hxxps://objectstorage[.]eu-stockholm-1[.]oraclecloud[.]com/n/axpvatilcuo7/b/0ff1cee36s/o/playback_voice_index[.]html

Analysis

max time kernel
123s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
02-12-2024 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://objectstorage.eu-stockholm-1.oraclecloud.com/n/axpvatilcuo7/b/0ff1cee36s/o/playback_voice_index.html

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1792	firefox.exe
Token: SeDebugPrivilege	1792	firefox.exe
Token: SeDebugPrivilege	1792	firefox.exe
Token: SeDebugPrivilege	1792	firefox.exe
Token: SeDebugPrivilege	1792	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe
1792	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1792	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 3276 wrote to memory of 1792	3276	firefox.exe	77
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4536	1792	firefox.exe	78
PID 1792 wrote to memory of 4388	1792	firefox.exe	79
PID 1792 wrote to memory of 4388	1792	firefox.exe	79
PID 1792 wrote to memory of 4388	1792	firefox.exe	79
PID 1792 wrote to memory of 4388	1792	firefox.exe	79
PID 1792 wrote to memory of 4388	1792	firefox.exe	79
PID 1792 wrote to memory of 4388	1792	firefox.exe	79
PID 1792 wrote to memory of 4388	1792	firefox.exe	79
PID 1792 wrote to memory of 4388	1792	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://objectstorage.eu-stockholm-1.oraclecloud.com/n/axpvatilcuo7/b/0ff1cee36s/o/playback_voice_index.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://objectstorage.eu-stockholm-1.oraclecloud.com/n/axpvatilcuo7/b/0ff1cee36s/o/playback_voice_index.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b0332ed-b329-4328-a6c9-14c44f45e3fe} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" gpu
    3⤵
    PID:4536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2344 -prefMapHandle 2332 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15a7edb3-41da-49f4-829c-cce5580f318f} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" socket
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3100 -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63100d08-ab97-4c83-9cf7-332a748544bf} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" tab
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3732 -childID 2 -isForBrowser -prefsHandle 3724 -prefMapHandle 3720 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9fcb97d-9f79-4970-9552-b01c6f8388e2} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" tab
    3⤵
    PID:3720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4664 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4656 -prefMapHandle 4652 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97730358-680f-43dc-8741-fbb0aae06917} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" utility
    3⤵
    - Checks processor information in registry
    PID:572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 3 -isForBrowser -prefsHandle 5560 -prefMapHandle 5556 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf1169e2-927b-4df7-bb71-0a0573af4639} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" tab
    3⤵
    PID:2088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 4 -isForBrowser -prefsHandle 5508 -prefMapHandle 5524 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63d594c0-287a-451d-9330-21dd9567b4f4} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" tab
    3⤵
    PID:1848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5864 -childID 5 -isForBrowser -prefsHandle 5944 -prefMapHandle 5940 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a58cacf4-c436-44e3-ba2a-9f29cf49e6fa} 1792 "\\.\pipe\gecko-crash-server-pipe.1792" tab
    3⤵
    PID:3148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\odgo8eah.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
d04050c411b8abf682341e9fec3115cf

SHA1
57a92d5cc0f3ef09bf422c50420da1b5cae37f74

SHA256
937241dce9dcda578b22662c477cd5b614875c03785acbeb976097dc40b86363

SHA512
63d695cd89441159e199ceeb3f53de406492bf7f04e49202cdb0f5700da8e779fed42a0c218965b9090d90dd24e734a15b737a8033c503fbb464358b971bfbc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\odgo8eah.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
45a10bb881dc940ef46f03fc4963a401

SHA1
ff1e10f4f0bd15f5c5dc55d42f5ea66e0e5a64fa

SHA256
0b9af219021a4ba6fdbfdbe46932e93f006d7f64851aff3f8a80ebce725c8ed6

SHA512
e52d9a22868fdaebbae5ffa2b749a458e0ae90eff98e568a74c342a7006fae17c2db90718f0a0bc84eca0b53441632a5612d6ce06ecfeb95729cf265d2072062

