hxxps://go[.]eu[.]sparkpostmail1[.]com/f/a/TeZdKDVSihVahrYyiCrP-Q~~/AAGCxAA~/RgRpNb0OP0QjaHR0cHM6Ly9sb3RhZG1pbi5pbi9kdWUvY2lnYW0vaW5kZXhXBXNwY2V1QgpnRA44U2evTxxnUhJ6YXJnYXJAZmFyaWRlYS5jb21YBAAAAAE~#ZWd1ZXJpbkBkYXNoZmluYW5jaWFsLmNvbQ==

Analysis

max time kernel
123s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06-12-2024 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://go.eu.sparkpostmail1.com/f/a/TeZdKDVSihVahrYyiCrP-Q~~/AAGCxAA~/RgRpNb0OP0QjaHR0cHM6Ly9sb3RhZG1pbi5pbi9kdWUvY2lnYW0vaW5kZXhXBXNwY2V1QgpnRA44U2evTxxnUhJ6YXJnYXJAZmFyaWRlYS5jb21YBAAAAAE~#ZWd1ZXJpbkBkYXNoZmluYW5jaWFsLmNvbQ==

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2644	firefox.exe
Token: SeDebugPrivilege	2644	firefox.exe
Token: SeDebugPrivilege	2644	firefox.exe
Token: SeDebugPrivilege	2644	firefox.exe
Token: SeDebugPrivilege	2644	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe
2644	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2644	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 4468 wrote to memory of 2644	4468	firefox.exe	78
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 1076	2644	firefox.exe	79
PID 2644 wrote to memory of 2844	2644	firefox.exe	80
PID 2644 wrote to memory of 2844	2644	firefox.exe	80
PID 2644 wrote to memory of 2844	2644	firefox.exe	80
PID 2644 wrote to memory of 2844	2644	firefox.exe	80
PID 2644 wrote to memory of 2844	2644	firefox.exe	80
PID 2644 wrote to memory of 2844	2644	firefox.exe	80
PID 2644 wrote to memory of 2844	2644	firefox.exe	80
PID 2644 wrote to memory of 2844	2644	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://go.eu.sparkpostmail1.com/f/a/TeZdKDVSihVahrYyiCrP-Q~~/AAGCxAA~/RgRpNb0OP0QjaHR0cHM6Ly9sb3RhZG1pbi5pbi9kdWUvY2lnYW0vaW5kZXhXBXNwY2V1QgpnRA44U2evTxxnUhJ6YXJnYXJAZmFyaWRlYS5jb21YBAAAAAE~#ZWd1ZXJpbkBkYXNoZmluYW5jaWFsLmNvbQ=="
1⤵
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://go.eu.sparkpostmail1.com/f/a/TeZdKDVSihVahrYyiCrP-Q~~/AAGCxAA~/RgRpNb0OP0QjaHR0cHM6Ly9sb3RhZG1pbi5pbi9kdWUvY2lnYW0vaW5kZXhXBXNwY2V1QgpnRA44U2evTxxnUhJ6YXJnYXJAZmFyaWRlYS5jb21YBAAAAAE~#ZWd1ZXJpbkBkYXNoZmluYW5jaWFsLmNvbQ==
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1448 -prefMapHandle 1444 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae3ea2c6-2d51-492e-8ccc-6ce127cef7f8} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" gpu
    3⤵
    PID:1076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a59bbe24-e24d-4e90-837c-81cd1bf6812f} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" socket
    3⤵
    PID:2844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3216 -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 3208 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64997826-d4e1-43e9-9bd7-77add647da53} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab
    3⤵
    PID:2016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3724 -childID 2 -isForBrowser -prefsHandle 3716 -prefMapHandle 3712 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ddb6a77-084f-43b8-b65b-4821066f4fc5} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab
    3⤵
    PID:1748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4308 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4192 -prefMapHandle 4212 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f02b157-ad50-4cac-8196-7df66722e8af} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" utility
    3⤵
    - Checks processor information in registry
    PID:1744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 3 -isForBrowser -prefsHandle 5396 -prefMapHandle 5392 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a897fea9-c42e-40b3-8627-71961f61c151} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab
    3⤵
    PID:2024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5560 -childID 4 -isForBrowser -prefsHandle 5520 -prefMapHandle 5304 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e2afe33-dc5f-4193-a2c4-4a6e1bf90216} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab
    3⤵
    PID:632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5732 -childID 5 -isForBrowser -prefsHandle 5740 -prefMapHandle 5744 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d28beeb8-90f6-4f39-ba39-4b496b0204f1} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab
    3⤵
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3216 -childID 6 -isForBrowser -prefsHandle 5068 -prefMapHandle 2904 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {444de6a6-0b85-47c4-9328-aa6b428e608c} 2644 "\\.\pipe\gecko-crash-server-pipe.2644" tab
    3⤵
    PID:1836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
32e7ceafa11c237fad64c1efdf4feec9

SHA1
00bf9149395735eeb568265497a739090d1bd000

SHA256
a9750af21c0e9c59d7a13948956bbaba8aee898575d8f6d46ab5b24840857c5a

SHA512
a7eada5fc9629405fa97b7e3260f532c6c7ac986b381203814f17bd4439cc3db65c613d0a8de4062ccd59a13a54d1f97b365d21c035ff39227721c1d0155e285

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
53c4a8edab0d36180f639a8ffb67f2a1

SHA1
6ba3fc29502f66d7c1a906ac6115fe9d7c714a1e

SHA256
9758d4854a18aca3ef23fe3a7cb061b146496a4650379ae6fa55eab5f4cb6a98

SHA512
e0fa3d6eb14e2942fd3b4af795e9c43c7f84b5925e3bffcbb0bc202af4e915e8cce02479d948d24d9b5e596db019d4abcfb656742f84734032a73d0b7f2d6b67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
a3d86783f5762bf255f37c11e2fa1ce8

SHA1
1c6b6debbea141fba97864bc56f4b6d733b44f4f

SHA256
2c6cf8d586510ac6fe52e2bcc4f763df8ebc0053d47453fc43abdc279961a62d

SHA512
c441853e6325cd85cace8a36acb0b0f3ca6b4b813ec78e5b640e1694ce2bb2ea8dd417e0a216fb9de8b5eee7bc0938b208093d7c608cd7a643f9c4fd4ac60f4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vo8scey3.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\AlternateServices.bin

Filesize
6KB

MD5
026b4ac6d49edb64745d422eecd7d002

SHA1
32444458e9e00979a3faf1d47355ab0105fb1fdc

SHA256
e6d7f50ce5db20de7863e8d8e8aab872f174fa328cafb2df91d98d5ddb045e74

SHA512
6e070af3a726268e64b92baf9bbf56ab44009dcca623cb6c30dff421510b9817411347be7fb1a4c3910d44d03ad345254ac0825a59374cc193e4053568a3a1eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\AlternateServices.bin

Filesize
6KB

MD5
48a071bc7636d02e9b9f12bb0fdbf6e1

SHA1
8e5ec831c807118eeb1504a82905ae7fabff008f

SHA256
bcd8fa5cd6a964f1baa801c7515162ca5f64421d61e793ab17d0e4f67dae7cd0

SHA512
b34a25d28590fb3543d17f80ed26dead24563d25798cd39576fbe548d64aaff5d4ec9a0e76cd5e17794288bd7e785f4473c61db9de608caa464afd70290e0011

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
61995a07fc9eff5541c92c31f3f4e3be

SHA1
c2cc08bc42cdecc039e9310cf88e926a24f9dd7a

SHA256
4e1cca679f907b1e7148f43eeb06564c7dd30eabe613f6dc68a62649431dd128

SHA512
28bc467e03962f66e708ff43aa4849152852e92b57b065b746b5c48a599d8e73ae32684dbf3abe73f7cf7027653b8d034976d9b22d219251a608ff40fb8fc80a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d7a58be324c6118b265afdc26bd1e1ac

SHA1
882ed073f71e9e92fe9f49d2ca331d6817a59102

SHA256
474dc0026983c467c2273b5af214233946c4d1523942e00ad78061bdb75ec0b6

SHA512
66000b2608b0b47ddf309d13dc798e391fd36a9800ab27d2e3d9235908080bc93f717a39f7a96ef1d3b1be9d592b9b9068e9ceae5b0e0bccde47374b3e199dec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
653f069376019b7ce5a2947e0637c95f

SHA1
f25281d666473082348c1665481dcc057917e4c3

SHA256
7a7a6fb277fae3fff5deec7b503d06606989eaae990e0a9885f4117af49ae86a

SHA512
0eded9439afe449c6529ac6172223b4200138f5b389f287723300581f326e0125d09944f891ac5fd8e3d81990fce0fbc5d7afddef812ca05febc654eac1f589b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
301b84dbc2a8ecfa66d9de97ac38ccc5

SHA1
e2c460839ebefff7def706cc191c2d8858e618ea

SHA256
46d25c4208be3749e464c04776ed9283f717916c23745ffa0127125d4f3a9b30

SHA512
8daf4561cc79dda2003165b7354ae91b99f22fc9137dac7a7dcfa6fef8fce510aab9c789d7149489cda9d22ef7bc90f4aebe7580fd6acac7acbd1bba80c691f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
cad83534356e30d2d61fa00924589231

SHA1
2fd2e073d4cdfc7e6ffcfff0872e4b2d898cd3d4

SHA256
4e17d1828e2c9c6eda0bb179f90e3abc87cf663dcda7b85cc120bd2d413ea34e

SHA512
1a8989ed504a92a1598d61fb3f6d68b9fa8902cf34e5ac4d21644dc48fad267755c2fb6080ecc48d9e404403fe78bffa917eb03480abfd4f3d4d335c62df3d2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\3e0a0f1a-a368-4b03-82d8-b1bb01631069

Filesize
982B

MD5
e4c26bf192686cf2af8fc65920727e97

SHA1
fc4c30c84a0a01c3df01ac8861e1458b142d6035

SHA256
ba216ffd68acabf8ef481903f054b8317965aa9458fea474dc2505a950bbb798

SHA512
4253a3ebabf151916a7808dbf33be54572271fe70d1a0e7d6def52cded86887200a9222146c1fce73b5f9420e24688c9f0e7da390c3f6ee7c83fc4bf80a8ae50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\a80e618a-877c-40e7-931e-bab72a636519

Filesize
26KB

MD5
d850b5c18316b36952aa888f7511c8d7

SHA1
e0fb71ba68be76764dd3195b857c50a79b9a71ae

SHA256
12b18c09375cfc276c03a068a4d98dfe09ea172ecd50ebc7bc3102cba8b9c5fe

SHA512
bc047dc91aec782eb2efbdaccccb9fc98b82482d305fa1cb3b1bd0ce4a4472fa9ca5308ecb44c6b95bfdad6beb24813d20f1129921ac6509fcb82d3bf8c9e996

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\datareporting\glean\pending_pings\d3e24978-de2a-4981-a81f-e9e23ff9fb0a

Filesize
671B

MD5
6ced07e3c28519d940843edd236bde8b

SHA1
190b2dddcb81b75eac7ad8682dd3342a2c44e181

SHA256
6d577ff1e58c9600e2b31e182728f72569cd6e4f5835a406645face63702345f

SHA512
62e80ab0505a9e5f5cf68d44dad6155c62160485756dcbce57fe704217c33ea97eb1bc62e6e93d8dd2b0de790b91c6f46e63335c82d5a3738eb8e04a707ba7dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs-1.js

Filesize
15KB

MD5
6039ee5ac2e88836fad4d590a96a5818

SHA1
3badca832a020cca0238f820440984a1af6a659d

SHA256
075d9ca79b26c2a142b7603505be0882fbac1b36d9f8b793a58d94e9dc9bf192

SHA512
49b1c4c621f9d8c62e9a85b972629964b917cf1ca9ac607bb8f66f06ecb34592a95bb8bf7e7caa860505da07ca557b787cf45344464eac14179ddae4cfd50763

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs-1.js

Filesize
12KB

MD5
ec00d0f4d4c2fcfeb1557756563837c7

SHA1
f389d199b858d2d835cf3504ec8ad265d879a188

SHA256
98b5c813b3007f1815cea60196d96842ee33d20089783d4a400542f71168d288

SHA512
8e057db7429cf37714dc12c6afd893809ee15ceef7f082913254487fd3eaed070d70d9772fc2ba94b93a9d6305f55da9c62260656d9a00675205aca069936a87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vo8scey3.default-release\prefs.js

Filesize
10KB

MD5
eb84b79f8aa33cd3b4ea28bcbf291e19

SHA1
0fab424884c38e15e06471f5a2059af8467ffbe0

SHA256
e89360474003880c9861221c9705ff8653167a2f77f28eb6d9716911de864844

SHA512
19228066f43b8ef7e53a82d5c03318195ecd66b4e0a567df7fd829dd1d620f88db7f028f69143cab2dd94fc45733dff59cc1a1758673c2b8450ea163b4f755ae

Download Submit