9d8eb779901498a861d2a766aeff47f7ba2153dae956564c63818b8927ee2be1

Analysis

max time kernel
149s
max time network
145s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15-04-2024 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.2.zip
Size

31.3MB
MD5

ee7ddb217ba31b06dab20016266be609
SHA1

4ae41378f7a8f404d7e27498f584a1a22fffb4b8
SHA256

9d8eb779901498a861d2a766aeff47f7ba2153dae956564c63818b8927ee2be1
SHA512

739252ff8c3cd8d7e33bda33e07c4b4d038c3d202761509f33ef31d9d299ace7260ce2516af1d11dee81aca47c8380301e1f992ff117adb956ed061fff4096c7
SSDEEP

786432:jdVX23QgeyHsB+DZcsV/gU9eK6JRcz/iyxo2+VWRwe7LAvUtgIqPjhi:PX23QghMB+DWSgU92azlFn4U6Iq7hi

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 2880 firefox.exe
Token: SeDebugPrivilege 2880 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

2880 firefox.exe
2880 firefox.exe
2880 firefox.exe
2880 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

2880 firefox.exe
2880 firefox.exe
2880 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

2880 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	2880	firefox.exe
Token: SeDebugPrivilege	2880	firefox.exe

pid	process
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe

pid	process
2880	firefox.exe
2880	firefox.exe
2880	firefox.exe

pid	process
2880	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2072 wrote to memory of 2880	2072	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3520	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3520	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 3716	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 2284	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 2284	2880	firefox.exe	firefox.exe
PID 2880 wrote to memory of 2284	2880	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\XWorm V5.2.zip"
1⤵
PID:4728

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.0.1872160503\197796686" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd520a97-0d9f-445d-a5d3-2edb39bfb1d0} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 1792 143b73d1e58 gpu
3⤵
PID:3520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.1.864428744\539158548" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc34e81d-f56a-453d-9b42-64b2a9159bea} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 2148 143ac46fb58 socket
3⤵
PID:3716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.2.1559353735\1789104689" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2892 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {032f0e75-cc3f-4440-a0cd-31214e4a2f5c} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 2700 143bb69fb58 tab
3⤵
PID:2284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.3.1154799112\1179164307" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3264 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bc4735b-782a-4a36-8cdf-a0d7f64b73f6} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 3436 143ac462b58 tab
3⤵
PID:4516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.4.1311003861\2059856487" -childID 3 -isForBrowser -prefsHandle 4088 -prefMapHandle 4084 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57316aa8-3a18-495c-9548-a47fa89e8fec} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4100 143bcfea058 tab
3⤵
PID:4872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.5.1627046762\1029939935" -childID 4 -isForBrowser -prefsHandle 4828 -prefMapHandle 4824 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2341a7f3-0aa3-42ae-9151-62fe98c7ea0f} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4836 143ac45f858 tab
3⤵
PID:2356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.6.1433265180\1620751600" -childID 5 -isForBrowser -prefsHandle 4968 -prefMapHandle 4972 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f14b905-024a-4ffe-91c0-6849612d10d3} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 4960 143bd80f358 tab
3⤵
PID:3340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2880.7.1950521522\1468546726" -childID 6 -isForBrowser -prefsHandle 5168 -prefMapHandle 5172 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3040b3bf-21a1-4989-8990-2b0785660016} 2880 "\\.\pipe\gecko-crash-server-pipe.2880" 5160 143bd810558 tab
3⤵
PID:1280

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
df62fa8a397c0905963fb9a32117d638

SHA1
372fd29d09a28346ee62f3ee137584bedc4af206

SHA256
dd4c1cfff902373fd44f9cdfc077c07597b6a00602f7f2a709e3b29ea66909e3

SHA512
20b487e9369647ea636b065138365ba401bca65677bd649dfb4bdddc8a99ffbb067e46dd3fa9d77d76c4441b32406889da4c4c9fe1a46fa597acd120c96a0253

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
6.5MB

MD5
438c3af1332297479ee9ed271bb7bf39

SHA1
b3571e5e31d02b02e7d68806a254a4d290339af3

SHA256
b45630be7b3c1c80551e0a89e7bd6dbc65804fa0ca99e5f13fb317b2083ac194

SHA512
984d3b438146d1180b6c37d54793fadb383f4585e9a13f0ec695f75b27b50db72d7f5f0ef218a6313302829ba83778c348d37c4d9e811c0dba7c04ef4fb04672

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
51603693a397db7da401ee6e530bcc37

