rhadamanthys | hxxps://github[.]com/koyaxZ/XWorm-v5-Remote-Access-Tool/releases/tag/download

Analysis

max time kernel
332s
max time network
326s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2024 21:11

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool/releases/tag/download

Score

10^/10

rhadamanthys bootkit persistence stealer

Malware Config

Signatures

Detect rhadamanthys stealer shellcode 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/5188-372-0x0000000002490000-0x0000000002890000-memory.dmp	family_rhadamanthys
behavioral1/memory/5188-373-0x0000000002490000-0x0000000002890000-memory.dmp	family_rhadamanthys
behavioral1/memory/6060-396-0x00000000023C0000-0x00000000027C0000-memory.dmp	family_rhadamanthys
behavioral1/memory/7028-485-0x00000000023F0000-0x00000000027F0000-memory.dmp	family_rhadamanthys

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Downloads MZ/PE file
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

MEMZ.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation MEMZ.exe
Executes dropped EXE 10 IoCs

Processes:

XWorm.exeXWorm.exeXWorm.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

5188 XWorm.exe
6060 XWorm.exe
7028 XWorm.exe
1756 MEMZ.exe
7068 MEMZ.exe
2832 MEMZ.exe
5728 MEMZ.exe
4416 MEMZ.exe
3372 MEMZ.exe
3612 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

214 raw.githubusercontent.com
215 raw.githubusercontent.com
216 raw.githubusercontent.com
213 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	MEMZ.exe

flow	ioc
214	raw.githubusercontent.com
215	raw.githubusercontent.com
216	raw.githubusercontent.com
213	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exeXWorm.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	XWorm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	XWorm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	XWorm.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	XWorm.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	XWorm.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command and Scripting Interpreter
T1059

Processes:

ipconfig.exe

pid process

5916 ipconfig.exe

pid	process
5916	ipconfig.exe

Modifies registry class 5 IoCs

Processes:

firefox.exeOpenWith.exe7zG.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

Processes:

firefox.exefirefox.exe

description ioc process

File created C:\Users\Admin\Downloads\XWorm.rar:Zone.Identifier firefox.exe
File created C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\XWorm.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

XWorm.exetaskmgr.exeXWorm.exemsedge.exeXWorm.exeMEMZ.exe

pid	process
5188	XWorm.exe
5188	XWorm.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
6060	XWorm.exe
6060	XWorm.exe
6104	msedge.exe
6104	msedge.exe
7028	XWorm.exe
7028	XWorm.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe
7068	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zG.exe

pid process

6780 7zG.exe

pid	process
6780	7zG.exe

Suspicious use of AdjustPrivilegeToken 25 IoCs

Processes:

firefox.exe7zG.exeXWorm.exetaskmgr.exe7zG.exefirefox.exeMEMZ.exe

description	pid	process
Token: SeDebugPrivilege	3972	firefox.exe
Token: SeDebugPrivilege	3972	firefox.exe
Token: SeDebugPrivilege	3972	firefox.exe
Token: SeRestorePrivilege	5920	7zG.exe
Token: 35	5920	7zG.exe
Token: SeSecurityPrivilege	5920	7zG.exe
Token: SeSecurityPrivilege	5920	7zG.exe
Token: SeShutdownPrivilege	5188	XWorm.exe
Token: SeCreatePagefilePrivilege	5188	XWorm.exe
Token: SeDebugPrivilege	5580	taskmgr.exe
Token: SeSystemProfilePrivilege	5580	taskmgr.exe
Token: SeCreateGlobalPrivilege	5580	taskmgr.exe
Token: 33	5580	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5580	taskmgr.exe
Token: SeDebugPrivilege	3972	firefox.exe
Token: SeDebugPrivilege	3972	firefox.exe
Token: SeDebugPrivilege	3972	firefox.exe
Token: SeRestorePrivilege	6780	7zG.exe
Token: 35	6780	7zG.exe
Token: SeSecurityPrivilege	6780	7zG.exe
Token: SeSecurityPrivilege	6780	7zG.exe
Token: SeDebugPrivilege	3972	firefox.exe
Token: SeDebugPrivilege	4296	firefox.exe
Token: SeDebugPrivilege	4296	firefox.exe
Token: SeShutdownPrivilege	4416	MEMZ.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exe7zG.exetaskmgr.exe

pid	process
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
5920	7zG.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exetaskmgr.exe

pid	process
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe
5580	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

firefox.exeOpenWith.exefirefox.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
3044	OpenWith.exe
3044	OpenWith.exe
3044	OpenWith.exe
3972	firefox.exe
3972	firefox.exe
3972	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
4296	firefox.exe
5728	MEMZ.exe
4416	MEMZ.exe
7068	MEMZ.exe
2832	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
7068	MEMZ.exe
2832	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
7068	MEMZ.exe
2832	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
7068	MEMZ.exe
2832	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
7068	MEMZ.exe
2832	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
7068	MEMZ.exe
2832	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
2832	MEMZ.exe
7068	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
2832	MEMZ.exe
7068	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
7068	MEMZ.exe
2832	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
2832	MEMZ.exe
7068	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
7068	MEMZ.exe
2832	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe
7068	MEMZ.exe
2832	MEMZ.exe
4416	MEMZ.exe
5728	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 1388 wrote to memory of 3972	1388	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 1992	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 4704	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 4704	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 4704	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 4704	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 4704	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 4704	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 4704	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 4704	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 4704	3972	firefox.exe	firefox.exe
PID 3972 wrote to memory of 4704	3972	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool/releases/tag/download"
1⤵
- Suspicious use of WriteProcessMemory
PID:1388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/koyaxZ/XWorm-v5-Remote-Access-Tool/releases/tag/download
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.0.1259838064\117460540" -parentBuildID 20230214051806 -prefsHandle 1816 -prefMapHandle 1812 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d1ac356-bbd7-457e-ae3a-e700060713b1} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 1924 24af75f0058 gpu
3⤵
PID:1992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.1.1880929485\628391103" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8e786d4-0f57-4e25-b67f-938cc6d4e5c1} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 2496 24ae4386c58 socket
3⤵
- Checks processor information in registry
PID:4704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.2.558209646\129869617" -childID 1 -isForBrowser -prefsHandle 3168 -prefMapHandle 3256 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51e3787c-6cdd-4b4f-9bde-30ec0b31a0f2} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 2824 24afb440f58 tab
3⤵
PID:5068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.3.1687500384\567085615" -childID 2 -isForBrowser -prefsHandle 3928 -prefMapHandle 3924 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1553f57-f33f-4d79-b6af-44d4cef6a970} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 3904 24afcd24258 tab
3⤵
PID:4388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.4.1200245578\1089886147" -childID 3 -isForBrowser -prefsHandle 5064 -prefMapHandle 5060 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49250c6c-a9df-4a33-a433-8854cb62a706} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 5080 24afed0ce58 tab
3⤵
PID:3280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.5.2055223757\966359582" -childID 4 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77c758a1-08c1-4a3d-a9c0-8057fe6ac561} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 5212 24afed0d458 tab
3⤵
PID:3872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.6.9602114\673691694" -childID 5 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {189ef9e3-55e4-4402-9274-409f382a3c92} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 5404 24aff11fe58 tab
3⤵
PID:4004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.7.986211323\1995549826" -childID 6 -isForBrowser -prefsHandle 6320 -prefMapHandle 6280 -prefsLen 27737 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {397f0bb1-1d52-4d00-bf0e-65aac25bd753} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 4852 24ae4377b58 tab
3⤵
PID:3936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3972.8.683176181\380041949" -childID 7 -isForBrowser -prefsHandle 4528 -prefMapHandle 4308 -prefsLen 27816 -prefMapSize 235121 -jsInitHandle 1268 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa24189c-c0bf-4650-80c1-6cbce7936f24} 3972 "\\.\pipe\gecko-crash-server-pipe.3972" 4516 24aff435a58 tab
3⤵
PID:3004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5680

