hxxps://objectstorage[.]eu-stockholm-1[.]oraclecloud[.]com/n/axpvatilcuo7/b/0ff1cee36s/o/playback_voice_index[.]html

Analysis

max time kernel
46s
max time network
49s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
02-12-2024 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://objectstorage.eu-stockholm-1.oraclecloud.com/n/axpvatilcuo7/b/0ff1cee36s/o/playback_voice_index.html

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Detected phishing page
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3700	firefox.exe
Token: SeDebugPrivilege	3700	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe
3700	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 5024 wrote to memory of 3700	5024	firefox.exe	82
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 224	3700	firefox.exe	83
PID 3700 wrote to memory of 3644	3700	firefox.exe	84
PID 3700 wrote to memory of 3644	3700	firefox.exe	84
PID 3700 wrote to memory of 3644	3700	firefox.exe	84
PID 3700 wrote to memory of 3644	3700	firefox.exe	84
PID 3700 wrote to memory of 3644	3700	firefox.exe	84
PID 3700 wrote to memory of 3644	3700	firefox.exe	84
PID 3700 wrote to memory of 3644	3700	firefox.exe	84
PID 3700 wrote to memory of 3644	3700	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://objectstorage.eu-stockholm-1.oraclecloud.com/n/axpvatilcuo7/b/0ff1cee36s/o/playback_voice_index.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://objectstorage.eu-stockholm-1.oraclecloud.com/n/axpvatilcuo7/b/0ff1cee36s/o/playback_voice_index.html
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6aa46b93-e313-47fe-8874-387c8e27e18f} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" gpu
    3⤵
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31afef68-6104-45cd-9ebd-0f59a0fe1608} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" socket
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2864 -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 2816 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d558254-8b94-476b-a0b7-eea7aeb6ce83} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
    3⤵
    PID:4556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3656 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea2e61aa-6658-4dff-a06d-ad8860388f8f} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
    3⤵
    PID:1560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4732 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4780 -prefMapHandle 4776 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b253f35f-2b96-4a35-997b-910619176fc4} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" utility
    3⤵
    - Checks processor information in registry
    PID:1120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5372 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2e9e33e-295f-438b-98e9-8b304038c1b5} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
    3⤵
    PID:2088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 4 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f7f3771-757a-43e1-90e8-f0968781e70f} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
    3⤵
    PID:1636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 5 -isForBrowser -prefsHandle 5796 -prefMapHandle 5708 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee6fe413-29ee-4007-b481-1242e537a7d5} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
    3⤵
    PID:4728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6012 -childID 6 -isForBrowser -prefsHandle 2844 -prefMapHandle 2800 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ecf9dd2-e193-49f8-a862-b3cd0b32734d} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
    3⤵
    PID:4408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6268 -childID 7 -isForBrowser -prefsHandle 6328 -prefMapHandle 6036 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 952 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b55d9cb2-534d-405f-9fb4-5675ecb50c2c} 3700 "\\.\pipe\gecko-crash-server-pipe.3700" tab
    3⤵
    PID:1592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\AlternateServices.bin

Filesize
6KB

MD5
7384ce2adcf8385d50aea7280fcc40d8

SHA1
6bd513e81a2a372ea5d784c6d1458fb243c06505

SHA256
7cf52d83537f99f8c564b04b5162d1bb58f1510ca44d45edfefd1fe691783106

SHA512
47a54e1b553fab7da5fef831dc0fa7696ce13ebefefafd451beb824956b66829014e347d5ec877b765d16a74858cde7ebcaa624f533ee0a51e334098f22fb0ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\AlternateServices.bin

Filesize
8KB

MD5
7807c588ff7232a85167356d9df89a37

SHA1
4981de8a11b169f6385c91fc1270a11ec91ae74e

SHA256
69912b1052bcc6ea9d9f9cb18f93370554da2b1528740a1842cacfb8b828efd3

SHA512
d2b97ee99a3838ca89f0fb478c6a6d8af06824a8f965fe401ce60dde3f8c5e1361edeb1cd94700aa999e4b97bc0b5970323b118157b1b282afe783f56cd1e240

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\AlternateServices.bin

Filesize
11KB

MD5
a1e8e7c03316ee3043de254005877658

SHA1
4eeee6e281e7b9c4412399a0b0bdd74f62225f47

SHA256
cdaf3cef3e3765e727fa19c0927d7d03e78ae6e22e19cd8ae716775fa8bb89b5

SHA512
a96b1faef11b8970741a0ae3f9b5ac618411de9b32b1f5870d29ee1564917d12844af9400c36a454a2c4c7d0a85b79e7fbe520c34273166a1285f740131f5e24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c2e7afc36a0626d6a605f6d0b70908c2

SHA1
142f81592a413fb0893985a6a3cbab560ef83d61

SHA256
d3aa595d98249fc155f816756433517ec20ec1a7f82bfd065c50c4e54dc7ae46

SHA512
58ceb952578c838ae149d4ab6fd4582165695bbf4a672d81dda6e6f5bd2f5c443fbc703c3abc1ef4630cdbacebab47253b80e11c4e36a5b402300a5f2ecf50a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7332ca16415a3764d81e616deec73085