SHA1
c85b14ca9ae7e28d697bffb37a270e8582b46a03

SHA256
5032903bac70dc099812aed23b3d69f0b3c8d61379c45400b0927d2222cf01d3

SHA512
e5611042fe5d5e1d3079f73d924a6597bce92cc04d36acbced3d97217af86965d8080e422bf8e0c1ed84f2b992f802717eb3f383d917843bb87dd5550eb1ff73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\82ae1c69-48fb-4236-a85f-9f5f972378a9
Filesize
11KB

MD5
04027efb7397474b54a7b0e758a709be

SHA1
a0cf4173dfacbe2e15ade614a2e71f685b3e03b8

SHA256
9ac78cce00da547ffcb681cafb4c880c4740f6928305a8d28f54fc5cb2d88eb0

SHA512
d01ab6a01c70c43b7ebd96d00e1dee0036511b0526386b3be638753605353ce3e7c5e407c97aba9ff645b3a94754f2f8562a06d7b5a77b61f1b3ea4f6984a48b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\df24adf8-c10c-4786-a508-7b0a005d40ca
Filesize
746B

MD5
15fa7590c4c9e037ead5611e7b15263c

SHA1
f68bd308330f4b7012cbcac29b6484a0d96f551e

SHA256
9a49572eb201f4a06b4222643edec7b61d4fef9899bc69f81802242a940a3661

SHA512
9bdbf56a7015226e1716fca4e2e4512d06c789dc6719e4f92bde77019940d84f5b43bd59cbaa3a7193395367a35141fb184a6abbb1dc738494f2f263c1f03756

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json
Filesize
372B

MD5
6981f969f95b2a983547050ab1cb2a20

SHA1
e81c6606465b5aefcbef6637e205e9af51312ef5

SHA256
13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665

SHA512
9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll
Filesize
10.2MB

MD5
54dc5ae0659fabc263d83487ae1c03e4

SHA1
c572526830da6a5a6478f54bc6edb178a4d641f4

SHA256
43cad5d5074932ad10151184bdee4a493bda0953fe8a0cbe6948dff91e3ad67e

SHA512
8e8f7b9c7c2ee54749dbc389b0e24722cec0eba7207b7a7d5a1efe99ee8261c4cf708cdbdcca4d72f9a4ada0a1c50c1a46fca2acd189a20a9968ccfdb1cf42d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig
Filesize
1KB

MD5
dea1586a0ebca332d265dc5eda3c1c19

SHA1
29e8a8962a3e934fd6a804f9f386173f1b2f9be4

SHA256
98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60

SHA512
0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
9KB

MD5
1760ceb4101ed04fbf32be0f50cc9ce6

SHA1
2b8b29d302461a8bf525c90618d83447983e7460

SHA256
9695b47933ea3c127f23120fe224e54356a7c542af691d320ffc8786304f3f82

SHA512
c404addbc09e73a097026a43b1f25bdf3a986d58b2bd78ac32a265fb2d3c3a98a60a0d8aa96cc89db50d7e398f58a069fe1309cd531bbccb12a815763b6e8f67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
7KB

MD5
e99c9bf038a1b73ccd30c4c94b1fd7d3

SHA1
2c62328602d2b9617484e4f2cf24cc5f6cf703b0

SHA256
935bb8166823ee9aeae44c0a42b78eb696ea0407e7e4114c25ee7f6b73ba4e8b

SHA512
e6ad3a15e9ddfc5d0b77ea5d3037cb1e4889bd53d60a6eab5335be1ce118392eee87bdbeaba3e52f96e4c15198085ee88d637c5f85f437d6400dcbc2c4c8cd33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
d809d0c97bb808be55cbc6c83d6922dd

SHA1
7879bd76cb57d43b2f03fdf3cd8a4e5fa3b2216c

SHA256
1a65341f604cba9999d7499812353cf1ad1c9bc39b31c8570c1fd096fb4505d5

SHA512
eac402ccf2b6dd6375211d3c46227c30d79ffcd424e37c963c5e5596bfb5f681e1297d408edc8bdce5cf2755a0d3f95c3233bd6a7e34d947d0672b023c56a5d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
7.9MB

MD5
16266257312ef31a835bec572c3bd91b

SHA1
cb948e739edc9e8ef267d4e4588f1dd502b81530

SHA256
11e302d1b438e8355a07190b19ae9a69cecc4167b5c01be2febe180b02d3130f

SHA512
5bf8a6ba489a9163e8ba45b496c4f524e8bb48b68a8c49f7c7afbb21bcc944d7e89ef2d4f5339141f67085394df3ee8a993a1199434825ff62e227416b4f318e

Download Submit