xworm | 42a43122a976de6400853bcb4d91eb6fc01b33e323e9c44e9d4740c978180a8e

Resubmissions

06/03/2025, 13:15

250306-qhfd9szmt4 10

06/03/2025, 13:12

250306-qfzp5azlz8 10

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20250217-en
resource tags

arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system
submitted
06/03/2025, 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cheatengine.exe
Size

42KB
MD5

fe3ecd7a7068b85e5c1a1c8833e1b5ac
SHA1

ebbd9a0b9f54fe308f1a40bd737deeb812f34415
SHA256

42a43122a976de6400853bcb4d91eb6fc01b33e323e9c44e9d4740c978180a8e
SHA512

87f75872aa6630d5093b2065ab6fc0f80d981ddbbddaef339d99f5a6a3e18e4313f502b300d468ac248e4ad807852c3732c554541e6d83e63165108b12e04c76
SSDEEP

768:+RPD9OQhx/BZ3Tw4xKdVFE9jffOjhBbAds4S1EAd8II1:+d9OW/Z3U4xcFE9jffOjP0dS1EAd8II1

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

5.0

Idlerkik-51025.portmap.host:51025

Mutex

a1yX5464i0yhChwC

Attributes

install_file
USB.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/4120-1-0x0000000000B60000-0x0000000000B70000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2250935964-4080446702-2776729278-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4120	cheatengine.exe
Token: SeDebugPrivilege	4660	firefox.exe
Token: SeDebugPrivilege	4660	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe
4660	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3648	MiniSearchHost.exe
4660	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 408 wrote to memory of 4660	408	firefox.exe	106
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 1868	4660	firefox.exe	107
PID 4660 wrote to memory of 6032	4660	firefox.exe	108
PID 4660 wrote to memory of 6032	4660	firefox.exe	108
PID 4660 wrote to memory of 6032	4660	firefox.exe	108
PID 4660 wrote to memory of 6032	4660	firefox.exe	108
PID 4660 wrote to memory of 6032	4660	firefox.exe	108
PID 4660 wrote to memory of 6032	4660	firefox.exe	108
PID 4660 wrote to memory of 6032	4660	firefox.exe	108
PID 4660 wrote to memory of 6032	4660	firefox.exe	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\cheatengine.exe
"C:\Users\Admin\AppData\Local\Temp\cheatengine.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5716

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3648

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5856

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s LxpSvc
1⤵
PID:1696

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:408
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 27661 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbf3d29a-39c8-4f8d-b8c0-90ea22a947f4} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" gpu
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2344 -prefsLen 27539 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbff76fe-8b63-43c0-98ef-a7f012279487} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" socket
    3⤵
    PID:6032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3048 -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 2964 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0251c04e-72f1-43cd-84d2-09454d25df61} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
    3⤵
    PID:3360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3688 -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 3676 -prefsLen 32913 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b7f14d7-d25b-40b0-beb5-19f270dda4b2} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
    3⤵
    PID:5736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4868 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 32913 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cf8da5e-fe38-44a3-b487-65e50f3170ed} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" utility
    3⤵
    - Checks processor information in registry
    PID:4956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 3 -isForBrowser -prefsHandle 5560 -prefMapHandle 5556 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d57754-d95b-4a61-ac26-87cb678de2b9} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
    3⤵
    PID:6980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 4 -isForBrowser -prefsHandle 5764 -prefMapHandle 5760 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fea4a3a-9c4e-4127-8810-a364ffccb60d} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
    3⤵
    PID:6992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5876 -childID 5 -isForBrowser -prefsHandle 5956 -prefMapHandle 5952 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b570efae-0cdb-492f-9025-e02377497c12} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
    3⤵
    PID:7004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 6 -isForBrowser -prefsHandle 5944 -prefMapHandle 5984 -prefsLen 32863 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e19f3d67-14a7-4f43-b5b6-c19568d3608a} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
    3⤵
    PID:4024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3504 -childID 7 -isForBrowser -prefsHandle 2908 -prefMapHandle 4048 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5441f289-b14a-435b-8d58-f3b23651ae6e} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
    3⤵
    PID:6964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6392 -childID 8 -isForBrowser -prefsHandle 6448 -prefMapHandle 6444 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c35e6d5e-ba65-42d6-9a66-62a63f07b994} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
    3⤵
    PID:4168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6652 -childID 9 -isForBrowser -prefsHandle 6664 -prefMapHandle 6660 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 968 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4552444a-e505-4e9c-9f2e-cce989fab8b2} 4660 "\\.\pipe\gecko-crash-server-pipe.4660" tab
    3⤵
    PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mv6obieq.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
dea56e2d7a9ca7cace53277f61662a9d

