hxxps://breachforums[.]cx/Thread-DATABASE-epa-gov-Database-15M

Analysis

max time kernel
543s
max time network
555s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/04/2024, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://breachforums.cx/Thread-DATABASE-epa-gov-Database-15M

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-609813121-2907144057-1731107329-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2964	firefox.exe
2964	firefox.exe
2964	firefox.exe
2964	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2964	firefox.exe
2964	firefox.exe
2964	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2964	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2728 wrote to memory of 2964	2728	firefox.exe	86
PID 2964 wrote to memory of 4408	2964	firefox.exe	87
PID 2964 wrote to memory of 4408	2964	firefox.exe	87
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 4284	2964	firefox.exe	88
PID 2964 wrote to memory of 1416	2964	firefox.exe	89
PID 2964 wrote to memory of 1416	2964	firefox.exe	89
PID 2964 wrote to memory of 1416	2964	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://breachforums.cx/Thread-DATABASE-epa-gov-Database-15M"
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://breachforums.cx/Thread-DATABASE-epa-gov-Database-15M
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.0.420534576\1778035415" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e75110bb-6dc8-41ba-ae5e-73527f6081aa} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 1956 1e2323f1158 gpu
    3⤵
    PID:4408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.1.1167169982\1641346623" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffe1655d-488b-4f66-a515-faf55f4cfdf8} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 2388 1e231de3558 socket
    3⤵
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.2.706988726\1687075319" -childID 1 -isForBrowser -prefsHandle 3332 -prefMapHandle 3328 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afdeeaef-7d8b-4c90-93f5-1c7e481f9628} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 3164 1e2362fdc58 tab
    3⤵
    PID:1416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.3.805224008\683384194" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5eeb1ff-1ed3-40e6-af30-fa53d8903201} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 3636 1e2369c1b58 tab
    3⤵
    PID:4336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.4.354511650\2074039794" -childID 3 -isForBrowser -prefsHandle 4732 -prefMapHandle 4728 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f21bfef-a0ac-4843-9689-04c551e42464} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 4696 1e232349e58 tab
    3⤵
    PID:4168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.5.1620126697\900715987" -childID 4 -isForBrowser -prefsHandle 2980 -prefMapHandle 3288 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {977b903b-be7d-4deb-874b-cabf07243567} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 3388 1e235ee2258 tab
    3⤵
    PID:3840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.6.658242702\1053542719" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69108d4d-0741-4974-88e6-f842c02f602e} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5100 1e2362fbb58 tab
    3⤵
    PID:4072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.7.1727301403\564322978" -childID 6 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24a0aefc-cd23-4788-87bf-9b33e4d8f044} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5284 1e239017e58 tab
    3⤵
    PID:2728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.8.1845578582\847655208" -childID 7 -isForBrowser -prefsHandle 5292 -prefMapHandle 5524 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57aa7106-59ca-4be8-88cf-2cde0c45e8fc} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5388 1e2393f5158 tab
    3⤵
    PID:2984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.9.1294574319\1186516178" -childID 8 -isForBrowser -prefsHandle 5080 -prefMapHandle 4732 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {430abbe2-b207-4c1b-9f4b-e225badc216d} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5068 1e238097758 tab
    3⤵
    PID:2676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.10.886605127\1786608579" -childID 9 -isForBrowser -prefsHandle 5244 -prefMapHandle 4856 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d623fe9-7abb-45d7-848b-3d800eb44dcf} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 3220 1e238097158 tab
    3⤵
    PID:3248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
e989dff43711435ab782fc10b605d507

SHA1
1a7cb58ed8a66a43253334133d9acd9bb5d1c6d4

SHA256
2c88d60fd9715664f9eb5a2bb7b1fa8d39ef3a0af39965da55f15741bf4d22ad

SHA512
33f11a63c424455d55ff5fa1a3aecff1b79d2b841cdfc73d6237938fbb3834776c88a104ad0102d301b38d495d40e8647f612c77810894dbadd70e4c436e5bd8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
0ef6412a4b8156506e79199346091f36

SHA1
c2b2c061161a2d01ffe79f38c49c746a495be049

SHA256
2a87e9cf99ab5edb07aaf4de5dd0b1e52fa8b4e4ddd9b0acdb77879baa82d8a2

SHA512
cd8bb3737d07fb87d5ab1ec86c3ee171f19dc17a2aee75f0853baa20043219377829dbf2a33e577575cdfbd6c850005a74965fd74e9ec2a9c2553df1e57c1876

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
12e9f854b6c60698395cdc2f061e4ea7