C:\Windows\system32\ipconfig.exe
ipconfig /all
2⤵
- Gathers network information
PID:5916

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5404

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap26307:72:7zEvent20490
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5920

C:\Users\Admin\Downloads\XWorm.exe
"C:\Users\Admin\Downloads\XWorm.exe"
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5188

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5580

C:\Users\Admin\Downloads\XWorm.exe
"C:\Users\Admin\Downloads\XWorm.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:6060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultad8f4648hacf1h4e1eh9817h8a77c028496b
1⤵
PID:912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff0dbc46f8,0x7fff0dbc4708,0x7fff0dbc4718
2⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,10454111205630990265,16490133179777594537,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
2⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,10454111205630990265,16490133179777594537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,10454111205630990265,16490133179777594537,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
2⤵
PID:5824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6168

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\XWorm\" -ad -an -ai#7zMap22471:72:7zEvent28953
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:6780

C:\Users\Admin\Downloads\gay sex\XWorm\XWorm.exe
"C:\Users\Admin\Downloads\gay sex\XWorm\XWorm.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:7028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6552

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4296

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4296.0.380440639\438689479" -parentBuildID 20230214051806 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 22495 -prefMapSize 235208 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c6dd11a-1325-498d-8cab-0e38aafc77c7} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" 1852 2295952b258 gpu
3⤵
PID:4544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4296.1.2046678131\733204382" -parentBuildID 20230214051806 -prefsHandle 2300 -prefMapHandle 2296 -prefsLen 22495 -prefMapSize 235208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d388f144-7f8a-4344-a3d4-a484fb2e8ad2} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" 2328 22945589f58 socket
3⤵
PID:6580

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4296.2.115855384\770505112" -childID 1 -isForBrowser -prefsHandle 3032 -prefMapHandle 3048 -prefsLen 22956 -prefMapSize 235208 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf9be605-31f2-4938-ae12-020bb769983a} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" 3260 2295d32d158 tab
3⤵
PID:5400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4296.3.1655013948\761318095" -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 28357 -prefMapSize 235208 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {915adbf3-74b0-4988-ba6c-9df5ed6c7a73} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" 3696 2294553f158 tab
3⤵
PID:6916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4296.4.1022254780\179938113" -childID 3 -isForBrowser -prefsHandle 5172 -prefMapHandle 5168 -prefsLen 28357 -prefMapSize 235208 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e71a951-6f28-423a-aabe-5409342225fb} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" 5180 22961a04758 tab
3⤵
PID:5864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4296.5.376187357\139203868" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5140 -prefsLen 28357 -prefMapSize 235208 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1994500-b0ee-4d8a-b040-eaac8371e1d1} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" 5304 22961ad5c58 tab
3⤵
PID:7092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4296.6.1835627792\1730552241" -childID 5 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 28357 -prefMapSize 235208 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ab5e30d-ca83-414a-8447-3f2d5a4b6beb} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" 5392 22961ad4d58 tab
3⤵
PID:7084

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4296.7.2115993574\978196938" -childID 6 -isForBrowser -prefsHandle 5116 -prefMapHandle 5756 -prefsLen 28357 -prefMapSize 235208 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4f1ac5a-142f-4502-922f-3d2f33d53293} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" 5516 22962945d58 tab
3⤵
PID:1940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4296.8.1866129190\1493726505" -childID 7 -isForBrowser -prefsHandle 5300 -prefMapHandle 5528 -prefsLen 28357 -prefMapSize 235208 -jsInitHandle 1360 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {248415ba-6450-462f-a828-3b9ff9ba2032} 4296 "\\.\pipe\gecko-crash-server-pipe.4296" 5696 2295cf52b58 tab
3⤵
PID:3424

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
PID:1756

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:7068

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5728

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4416

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
4⤵
- Executes dropped EXE
PID:3372

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
4⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3612

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d49994be-2912-4c2e-8fc6-e322372009b7.tmp
Filesize
5KB

MD5
76885b8cf8cae6823852c4caa470f9f4

SHA1
fd08a6b27496c653caa5498f52664e754329b5bc

SHA256
1e8a368c880d22c86acb8f4406f610d6fc3d76713e4b65f8e9fdda05334759a9

SHA512
8102bf7afc6774fafe0afce4afc70ea021786eec4a3a2b3d6835e5e2d3f91d110f9b04f26ea0defaadc58640ee25745d4d9929b128f90b86e7beb6023df19bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
87e946abbee4e7d7c83122d787a98ece

SHA1
9b94c4db52b7bbda16e58e3221db6a91c6a88a2f

SHA256
44e2885fb2e3905c262e96a360ab2d3db30870ee00f2410428594c42594e5e01

SHA512
11b75181348e491885a209110d179e08d139bdb6c2d54c9e864f2d96bff5a05367579eadeea378a9319faefb59affb228e161c1c3b77a010c052d4fe56d16206

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\activity-stream.discovery_stream.json.tmp
Filesize
30KB

MD5
89f94a093c5d65e659f117534c568a8f

SHA1
5b49c863da2cc07e055b86bc2660fef3ba59b42c

SHA256
a58cc19c3c7c56bed128f4e5f8e249f2ac00de1e3f687b180a08240ee61c7ec8

SHA512
eb4ae5db541ac5a23d9577ec0dd7b8b644bbceb61590fc11cf1df03e2f70bee5c1a5c571f20209b58f6cf16b6321715d528f2f72a143b5e33a45e1beeb8b3ae5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\0DA8E3CCBEFD3FB45A22D2C49FC763AE23AA30DB
Filesize
16KB

