cfb-bb5f-a8bf2fb8610b} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 1952 2250abd1d58 gpu
    3⤵
    PID:1592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.1.906540673\1168521115" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72485f28-4b28-482a-8965-a9272e0980f6} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 2428 2250a24b358 socket
    3⤵
    PID:532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.2.2043951500\197784397" -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 2988 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac4bdb36-8f26-4920-92c6-00385531a160} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 1688 2250e7c3558 tab
    3⤵
    PID:3092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.3.224007157\2005595589" -childID 2 -isForBrowser -prefsHandle 3428 -prefMapHandle 3600 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e465822c-de8a-4a4d-b581-6687d6518fc4} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 3640 2250eddc758 tab
    3⤵
    PID:760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.4.847994230\768765770" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4972 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52beaaef-6e60-44b5-8396-9e42a9b96771} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 5032 2250e82e158 tab
    3⤵
    PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.5.1274346754\590384503" -childID 4 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9617d387-482e-46c0-8251-6357cf375801} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 5160 22510c60b58 tab
    3⤵
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.6.1188856221\671715542" -childID 5 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08f37e24-1bf6-42e1-9003-9fbe63f493fe} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 5352 22510c61758 tab
    3⤵
    PID:4112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.7.292707748\831363792" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 4508 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92050067-4008-44f5-aa55-efa631219e1a} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 3344 2250e8ab258 tab
    3⤵
    PID:920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.8.1764684770\2079918114" -childID 7 -isForBrowser -prefsHandle 3248 -prefMapHandle 3292 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f13f395d-58bb-4364-a676-0e851f6b207c} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 3368 2250d175858 tab
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.9.1492283566\616061471" -childID 8 -isForBrowser -prefsHandle 6072 -prefMapHandle 6068 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee2f096-22e2-492e-af6d-b7b7e3d40d98} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 5960 22511eb9558 tab
    3⤵
    PID:5928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.10.1835190772\1913857311" -childID 9 -isForBrowser -prefsHandle 4708 -prefMapHandle 4704 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e74b23ba-22d6-4f21-b1a6-81d42c1967db} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 6024 22511927858 tab
    3⤵
    PID:5756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2916.11.1767618432\2145413409" -childID 10 -isForBrowser -prefsHandle 6232 -prefMapHandle 6096 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1148 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e1ebdae-21f8-46aa-b523-02d8df5eae0c} 2916 "\\.\pipe\gecko-crash-server-pipe.2916" 6252 22512a59d58 tab
    3⤵
    PID:6092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\doomed\9702

Filesize
9KB

MD5
be44b8185a814614eb0aeb4a7ce9d1db

SHA1
00174d23dfd25104051afcf2467a5dd2679f41af

SHA256
027092bf960ed5e08cdc05db1ab18f1073245c95ce0e7ac5c8a726edff227768

SHA512
bbe53ebbcac68b8c7890983331d84d96f02944e71e215d614ad564e8149abd38288b728d75240d43c2d101c43abb8dba111347ea287ed8826ac6e071e1afbead

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0etkwu5l.default-release\cache2\entries\75618D4814E59EE271AAA434B222669E870291B3

Filesize
59KB

MD5
013886af4ca4a2e9e5c09af229671895

SHA1
072d1f0adf4bb86f8848fdea958c842497d957d3

SHA256
dd5bf79340c273a535ca86a4660c1c49e10081f49c4e06b8679709c1e4e61e6b

SHA512
13627db05ce4cf39845254d754517d59ff5246b6f3976cd96446fc23ee01522fc497a156001e9d882308e862bb1b3923b75c2ec9c19087df38a8da4c455ed22f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
4ec7e5b4e6c242bbed9a256d792378c2

SHA1
450d9a24d173c8428568653284ee4ba9ff77dd3e

SHA256
3f052fad505bc304ee3430282df0e3bc0ac284fbe6528bb0f78981221e11219f

SHA512
a1de377663229eb4f88fcf5c79d4e9d7b2a22ea62914196675a471d6bac366b21d7d2d60c7ab0cbd02cf7436de2791f98cfb3e29c48ffd4bc9bbb356d7890765

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\SiteSecurityServiceState.txt

Filesize
544B

MD5
3ade1454fe416562b381d2f89252f60b

SHA1
22613d95a6870878e51afb2201595529eb28ff88

SHA256
08ee2b4d84cde8bc15d584fee1ff86e73e39ccf8fde98336c9faec5df0e440ac

SHA512
a4d78fee7c1fdfc4b22de4c741272ad20afcb0cbe9cbb6a4f7c6458b17ad45d023e168c87168c962511813361ba2a56e89a4149b023b5d4cf35118c9ac502ed9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\bookmarkbackups\bookmarks-2024-03-15_11_UV+VfokoahLxAwotieqjbg==.jsonlz4

