hxxps://z-lib[.]io/book/13444940

Analysis

max time kernel
65s
max time network
66s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
07-09-2024 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://z-lib.io/book/13444940

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2776	firefox.exe
Token: SeDebugPrivilege	2776	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe
2776	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2776	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 4648 wrote to memory of 2776	4648	firefox.exe	78
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 244	2776	firefox.exe	79
PID 2776 wrote to memory of 3628	2776	firefox.exe	80
PID 2776 wrote to memory of 3628	2776	firefox.exe	80
PID 2776 wrote to memory of 3628	2776	firefox.exe	80
PID 2776 wrote to memory of 3628	2776	firefox.exe	80
PID 2776 wrote to memory of 3628	2776	firefox.exe	80
PID 2776 wrote to memory of 3628	2776	firefox.exe	80
PID 2776 wrote to memory of 3628	2776	firefox.exe	80
PID 2776 wrote to memory of 3628	2776	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://z-lib.io/book/13444940"
1⤵
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://z-lib.io/book/13444940
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ebdef00-4835-4bd1-91b2-444b26ae5e3a} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" gpu
    3⤵
    PID:244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9f2efe9-5e7a-43b9-81ab-7e3293abfe09} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" socket
    3⤵
    PID:3628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3248 -childID 1 -isForBrowser -prefsHandle 3260 -prefMapHandle 2820 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b513864b-de71-4034-abc2-a2343d57c000} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" tab
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3644 -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 2696 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecfd5e7a-5c8f-4b03-9a11-d8ec5c12ccca} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" tab
    3⤵
    PID:4468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4704 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4696 -prefMapHandle 4692 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43e60c53-770c-4c77-aaa3-0318fca02955} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" utility
    3⤵
    - Checks processor information in registry
    PID:4992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -childID 3 -isForBrowser -prefsHandle 5248 -prefMapHandle 5272 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7734eef2-f4c6-41ab-b703-d20b780fbef7} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" tab
    3⤵
    PID:3468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5416 -childID 4 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e007b3ff-b7e8-4e40-a9dc-8a3dd379e8d8} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" tab
    3⤵
    PID:3600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5620 -childID 5 -isForBrowser -prefsHandle 5540 -prefMapHandle 5548 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d89478a-ed5a-480a-bf5f-b111f26e00fd} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" tab
    3⤵
    PID:2152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4520 -childID 6 -isForBrowser -prefsHandle 4508 -prefMapHandle 4352 -prefsLen 29570 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cf76c0b-d273-454d-bc72-15d6135fab92} 2776 "\\.\pipe\gecko-crash-server-pipe.2776" tab
    3⤵
    PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\r5m741b5.default-release\activity-stream.discovery_stream.json

Filesize
39KB

MD5
f869aa3b29f212d4f41bf858cfc5631b

SHA1
1e39e5d6c75bc73dc915c4f2028b41ac703bd5b6

SHA256
9083b7f1a3e0dd8812523dcb9a3a1517cb65cf5d41cd3fca73c27715afc68862

SHA512
1cf9f6d733565cd8c707c581c54e8b8a044988140b1fd2958dfe9564c9ca2ff323929b0151276e6c498aa7ba3b6f0db27dc4f2bc12805121acde10945048a525

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\AlternateServices.bin

Filesize
6KB

MD5
67f5aebb53d7bfe185423128a8d577d9

SHA1
ce497e5eb0ac9be84796ec6238308dfd2c99be64

SHA256
5fac4b4928c6c80ed90562fe47ca7ecd0e1f47e444ee9a3f95287dbee845ec7b

SHA512
51c1921b0460de4d8e006df73f376996312100d99595f12020bd73501cf31197860900f7692efba85004e345284a5465cec679771a57250f7433a4ec4f4fbc49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\AlternateServices.bin