MD5
9b3d0dafc3fe93e8d1307d8e1a03e088

SHA1
3ba84f41ffc74fe6f2ac9e8ae3fe7afe6c543f7b

SHA256
9868909a0ecc09eac2249d789b81e2a1a613e6b30cd9896257fe605d424f66af

SHA512
38e953063b5af6569401b5c452cb650c4737ddb2d37d6bcd5811fe29ada857fde4ec5c9f62c1469382677a0f79cef8e6dd91362fb443afebecf29f1b03724c6d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\12E10572299B2A11B353098218DEF378D3984776
Filesize
30KB

MD5
a83a9dbf610bf8305445033bac7220e4

SHA1
439af3d6015d109973ceab9acc97d3e548cc7248

SHA256
033b91e85a8d6bcc94f007e314f872794de14f3d9f587d9ca8be2bf761811f63

SHA512
fed31152cad8c7b013625b019db2022407b48586d58c2d909b8878aafafae9db8a3301e3592da984678c68e663b6352ff17681c40c0d1d8af227cec63ecf4ad1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\15B93BC621B274AC627F930BBC2A3DC1A7CF1BB3
Filesize
18KB

MD5
605a3a571c8e533f486cccc417607d6a

SHA1
25f99d784d37ff3efdac542084768dab52d15ec5

SHA256
5aacdcc1eb58300231ac93d6607df0f3db6a58865da974af241a268894a9e766

SHA512
6c781170b60ef2b8456ff356145f99329aff8f38e751fc8255e7863fd4d1459dfe2362e2c483253eda380e80320408df77a2f79ea34c3cc06eea6bc839e0cb97

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\1F94A3B019E2B2B47E2356E16C996C9287E700CD
Filesize
15KB

MD5
52d21e4b110e0be3e1f75d9b615f1861

SHA1
979bc7479390b8b5dd6c4ddef6f76616f0668f77

SHA256
1836c216914a1287a1c4baadcdf818172e793f6c2892e6f2110b2ee2eb2ec207

SHA512
aa5ecf9f26e676924395f79e951d53f1c5f2916b7680f4de0e5b2649f4706ab7e64f6dcf5b2e61c95da5db67f25e0e97b13c23436b2e3cf10c37d61abab1c247

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\20DA485F312414C049B25C06FB92021BD9ACB1B1
Filesize
21KB

MD5
0d55bce1f1ba84f715c1429493609bd0

SHA1
17e023491e6980a557150201be7e883a09ea5325

SHA256
047dbc04a961500309bf88474a6e103f6e7eb1a1ac1db39fcee66e377f76e86b

SHA512
b2b22d3aa76ae1727415b64b413cbf404f65de0de2e8a58a938760c9e3be78a698186fb272c987faa36087c2b16686986d41f8a24e39852b8cd1696d00822e69

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
Filesize
9KB

MD5
f0db2783fc312e3a11f393315be20d20

SHA1
2b99e1d92349ea0379c0d1062cae142415912cd2

SHA256
a00faeb76c122a23c6385d5a6d3606dc144a2ea3ba1ba2a2bfdfad59332bd6e5

SHA512
8acd4cb7ef4e36e63c100fe188555a5f7d3df0d74cf63de52482f5fa80593e1bc3e0d7caec3f8c0239017fe4f728a05374ac3b0dc13a57f7cc8843e9df5d4bac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\3A763E8309D53223505DEBC9BC338F9AA7D8E484
Filesize
14KB

MD5
2d1d1814b0e585aabdebd5e2cd445cdd

SHA1
866f80ed64bdfdb4eba64e1651311cf158db2bf8

SHA256
7a38f6f05d6d252bf7f3e37b976cec177f600837f9119440c224afcff1cfc741

SHA512
f727fa35b973d8912bfe45a72631c80747d99f8096781169b55b92164b16ddf1a8301d767cdb97dc2495b1a5c0c7f7a6f5a9262a8d8afa805b506799bf67629a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\43F63A00F67978BB95793AACC4EAE2F91AE5DE20
Filesize
46KB

MD5
c0f76700d0ce5e78dbe798a616a6c49a

SHA1
280e1a6ea1a122de46686e8f70fcfc87954802ea

SHA256
a2b0dc9b448ff9ab04e380831bc9227c490b742bd7d636a89e5c4c8700689494

SHA512
bb8548a96db410bb2ffbe248941b2e608b0953aeca90ea2c163a90f00a31c16a9b4a362312b0842822a72f662a44aa0e5b9c7015f8529b90fe826dde11caae2c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\5B92A2A9BF63187E9AF447D8985DCABB17D8BC84
Filesize
16KB

MD5
e6a564e97ff49afebbdc3e95bb9912bf

SHA1
e121b06c23e0e80240b0fcb3187e875fd3de71e8

SHA256
3103e1043bf7fc002d071a71bd8d9a4a71661e49aed1fb3f77243b1c428f4e2f

SHA512
ad21cacd0fc11684ab47cdc3ce2caf5b44ce33f3938de604281cec9886e9f4f42c084ee9ebfbf042786d5ab596a17e2d1e309422480b46a6184bf2c33450a290

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
1bee08f54cb2f73e83f005d92b61cd2e

SHA1
0f5019e93797fe93dc4957e52e0b8899e3096805

SHA256
96c75dd087e9306aef7aa033021337ff91be61c7f89aba457679b348deef4cc1

SHA512
a20606c0e7e98ca73bd228b3c93943eb0eff6107978888db25355c49b69cddc383583bb2d6fa277108dcebe2b3b806a356b3d2522f252ebba974ee9fdc51035e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
8db4abeb8aab907c296115261d90ba53

SHA1
64dfeebfa904a15a778261cc78e0a38d7a73a116

SHA256
ff90e5a976082e48bb13487322baf2a18a4a0c7a999430630e712de934629731

SHA512
bce7b4787cc3f7bb22629edc14710319ab316b56b7ed3e973167f017484676f75b7284264eaf990bfa811bf9ef663c87f322d8866458f13df18bd628bbdcadba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\6AC9BD0802E051FCD579CC69A96979DE29682F3D
Filesize
259B

MD5
39e4665535b57c574438ad70d10882fa

SHA1
04e97558e04ffc0ebdd5368038c48a1b1892658f

SHA256
e7d85ee0dcd9f37140cc91a8795b07115668db792093bd26d170b83a1b5c2e2a

SHA512
9c234a171d591e5cef47b9c446e109c0ac8d017c76911f0ff57eef58b95683d3a3ae62bf6378a200a0b2b5086725872bb368ca93cc66ed497e499da30d59f7b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
11KB

