fe6371034d55bb7583081b03f4aec7274f8340cfea4740325cb52e1c6ac77f6d

Resubmissions

25-09-2024 13:50

240925-q5l6bssapb 10

24-09-2024 19:49

240924-yj5pjssarl 10

24-09-2024 19:44

240924-yf3e1s1hkr 10

Analysis

max time kernel
149s
max time network
146s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24-09-2024 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm v5.1-5.2.7z
Size

54.5MB
MD5

76219b3556e25086fc52f8e2b93fbd0c
SHA1

066a0f875820e51a60c3552a06b7b97f8bab6bbc
SHA256

fe6371034d55bb7583081b03f4aec7274f8340cfea4740325cb52e1c6ac77f6d
SHA512

ccc974b8e446409c7940ef8314b2a912a2f8c0272721148d4dca5b739702106e69c9c7d106137a576b7a7a846d4f9ac770685a07d7a588ba34d0167acb07f104
SSDEEP

786432:8IagoCEXKlCpMqIEJkseGG+5ELbzcFdcyt5/ks3FkAPYxpL+q7RRHEm+0NyvZZGl:8JgXCzIsGrPzcFrt1F3Yxxrr+4yvZE

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 20 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeOpenWith.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

816 OpenWith.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	380	firefox.exe
Token: SeDebugPrivilege	380	firefox.exe
Token: SeDebugPrivilege	380	firefox.exe
Token: SeDebugPrivilege	380	firefox.exe
Token: SeDebugPrivilege	380	firefox.exe
Token: SeDebugPrivilege	380	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

380 firefox.exe
380 firefox.exe
380 firefox.exe
380 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

380 firefox.exe
380 firefox.exe
380 firefox.exe

pid	process
380	firefox.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe

pid	process
380	firefox.exe
380	firefox.exe
380	firefox.exe

Suspicious use of SetWindowsHookEx 62 IoCs

Processes:

OpenWith.exefirefox.exe

pid	process
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
816	OpenWith.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe
380	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exefirefox.exefirefox.exe

description	pid	process	target process
PID 816 wrote to memory of 200	816	OpenWith.exe	firefox.exe
PID 816 wrote to memory of 200	816	OpenWith.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 200 wrote to memory of 380	200	firefox.exe	firefox.exe
PID 380 wrote to memory of 1564	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 1564	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4280	380	firefox.exe	firefox.exe
PID 380 wrote to memory of 4512	380	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\XWorm v5.1-5.2.7z"
1⤵
- Modifies registry class
PID:2588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:816
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\XWorm v5.1-5.2.7z"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\XWorm v5.1-5.2.7z"
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:380
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.0.714819677\1326798500" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dc6fb33-33a3-4be6-8910-2467b3f74a06} 380 "\\.\pipe\gecko-crash-server-pipe.380" 1808 29f6b3de458 gpu
      4⤵
      PID:1564
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.1.718436090\1388901780" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3e915c3-c8ba-4d1d-aadc-dce9eef33013} 380 "\\.\pipe\gecko-crash-server-pipe.380" 2148 29f59071f58 socket
      4⤵
      PID:4280
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.2.707900821\1527306598" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2596 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f191065-1664-413a-94c4-694675ae3de6} 380 "\\.\pipe\gecko-crash-server-pipe.380" 3008 29f6f6d3e58 tab
      4⤵
      PID:4512
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.3.1897545754\226293213" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {158c2ac7-bd51-48cf-8223-bfef71364f61} 380 "\\.\pipe\gecko-crash-server-pipe.380" 3524 29f5905c758 tab
      4⤵
      PID:4356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.4.525160537\1191275633" -childID 3 -isForBrowser -prefsHandle 4912 -prefMapHandle 4928 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e786845f-b7bb-493c-a8b3-4b5c1e8dacfc} 380 "\\.\pipe\gecko-crash-server-pipe.380" 4944 29f5906ca58 tab
      4⤵
      PID:4260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.5.879693387\1765107158" -childID 4 -isForBrowser -prefsHandle 5080 -prefMapHandle 5084 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea4d36b7-efc1-43ef-a886-1bf75e83e7a4} 380 "\\.\pipe\gecko-crash-server-pipe.380" 5068 29f71589258 tab
      4⤵
      PID:3752
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="380.6.1063439008\1542040324" -childID 5 -isForBrowser -prefsHandle 5348 -prefMapHandle 5344 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7ae7441-356d-43b4-bc57-c5a3b30147b7} 380 "\\.\pipe\gecko-crash-server-pipe.380" 5356 29f723f1458 tab
      4⤵
      PID:5076