SHA1
f6b4d52a829ae89b188a713fe18ac4186195920e

SHA256
db3d70237edfe13d30426878538ac20c1ff90360e5b69a3ae22bd383d77d4ee8

SHA512
66854809e6d58471e121a0c044da34c78947e78e0cc0a534e1131650884e36d627cebef560eeade8c2b5fcf768dc633357d6d4da47c5e34ec3d267dfe8590213

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\pending_pings\c60f67e8-06cf-4dc5-8058-100893840ba9

Filesize
10KB

MD5
c8a669d315f72135ea376e3fc65c79b1

SHA1
422323f80163eb7c67b7bdf4522a66d3519391f1

SHA256
3e5b0e63317c31b2c00d13e6bd4349dff631a489079ed5ff5c0d25343f3508e2

SHA512
feb92620790dffa3f09d17f7c40a92b97c9692cecb852d6854b3b5d9b2b30eca85acbc4c0beafff1bd035254503b03d536d3e725daa20b2412ac53b67a0b9ca1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\datareporting\glean\pending_pings\e6c12824-8875-47da-987c-48ef4dba46c0

Filesize
746B

MD5
d09897ddfb757b0b7f9639da6470ffaa

SHA1
00b626fc024ed33d71a2a73f840ead25fbd50e46

SHA256
97dfb61daf073554df4d1907478151541f0d9afc2b5081c84094183aea9cc282

SHA512
8603b131af742ac8f9623a8832e033883642e97df01813bf4f8090d19481910271610251639f0dbed717c87c514c47997ee4f52b3d661d4598ec8af3ed04e317

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
6KB

MD5
9d4dbb0b64cf7ed3f66473cf14ddf179

SHA1
240f68edb1adca3ef633bc761e26790cc934ebe3

SHA256
c042f059b9d3dbf8cd4b0899dd92bb1fefd0fa116c0f19e72fc84b851116e2bb

SHA512
f79719564acf72b11ecf1594cb5d10bdb7500179005828a2ecd73feea9faaaa508cb09729de11a91f320f6232bcdbde24cb91be9dfa4c26e63de2e5d84adf904

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\prefs-1.js

Filesize
7KB

MD5
c3130cfe28ad17426c74e640fc9c0222

SHA1
e2e4b49a9c4d1a1200297f4e3424380ab7199b75

SHA256
093ac678f06625139a9962ad530ccc2162fffcf88c6bb2769fa15cdfc97be73f

SHA512
c521a4151f61dc4367ac85c6b562e575a1d0158bda40341bc23087a8636a30abe0d2da136cada24d9e15b676337dbbf6f77f3efd3650eec6c8ffe84a93d48f13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
39KB

MD5
484d9e6d28901ad94c015138d674675e

SHA1
ddb25f9548ec7ff6e3d074e12642dcbfcb49f0d1

SHA256
8f11ec292982033cd5ab0438e1830dd04a57abe39cdf42152a6b318754585e21

SHA512
719e6a7d0af9195c6c1ec671e159795639d798499ee0d3c2b698b0c4a313e8c3c66423430e11c5a8ff78c038f2bee3f484db92379b2c031165247d2fe2d60948

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
40KB

MD5
bb177788c202dd0909e9a98f14997d8d

SHA1
a08ca21f552219d7d20e96c8ec449c8f8ccdbc8b

SHA256
78c661e6ae7a552397004d640e2cb18aca8fa9562a9fc748bdfb92c30753fb86

SHA512
2029729c81ce185b6692dd898948f7c071fb4b5b1c7b40eb96a047732450aaec30c0d1b5b9c1f10017faca2a24186a8f8272b08bb98387e713805625b30cb90f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
2a9842e13df5c807e092adaf2d2fb14e

SHA1
7d6e08e22a692ddceae3e5aa4513ac71d0e3ec15

SHA256
9e1bc7d69b95ddfcb98b1af0885da8080b1925a6107baa6214ab312bb4bcdc4c

SHA512
f6f0de976cc924f40689c27f68eb6cb1fa78e63763618d55941ce4ae87e82f45008899f02e8a338bce0f64b84749ac13241395655a3f848150e8d6be2c80b1bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
40KB

MD5
43b920630d44893ef7a64c0cfc6f5a13

SHA1
120e4002f2393ce64b0e73f27e4a1a4a701b4d45

SHA256
c380b0db458a4716a9aae8d6fcd6b8656a3a7465577c25eecc97dd415f3e26ee

SHA512
cbf644040c4d71708293b87959c6d1a784bb19d05be532b7cec9b8ec2fbd55306cc2ed8403d8e9557ef9631bcafd7b8626d866cfef2b2de22c89c7ea15357da7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
40KB