Filesize
6KB

MD5
974d1b7b0793060b6a798cc9d0fc80dc

SHA1
98f6eb84fcc7849359e88a5168b0e10b74940a44

SHA256
294428c39dca3155d8eca83c6a9723d574b2b5c5044d7a955d2876286eeb2c06

SHA512
20a06b0da8221a4323ac45b88e1c9adae0d501005ff11331da2660991501bd4d3845a11fed863adfe6e3036e6ddfa6348ca7e80b87996a837f6c5ff71ffdbe74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\AlternateServices.bin

Filesize
11KB

MD5
ca693a8931dddaaf01f32a414625d87e

SHA1
eea4f366f69e64e354c4f12ea52421e9ae2f934a

SHA256
991f2d71e1bd29ea8f693ffea8455c6654d85fc28126c101fc60b63e75f9cd82

SHA512
0dd7bb95d9fdcde98f67385a824ad26e21c5e30eada4cc27cb7fb03afbaea3997bb018c105bef0e6e492e4a59c8c7e8bdfbb67b76506341cff502e62ef3a570a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
434164e1a16a08df46301ae749e4dce4

SHA1
5da11c5eb56f5ec17a4b78ee4c5b50c8c133f5e5

SHA256
1a656f9a93a09391079a00d04120c9a02a746e974c2ff751723fdef51b2f4099

SHA512
1fa4051835d044041ecb551c70645884fcb112f1f5d0829951f687c45fd71d1830ee540f57eb080acc451f4b22bea1fe9c299f431ea2f31ba67229a73e0a38ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5974e187d32f2953faf8c8294c464d54

SHA1
90f92de18f63d066f3f859eabf787ccdc445e4fb

SHA256
85c7c34127c1b4c8bfc54f0aa6132915f9b1e3e49bfd5939d2a58acb008bfb50

SHA512
8d6f6e10039f273ad9a892fd0f8c2e72e1c5181ee8a14a30321d2883ceaa63eaf2fe5f582a84847d7d8c474d7265e1372bc0d65b51cb5249508f35783862485d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
b87db223d5fc54dba39dffec03d6d8d6

SHA1
976d731181e83a28329dee8e9297fd3f75ed471c

SHA256
d5d86c4633354aa775eadb8c232dbb022ed0f3e0d948e446aa81776de94b3cba

SHA512
fc305e02e6f3d1c85517cafc5ba512b4c0176a2a30dd5799e090c3b8760e7d759d36a13333c3525e851ccb97ae57988b2bf3791a5b2d4cf8db0b7f078a50682c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\10e80a91-779c-4fe6-8988-24f92985ea0b

Filesize
982B

MD5
02b9fd692919cf7c5e9182e73aeff09b

SHA1
6e8a237c1e6b3d31ca4ec6d373b434aaa531340b

SHA256
0a057b78635b7a1de06e0b26a72ccac3fd30b01b943d8b8caf62d54f78de04be

SHA512
f7ffd008ebde7ce5e852e8785c5ae06e750d9e88c5eb2b846a851ef4329275245cbc6d299775e04c6e3377f8a78dc46b288fdce3227e74457322433ebab1f47c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\81a68ce1-b0fe-4c86-bb6c-c1d15b61e9a2

Filesize
25KB

MD5
1bdfe87d65052cd460a03972332bd354

SHA1
ef9e741c7597a69222a652ece107847a8856ab36

SHA256
4745eb0cefbc02fe3688ffa0a994e0ffa008c2ec83bf27414851751323bb763e

SHA512
394764ba94cb68c39d274dfdd94331a82a5f4959b891a21cfd9d428c90004bd5a53586be0b056bda42c05b36a1310acc5ebf915352d44db4843ae4949bd89b5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\datareporting\glean\pending_pings\cb6d6b53-864d-48c7-8bab-a478001179bb