SHA1
41e3d1cbdc8a72652a00def44cfbff21535ff1ba

SHA256
8aa77ff2eed9efaf898712e6129dc1d4993a85112fc4ea30237efa77f9402726

SHA512
0589272eea4b109f33e68087c2955a049d84ef16c952b2b34f61c726f88f1ac044f0320c72cb5fc9476099b2ae3ec7472d795568ab5095a40e012ef7d2e0609a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\9372f3dd-6240-4cac-b950-451d5dccfb61

Filesize
982B

MD5
1e6cb9926a81579cd84fb6e522016240

SHA1
712eee57e47fc9bf41424d873b0a059d7115544c

SHA256
4ce2c62557056a38133686c791eff74fad5a8157141e566a009dc09da421398f

SHA512
56b589b7d4a312dc9690a11a2b5ebe25505e79f1c43a1a6ce698aacb54731a9697c31b634850bc0852ef9fe2897137bd276d42ba00003297c208ac4469fe38ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\a7cd7001-ae04-430d-bf88-9a29e3e13527

Filesize
26KB

MD5
b354d226c17d0e120d41688ffe85f946

SHA1
1da1f7d9f1be85c749e46c85ebd2516a3d8c0f18

SHA256
cf0b4c67f3c6fd56b70b8290ace5ee78ce8d83d8e7dfbf4a0eec875a197616ab

SHA512
4931a8a2040cd3a13b69f2a96bf4fe27fcca1c705efc2883100206f4c24fcef5a058383296d0f7e799acd5bd3aac08903e747591b9e2a07afac546d2425aba6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\datareporting\glean\pending_pings\c6920652-0871-4735-bf03-f6cdf967f751

Filesize
671B

MD5
da6282b543590565d46fed5932ef231d

SHA1
3e74de8213e03c98e0ff6504224823c8e35ea13f

SHA256
35b99bab6d02d9578597a919a11b0e6e964786268f474816e06b708a4008a39c

SHA512
a5cbc4e1fecaef3535f2b2f6f0ec00f0896dc31fa9de16ede18606fd61f4cdd5f6c8e5fb3b0d73f5db7b2a95f6fbb66f5b018bbf0af2a6f250615988c27d21ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs-1.js

Filesize
10KB

MD5
cfbb2e09ac70953bb3e4ffb84cb9a48c

SHA1
022c418f9ff0ea6e5d955d2aace95f3261a2e1ef

SHA256
41858d3820de9f83ed4504db64729acd6a10abe38a0cfd7a4e1da5c558cdf1f1

SHA512
7af759b362416c5028897d0df3d6678a791735359f1be1755ffd83efb7ed63fd516d9d6c3feb68365e703b5ed57fa4d0024c58b0b193dcbebca47321ea0b76aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs-1.js

Filesize
10KB

MD5
e13dd10ffd19852a6cd8357e3cd82a70

SHA1
a0a39723c2eda0c220995ecf0c94857ab0aacc7b

SHA256
3f69a0df283359119931614cf9148a9d2819e2e61b9bb1c1970cd2eec0569c70

SHA512
975c99ea13c7e78aff561cff30f02f0d9c9e64a86b598a58ccb38bf995525cd3c59755e7167b87f4f11274c00851819b22f49c9a2a02de94ddf071fc19821376

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\prefs.js

Filesize
10KB

MD5
6798d46d18e194beb87c1cde76c587ba

SHA1
5eff8d40e1c24f0cf833c1d57783f455edd1cf36

SHA256
049c8dca0ef0641fb42ff2ad8abac9d4da624538a5dc52e8581edece3b735c5f

SHA512
53e80d50a8c6bd1bb3c37243f7d27a3e6762b0ef2042fa45777e69f4049f6afdc4d481ce66a13b1ee0ae6d41fae7ee70ae69cabbf16ea3241f765c9286af3c1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
195c039450ba5d2a7e2b86ead7886590

SHA1
1e0be7f04edc99311d3a14778226279fb847d79b

SHA256
f5587635cdc2c4cd934f94a580807f81693cfd06cca8b6a266e4e8c97c4ea1b3

SHA512
e33ff926eff74d2c8d06801f36a43eea1e3478d971d4fb2639ef28a4d4d9fa7b2ca64a92a4fab5371d55597c973b1e2e6ae1c0a5576f6a87fa1976099dd6b8bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hohja4eo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
35e049c02a9031a80f455c47b23d55b5

SHA1
35a4d1b5715fe57c0d49e8011dcbf67819b368bd

SHA256
70fb9d0e7a328ed843382ac945b9c73a042baff1b9b43c3e1e7b10d31609ed66

SHA512
eb6c886a5571d1d22f04875ec9cbc087f79ce109e559404225e9849ced4c78ccb523bcf7e74896e53ffa736ccc5b07b762bf47b5633f449f7aad808419f24c87

Download Submit