Filesize
947B

MD5
7954d2d919bbce9bb2c4b6eccdaab27c

SHA1
1d40084343efc8360f47aa41eac14c17ef337ac4

SHA256
7c0bbb04b37d1742547bd6e53a6c12065986d2aaecd09d2e2717eab71b21ffdf

SHA512
53a78ff46cdd89129a3e0c92d02d1b6292d9e28864a0b3ff935045185bede8520b5b1264171a2f1e3e2d0663c35012f7e0733dca09909dc18ea733adad112ecc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
d69d9e144c5d7372dda6c9d60c982cf7

SHA1
25bce07a68282c390d72768a83d138a2c32c6201

SHA256
1aafc2c16f0ede0bdf53c392405b54e3af9227363ec6a0d1ef128f94cb703a1d

SHA512
424057dac38c67d5c4fcb0ef84301142baf0e1b2d584bc9973b061f511885fb13a92394bc1576aaffb783a8c5e403649f62e39ed19179d83007fb62d9295adad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\0aedc062-d44f-4f02-af07-d8c28a47f681

Filesize
734B

MD5
5bfd859bc8bd96aad68bd092afeafa89

SHA1
812ef1452c5a331ef550edd43419e49e0329c838

SHA256
c06bfcedc1f3caad5f9e9b1731d8d9b4d530f2df48ea3af9e365aafd0674941c

SHA512
8a0a77419dad75fee6a6ba98b6a949bf644d4b44549bcacaa58cb6b2a06d53b381351c7b112a3f27208320d802893a668c6ca713b6a3ae5924a47fe1b1cfc64d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\8189ba00-28a0-484e-b8ae-638c4de54b2a

Filesize
855B

MD5
9547ea1a2b55664b72a08ec68e9680b3

SHA1
f51299b971fbdbc81900c8709a5160b01b08fcf4

SHA256
57c1f62f559059a9cc699eea79162493a43be126975723d8750dcdfa62d8ee49

SHA512
5e0b9a67f84425a6b10353513366329153575451529cf96035959c67c46b13430aff110fdf0488d40db093f3a6654812d7ad8476d2c3f27dea9167dd4d849d8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\b6c10747-53b7-440d-af98-eeee1eaea9b3

Filesize
1KB

MD5
4388240167486ada51b7e06f742b0c16

SHA1
09035ea25b15e329884bbe486843644a864d5f9f

SHA256
2c094cd9a8bac9926b8219ba26ffd27eebac25c7073ab82be1d006567a03f82e

SHA512
8c29d8f8c07ace4591a65fc7ccdf6d9b64d6a3e583e1fd3d85b0a35208a065f88082cfe65a27e699055356033466aaa6e4703c4729a1531b23a43b26fc9efd32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
6KB

MD5
ad1b46f5f82e188005d2bf004f32bde4

SHA1
14377bc6bce53f79f89871400dfa534c79522edc

SHA256
0983149e8bb0b4351d20aa3d3103f0e2b1c261e3664d830d828786e9c3525fea

SHA512
e1e688c018ec84929d9d9b20810b9ec2a6319824547b75fc95171fdbc9ada1bd77b1dcc26767392d3eea330fcd8ce51cdff6c3642aaf77becfd8507f85cf2b5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
7KB

MD5
07f13c179792302840167425efcff8aa

SHA1
316e14b6bc60dee3171f37ad6b2a994b4adcca1d

SHA256
522d6e15c3505c98d429519710ef65594b208572e2a629cce6986d9d977bfb50

SHA512
8cc26fb13774ec72b76f64f0982e29ccef59e494e0c0f1ed07e85c4ae54e93e187f4268aa11b804fe5422322484db04086a2044e6fe9fc99bff58c3d5194298a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
6KB

MD5
9967198a463c327fe4d52f488f29d4f3

SHA1
b629d579adec584366422179aa31d4b530449a48

SHA256
7c8c2d62f441e23165cb425f858bd3b664326ce4849cdd05298c41c1d8dd1b65

SHA512
8a9d46f2ad8ee512e68ade7cf542426a04fd4bfc456c0cbc5b6492d663828b2e0e9ec1ef7f00d033147e04d6cacbb5063b8f54dbe54926c54f39f3a8fbe60fe1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js