Filesize
671B

MD5
b6bef340a4984e56599814b168a0280a

SHA1
0cb3d8bcc2318c3c6a61d7a8011a7ba61a4a6c1c

SHA256
2d6c8bcfbe42eb38c651b34f75bca58d177bafeea40bf7dbe1e0b2d72302c1f9

SHA512
bb2668141d5a200a7b7ca9398185714936fc1c1551b486caf702b6b5f277cc144a9ec25b9185d44ca4aaaa8e122ed2eb079e5663672cb4c819bcd8a91af1007c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
11KB

MD5
9b559728f9e646b31373b75e68dad91a

SHA1
73eb7b3bef85b5bbba74fb2d1eeb509d11af2752

SHA256
6663339d871e4f425356fd6d8a747ded878bd5f78e6920b420bec3e99c7e576d

SHA512
82e3321385c33466e10017f7c35d00b2c588bb886ade997d4a3b3016b37acec66838737364266d09b6eddaf8757f1864a4ecab31aff7cf09f49d74da6b7e4d94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
11KB

MD5
b3ce747ee62da7329fd8bfb46f8d2abf

SHA1
ee5c1af92a2ef7f94b2e2f281f5406ef69f55aee

SHA256
65faab21e66b689564e0410dfd554adf831bf74654a1162c1ce9f67398c94768

SHA512
059040bc2f2121bc1455f62db03c048cef60061075fa090a95a416da2d86b6a2fd578783dc65fd48acca8ca1affe81944396ddaea77ab55085e7f73789386dd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
11KB

MD5
adf3a3ddb672d08655ddf3db1d29f268

SHA1
f5882137b4498775dbe76033e6b2efc7d2ec3733

SHA256
473aaf49929864c95a80d7a103645ee857d9980861f4242740b7b81081d05d6e

SHA512
411a55814be65bf16e2e16f4735f59edf12c888ca5990e5ed9ecad3ea99c70d7ac8fccd93d41f884b3690c7096cad4b008d78f1e3b893c76ec5241abebe4a8bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs-1.js

Filesize
10KB

MD5
58ff1dc82a0c9ab3daaf1440acfd818a

SHA1
43e75d20b831288d8e2cf9405c9317c01e0a2d95

SHA256
88235c0c6122aa2a39ac38222c7b12bed8ca8243583b7e4553ab094fc4b72d05

SHA512
62db45f39fc05177aacbe2bbbf04465b8cc283eda29bfd51bdda49ef49e7de9f0761a3478de0ea2e148791882d45a6691dbda5d1754d050c30fd748f38a45284

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\prefs.js

Filesize
10KB

MD5
d12fcef064d3d707ac5ed2e568afd104

SHA1
4d7ec4daefaafd233a7b5e272a2b19d3a72573c8

SHA256
0d87c840fde22e71083e297e58bbca0b123944c69d4387ca75f126dd10d2d70f

SHA512
d361d7b36ba9d9ef0426422af528b0f187b9923df95aa8515920c9f2f786bb132823cd7920ed282d04c87416cf6612534a4fbe33849ad94ca5b9df873e7cf29a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
1848bc27a40a57ab8f2fa2e76d180d02

SHA1
606676dbf390a386193e9d376af8a1c022372d70

SHA256
83136f0633fd0fbf614a8303aa390a7c8e9befdbaf49a63a0e992099b319f759

SHA512
33dcd89a33a014b6bf34c431d41db4ed113862081c90411e594c4f08bcc8119da2f97f6dcaae765043ad89648e310a5f7419b626654bfd627c68c48773f710ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\r5m741b5.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
9fea7ee37e51096d3769d8001a57c03f

SHA1
ffaf7ab6452349fd435396ad499b3a82a70acbe7

SHA256
6631946816164059dec783dde528919351705c69cc805aa68da29ae9e4549b3a

SHA512
0624a03f93c8e55f7f6c13b76c36f9be823d3a585eb928f82c8173d54d38afed7d057552ac46dc07ad8831b00e4e6df3729e51460188165c9f0647669a703cd8

Download Submit