MD5
6fd52f240e643e2780a7a5a41b543843

SHA1
495ab12163ffb763aaa7b7cb1a9f6cb7a074850f

SHA256
cbb1e3a9f17cd1eda33f776e75e199dc1b05f735d00cda9912ade876c76c8f9f

SHA512
16acfd8e8405c4f4ce9dd4869cc2b5c89a1471d1d58a780af16bc70538fb96f224c3fc128020ac20617ad9e3fb9ec4f7d8c71d05117ed0be4b02d3047b962615

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14
Filesize
16KB

MD5
176aad121179a4dc6f9d334742243049

SHA1
8e9c77769c87b443a82a99ddb94b2ba88e8f4d3a

SHA256
aa610b787efc5236da6f66204774149a4b525eb2d3de4b0d1d8e093ff2c1c677

SHA512
b03bd6eb332a6b620fe1e94036ffccf43d2d9efd7c3f184495c43f87d0362841b8715840ee64cfafd2cf51e57f958966590cf9de8f72fd282bd57913776ff77d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\8674E326B17190B18FD8A0D5D85905FAD55DD34E
Filesize
13KB

MD5
8c16fda77827dc0f3b2432d08c50f94f

SHA1
d41ea5fde44a4ba4ba8b21ac41dc4ac356c9edda

SHA256
ddef0f548ce93db379d025084358fed9d49494d790c0fe34909d56516878a3e7

SHA512
133e2b806a9b3068f1b252dbae1abc4884d82fb0274f5147cf0f3ef01ffcb09c95745b54d521b215ab12e3ea8f48c3963273822058af0e80cabf4135e15aa809

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\979F4381316268FCAA5B334C6152C9E42B3C6081
Filesize
15KB

MD5
b4dfb9c4a384c2150041704a323793ff

SHA1
59e25ca935585178d3f4e7b6ccfeda64e1733c6a

SHA256
8d3ee80609f8bcd7e9162ca3dfad2c124b944dd5402e185f44cd562857d458a4

SHA512
4d2dffa245e665fa00168ae4a3eff1be783275c85aa8e13c1ad953a7ed6abbc0baa73bad9bad66ec64b96a9d0b9bdec2b2d90b0dad6e3f78a7c37f8a6437ef97

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\A13051E7FE2AE35EB24DDAE425F81C9F6DCEEA0A
Filesize
13KB

MD5
1aeb6cef0f5bbc8da57c5129f6242806

SHA1
5a1fd44d3d82fc9052877b504c942c6c1e367f6a

SHA256
c129f08cca0eb9f01b6caeebc40416ed243c6f093f4e8bfb702d62df15ec5dc7

SHA512
2737a5dd8d35694801ef8a479abdbf09a6f19f093ef7dc2786b5b99541b91a44e538022945cabb3301afa40fea1290368dba81e86a4d18d2ff146e19144b2763

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\A6CF8300FDFCAEBC0A5D87AB8478DC83A640E049
Filesize
15KB

MD5
d242790d6f4540d5039282be7a085d56

SHA1
4007c6895663511e75056ef9fd9d9d76b4e00e90

SHA256
1f5181be4db05340f4ab648a93879153a46b2f236b533be0b43c6f9668e7a6f3

SHA512
e602d40a79562d883c70f541b2bbf67aff7695ff6fa6bcfc3fe154b78d5d13e48858ac658e40b592ac3607f78188263a31a55979f13da5d9051b9ae6f28f2493

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\A858557FC86D0E2DD0D911528EAEC638851A2DB4
Filesize
11KB

MD5
caa09a692c42bafcde8709e61bb5bd0e

SHA1
ea3677f297159f79f5c89622107f67b99aeb5b06

SHA256
0b94bcad59f5a53cff87466ac6ca9429fb6ebda878f4f8121733d269ad515af5

SHA512
99ef7c447e957723839531d3349a3e7bcada19333a74f6a13d77afaa70afd75033aaffdffb7ff7b696f10927be82b1e8a5393b365d980bcb04b9c43bc1a7f20a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\A91689D797DCA52E8D6D24E235B3EF8BC5C3C2A4
Filesize
12KB

MD5
c50473d4538a44447c47b79d55420f1a

SHA1
f93f4d54fc796ee56d986f62a581972e62165569

SHA256
8febe7a0cf89640cdfdb9882af936e600d698425ac0ac51cc5652897af98f19a

SHA512
32ac8e049c6a078eabfbde40fcb314e5b90e072368737052a37958cac528a3d4bb9534f47e83008892a06cb6f8916c92f684f9c5a1c4a1192c9a28f4d950f182

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\CF78B7361CBAD0A315347D35FEC4BA05A6ADA0F1
Filesize
58KB

MD5
6aad59d2ad58676836d8e739fad70652

SHA1
10ae0fd385d24f927e9ea0db55053077cb8b74b5

SHA256
7a6c3f04a17aa42577f73167171ca0a0b110e06e7f39b35753640ed79b77c281

SHA512
c8bf162ac3b1f8c7bf5ee6952daeedca0b3c3b3c63fe2c572826ebfe351a43f41075405dc6193d3c5d1706d3b7b31627e249e18cb77d2b28f43871c2deb46569

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\D1D59FB4C558CE2A8474DECF1A3849FF49942A48
Filesize
14KB

MD5
26f5429f28c2b860f0ae0d584e80f460

SHA1
61f8842744b5154e81cf69deeb5938d8b0a13457

SHA256
134ea341c5b70db2c9c64d57d0e33b8197b67496edd193cec8564f580bf7a242

SHA512
e28bd23f48a34c9e15bade829318ed4cb93bc973035983f2d90ae4fb97084bdeffec17bc0eb1db25e6bbd06f81a46cfb750fe876815f373e123790def402fbcd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\D373F3E40C3DFE08FB4090E26F384A581E524CA2
Filesize
17KB

MD5
2b319401fa4fa322bfb8890cb0d248f5

SHA1
b88ab73372d5011bb16c681810bbc6960758f384

SHA256
1238c8293963efdc8344e4bdd82595a7a767bcae3ae2497b7d887b431c169fec

SHA512
acfaa3c0017b53be4494769d2a77b5378e8cb6ba2852322203350107ea23e450145997101edb0d0a1cdc0c26d3a667eee45692c592c7b23307210db905cc113f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\E0E4E54F5A289337DC1C43BF58F9D414B6439BE8
Filesize
13KB