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\XWorm v5.1-5.2.7z"
1⤵
PID:824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\XWorm v5.1-5.2.7z"
  2⤵
  - Checks processor information in registry
  PID:4792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\XWorm v5.1-5.2.7z"
1⤵
PID:2940
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\XWorm v5.1-5.2.7z"
  2⤵
  - Checks processor information in registry
  PID:1592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\XWorm v5.1-5.2.7z"
1⤵
PID:4744
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\XWorm v5.1-5.2.7z"
  2⤵
  - Checks processor information in registry
  PID:2588

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
482a496cae627db3e7896d6099acb7c6

SHA1
757a950e4870448b67198500f12ee265b35b8b31

SHA256
b7297d24b3e46c24d9d5dd56cded7d764f340cd3abbf726fea090f8e54d7c637

SHA512
d14bc9c408cb89fca15c100e2a7ba93bce37ff8772b3bc9a4c66e65987f07ec0a556946432784fe3e4c03a2b8c52b197a1eb909f9761e0bc0a72dda96614fd2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ff1fc2d31d1cacb6954487aa7a10013a

SHA1
d090eba37e3bcb274ec8c846a04efa94d0bec294

SHA256
37f226ba1aed2edbabc823969c371896c94b0f3a841bfaf329a068f6b5d1ebc5

SHA512
91e81c44d1f7ab9fd32cd0a925960a2c91b8a60fb23261f83d039018d4bb2681ad21ad115d0efe324adf043595d03ec944939f7d55d80dffdcd913ac9c1a4eb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\655e2ba2-177a-4f4d-8141-7842e8ca09c3

Filesize
746B

MD5
709e9bdaa1bca17f6bdb1e0d6559a7c4

SHA1
f42fa371fda74813fdc2bc5e875c6c824b6bda4d

SHA256
051c2bba7e6e9836b68dadc6d132ce89698ce7fd24f4fbdf646d12187c4f6add

SHA512
213ee443fede409cb626870ab0e32a8ed28ca53bca5d9d3488db219b139802b2de2fa6424a15bda76796dfa420cdf5eff8707e95c3f98d29d793d7168b1e3e2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\f743f879-fd08-40cd-9bbb-4555286d3298

Filesize
11KB

MD5
7364894acb24774e2b513bcf66d8c9b2

SHA1
483efa3299b80967577cff3ee29be958062040e7

SHA256
7f38935be6b16ae7ce07fb40bf02aeabc412fda5b88949b9a355f4bed8e91222

SHA512
0ae874131163db8502f96ed10d3cacbd15070d41bc66b84741320fbdab8a60fcc2a5bb134173cc2ff2cccd5fa688b9e255e93d65b2d14f190e5f89ae6e65d36f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
44751f5056bff04a8a39d60f89448aa1

SHA1
0e8e27f4890615b0de3b95a7e94132358d3f2701

SHA256
e176764482e64da132588afa4424755e070f2795e39000f635c1dc181de98f7c

SHA512
292b355ff87b86a6a61faef1c3aab2ea16a5097e6abb1d96bbd0f3f1a5d9db6022de9b46646412db61c6bdb670bbe83f6d4a09d24b3b61330d6f33396455f507

