hxxps://nkh46vwy[.]r[.]us-east-2[.]awstrack[.]me/L0/https[:]%2F%2Fall[.]accor[.]com%2Fhotel%2F1134%2Findex[.]nl[.]shtml/1/010f0190a2288d53-2e6af24d-3884-4ad2-a2f7-b897ef7a3d85-000000/zBRsMVTIF3pN3WtKsiv2fpLHJ4c=167

Analysis

max time kernel
121s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
12/07/2024, 04:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nkh46vwy.r.us-east-2.awstrack.me/L0/https:%2F%2Fall.accor.com%2Fhotel%2F1134%2Findex.nl.shtml/1/010f0190a2288d53-2e6af24d-3884-4ad2-a2f7-b897ef7a3d85-000000/zBRsMVTIF3pN3WtKsiv2fpLHJ4c=167

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4388	firefox.exe
Token: SeDebugPrivilege	4388	firefox.exe
Token: SeDebugPrivilege	4388	firefox.exe
Token: SeDebugPrivilege	4388	firefox.exe
Token: SeDebugPrivilege	4388	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 1228 wrote to memory of 4388	1228	firefox.exe	78
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 420	4388	firefox.exe	79
PID 4388 wrote to memory of 3836	4388	firefox.exe	80
PID 4388 wrote to memory of 3836	4388	firefox.exe	80
PID 4388 wrote to memory of 3836	4388	firefox.exe	80
PID 4388 wrote to memory of 3836	4388	firefox.exe	80
PID 4388 wrote to memory of 3836	4388	firefox.exe	80
PID 4388 wrote to memory of 3836	4388	firefox.exe	80
PID 4388 wrote to memory of 3836	4388	firefox.exe	80
PID 4388 wrote to memory of 3836	4388	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://nkh46vwy.r.us-east-2.awstrack.me/L0/https:%2F%2Fall.accor.com%2Fhotel%2F1134%2Findex.nl.shtml/1/010f0190a2288d53-2e6af24d-3884-4ad2-a2f7-b897ef7a3d85-000000/zBRsMVTIF3pN3WtKsiv2fpLHJ4c=167"
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://nkh46vwy.r.us-east-2.awstrack.me/L0/https:%2F%2Fall.accor.com%2Fhotel%2F1134%2Findex.nl.shtml/1/010f0190a2288d53-2e6af24d-3884-4ad2-a2f7-b897ef7a3d85-000000/zBRsMVTIF3pN3WtKsiv2fpLHJ4c=167
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1928 -parentBuildID 20240401114208 -prefsHandle 1852 -prefMapHandle 1824 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b80d1fc3-2d80-45bf-b78e-d6ac4ba25002} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" gpu
    3⤵
    PID:420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2340 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcddc1fd-36ef-4610-9e65-b8d68e0cf04e} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" socket
    3⤵
    PID:3836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2816 -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2820 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c17d75b-4f7c-461f-b9fd-41ccb0717954} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
    3⤵
    PID:1500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3380 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3400 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d236c2ad-55a6-499b-9d27-147cf8a1fcc5} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
    3⤵
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4204 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4228 -prefMapHandle 4224 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dddca517-eeef-4e2a-a08d-107eb0c7f98a} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" utility
    3⤵
    - Checks processor information in registry
    PID:784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 3 -isForBrowser -prefsHandle 5356 -prefMapHandle 5304 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3010b823-aa18-4db0-9730-a5e1a0702b40} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
    3⤵
    PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5280 -childID 4 -isForBrowser -prefsHandle 5500 -prefMapHandle 5504 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37d01651-d71c-4d2c-87c4-4c4174083c27} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
    3⤵
    PID:1400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5676 -childID 5 -isForBrowser -prefsHandle 5684 -prefMapHandle 5688 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c263546-ee8c-41da-82bf-8ab8fad6146c} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
    3⤵
    PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3060 -childID 6 -isForBrowser -prefsHandle 5392 -prefMapHandle 5524 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {166d362a-99af-429f-9e9c-feb547ac3874} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
    3⤵
    PID:4376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6056 -childID 7 -isForBrowser -prefsHandle 6064 -prefMapHandle 6068 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fdf5112-1db3-475b-92ef-cdaf6e85a5dc} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
    3⤵
    PID:1132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6452 -parentBuildID 20240401114208 -prefsHandle 6468 -prefMapHandle 6464 -prefsLen 29318 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a81dec74-b593-4e2a-9bb3-9f8aa73c5b53} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" rdd
    3⤵
    PID:788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6456 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6480 -prefMapHandle 6476 -prefsLen 29318 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {532ee50d-8680-4f86-8b69-26d0a71263fd} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" utility
    3⤵
    - Checks processor information in registry
    PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
c0c042fd909d01cbe14b897e57ab0f91