MD5
9660b54e88c52ce8cc45b3e86e35c901

SHA1
563920f706671c1c7e417e36d2164c5d3ed80e62

SHA256
dce4f7eb97f4679122621345c7788c0a9623ee01b8de5a265c6f08a515f35feb

SHA512
3ef755e680977d94b140cd88e4abfed542f06dfc012c4a29f7616fde460a38dddec094cef22f781ec2d8306c5a2b5af7e51388f705d83960d40ab8c384d8c175

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\F042D0F0CB1D03F626670DE9F0BE80F1C09C7CB5
Filesize
16KB

MD5
52f693fb2e6a0ab5c0f44b15426b377a

SHA1
5ba31ef3f8331c99ec2fe9061039df5b80e2d64b

SHA256
760e3ae1dbce2fd0eef35304724abd4996bd218c28a61e20e29b710fba6ea76b

SHA512
dc0ccf73787cbbf53982d36a2d47e8ede70063442e846d972bf996f2a25640d494dfd4b1fe430fa74c7a7e7107d253779ded2bd51775f2679cc6d1820048fa2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C
Filesize
298B

MD5
81e9b37f89a6a0e78be94695f51ef08b

SHA1
6a055749431006c0b15ce763bc39b537d0026707

SHA256
59372d16d948262bddeb8afa22d801f28bd773a256d24180d8ed02937c02162f

SHA512
363ac7f491d6f4a417bab508a78386ece8adb2b3ec14b87a0d2dd433b384351e9dd8db852dc5390aa90110da048f490947145376ff2d37291f10dd5ef6b53a48

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\startupCache\scriptCache-child.bin
Filesize
459KB

MD5
3cd5743d239ea536510c7bac9282963a

SHA1
23b334a505aa4e9a3c43e10c7ba1a4ba67dd3b4a

SHA256
5e864cffe118bee4cd25cc51b39c003b06ddd719c38f5220a97d2fdfb38200ae

SHA512
97dea12bb545a808129f415ea3e3c09d0818af73b18c3e6ac6d10c25f0c731565663d4730d7e8d75c4f8c589bc8174fc0edc90a5d22e53625f15acfc16622985

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\startupCache\scriptCache.bin
Filesize
8.2MB

MD5
0eed8c7b6c29ffb7d61a64e2422e1e8c

SHA1
b0136e131edbd8327eacf0d25f455f945a6b8821

SHA256
358007cfde7207d169cbc8b82fa71371a3fd9232220b3fde475d43f08b36a94c

SHA512
a4ac7b1c64b0882e11a142706a8eb3638818c9c101b0cd96ecd98ddd3620a322ce107c6a9c193405aeb6ec4c48709f30132643d96cac9776e6652af272eac22c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
77138a4a572928d5df4efee9bc713bae

SHA1
13cf73b73966f8901f89235f939f4e5344cca7ff

SHA256
6e6b76bd26931f7425a8349fc9b86c447b56f820987a5dbdabe9d284207beb9d

SHA512
00f7e7554e1f07860a00fd00534ed1b4d30d41feab225d832f8e0176c20f8d9efa0a6cac60118fa97c1a8a6a625c4ee56083680af11447c1ca5ea7b26df0ae61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
12KB

MD5
0c3df192ab64ceee4fd2e5c08a90b2b4

SHA1
baea2dae05a730bf1cadc9779b47734c0f800f35

SHA256
d92db4e44daaef287a4b7a93ae4dc9a300dfa6586be0f42a33199125a4572167

SHA512
17972a7de0bda39f26e2a09b9ef9926e0ae07aea9f1f06c400bacfcced9eab6b6ffaa97bd2fae8297f07eddfdbfb956d53d06cd3d3263da33e5d167a1a12a50a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
12KB

MD5
fa5dd5509c7a02b4c2137876a2aa3c59

SHA1
8b98eaaf784c40252bd0787dccc9599b45ff5c12

SHA256
538505557b6d08bbd1ab0a5aa80606072db6ebcd70adcfe4dd98a21a77862903

SHA512
ce4ab6c828a361127f1ceacccc0c10c6faebc33c8f1350358a04701e16676ef3749970a1f77c2bf198e8a7935717e0784b311d388a3f5d9b906b41e41bb3b7ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\AlternateServices.txt
Filesize
1KB

MD5
41c9dfb476bdc86d91a62d45a082a057

SHA1
15f7c8fac0ba440ed7a2876b2c98ea53f3c6071d

SHA256
5d1a490bec7147355027d3bd1b5589a9b87d77ea0721121bf45df830fb256baf

SHA512
cb410fac58a2d91af456d422e8c9b316110762b9c6d086741ad4c83381fe45d6502d5a6cdc6ee460afb5ad05e93949c7cf5eadb253baad29576bbf228e870ccd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\SiteSecurityServiceState.txt
Filesize
598B

MD5
49335a53f0c06f08dbc29ce6754216c8

SHA1
6d3ab3fd66153156664ca29d355a79e5df740cad

SHA256
9d16a80b444b61afba037b7b857b7aaeac353404224bda6583283497d2aa985c

SHA512
a9d4f588f5f4024e944b316c7d940bbd5b825019652764fea2706073b789aac17dda9cc4a6df83a3209513802266755de6a51cb8dd72e1b76f3285974b54d641

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cert9.db
Filesize
224KB

MD5
5706a0a0ee3527e7238066c927506a32

SHA1
f7a651fec4ea6356038eac4afafc771b8132df00

SHA256
1a50e69c0c39cb891ed21d7a4703c7de36146b178a1ed41da118991944f3e2e6

SHA512
7d5abeac90c26bf2c5d2fee96972b82bcbab785bbef54e44d45d2a510261c8fa29cd960179faf5525dc8a19e3632bcc96c2a85e71b99ccd7c3db376249f5ea63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\cookies.sqlite
Filesize
512KB

MD5
d5e6d5416df75781687a86981daf5fa7

SHA1
3af790e59a2faedc32d1b40664b3e688c53c3d6f

SHA256
95d103ae80c29c0c9a5c6bcfc6a574386b96ade7461427fedecccf6bc6388188

SHA512
90da5db41d20952003ae6f74337027a5f52f91d8a86f01f62d215f00645bfab198aeb58d8390f01164ae2d39d2b479d09a47cebb5af53a6e2f707b7773309c88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\datareporting\state.json
Filesize
51B

MD5
3e32e2cc1ed028dd8ff9b06f50a4707b

SHA1
b3910351bd8e13ad1479db699cf6fac6544a5bef

SHA256
4a3a666d98e61b5fe06fecac56807137a0fffb4bb71d4c3b16baa8702dde738c

SHA512
4585ee9ec04adf138727cd039a9cbe78db6cf2926f6ce92524312a42efd1250100848a919ec4b833f9a013181ce93734575b86eed37f1bf32effa3237eba84db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\favicons.sqlite
Filesize
5.0MB

