hxxps://bronzememorials[.]us20[.]list-manage[.]com/track/click?u=ca2674bc3689b83fc504395be&id=7d53f08bcb&e=8c25a620b5

Analysis

max time kernel
65s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2024, 14:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://bronzememorials.us20.list-manage.com/track/click?u=ca2674bc3689b83fc504395be&id=7d53f08bcb&e=8c25a620b5

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3772	firefox.exe
Token: SeDebugPrivilege	3772	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe
3772	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3772	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 4820 wrote to memory of 3772	4820	firefox.exe	82
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 4772	3772	firefox.exe	83
PID 3772 wrote to memory of 2820	3772	firefox.exe	84
PID 3772 wrote to memory of 2820	3772	firefox.exe	84
PID 3772 wrote to memory of 2820	3772	firefox.exe	84
PID 3772 wrote to memory of 2820	3772	firefox.exe	84
PID 3772 wrote to memory of 2820	3772	firefox.exe	84
PID 3772 wrote to memory of 2820	3772	firefox.exe	84
PID 3772 wrote to memory of 2820	3772	firefox.exe	84
PID 3772 wrote to memory of 2820	3772	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://bronzememorials.us20.list-manage.com/track/click?u=ca2674bc3689b83fc504395be&id=7d53f08bcb&e=8c25a620b5"
1⤵
- Suspicious use of WriteProcessMemory
PID:4820
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://bronzememorials.us20.list-manage.com/track/click?u=ca2674bc3689b83fc504395be&id=7d53f08bcb&e=8c25a620b5
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1976 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {251684e0-8a1b-451a-b41a-49aed4340e97} 3772 "\\.\pipe\gecko-crash-server-pipe.3772" gpu
    3⤵
    PID:4772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {789a58b4-3f91-4810-b9dd-f9b5498b75f8} 3772 "\\.\pipe\gecko-crash-server-pipe.3772" socket
    3⤵
    PID:2820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3108 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1778af12-7e0d-48fe-982d-1c910febeb8e} 3772 "\\.\pipe\gecko-crash-server-pipe.3772" tab
    3⤵
    PID:3240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3556 -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3348 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {424ca06f-6275-4dcd-be33-769c1e349a50} 3772 "\\.\pipe\gecko-crash-server-pipe.3772" tab
    3⤵
    PID:220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1532 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4776 -prefMapHandle 4772 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61ebc8e5-09fd-4604-8b4c-51159583129b} 3772 "\\.\pipe\gecko-crash-server-pipe.3772" utility
    3⤵
    - Checks processor information in registry
    PID:4204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 3 -isForBrowser -prefsHandle 5420 -prefMapHandle 5416 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa0d3697-799c-4360-ba53-c4d8e1c6ce22} 3772 "\\.\pipe\gecko-crash-server-pipe.3772" tab
    3⤵
    PID:1060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 4 -isForBrowser -prefsHandle 2996 -prefMapHandle 5700 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecc494b8-799b-41ea-81ec-cb6ea0ffa06b} 3772 "\\.\pipe\gecko-crash-server-pipe.3772" tab
    3⤵
    PID:3588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5816 -childID 5 -isForBrowser -prefsHandle 3496 -prefMapHandle 2996 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecb02331-fbe5-43e2-b2a9-e1a3f1d0641f} 3772 "\\.\pipe\gecko-crash-server-pipe.3772" tab
    3⤵
    PID:3320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 6 -isForBrowser -prefsHandle 5808 -prefMapHandle 5812 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1276 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc3737dd-57ea-497b-8e2f-06c455fd22ed} 3772 "\\.\pipe\gecko-crash-server-pipe.3772" tab
    3⤵
    PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
2e8824894f317a4cd68514b36fd1dc60

SHA1
b8c6a02a1c5d2a3a61af4e2676d7f3c9b62632e1

SHA256
79686d3efa3aa7eae44c9b2da602f7a703b8b59b1cb12fae41ce4a8534cf3942

SHA512
290745ac43a926e3151c97ce0fc1a2a235e6902103d975f8ea389339d961efad42ad8e13fe94fe9e33ef551da1e76cddde3296b9c2a4bfc1557803ce6231c1a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
1b968559d94dcc1c2b72ab33af5d9a5b

SHA1
f837e3f04f8c28a993943207fec2323f979e27d9

SHA256
9741664162d2c8b85f808dec569612e0a4217f5e37cdfd480d8d8169848621da

SHA512
9ef0f30e25f49e1126831f9377439051ce3861928f3357ed89b31c6edb4f9df482885e3b06b7c06e01a273cc40fe89ef6caa17ca28f2aa077dec39e45b2bb108

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
90bae0d627fffbbf483ec2fcfa58d05f

SHA1
5fe45d9ce70df4c5a335724981245f657497b940

SHA256
c72dee449e79efd22dd8fb92975fd8ad96722d67c123e884125f60c8c4749f8f

SHA512
f021d3f60ad5831c3c905fa2a589791ba515a9536cdd65433ae8d4777769e37abe0ec1b53bcd48854bd0040d68e9aac2f0d2bff4fc105d74982299baa20beb4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
6KB

MD5
974a3401cedfb2531a4a5d6d51cf8fd3

SHA1
dc5b7350585bc7cebe09cc59de2b026bbacf4b54

SHA256
92e60d4999df39bedd8411822d5b14722b0612270e9ce0d562870310f78e3bfd

SHA512
1bb5737ba1b029447ce33f5653d53a7b05eddb1b375bd64522674c2a822fb9eafb4b2ea37acf3a7702be74e5181fb5e89fc82cbbb1dbe117f9f08becb9238c72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\AlternateServices.bin

Filesize
10KB

MD5
e8e8aa0bb988e53e52cd220424917aca

SHA1
465d5c53fbcb4b8278f4d9a8d77f2c1309f13d7c

SHA256
fe20c1197f3f5f811a6ec62b2ee91139e37045627d81a9ae446144a13311815e

SHA512
e2b6f0f34fb38974f53fdfe3897c594ab927d7acdf7b2cb4b9b68db98014c5e41d0d04bad8a42999d01815783bd8fea30396e8d4a265896b1f05cf1684957ab8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9e58b99cb2c3b7857259d21ab5241883

SHA1
ea4ec33e1e96c5ad8e9d660975f8acecf4054ecd

SHA256
64e5288cf757fc40283790b03f847d742738eb039f851b91903e8ba32102ccf0

SHA512
f3eaefe5fd22343ff570e89c0c67987d27699fdaae1281d3cde17947501f66439e802bc9bd1ac1f932ba2c662d4a214d5fa100456bb26a88b0f7de362ef9933c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
92fa82b94eed482a8c66fb6ffc948c75

SHA1
7d79343d9b778509480880d795a35f793f349c94

SHA256
e3df5b1260034d4f4ad086c30db6fe5bbf900ebb8e743ea70d530b9f114e27f3

SHA512
d502d03a7727c3c5ae2167621b14005a88c7f96bae3de435c3ea4a1e94f575e0c9e817867f0747f6b08d3646c1e9f5af682d13ee4e62f23ff59530be5940da98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
ba16d571150eab1ab23b2ab862eaa1c8

SHA1
48b8e98751eed7b2f668582856d75e07d6c60142

SHA256
79c9e2b330b9b52624c8441331d4760f85a9afaf1888e5db6c382bb09f541196

SHA512
b7bf299d7da3b75fdd3409efc97ea9f62281295374b3bab6c2b24565b9d4133cf0169c9e0e4416ab1ff03cd200be5d994405f8949237aacfa0d63c04f6531a3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
220d9b3596ec965ed63e4d0a099b644d

SHA1
62521f530258f880ad1440e8877f80a0f1e36b20

SHA256
b60c6d9047eadf5054219d79278ab202e3544c743cf78febca0cbe728da19fc1

SHA512
37f5ab3d76b763391ae52395abec640be0af8fe6f0c8af837263b4f1b1bd25892121d6184fc28236530273a216d1546a02e87398d7951cd659c01b09ab957185

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\cc024bf9-3f4b-46c6-a919-554d453c5e1b