SHA1
0dc7ece780c269b93ba0da34b9c17ed58bffb212

SHA256
d63da1ef279f2b82a2203f8f03275fa1c6f3172cb12c4ab0a7b28cf7180e09d6

SHA512
6902942ce071edf34d0b388d1ad7d20aefc6510de09b927d7a23d6af05e57ad1193945a9b2157147236369d690dce75b0e33b121ae01178a364424e82f8afc32

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\cache2\doomed\23314

Filesize
84KB

MD5
eb889355bdd5dfcd6a6c277bd09a33d7

SHA1
4732141e087351ea833f2c5ff9076c8bee5c16c1

SHA256
4eba53d2ce05057496891d3e2e0d7438dc51e2b8794547b582a3d6c51e6d0716

SHA512
f35eee21290683ed11b8b1fb3b8a162861dce23c14e29a7a0aaed4f2289c1442361085d38edd4f56eb11474b38a0ed762833eade8acfdca472205a1ca9beafcb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
ee0909c6634153b840f8048480c33a9a

SHA1
e139127705d1be8997f2cae58db5acbfea916063

SHA256
a80cf08558dc7f975d30126de75b369ff2d57f44a78b7f0de83d7422334f979e

SHA512
5491c9110d9f6c12a8a87e2c6f9f459ca38237c7d91845d913395540f271cc06ea2c054acf7be8ac2d3c23a5e82d60f485634ae31ede47a15d9d1287e547ea51

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\cache2\entries\61D1AA67A2313CB935602EC3219DA0358B0447E1

Filesize
36KB

MD5
b576b902671d8f9f60b97499bb1b0940

SHA1
5cc12ccf247f2feacef5839f81f1d177396a8050

SHA256
7ee10d0f59956f1eb562e399dd84b4e1dfcabcd7fe7d084204ccfc769248d7c1

SHA512
245cdc9bedd5559e0c87eb60e7979c475e2b27e787bb836a4142a58d392d59a039ce5e4a7bc2ab29d0ed7fa9715589c7e8f0d38279d1a1b46f3d5fec89ff5a40

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\AlternateServices.bin

Filesize
7KB

MD5
ec160f60824079c72d6b4a7fd645a148

SHA1
a29e2559dec9729dc31058e24a24b128a708aa5b

SHA256
3a88abbc9028e05d9c47fe1eb40335aa593459c8d7bdad1aa4b6e50c7ac25b06

SHA512
b6c7d2d863a7a69286f6da29034ab2344f6d7f2b8b343fa51731f26169da5b2e52e9c0dffd45420ef5475ec4ada013df5f8e065ccc5913d0d9af16728c1e972e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
bcbff4c547557f9208b0cc687ca8f47b

SHA1
034c4f3b5b88724fcfdfeb91b1464d1ba73f7e24

SHA256
43ef630497c2f46eda896fc824b41293e483e9ed77407562745d86a9d6131458

SHA512
125e5a6bd146c400b034f4f1a3ea75c64b5c022118f9d2e2e84e1bfca7439404f93f75e192b0c540e05eeac47ebc2ade7a051777c1015bab45ebdadff1ea4c3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ce4d68ab560cb9a9e58feca9cfc6003f

SHA1
00c77c6e0eeb33d1b14d703fcfa5be1943146bac

SHA256
7dd9d1e19c074248303b5208a3a8498229e2164fc141f03875564358af7a0e74

SHA512
85a4f7dd7b8beb60dbeb26a7a96e1a3d240dfacb06cc6133ae45ee4aad2126f482e1c946227e5c4bd565403b019fde97112e48b6813be8dc2cad85595dcc10e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
71434e47d690bc2528b0a27e04a155dc