MD5
0171e088f98d2f867879b8b8579bc43a

SHA1
14bea6daee495efc1f712f42c3dce51e28c128ef

SHA256
fa43fef83722278e3d8133bfd97635ae28208154dfeb16d3ff2a7ce72a8f2cfd

SHA512
cc140317a97bb0b8bba297750f3915506b3da8564ca02bd238b45e1f3da0719e5ccd04bda4a3e5d9ea0768fc933f8b019c528c761814064b5278b16e9a58463f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\formhistory.sqlite
Filesize
256KB

MD5
0bd8258180d4bcc8fb27ec70b392cbfa

SHA1
44791a1b5b0e7f232a66f98bbb3e74836d82bf8c

SHA256
4fd18c42201ca3d3bd0bffe2d8e29f654947c4522030407e3b4fb4ebc3552645

SHA512
15fb0bd177bd492ecb19efd14564ef7a1021d15b1cdbd6d01c2c5ce3c0706eb1a9f292566bc18b9d7b0973ae1107ef1ac72c8a25a00587c0ebb45e7ffc2bd6b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\permissions.sqlite
Filesize
96KB

MD5
0f86a8e29eb06b822ec8a380c69f589b

SHA1
bf50f76c353bc8d80cd57d327deab5a0ad67a6ba

SHA256
7b7fcc176fec41cded7dfbbee540b0f72f35e9c1ae3c2e2adb7717cc412fde14

SHA512
7f4c87c8d1692a67c8606e58d8e08dbbc566ab801ff3dee5ad88c4da0ec70b7ae02a2a2c08a1d48281a2b9e23f47e10c26351c07f4ab7a25ae6b4d3bcf04c080

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\places.sqlite
Filesize
5.0MB

MD5
6d297b7c7a7471cc5b028bd8e723580d

SHA1
25295b87faf2e528650a5b224be934c3e692fcfb

SHA256
11322356652eff1e1b229857ecfefdbafa3145ee91c1384bc5121c9ce8a6fea0

SHA512
a677913f123d9ba763625cc01a317fcf699fcebf3c5a1c30f69badea1cb4b4c0d89f08ec5f61481c7693b064b205a2ccbce57e485dcc7372fc1e773d09492c50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
Filesize
7KB

MD5
31418c85de7b4bf34fc39ecc76592977

SHA1
1a3bf6a2859b76ba458d0c6730b2e056ff23a0f6

SHA256
836e2befde919b024c0ebd53731b4cd151972bb3ab1ce782702748d297b980e4

SHA512
e435b7136f15680a7cfcde5a61181daf94dcbecc25ef4381900ae8a19dc74fafdc6912b54190a6c2eeaa1c53ae8f4b39713e79fa0d704c4bc3ae1aee9d96544e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
Filesize
9KB

MD5
8aac16a54c5ced627543fb457fec4732

SHA1
363b72e1d62cf77ee91d5de22431673adf6f0352

SHA256
e9c72b942a973fae7274a386e74ff6dcf0bcc69e0d9f09ab37e6a7563d7bb72d

SHA512
71a46f19b95737decdf12a2b80767b27087296dfd5fa06fc30310a70e26b1e4aa3ce501292a76a8c22efdde8437c6a8ccda4e67a5ff1317fb40a7da305ca8bed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
Filesize
6KB

MD5
269f5d7751723bbd463279b80f046097

SHA1
2948f96f3cbbf2ee264ee3f528fd1db102a215f0

SHA256
e27e24c8c4c8e687b9c07526cf8c628289b048e0499fd2dbd179cc0f7da3c871

SHA512
2e52c7f4986508eb7cef07dda137c83be4dd82076f109598f03dd8a3cee49261b218455d944879e89b5c821a3311248da69c2cb04aecc70c0786258b65847080

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
Filesize
6KB

MD5
21f7ad3fdfdd33cb3f0a7f64977bd234

SHA1
f0733f957428afdeadfbc100af256b53f59ab298

SHA256
74cd09cb2c319959ab140632ad0d0ca2ad74a6ff1e13e3b5beeb0006940cb6eb

SHA512
84c923ff788cdfca7ef1b24b15eedaab5c33be75a3868936e5d2dfed099c13c4c7709cafd6991624227a9b021bd2998d64822cf4b44e2f99b8889ccd4906fb72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs-1.js
Filesize
7KB

MD5
a7d9a2a66306755efb4046abcaea823c

SHA1
44fb3b24e41e6f9d1deb68841b38c6eae21ac69c

SHA256
01955496a5e8a1108ec578d7fdecd461322bca64a7fd66addd51f02f343599c6

SHA512
43538fc45b95e92ccb40309bfd7fb5715bff2b7723752acfee3a76ff507d2c20ef38ddc9aa2d7a77c624dbfbb4ed8809d5f7ef2e50deb891d9f0ea3e660604f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs.js
Filesize
7KB

MD5
41f5064dc3d3ec3a9945149ca604acf6

SHA1
ef06eef4439bbb1b675c03cb68a24170a578a4ab

SHA256
99becad63a0fe744172a330682465e81d9924e91a2647f124bdffc54831533da

SHA512
af61524da00e7d7f8e31b6b6cf44254801c2ec2043d4ebc3e1e3afc7caf7000d5e977a706957d6511d8a163d952a525b412f4e6e6a67245fe61094429baad9f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\prefs.js
Filesize
7KB

MD5
1a01779f91b66f32b790dfc116bb8702

SHA1
a38285e282ce2502947236eb44f66448ddb0e5f9

SHA256
261ef16aaa08d83ed2731e5fb22e1ed1a4ba39572628b0ca2468f7f91296c6d5

SHA512
73f624cafbc2a88f72d3ae50265f13055cb160db576228daf1d5ade2fb668ac42e398ee2fc146d02fa67afd39a4750e6cd47aae264b906224389e869ee669a95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\protections.sqlite
Filesize
64KB

MD5
49397db0486dc59d607907a086f40c9b

SHA1
08742ce9db9569062def08e99eea8470702feb7d

SHA256
890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

SHA512
fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionCheckpoints.json
Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
ef592cc7d1ef44eb201d7328f5c6e587

SHA1
45ec475c4d133c80ff9eb67118450f919682d078

SHA256
9aa1465e253038fc9dc957013a76f942e57206e4d3973741c8b4bfe5d44fd404

SHA512
e8234c092ca2f32cb70ada8ea01ad83a957d5607ebc84864aadf5eb915fa825a8032bafbfab8f8553b9cf947985b30ed612fafe4e45da66187255f647ba64976