Filesize
7KB

MD5
c8d01214198b20a911800b66e104688b

SHA1
9d55ea3b6e189d74b3c21137c240d420822d2118

SHA256
5ae4d579bb0069d7da8d086d0a8eb995b683e9159fce7f1192254299dc1661bd

SHA512
542548d786a5420ae8eb58723260d1e6dcdbdbf7937c93df4357d03a260757a5f82e8b9f9d0c92e9e60356d0265fe73b80b0ebc06f12130515f10314ddb6da0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
d07670c00a34d5231ff92ef2bd459543

SHA1
e18390d3718bdbd1e269b89242bbcc262fc6db4a

SHA256
38594619f7b917e30dd3f4b708acf08e4eae2a893b332718a74d942fa5702ec9

SHA512
9f487f854dad0b5ba81c16846f459d77b79556810134d70eee8eb86699bc4b2054c49d44a869f4303d8ba9f1a3d5c6eb503f81d6e2227d00b36a13dc145c9380

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
91eb6f34146c6f11a5c44495fe0cf50d

SHA1
c13928180494870b59c746933636a71254ac16a3

SHA256
c2a336f36c631015a7b9352d638e14f092f9da0017fbe8dad98a84435d1f3429

SHA512
68e0bfc079abf740b5117ae407cad7807dbb166022ffb088aa0d2078c4c9b7f0dadff0934cae4e808e98269aaf50be3b669ff87c9e6f7b5d2f97355983b48bca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
cf26555472d105dc92f16718d649e40d

SHA1
70c87e3fa0ebd16765389256a89c68ed0c974066

SHA256
4dbee7e1d6c07cd57cab3496d2ca127b6f6c34133e2d11334c5d625bf1aa1d6c

SHA512
a4ecb1ca8afcb7f8bfc3c56f01935d51cf325054e3c09f5be79bc854a2ba184ae23d805d53782a83dd99c6f1ac29c1af358719203004fe3c7bee81aa7699f212

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
261ec62b9b1bb2806d8db1db6f720e3a

SHA1
f687adb34909fffe9913c2602206153af11b4d13

SHA256
445d56c706fa22753fb426f19a1cde19ee5b239a7bbd77524d70a44f6b8d14d3

SHA512
b086756b2e3da8d094552337b8440be1e7456643a3ebb6a676d71827731557e23cac299e883d480e1556d16a38f418b077b06fae0b6a619f8131019cd96391fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e5fa499eb79a33e66deadf0b068cce34

SHA1
658078c9565ea7d4e7bf21ba0006240f8e4f996f

SHA256
d74ce58b2800467b6ff19f056cc8d9bb5ca0d353b1dcfe0666850524998b0b7f

SHA512
807903027e8c443dc5604449315eb50abc4f8c9a6a72cf5319bbb5989a0aac2c4a231ca3c146260d3d8b2279202fd7ffd5ce02d1609bbb45a16cdb68ca035b9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
89b8f02971c5d82d130525a59b20c5cd

SHA1
469761af87cc3d197a87f90a8b5a191567c9060f

SHA256
6cb83655c8c35c3346575254590cc6556cda5a4c13328709f799d537578de3b1

SHA512
714678f3c78de5ce9d2edad0745fd7e20eaa3edd254f4d7b9e6bbf5612e2eb7c023d37f7967bec62cd6190658f18fc870c3c2bcb062c2b1d4cb1f1a6e022a553

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
1a37f91ffdbcc826db16a4c6440a9d29

SHA1
53b22b34df45e3fb0ed0a8680c75cbc7834c0348

SHA256
18367c1e89262cd2ced8e20ec9ae0ce10ccf9a1b01fd2502e3eff0960e306f7e

SHA512
03c00c05bcca2e5f9cb60a5bfaa500cfc76ca361f6b28c3a1be62ee5348f749a48af56a2065d7795f5dcb1f8e1bc3fa7c84079df5f77ad374254da09229a3e73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\targeting.snapshot.json

Filesize
3KB

MD5
36209dd3f3f755aec79163d427ea6247

SHA1
51297b8421af7262657d8d3eb33bc8cf8500782d

SHA256
3347015be5410f552bb54db3a6dbe146c6c99feb63e70abf868e409bbca71f2d

SHA512
eb611865f0bdb55a39b7bc8b99b316eeabcf872311231c21a45b97fa0f14e014e29178b91ba4191ce7c23d14d021f988fa4c635f12c2f64a6361312621053d92

Download Submit