SHA1
d51c4abf3f308914aa2b05e64b96d2e20ecb5e44

SHA256
eaa2be210397720517b89be1a9ebe3fd258f0240b9b9496bf859aecc9eef2548

SHA512
11c57514166ff55b7f66f2bca236281de1f206135d57651dba023375fdd70c0b75468faf5aebb541480d17f7fc8c65827336e66e39f9f80156d3c66e1882eefa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\pending_pings\04712847-b98c-4208-98ae-092155b89957

Filesize
671B

MD5
761483aeecceb2c23635bc92580ce638

SHA1
27717ec4afec89818e58d5727b5e0b3d96ae0e88

SHA256
b071f6d7f8c6b0334d944c161bad4f876462a37f5aaf8be97288056b596aeac4

SHA512
f90db65d1dfeff336e8240af792774ce0a59dd362a318938d919d97867b92486381d86892a38b48ef55efc2eff7d3cab5b3a698c97dec4551646a51f797c7757

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\pending_pings\89798196-b07e-4596-934b-b3508a25f0a5

Filesize
28KB

MD5
f28d471f68fcc5a332aef3f328993546

SHA1
9a6c31764d6503207981b0bcfb9824020e789b21

SHA256
d110615c1655db8d14e2f59d40f95a655a039f2c792e4332c2546c90f2904ccb

SHA512
86e9a4077bb1e9c20988306f3aa11d13e039ab6a374b2aefa05ab05494215406b512fba312b30baaec529843901f7dcbc419cab29a67882b29015ebc8978c6ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\datareporting\glean\pending_pings\c9c01f3f-921a-4ffb-8f0c-bfa77e055e48

Filesize
982B

MD5
90ec1356bd6c7300310754eb6a20dca9

SHA1
7274c94f81b40f975bbaa803b785f76dee102317

SHA256
ae034b5d55b409fbf1f7ef3bbda202ba9374c57bdb1428dfb14f3bafffae6781

SHA512
ea3b21fce6334e5ca844c3063d6f43d723514f84ca0375d58bf85f3d0d9f778aae1d6a30898bea52198062148e9a9e2e386ed40b12372aca09f6eeccb2c74223

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\prefs-1.js

Filesize
10KB

MD5
f4a2696512d6fa9032e398b14fc16e46

SHA1
ae0aba9210a4c2e10cd0ee1ba02d5a13036d9f11

SHA256
551cafba45560faf554052753a1d1e07de65587b9a4ded4b4b0ca82b64af2183

SHA512
024cbb8d719d3399a31019991484c8b98affb199252d5dd7a8064509c6f90d158cc698cffc8d79f1219342349a1464923a58cec614ac514e71cd94e267617c1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\prefs-1.js

Filesize
15KB

MD5
c744ba5b521ee719c1085b9aabec196b

SHA1
ffa5f91cb58db4abd30d8946bcd3fbd3862bbb27

SHA256
7c1c5635fcbe8b8438efd4bbd5479afdcf75a4512142467d5f4066497b4c1d40

SHA512
27db8cf9f4b61e0c363d3769976aceb9e74f08e28307f3f36400b52ee024742ea2470689934966150c15cbd7a89cc60ba68b94e70dbbebe5d2182e81521476b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\prefs.js

Filesize
12KB

MD5
aeeaab1b1dec51c8868a62c8e1ad6d09

SHA1
e8a9c493fcfd7782a2cf9d543079f4693d8160ed

SHA256
97e63d2a31c4f4b0c8510c146429cf4819a9953e406f05ae71a08553e2f7c9a5

SHA512
49877e154468cce6675e9d60a55fa5bf0e0b2407de1c9401d35d2e873fc4b44216289199f77ab2902b3d95b4289ac53197339eb431071567078854e53ddd6564

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tu0k8f5w.default-release\prefs.js

Filesize
8KB

MD5
6696262283df5cd4418a3dcedc7b05c8

SHA1
a5919f17598093af51f1212e7f81a14fa097e4c7

SHA256
7debf19fa6e61bb944084f607857ce937a0fa85f7a2ea14443c9d3abfd397f07

SHA512
a364e889e37de24f197f228cb3e65a28e3ce724ca646eaafd20e8617e35125b7223c27f1191417f8d16c4167e563a8cf7ac7e650f405a1f80c4444f45a446dcb

Download Submit