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
6129deeba6a92b20b99f228c266e9a71

SHA1
d5271ae4cfa164c2be152c400a33cf5c758caa91

SHA256
4f102df7128561e60133e8c4fdcb7c84ea1225427a3ea50c208866cff471a7f3

SHA512
aa4568fbd8b26bc8beeb4f8d74ba35e73fb100faca6e761b5e8090e997ee7b8dbc228064519a7dadf8ed8b771040d4ecc382eee8669ea6600dad9a485b918ef1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
d8c3305cc59a022eadd01c3cd31d931e

SHA1
1426e16a872d8de44206bec512501d3efc8fd4ab

SHA256
3f1d04a6b5e5b32fad14dcc002cb8b89fc5a9f9487a87ea3ce51991925691ec2

SHA512
fe33cd18dae099f578eb24667b41a18e95cbb01e772ecbe7e357605f2e7ff2639d1826412add78f8503804154918b0dc659b4e16e3646d8839da4441b27fd6dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
6d675b7204611ef46c7b0416d0a4407a

SHA1
9f3908ded205810584cb499c6ca17e4c9c549ede

SHA256
d985fbbee7b4815a0cadd851785e2b4669f89674ec3166b35b9acc43adcfb8dd

SHA512
de64e201630bdee0cb37fbcacb0b6ec1704ca6448f227adb73ef1ed79fc8792a2845acdb229419acb4efb4092da0b64445dde78f9771615e287674a1d7f4fd38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
7KB

MD5
52a8efad4ee7e04ae32e5df673ee67f0

SHA1
e79e8735565bc73f06c4affcf71f26a08b3512b0

SHA256
9e15633f15a81f6b4cf5f44c19e411e4d96752abd1b2acd7a910372b253281d8

SHA512
5325feaed2257e6786f15d0904f8b38948afbf7a2a7276e5ee972c973c6c6b83fddb4be0b5d640eb9811480f6fa883485848912763dd3656f98774817c087c3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
fc5bb3ab37bd11a1509e85f8457139dd

SHA1
00ee513405b3aa763d0baed4eeabac90925dde1a

SHA256
14e874b6d71c4f33af0c11a9f16ab75dabd788787548f26de83568736e8c946d

SHA512
05cdd19c117fcdc3e8614b6a673faea2a16c57fc7cdd8201e217c43f791087a04079d7c7bc59fdf15ef520f2f573dbae8c1db3741b2b9e696f315e0f9ac69f06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
fbcd842bce8226d97486edb713a545a8

SHA1
5ffdd9840f868a53826e55b1ce404e00fa1282d0

SHA256
6acfc5fcf87a1342862e528fc5696166f883569426b24acacf720665d88c2393

SHA512
00aae2a4a011d8b1d5c5f722b4eb91ef1e6d852d32525b53c385bc4683c8a17d680e400ef3c255c8702d2a9776411a41e9ef5623df03666795a1df3465bd7a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
60368e97eaa745cc50f170f013d9be72

SHA1
443b8c501c7b1d6c1f3b23e4ca05504551c7ae23

SHA256
bd3e0b4e1891d6e69f4838170d7d27fb23083dc54692cdb98d5e3789a43ef630

SHA512
072106713f59b0544ff1073e5bff694a76d7d65bc87bc7353e1a7b9ab65af6c4eae007a386d0fae4bbdb1dda71727042ec31dc3aecc10052710aa597786c4abe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
af29d8708229a1e3cec8de3ad10f3aaa

SHA1
b7575cf5d6efc5a0685f81f2ec7b9b7933842d20

SHA256
b4bca2884d1122e218586ec5928baa737bf6aac67dcbe6a1277db30277ff4f9a

SHA512
82a70cff0ced8a581fa9725f8d373f96e79461009307bac01913a1ac64761e1e4020582a7012cb8162e667840cc75ebbbbb8b007cdac0e695b308ec67b7f411f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\sessionstore.jsonlz4
Filesize
6KB

MD5
d8e81ea4a93062a868487f8c34ae31c7

SHA1
9823133061ffa6018bcc027a2b23ebc409fbcde4

SHA256
1862fab1fde04fa8b5d3992cb0d90c5754a043d8dd7f023858d1b92ea713ee5e

SHA512
f4193ef5b52480645eb617f075e7fef6109c0d468a9ee16a6bfe7a1b2e7d6b4acce55d53cbb433f7cf30ace186a7ae1709d791824bcb061ae762e00d18864ace

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage.sqlite
Filesize
4KB

MD5
841fc982ea537ffd81d3324efd8910e8

SHA1
f4615ff99097e77165bf91b1309335e6fe2ebdf0

SHA256
f679f16a21292e1b2536e988a27d927e49ef506eb736a821bf2b9cdaca2ccb82

SHA512
38280419e99382269409c3dcc2c1c439877740a2c25a145e726c12c315e9327fd21968f031d699a5d93f439188f34465836e520f259960a6e74c3d6227da1a7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\default\https+++github.com\.metadata-v2
Filesize
58B

MD5
8804a00886bb13a43be21e09c4c3ce91

SHA1
6108697449c20b06aa7fb68585004b8e17059d68

SHA256
4e5cbf4211dfebd560a209ec2f6a54255c9905589f058b9aa99a045cb67cef97

SHA512
f58b83c7f4f786fcfe4e36cabb45961d70c474a7dc9bb04fc1db6d69ada6cdada384909f657a5136879950510287f490ed3a76d6ae8d43df8ad17609ceb81773

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\default\https+++github.com\ls\data.sqlite
Filesize
8KB

MD5
9b2edb0afb343b0803d198e52af78acf

SHA1
3e0548102ce5fd10018857e995bef36769242b03

SHA256
e2412eee7e1c17500f2d33ae05d2ff9d05e18f0f4c9558cf5943ba3377187c67

SHA512
5ba0e22cc8e768031ce763da22f3be4616545f7d746784abf0cc03b0d4bfb10f1922131016fd03705b1723adda30cfcfed35643cff35415a6c3c604f44beb652

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\default\https+++github.com\ls\usage
Filesize
12B

MD5
0d929988bcb71d70fe7b035ca35e4fd2

SHA1
554b7453d4b302553e8181fd3dd3e3a54e7b10d0

SHA256
1cc7a899e7e382fab8528c102d3eafaf8a786cf2b84ee81a28ad4f9ab1c5d24c

SHA512
b0f759d282f18535676a176a63d936150c9990e796414c9b6c5931c2990c1ca205c81ca8f283210eedb7e9450532b2c8520490e6ddda3eb56311735af683d3b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\default\https+++www.google.com\.metadata-v2
Filesize
62B