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
8KB

MD5
39695b1989c93f5a43b3f76fc0947a15

SHA1
c77afce841787db847e3abeeb63f8829702e0afc

SHA256
18d32df47e5fb2fa08dd79b117aa356f7d32d35d8d81601e45a0e6c5ad7ab910

SHA512
6a283017281c81fa1efc8f117f7dfec4e47f497c43bd56e1d72bc3be6bdd82543aebf1df89bdb6f03317265140c05a629cb478235c47fffc3be6196131999fb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
3ea7ed29b9f11888b33a6a1c23ae3b45

SHA1
06bd524fd6d33d11db962b4f09e84e1cc8aabe70

SHA256
4b611643dca82213c3cc2c1e70b9bd9685b80e86e6e99c6b16ecb8cd91164be6

SHA512
21590f49ffdb3f3f1cdedd371f821d62e2698498a652e0697adc5380d2b6ecb3dc773349aae4ecf6ae9e5a03672b63b899e7416322ad23ba0950d404c00cfba2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
cd07c98af6cfe29c282894ffc0357064

SHA1
38ad784d245c83ca497008f67c4d561867407446

SHA256
1c49c7cb9222f94815ac05b4a82942c1d5ac10566556fe408b5215a77be8afed

SHA512
477645d0854421436618d8f14974e5aa4521120dee683a5d9140bf35d22852e444cb0a2e105738133cb260b73315b58d4ae228a20407967840c840b660046500

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
99a6b8533b876219692e8160ff138392

SHA1
7bdcfbd44a5e3cbdcc8f7610ce7668e79a503f91

SHA256
9adc48f79198d63be96d3f90bd708ed902ecebba73686425e27abb8c45c2997e

SHA512
a227f3f844ed21a6f851520cdd2733b8b1a7b95da9055690c760763a18af625c26a814a479f9383d655d34d5da73b1bfaa0d1f9fd1eaf247f25f72df24177481

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7c9c1139d36d6e1ce62a3d0164ebfb3f

SHA1
4dfa0a749fd3099b602c468901645b629d13e8dd

SHA256
fb76477ae546d41a469c874a445cbf323c0bf6eb1ec33487aa4fab06c6f76c61

SHA512
d7e73c441a0a3bbfcd2332ba31e51d1212fa85770fe8f47664776ecc1c5d0316e53574dfc7deafe3715f270c2f110903df2f9851153bfd34b4dbc3d2ac0ce0c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f5427de327c6002c66d267da626a8bb8

SHA1
3609fa7588754333a1b3645a6cefad12698b0c4d

SHA256
283590ad0cbb999d356d33ec45f86c22276e5b69acf16a5851ec4477dee86a47

SHA512
51f452efd55d91e6778d7d226b9d8e9786412243dff7e3a7be7e60d2c56f159cd1ce5a6a6560c747ec21945a43f29cc3e3b7d56d0eb93de6420ef7b12e3335ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e9a25d1007657e7326128d71fa0415db

SHA1
c18df913880d40bbeac0bd9088a17eaa3c9fa768

SHA256
e3b6df8576f68682d000db21ec635b13cc7edad2def86cb2c364575039f181f4

SHA512
65b0023d505434138ad61e1181a3cfa87d64426f2be4c95932684499f627e85327c966298ad796b1967058fae1f830fa5c47def1db0085858b6d7afbe4aee278

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0d0013d9708d9fef539adc917f5b87f6

SHA1
5e071e6b4d8abf007c8bb78ee948caf5bb0439e1

SHA256
f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b

SHA512
851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
8.1MB

MD5
f954d52bf4d1f13e0644710bfdc30f58

SHA1
6c8c4f80a653b97deae0dbf70791622d28b32934

SHA256
12373b5d43d7165d46f5b350254499aae34c52b4ec816b9d654bea82931ad043

SHA512
fc5bf4e7a7062020a50cdb0d06df9dfe0732139b64592188363933d540d9094bfd6599ef518e3301214fbaa3724350fd86e02f92dd81d165f8dcdddee8967d7e

Download Submit