Filesize
982B

MD5
3a4b1b7126742ab0490a781cd5a3ef50

SHA1
376460db92ebb897c5ed44b84a972c7b4485e2aa

SHA256
fd24a4c50737f7a7a69624c58072150d08af225ddabbc0b0a87fa636f91d0607

SHA512
b7301c8cbccc96fd3141db031ab477ff21f3893ac913fb289f89df50715b2c9e08bccdbf8c26bc9ea9e61c2c8029208abadfc25d4201f0dfe94ba777724e06f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\pending_pings\fd39fd7e-c490-4c01-94f6-55875e6580e0

Filesize
25KB

MD5
c1305834ad695dad2ff5e81bc7ca5179

SHA1
45f122773357f0d6eb7ca19649a5b8cd65f4cca9

SHA256
b9629f66fc1e7ac550fbc5ed9f34d4a26b712dd3e3e4ff174feaafce89a39785

SHA512
9fc506c46c42a964fa5e2ff2a5c8a1570f37e4a55c02b150dd3f7bdda8b0638381eaa87d09c6fcb6f7e981f051e7d5fa185ec63dc4438c8c6747f4d5dce4d11e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\datareporting\glean\tmp\9e08c9f8-6ea7-4522-9f97-f83479bbca69

Filesize
671B

MD5
895828518e813282654e46b4a54cba96

SHA1
17f03cd2afa6437f5e9ef0c059259fdbec579977

SHA256
1fa88bd815c4e632f544531651baaf36b839a613f51b0decea78f24434e5fcae

SHA512
b1278e56b6b6c1c602c13338fb5acab979c324db3421d362a6e1bbab7696a3299edd466ffad93f256118898672d89b207fbb12624f325b9f120fe47403923711

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
12KB

MD5
f8d3483f86673e7919595bb74086f22a

SHA1
928e46dc444fd6e44fd96881b241a43e86c3b9eb

SHA256
0123b2857b8f511deabda9ade0284e8ffc4d0f5db0e42c760f7d7212eb5333bf

SHA512
c4c5463348bbf3ec1993a45f254bd33f7a81b24621db4e76fc0f380f54b7b642599f0d1220e94a37af7416ff1ce9f60078564805104ff1af43f7adf1599977ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs-1.js

Filesize
16KB

MD5
55a962e5fcde2e9a1f7e33407c178ca6

SHA1
b5b9c4e3399de53098d77a3db94920821ce5949b

SHA256
9f8be720994517283defe52f0aa3c1d9fe7bf79bb7c9ccf3791f701ba1764f9f

SHA512
986a407f4498d808207d01d9f742535f281b29589e908331efab330b6a884d37f17792934865dba4aef991a092d880c47a078c835b58daff039ed33590fdf1dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\prefs.js

Filesize
11KB

MD5
d01870b3f2362ec72ac0927c451f8160

SHA1
269002bf643942a6c244d2d5be95844c4e6ab378

SHA256
106909fdedddc050b93a17b228be9a7b589dad387cf08f59ff46ac1336be37ac

SHA512
8c075358f7dce4212a72df67f3f129cbbcf8f7a76a94e03a575eb83e8698f9fe80c8e68d53bda8fb2dce366018831e0df648f004063b73f13a15fd2a4a22fae7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
1148cfb349036033b6cc056f6dc57914

SHA1
f745c2766958343b3b93dd87990c532d746486d7

SHA256
9f94a4330f161d974e9d12b2db0527dae53de84e6047e1aebca4754c47835524

SHA512
108aa71b93097ff164831f56d422d20424eac0fc1b1b826234af19453082136b89fc02ad6b90ab791a46947bf46fed7061f629bbf24536a4e5ced46c7e897287

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5dqhm7h.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
a7ca80d8c337300bfcec641fe0ae5738

SHA1
126267e26506fd8bc00973e6c29b9aec0440107c

SHA256
f678552bdd339f41d190af7cad99994127ef88aeff4fe67dc374b44c795bfcd3

SHA512
888645b124f5190f13363dba2d730e7d255abc955a465f9b1d3d9e95fda85165d9e1da10829ac51bbd93ea0d8f9be3cbcdcef5e0305b15d5d1d611ac1d40473a

Download Submit