MD5
70559d982a9327c062bcbd06f112ab79

SHA1
60d16b9272762ddd330338b425a6cd3b04b452a9

SHA256
24fd64018fc17f7295ea234e9ef2a5534d7e9b6df606a76bc504bb05972f5aa3

SHA512
3ba2d05b4407754913f02fd8975a90a8da2c8f2535dbdbca5e0b74898909a745b3588d1a42791a9afe111e1aa51bbdfdbf9c35ce2dcea973a643d835f2775d83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\default\https+++www.google.com\ls\data.sqlite
Filesize
6KB

MD5
76cb75a1cfd4a0ea0c3f60262cc18b91

SHA1
03f2dd99115e49ddaf9b5ee734d166c063f5035a

SHA256
7d32ec182b9348dc1c390379f3dbe910bb974d1b6f25d3f48da42286017a91f3

SHA512
fc5a8d5b17c7868ed8b4aa97263a5bbf17c02efc0fd2b93ea4e8f824465ba632c959e0721dd257709cef30a72f7833184a40d18fe5c64aa69c11ef4d4e85e049

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\default\https+++www.google.com\ls\usage
Filesize
12B

MD5
4c428e195a2fad0b912480f1aaa48bf3

SHA1
52a8ec75e9ebe26a80438cfa5b234ccd96f24621

SHA256
330e0baa0683f9a1187cfcee449c80c8d142c70ed58f6ed5bff634f23f399a8d

SHA512
795d309afb1c8bd2bb3ffa40ad5632fca3a1a8926143a1592a051ec8667bddcb21d0540fd33a898e4f28bfd65e13ae96693d96b11c13adcae09ff1f415a13ef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
5311346b6cf41d7eb3248af67bbf82e1

SHA1
d705cbf3c8e965099194e355edd8fb451e39ab8f

SHA256
a4300eaecd187aa8a80c3f979aaa6fb9e5058abf149f60e97022dfa8e91d23ab

SHA512
f12d252b4d2e7729cdc69800266463834c49329b3fcaa61ea43e74d7fc3a8cc278b2f8a6acf82c441c1014235f6d49b81e0cdd90b038c5629a67537298962b88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
192KB

MD5
0879cbc10afff9df214a8976ff9daa51

SHA1
e2884ef6fc3e3e12a131b7b839e10e2e208eeafd

SHA256
f93791144eef37b5e66159034b4372c41b82e97c6e113420c051da63c9f90781

SHA512
49d4b3a0e86b58c0cfbd3224c086c8165eb4527ebae009477c66a187015df3825b539c60262e3b62b8f4600c2b319a8a60461b12eb939b3bf7065236442807e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
200KB

MD5
15c58a98e761b57029d1eb85b077812b

SHA1
bfcfcaf9acddf59ea765c585729d1e944d2b7b93

SHA256
c4e7a68d537b9fa3e96d5b2673ccb1f0b7bc1addf94df179628688f3eb7d11d5

SHA512
86b3db31fd3571a34c7d338369dafa03388d5ab1cfb8e9fd124c416e49af8d713ccd101f73202e140a64516594497df5df102abc1ec4f7d7df61368996833900

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\xulstore.json
Filesize
217B

MD5
5634755baffe7f3f75ecb7c8a6db95ef

SHA1
63d05637d653601eb8226feb546d71db6101ca7f

SHA256
4b126708b48df355ce6a537b048242d379babb14d4fc0957eaba593c61c1cec9

SHA512
8954296e17bf7fad70ae13244c8e1d036717ff83f5496f4deace89931f99728cfce42f64072aafaad5f1e032719d14f11659df4f5a1e7d583bbec4be84f3c723

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\XWorm.exe
Filesize
456KB

MD5
515a0c8be21a5ba836e5687fc2d73333

SHA1
c52be9d0d37ac1b8d6bc09860e68e9e0615255ab

SHA256
9950788284df125c7359aeb91435ed24d59359fac6a74ed73774ca31561cc7ae

SHA512
4e2bd7ce844bba25aff12e2607c4281b59f7579b9407139ef6136ef09282c7afac1c702adebc42f8bd7703fac047fd8b5add34df334bfc04d3518ea483225522

Download Submit
C:\Users\Admin\Downloads\XWorm.hIwBtCR9.rar.part
Filesize
3.8MB

MD5
8845f7149b64a79343f12ee97b8d90ad

SHA1
d48a4d2b00859e6e7e362e38a34190da60ff8550

SHA256
17c103b0cd832139aded6213496300760f83abc7922d3829d10f09d422b2b348

SHA512
132c47c287aad520e29c42debff6c2a847487323a57824e7b43f48fa5562d9b008c28b297fd3a260b108aebfd99246ed2fff5d38cc9fd52b3406a047aedd5bd9

Download Submit
\??\pipe\LOCAL\crashpad_912_PKLKGNDTILPKXESM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5188-371-0x0000000000740000-0x0000000000747000-memory.dmp

Filesize
28KB

Download
memory/5188-372-0x0000000002490000-0x0000000002890000-memory.dmp

Filesize
4.0MB

Download
memory/5188-373-0x0000000002490000-0x0000000002890000-memory.dmp

Filesize
4.0MB

Download
memory/5580-376-0x0000022EC23B0000-0x0000022EC23B1000-memory.dmp

Filesize
4KB

Download
memory/5580-381-0x0000022EC23B0000-0x0000022EC23B1000-memory.dmp

Filesize
4KB

Download
memory/5580-380-0x0000022EC23B0000-0x0000022EC23B1000-memory.dmp

Filesize
4KB

Download
memory/5580-374-0x0000022EC23B0000-0x0000022EC23B1000-memory.dmp

Filesize
4KB

Download
memory/5580-382-0x0000022EC23B0000-0x0000022EC23B1000-memory.dmp

Filesize
4KB

Download
memory/5580-375-0x0000022EC23B0000-0x0000022EC23B1000-memory.dmp

Filesize
4KB

Download
memory/5580-386-0x0000022EC23B0000-0x0000022EC23B1000-memory.dmp

Filesize
4KB

Download
memory/5580-385-0x0000022EC23B0000-0x0000022EC23B1000-memory.dmp

Filesize
4KB

Download
memory/5580-384-0x0000022EC23B0000-0x0000022EC23B1000-memory.dmp

Filesize
4KB

Download
memory/5580-383-0x0000022EC23B0000-0x0000022EC23B1000-memory.dmp

Filesize
4KB

Download
memory/6060-396-0x00000000023C0000-0x00000000027C0000-memory.dmp

Filesize
4.0MB

Download
memory/7028-485-0x00000000023F0000-0x00000000027F0000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads