6b8a5f0172a346d08d8e6325b5d5354a01055bdd8332f93aa174ad27b0ec1bee

Analysis

max time kernel
138s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-08-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

.bash_logout
Size

220B
MD5

22bfb8c1dd94b5f3813a2b25da67463f
SHA1

dc216ac4a4c232815731979db6e494f315b507dd
SHA256

26882b79471c25f945c970f8233d8ce29d54e9d5eedcd2884f88affa84a18f56
SHA512

c3d739f4934824d81f561c9b626b494e3c256b5a97642667882632db030fc1a8c7d23eb1ae5db7e9f63ae46ee84dbee69d15130dd1482a2c1e8aade1dfc545a2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeOpenWith.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 3420 firefox.exe
Token: SeDebugPrivilege 3420 firefox.exe

description	pid	process
Token: SeDebugPrivilege	3420	firefox.exe
Token: SeDebugPrivilege	3420	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

Processes:

firefox.exe

pid	process
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

Processes:

firefox.exe

pid	process
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe
3420	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

OpenWith.exefirefox.exe

pid process

3508 OpenWith.exe
3508 OpenWith.exe
3508 OpenWith.exe
3508 OpenWith.exe
3508 OpenWith.exe
3420 firefox.exe

pid	process
3508	OpenWith.exe
3508	OpenWith.exe
3508	OpenWith.exe
3508	OpenWith.exe
3508	OpenWith.exe
3420	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exefirefox.exefirefox.exe

description	pid	process	target process
PID 3508 wrote to memory of 856	3508	OpenWith.exe	firefox.exe
PID 3508 wrote to memory of 856	3508	OpenWith.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 856 wrote to memory of 3420	856	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 3212	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 2248	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 2248	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 2248	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 2248	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 2248	3420	firefox.exe	firefox.exe
PID 3420 wrote to memory of 2248	3420	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\.bash_logout
1⤵
- Modifies registry class
PID:4588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\.bash_logout"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\.bash_logout
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3420
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9445f81-76b1-4fb4-b7bc-569ec1da9e26} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" gpu
      4⤵
      PID:3212
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 24522 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95db7c31-3694-4cdb-859d-1df40d65ce68} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" socket
      4⤵
      PID:2248
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3428 -childID 1 -isForBrowser -prefsHandle 3388 -prefMapHandle 3152 -prefsLen 24663 -prefMapSize 244628 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e32e028-c5bc-4916-9db0-47c62a94b6b7} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:3624
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3660 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed9a3bb5-6e8f-44a1-8895-089060ad0297} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:2848
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4712 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4728 -prefMapHandle 4724 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90c9c303-7be9-40bc-b108-f21f21fdf402} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" utility
      4⤵
      Checks processor information in registry
      PID:5288
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5312 -childID 3 -isForBrowser -prefsHandle 5304 -prefMapHandle 5288 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0ad4f14-f9b6-4f8d-ab73-db4febbb00b8} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:5716
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5540 -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5468 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83da540b-1dbd-4d17-a7a8-81537c6d84a3} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:5728
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 5 -isForBrowser -prefsHandle 5748 -prefMapHandle 5744 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1192 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30710f71-03e3-47f9-8de5-2bcc2958ab61} 3420 "\\.\pipe\gecko-crash-server-pipe.3420" tab
      4⤵
      PID:5744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
3a0c5c0ad4bad7462d76b06beeea42ce

SHA1
8f8b9070504fb60cf96d5adc31f9d114d55e66bc

SHA256
6cf7ddbca9d7a644a5e2454c9e0bdb5692d3c5b6216c5a487d5e7e6d7282791b

SHA512
000543edfcc5f63c55776245eb906c877934eff77533fcc688d6e4503ef3aef961e891ab80479faa94d77b41571b18a70ca721dce91dcd1c05d616409fcd970f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-2

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin

Filesize
8KB

MD5
2112db0f4c2e7129050546a05b7af944

SHA1
156f5d57102ef0bbd3bd4ce9ff170665ebda7dce

SHA256
c80a552e391971ce8a27c4e7252affbd27eb24802e746cf3ad62f4bbd9cb6f51

SHA512
7c51e9cdb9bf6e919f743527c0c599a5ce79caeecf02ed12127cd56cfe71c47f41d2a1ea236d648e9b58f48a5a3bf9284fbab6d04994a5ab2c20ca9844147514

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
25fc67b2eff4b4affef124753ecb8e5a

SHA1
ed150fb1f55ccdcfc5dbdc86b78f527a34ef8f31

SHA256
99b9b5fcc4d27c201b7dbc2926c32b0678010e669dccbc70ba3d543ffead21ff

SHA512
9a3650ba9da792c5123721b14a2ac26251fdbd983aca3e4200871e9da0e7ff6584ed275db57198be830c46e46884840b2c7ff1ffea2a85bd626532f7adfd2ff1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
3f0064bda6a8eae5a5333f0a4f281c55

SHA1
db8cb632c646b5ffe0f7c6435acfbc05185ed419

SHA256
9a0487af63df1be72b382f656a573c44018afda82491653c45987bb9d5c82358

SHA512
f248f5f2c2145bf008a94ca9d47528fb89a25e42abc2d9188d113bf3917090def4e6fb9ec187956b50d1c97fbea980f2726a45f3534e2e9afb906e6fd3819ae6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
1b0aaf94bbe289b14b963e99d1951934

SHA1
f1e4bddedc6a3e0febe010654b613d6a6535ec20

SHA256
ae21fdc7e2e157cc3d709937c53f96dd4abd40607e0ac1f17e0b33dbd04fca9f

SHA512
fe732af7a5ac5ca3ac9ec6af318ef25789c69db7362fa24a2a2c01aba6ea9a127fe6cd10f8ac05dd0af1233b40f3ae58f165f535068e2e607cae560309846572

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\857cdb14-6069-4a18-be00-5eb8d98e0449

Filesize
27KB

MD5
36d6f1d11c3207d56d21dcb51974b72e

SHA1
d26156a7f1c404465191e47131815db02961d0a7

SHA256
29d335a0cb4d020200bc6e5b5bd98a96587d77d43478b227cef3f674a4365be1

SHA512
1e8fd4f64a8899a4748694d862a5dbd8613d69fae1d07c28bf83914efbb303da54804a8a76b271c9145d2b9e95802e37c091d9fa9430a8bb2944601b23c38e20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\bc31755f-af46-43b0-a2ba-c06b996c6a6f

Filesize
671B

MD5
fa44659f8f5abe036589c4960f7149af

SHA1
36d8d39ca336aba6c757ca53e5aaf87676cf7c35

SHA256
a652bc8ca43b1cbb9446a32567af2928a403fd2f98717042af5eeaeda3446af7

SHA512
a99e7a797e2c39f1f9841ded441c0ea5de4446660196f75c4032626249b190d484fa358d9c5502913b960cbe2ed8376f3ed1cc111f63a1898c5d07cf7577a34c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\e6007716-5fd6-45c4-8b64-0e9812227877

Filesize
982B

MD5
253d818054ac14409e5b0f5ab9218d09

SHA1
733c833a7472158e2f0e5d317ec9675f84030c5e

SHA256
b703b7248b02d43ec07d7e61b5ebdcba690826bbf98e168a7695d2aa2219e74c

SHA512
d01581a0cb9a5bfe73b76fa87fc0a494e04a43d27857aac0c1493e0212a42677db85c43ce10e638d6a96d507fca9af680153dc48ccbf7ba27849307e4326dc21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll.tmp