SHA1
f9e9c0759a20ad101f3d75e69f715abd50c28ea5

SHA256
7fcdba20ed2b26559ddcbc9822f7c6ec238112c36a2a17128b16faa80e90ac2d

SHA512
44098da854b7ba6011bde60dcbbaceeafbab7e696383af4ac99c5a6a984f4c7da49ce3a4d3ca5a72919e574e4f0fb4954bd880744143604ce7f925a1a767de8a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\34753e32-6993-4afa-856a-46c0fc3662d6.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
25KB

MD5
54f7bd3307ac42493f8fd91f44f7c2d8

SHA1
00a701198d75eb7d7460d3f59b2842071d9b6129

SHA256
9b908c6196f1a4f19df70528b0c51699a6662c898b497218c4af5fa1e383fba1

SHA512
f3da806157d9b7bb59b6ded3d1f68fe3ec53818db5e8fa6e13e6bc01a4c2e78a5e4476cf48beb7a1e3655114152cdf9b68df9b2d2c447d5dc5e12075bb7d360b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\AlternateServices.bin

Filesize
7KB

MD5
389e8e87221c3588fd5947f02936b3dc

SHA1
dcbc7e40154ec5e9d3d8a6c0ee68a0da94150133

SHA256
1f1676d7438a882428efb37da65a353b087ab1c89fdca7eb3fb54fff4d6b889b

SHA512
ae3795814a66fbd87085431ba2a410d03e66f7d4f671a4be742bfc5a7b407d328d395c7bed208ef0200a472267ea5f05db9937d088a69210185e7dc79c467fc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\AlternateServices.bin

Filesize
16KB

MD5
69d91d999fa66018c814977880287169

SHA1
bc09c2ffc21e2d36e182b078349d7e156db03535

SHA256
a5eee162db58579dedb79b8eef5f830f66f0dcecdef25b08709b950cd5dd8611

SHA512
f8cc8bd25bff7d5db786bfab8cf76bfb526f6645a3c4cbbc2ce7cd4a97b91a02d849c2963988b36ed40f514900e6d0437bea05f943a0db04635ce9239b4ca0f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4ebcb24c5df6c399c6f06387125fac11

SHA1
dea8ebb848da3a99ea3026d5a4c43a8db0332c25

SHA256
d943b59ff8d5d8c6d8c64e79c857a7a7016d79ddf24ff4e3563c120261eb8b01

SHA512
94c7312adc7efe8c71911deb795c2c27b00633e2b04b8411faa750f4c93caaf03705891680ae3645c544dfa98408c5cfa22ec74a74583f9f21222b6924eb297f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
85a9e528e15f662c44879c36e39cc3bb

SHA1
7d0bd0cf5c8f63f8a6b1060354cac0d4f3d18b76

SHA256
5e9d800cf01fe07919a90d037c4e2527d7ef0cdddc893c83f4f83c65aedf7af1

SHA512
0d16a6de1f2b94e7c8911d3a41bae2a5ac705ab4a7666125a47e4e5bd075c6c829b751fd60bcc365c55268ae12b90ade07dc2ccd66ae756a82c09158f07c02d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\datareporting\glean\pending_pings\04b6572a-1991-4c09-b213-7687dfe2b2ba

Filesize
982B

MD5
dc8b046a1c37ecabc72c41252898acc6

SHA1
1f2f5d5e99bdaff0a9b259e4ec1414efa4b2cea0

SHA256
0505f57f858e3937520756feaaf974590e39eb355f9c756551040f5dff4158c6

SHA512
6aeb4af38c8fbe9125d8991954e9df7f70415f221e6a1dca92a22a643caa5b9f425b8fe5d7f48d8faead1fa0c78599d5373bc21754d6dbab984b5e2fec4696da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\datareporting\glean\pending_pings\5b77edd9-4940-45cf-b537-7921ec8c9346

Filesize
26KB

MD5
e1bca65b27e03de7e200f49722feb21e

SHA1
c36c6bbde12b65701bf1f4ac2f5a2650938e6787

SHA256
8ed7c20c372e7dec773fc87d7d389651a17f7066073121027a6b699b75116a4a

SHA512
17b2e4882a6fb5f669225b3e9515876db4b073e48ad608867f870475616d0b7fd9ce8f343fc209d0f3a7b3ce03111b932b49e1919786af5f92710ef9e681feb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\datareporting\glean\pending_pings\f11fac0a-945d-43b3-8efe-2c139eaac6a6

Filesize
671B

MD5
20d1c8e0592183ea51890e6b766b6975

SHA1
912f5b0cdae78d5589faa493c07b24323ab151d8

SHA256
5694b13bcef7430a1ddc5a314d17108a009b7552bac62b809d40141d02f96c11

SHA512
046d4d449ebe9dc606ea94b168ada44dafbc89eb70ced2bcd1ade99356226acb3886beda1a405e35f3e1efe723df071ee40d790bb72ca10c2fd2120c235c30a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\prefs-1.js

Filesize
10KB

MD5
18e02723c7461fb4ec1e4905754d888a

SHA1
44785057418b44a07b0212167e5a3b65ab901a0c

SHA256
3c0eff690b79b4fff2bc95a10af4df2f8c036767d48a67f74b178f5edbfbef10

SHA512
90cbb857e16350c5ad7e87f6e59ef4d8715bab5aeb8d295d4710803e89ae558d309f7f8baad6da25521f218579908e76dcddea4e6283b08c732e99f17c74868c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\prefs-1.js

Filesize
10KB

MD5
d9bcf82c82dfb9c40c4e975ee8fd8a82

SHA1
7f16460c70d4de737eed7438823238b478e02948

SHA256
0e667883b9daa6f14e7fd9e93515ac018aaa2f392cdb05ac968bc57fb9e2c05e

SHA512
538929a2719c432815c176529703795e3d5534c2f611caecd4b150008586505f5b9e815efc37d86f1430e1bb803e616f1166d14faa308d7bcefedb0027ad7ac7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\prefs.js

Filesize
10KB

MD5
9db8e81d7e2f32cac37c981e94c22c5c

SHA1
b10f717cc350f824d1b87db938a4ae2a7c6d842d

SHA256
8846143a65a946458fd4170ded4a359f154887a7ec10e3450c20b213a0704a6e

SHA512
3ab2483cfbf6ed090f5dec06f053f4ab70459e4890d8e43837fcf3d34a78332ed8f16186a422e49a0185efc853d2fc66f55231e0dae01e22ae372edad9f5f655

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
3563c31c9ec7b2edf6922b9ac51bc90d

SHA1
f8e1a29ee78fb37d6b1476c5568d21bde2c5d8e0

SHA256
6897d4f0e1046082ee4651495bbcb524f49f8ab28e72e5037cb6bd37fdb534af

SHA512
013b687b2c1208aec2bb6e7658c0e365e55b89d1a97da24117a44c349df2402b4f7a72c79d60ec319d921bcc8dc98166d5b5af1b3102b057a57a85d9b2750be3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
cc9c83048991b75a025731e227f7eedc

SHA1
dd3b2664dc1d265e658de8f22b949174d58ef72f

SHA256
1b5ea917a06868b6bffda7b2a5404323c30d6c3d82346b346e96f4908133c080

SHA512
996b2c027c958ac6c168587827019aa086991cc74dff44ec14a0039513e1e5aaa1ee443a5c727048d064e94fdcc344af3f3693163cc32c5779b0dd228ee84780

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mv6obieq.default-release\storage\default\https+++www.reddit.com\cache\morgue\25\{6fcbd559-2dd7-4d84-a3b1-252010689919}.final

Filesize
2KB

MD5
1bdde26b4ee1041dea56993e75d021f7

SHA1
3d265440ac762ddf7680ca2d1410d7beb12a7285

SHA256
6bf70f8d50cb1cabf25b0efcb1e7f905b64f0db0689f7c750e18edc05ae17ec2

SHA512
f37a502369b5a2405cdd312b5aa91f744102e40527ea8a62ab82f65ab9157ae0ba6b2d3d08f8d6bc35960303f0d6f064862287c1a1015fcaa74d51ab14c73a21

Download Submit
memory/4120-3-0x00007FFF3B0F3000-0x00007FFF3B0F5000-memory.dmp

Filesize
8KB

Download
memory/4120-4-0x00007FFF3B0F0000-0x00007FFF3BBB2000-memory.dmp

Filesize
10.8MB

Download
memory/4120-2-0x00007FFF3B0F0000-0x00007FFF3BBB2000-memory.dmp

Filesize
10.8MB

Download
memory/4120-0-0x00007FFF3B0F3000-0x00007FFF3B0F5000-memory.dmp

Filesize
8KB

Download
memory/4120-1-0x0000000000B60000-0x0000000000B70000-memory.dmp

Filesize
64KB

Download
memory/4120-330-0x000000001C380000-0x000000001C38C000-memory.dmp

Filesize
48KB

Download
memory/5856-586-0x00007FFF558F0000-0x00007FFF559E7000-memory.dmp

Filesize
988KB

Download