MD5
0b8bc33e1ede6712bf71434ab3446525

SHA1
7ad66d9b69616c4fd4e55a0fa4cc555c2ebe2ffe

SHA256
8a9dbe2926c337f47f6fac5e36453c21a1b926d83d3627a8e39dff9b4380a268

SHA512
cc7a92780fbcaaa5c685b654a3cd6d3e37a11d20457c222b1adfd2082e6cb69c9a199cb9c917b293ce8dec3cbff1bf3bcafbe0559433d6dfc43d2e83c1bcc086

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
40KB

MD5
816c404f3832aac83949f75d4e3ded29

SHA1
c0c282e952358b850bb47550a571b57780d891bd

SHA256
386db26faa52850d1eb287e28d066d7f2923105e7091fcfabdc9130d0122c44d

SHA512
1ede22ea7f076b6796242f91a91963c3d4208003db1ad558cccadff84878ca23c6eb18c5acecf61c3bf7d34c1690c4834a934927c32fbc4683efa51aecd80a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
40KB

MD5
e10598cbc078be9e2d95c34dc66093d4

SHA1
af8a9f9391c779c5de2b7acd8e4cacf1e0019f68

SHA256
4ed2102a9b8858776a707ae68cbde86261b520b9537398d695f3151e2582f254

SHA512
b9019f3e6255b979496cf37829265e2b6bf0057fdb60b334e770e68ae71f5a856574214b9bc426a00c70620869d81d4f67ec48e829f8e3b04cc19c3b72fda824

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
40KB

MD5
ced5a0bd480ee84886351ff339d1ff96

SHA1
2c28d5a68873ac324f27dc241d80eeafd635fd79

SHA256
de25df44603a90e480231b4ae6b489cba1b9cba00486262e95ce9cc8dedda7e6

SHA512
890ebd5231d0fe4c9b3a8d74c7c4d8d5fb618128ffd04811ac1cc17782610754fa2ea6e33864865bd6e78912732d3e567d3aad6d42e6c6e8e54fd2f79c5f6bec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
40KB

MD5
39ee7ce477993965d7688be805dce9d5

SHA1
33d82147a9ace081c1c1f1d8309a40af41b581df

SHA256
94957ad73d1d2855c28ff3d33c1f60eb4c98616bd3d79205521965bab3af8247

SHA512
2be333f9b2d4af428f4d09dc9528ad48dfefa65c6c54abf5f960334426399ac33dabcafc5a63dc371e086491965401f0f4abba6bf2a0e5a619fee0a5ca8a1ac9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9e540af6ebf92d7a4a066dfa5ee0aa40

SHA1
a5cd3ace02e9c9f3558b5d649b653d2436270a4f

SHA256
cc50cbee8a80d4a0f9ca3b82df06582ba7c209e83ae4d7cc48bc0c003e07c4bc

SHA512
9e577b946d6f80b2fe329c90118f3ca65c1f7fc0af1f3568c9778dddbff5f5ff5dcef2abcfb8edaa6510630911d94d84c70aa7a006f61976080626d9b1c7fa38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
40KB

MD5
4a493afcb184dc4b6097be6035e1b135

SHA1
9e94bd0113cb1550380dfadc3efa8aa6ec33ab6f

SHA256
8b6fafc85a8c442b131d8633e461ab3e73408ae664dbf5a8c88db8fce153a6a7

SHA512
5aaac3b07def84e26b14a755c9194e9db3a3c19309db72857df526d0a3f4f7d80898a459b0c7cd4926ed347113cc6f1500c39a48ccfa6fe0696ba14310a92d26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
40KB

MD5
ea8bb6755cdf649ae536ad4e77a1eaa0

SHA1
2ce57ff6e492fbc37b76fb09d2367a852b4a6ca1

SHA256
abf77513bdbbc75515ad97006a9b0b17ac9dd5cdb246f267adcd4ef6053998f7

SHA512
a216e4eb2dcf8957af46fb65a6a5fa7995a4177dea4cc52b936808e8b1df71d9c93506c4580bb254353383cad57c2c6facbd8d78a268310c4a1b70cfc5b96e59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7nvvjyxe.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
75fce57ecaf47874475c6e13f9856054

SHA1
9ba92a9b007b965e057ea20a69f3ad1e89e42635

SHA256
a509ae8fd6f15e53bb8f4be81a79f5ffc97be8bb33bf51a2ac77379c35c7f217

SHA512
29bf881792b6a7ced591e146a0d12d76bb64d7d61969a6c1e7ece7351924748b7ef3f8d986daf513bb7d0a2bb80c3ae7b38c43c8cb4fc371c346e873e8555618

Download Submit