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\odgo8eah.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
e9d3abeba2582823297f27f1b44e35a7

SHA1
2e9eeb1577584d2ace667270324b14eb282bbd92

SHA256
a5f1c0f39bb65c8cd08022a9f8bf0e80567a85b8dca3ac3d9b5748e48e0b06b3

SHA512
0ba07df466ec55d21ad2e8a5c1b18b9cc7d277c459e90b7e41530d3f2d74a96c0b4157a6fa32395b61c8967023b1045f823c0651b1d48acded2a95906b27d9f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\odgo8eah.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
9da3ca8e86a493a6c833853f993d47b2

SHA1
4f4b7072a5fd63ad067708b80f0fe3557d7b6139

SHA256
dfd2de83909bd1362786155c1a3cb682f181e547b0f73cb4f89e0b1c29561b98

SHA512
2d54c1f4143fe32dd0ac7f007a275917f42b25a533376a9b7ee5f43a8ff004e6067e3b23995649f191e12090e204b11a3c7c2265cf045bff1de6af4ad5657f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\AlternateServices.bin

Filesize
6KB

MD5
e58ebb6026f685018961ddf1887135ac

SHA1
e3723cc7cf8f65f8d73d82aafab354bd4c7dceb0

SHA256
7b711d1542be3e4b90e589c8c082d582e811113d1d265d45b0870c992dda6411

SHA512
758abb49ede41c51b0b97c6c93b5d4a62b696cc26344d7b60a82bddf8fb3be64a2638b07bbda9fa427f9317080d11b4c088a795d5120db8d14ea3487e05ddce3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\AlternateServices.bin

Filesize
8KB

MD5
e5e7584225877792175d788e21171e24

SHA1
0fecc413be0e9e9c5f5514cfdadd2988e0c140a7

SHA256
cc76abd661f8191678d2c67d9e56aeb52fb69a57a99f2ead0322cc50e2c3d40e

SHA512
6c2a308be6c93ca0407e857682e242e942e6f298c2cb3abbf53e045ea8937a1cb99bc4928601f244f103721bc27b4485304cea43879a04b006a0918149a570bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6f46ebaa47132861abb8b5ed45ff1adb

SHA1
f62cb70ccffba2f5bbf7d2b654623b5117b9d24c

SHA256
b9ae0e76bdc9aae2d3d72858ef0963e2f84b4b24aa2cdeb0f68d065699a44838

SHA512
4d48e90fef56beadd7e2f4574a89e919cb1b43fb6ca42c5dc32453fbd465777bdffa6e6aef6b5318ac9d9ce4f7f258d31b518bdceba6d16016780b011c9288c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f9be624d9221d8c4c981c09810836baa

SHA1
93e3414ece614f8341dd9f4f9e0213f4e0636df7

SHA256
3ea03980f52e102da1ef1aaff12efd022ff846beb110940c42b4f8ff05493677

SHA512
543eca683d4671a12d1072d651c257d0edfed71cefb86c10b9b916ae8e8255139ee81e7791efcc3e4db061d46bce038d60f580e4600090ca14e0c98fa90b4586

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
c735c0e7c764d5051a67c33d723cbf81

SHA1
3d93cde0f09ca8543bc1e5e02e1ec75bd431770e

SHA256
26e5194d7305f34205d3032b65cf32a67fa61a899af5d2a8a6c883443dff392e

SHA512
fe097c654a31f31d3ca42e40655fec5e9a8ca27bd564f8039f12b05623ad17508b9774f37119baeb5000aa2be81d9c80994caaa7c9d380df96776577dd6ce7f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
d8b35e8699f065b0354d88d78f924d0d