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
13KB

MD5
fb1a43e9e3da2f7c4b92697cf48b6c16

SHA1
e863cf249ce6568d869d39229a0f2b8ed714f71f

SHA256
eeccc5efc09590db3bf991c1006ab22f6968efc990147115fe38f4f15fcc2d5e

SHA512
82d708ba04566fb4d8d2d420562411362b1b82379e0921e83b2db16dc8b7e3374d5f331ba7144521049683ece5f8b6c2d8cb83f1ba4bc720ee7b2518326515ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js

Filesize
11KB

MD5
260c9dbad4491150078a3c4711a469fa

SHA1
f3ef271a6c306471d24de737953252523c984972

SHA256
d03f940f399cc01076f69f3bc01f2ad6915f49c1c9b67f0979fc48ef8d67659b

SHA512
a7a2dad276ce8cfb7e8967cf4676e02178cb22682a5979bbf8dd37f9b8da70b9a9ff91aefaeba21744b3dd6a3a8f7b7a0b27ee8598bcab4773662a096b46e53d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js

Filesize
11KB

MD5
07bfe53cebda7637dbc80adad9a587a0

SHA1
2b0a707cb98f31a464e64fc191df985cf7c69c0f

SHA256
0f4ce8b83ab25f492090113a43577649f17125f489e911bddeea3b0bab1a16d9

SHA512
ef0bf2142656dc216542b795c351a9aaaddb2c3c0860f3b86031f8bfe84b4cdeb6e19bc43e02714370a942575f067048db49f9b24bdaa2c46356ecab802e29ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
568KB

MD5
37dc62453b2d01eb64cbd9af40a5530d

SHA1
f88ab3a168d024441eaa58f2228c4d52b1ea8663

SHA256
94bdceb9e23210252a29e72b50ec44001aa187dda9a84a1090e18bc9d94e3b82

SHA512
6662b0ad31fe141d680694ea23abed671aaabfd2858c44b487136dc04878e2335a26ad35f2373ac348c7f8303e705989581eb9b6c6189308430362f52e99c9f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.1MB

MD5
455979a74819c5d72faa777c281ab348

SHA1
bc847cbe3f48dbdc5a054dc2986b93c23573fa9e

SHA256
82e85353073cb0c442577815fb0c82127ad648f0a8b32ede740b0a37b569af23

SHA512
b065bde07d2a2505c29f30d67af7f0daa1536c8ba529c9b784485b5c43ebbcc6db6aa0b72f2338026e445d0d472cffbaee41596c949a7e23e8c8165b2809f694

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.7MB

MD5
905b3545a7961e13e7c536ef7aadccfb

SHA1
43379a54819e0adae32e3e3591123a7ce29ed087

SHA256
702884900325d2a6276517f5160b61d2e40f6493a7a6b89ae0ed407609c42e4c

SHA512
c4c26d52bedc0ef049038d2427bc8854d9855eefbcad0c698a3714aa9ef077839f45766750449ad26b1f9f83a6f81abd79c6b8d2dff1febf8b5a147349e98629

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.6MB

MD5
c6c0cb182bb6b1509ac5e0354d6fa584

SHA1
a74e74888c4429001739698024cc607fac533b35

SHA256
900d73687c5fce299fc78f3b1f2b3cf1335bda7d6b0fcb1293cc2471085f9f5d

SHA512
4fb5c1b87ef87dd6a113f3a9c4a84ac7b1d318807a247d614ff8acae81e1927ea0f6d4f5c48b654a9e1a6998541c2fc715315ab4d6268378df61fd5033a2d6b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.8MB

MD5
e4254b4b101265bc908783e3dc68eefd

SHA1
d413131b2500ea715b5f7a3cc37c6550f022641a

SHA256
3b65b5cb562fb06d23de30f4d0fd75e7cbeb0168031c60a4c6730d3887f93e14

SHA512
938fcaae57a5c198b463fb5f2b472ae9a0b82ba757c6a2c68e0f67fb1d77c72403f65f4ae9a5b4a7ff15f2f41b7766b0b6642c76e123c4f725029a8c660b7060

Download Submit