SHA1
78265e787edd26ae189ede46bfe110c539e56065

SHA256
3f2578a295a565340c191a20aefcafdd46f48426899d511bb6a832bd47de3adb

SHA512
96c2e3dfdd20bccd589d5f037749ac572347bba3f4e1818e477cdf1830b659d582d476010e3a39363d87fcbe939ceb7648208fe4205dff56e03db90b75e85185

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\datareporting\glean\pending_pings\9be920eb-2235-417c-b780-b5f7272c88de

Filesize
671B

MD5
cea6bd628f1c34996c94d985af7ac259

SHA1
cc8315ad3d36e3fa0a859a96c736ac533ef0311d

SHA256
01e6a7065abde4c7cb8d92b6f5ffcfc336a96def043c9a6ff51ad8d02d5c3c45

SHA512
a0100f07ae4fc19e67e49e4583e7e06443eb30a18c843bf68113ffa305014f06a968b78e0385de21ecc20cd8a3d1262e2c01629bd4b0af73fdf4c4daf4f49272

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\datareporting\glean\pending_pings\dd2e0775-1e8c-4fe4-9ff7-94a8764c0c9e

Filesize
27KB

MD5
7462ad4d9318f65ec336f5ac02132529

SHA1
47c9f4913045a7786d1ce23fdc0ae326cda1b2bb

SHA256
2052828fd96616309013ba703645b1906766507e9f67232746bcc6fc6584d337

SHA512
7bcf422374cc191a04d7625b2d31b509faa6ae69554406442940d1acdbee88c276f24f70f3ad577eda79079e521c419c20ff61f36fe9f1f61fa07ab0fb136ddc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\datareporting\glean\pending_pings\f7f78121-201e-4af6-a27a-f0ff6c6e0c3b

Filesize
982B

MD5
66b1a9aedec9f8a8891289223f1045b6

SHA1
7e24b6ce21088be4cf7e730f2c25658afc9bc4c5

SHA256
cd9a976ef572ad5d5b960cb004cd22338c1646cd183c2a97474f2688f236d1e6

SHA512
effef52778b176bd93d4e9ace013afd717dd77f9393f0d85f394ca263a8f2042fbc072bba5185af4821b1890bbd37838c5d5de67daa72970bd751dece8a732c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\prefs-1.js

Filesize
11KB

MD5
f0f5a78e5c996b6fec11ceaa7dae423a

SHA1
525bf02a6ce2a117fa1d0a4406583dc83078d807

SHA256
86a344a313822543cde57df6d717352bdd686c43308762c4568f077b1bc8a8cd

SHA512
f0a5318e798ca8ebb5fc2646bb5f1482e709b6434f31ed1ef330e8ba50005c684b24cc65a9f81e87405f2b9b0fe1ed960652f92c24204b25993467bc04eadafc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\prefs-1.js

Filesize
15KB

MD5
de6c82697e74407cdd8e33b6ea259ebf

SHA1
a9eb3fe4ea8c7ca41cab21d4438d68c20bf13919

SHA256
be1d895506e58c2433f5ebd44aebaeee0f90d256ebb8d5f79d47463cdeaf6a9a

SHA512
b668796622b16d9b42ddfc4464d9b73fd60dbeca8fd482df16b31fe0cfbb911146991ccec12a1fd1b09a59fbf2d871137551ce48e9f8c3e0bfb601a815256947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\odgo8eah.default-release\prefs.js

Filesize
10KB

MD5
7b57f0b87b97fabc9e219939d64fc5a9

SHA1
366369c392d8537c841f363a1146be1c53c373ce

SHA256
5e88a73083679c6bcf518c7e68faed1e7144f58cd92b4aac1091b6fe314d6801

SHA512
c93f7b315fe59ac0682df5f1226edf048fa8f8124eb8e6bea913355ed653f9f1a41aad4db9a53e6ca3547f2c0fb78c9ac43b81b8ca7f3c5a1a4f5091f1e58381

Download Submit