hxxp://xvideos[.]com

Analysis

max time kernel
146s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
25-06-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://xvideos.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	2976	firefox.exe
Token: SeDebugPrivilege	2976	firefox.exe
Token: SeDebugPrivilege	2976	firefox.exe
Token: SeDebugPrivilege	2976	firefox.exe
Token: SeDebugPrivilege	2976	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

2976 firefox.exe
2976 firefox.exe
2976 firefox.exe
2976 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

2976 firefox.exe
2976 firefox.exe
2976 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

2976 firefox.exe

pid	process
2976	firefox.exe
2976	firefox.exe
2976	firefox.exe
2976	firefox.exe

pid	process
2976	firefox.exe
2976	firefox.exe
2976	firefox.exe

pid	process
2976	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 3336 wrote to memory of 2976	3336	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3100	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3920	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3920	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3920	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3920	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3920	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3920	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3920	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3920	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3920	2976	firefox.exe	firefox.exe
PID 2976 wrote to memory of 3920	2976	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://xvideos.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:3336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://xvideos.com
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.0.1389118087\1730021427" -parentBuildID 20230214051806 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7dbdad92-618b-4d8c-bc16-b8898cdad836} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 1844 23931d0d158 gpu
3⤵
PID:3100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.1.737268603\685645438" -parentBuildID 20230214051806 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ad01387-41d6-486e-acaa-26a4ba88aa59} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 2360 2391db86258 socket
3⤵
PID:3920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.2.1138368917\1823170481" -childID 1 -isForBrowser -prefsHandle 3288 -prefMapHandle 3284 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4df347fe-9471-4af1-89cb-bb5b4df34c07} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 3300 23930c94658 tab
3⤵
PID:3904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.3.1519812633\1472563517" -childID 2 -isForBrowser -prefsHandle 3864 -prefMapHandle 3860 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89624520-3978-480e-8e7c-7e53c19a5543} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 3876 23937cd0158 tab
3⤵
PID:2660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.4.1785495235\450099836" -childID 3 -isForBrowser -prefsHandle 4860 -prefMapHandle 5032 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c6f0f2f-8eae-46f5-81d2-3f7beeee125a} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 5048 239392d7158 tab
3⤵
PID:236

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.5.1785689883\704134745" -childID 4 -isForBrowser -prefsHandle 5416 -prefMapHandle 5412 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efeb0101-e3cb-49ed-a50b-3b75780aa6e5} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 3344 2393240f258 tab
3⤵
PID:3336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.6.86648588\1888704522" -childID 5 -isForBrowser -prefsHandle 5504 -prefMapHandle 5508 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ed2e99c-c80f-4039-8a51-7c8a6cb43993} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 5496 23932442a58 tab
3⤵
PID:2440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.7.1928498044\593107178" -childID 6 -isForBrowser -prefsHandle 5700 -prefMapHandle 5704 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a57dc909-3bbf-4b3c-8939-45731f044e86} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 5692 23932443358 tab
3⤵
PID:3656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.8.1908604322\875103637" -parentBuildID 20230214051806 -prefsHandle 5728 -prefMapHandle 5732 -prefsLen 27695 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42cfe671-e1bf-4ed8-90fb-c9df36e7aac4} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 5704 2393acf5258 rdd
3⤵
PID:2436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2976.9.981427214\625155595" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 5676 -prefMapHandle 5864 -prefsLen 27695 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf33e2eb-fe1e-42b6-964a-d92de93c38b0} 2976 "\\.\pipe\gecko-crash-server-pipe.2976" 5720 2393acf7658 utility
3⤵
PID:4492

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\activity-stream.discovery_stream.json.tmp
Filesize
27KB

MD5
d8d988f639c1f43bb72231336c276a46

SHA1
921fea689ee6e4f8800a907529d0a022ec67c1c9

SHA256
2b1ede8b5719ee80a067d7480f052ad71cb6e22f3029cdaabc2853bc766db915

SHA512
400be7bf6c9b1f1b67528e279eae30211d5de9b8248f699d581e6c5522d8cd20733663261d491b75eb2e64cabfde9b9b3193b744cc2309d5a41daee839fc6d46

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bov3gdb6.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
4e10ec84a9f3ffd282557839c636e59a

SHA1
568dad86484f3f967cbbc43be88b57b0e29d643e

SHA256
77774dace339847ebbb2677a82dbefd7c00307afbc804955ba0606d676548f4e

SHA512
2e922cc258eaadc630d435461d904dfa1c0d4e348653e213af690c29e15b3d923cad7e5535e0126e9bc02fbe84a697b72e31b28e1f072ec0e37831838fa6aa16

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js
Filesize
8KB

MD5
cf04b24109ea6fcbfb0ab7a3c7eaa335

SHA1
fbc54c6ee59020f894906ed509250d14c386893d

SHA256
47852f070cd44923aa92ac459f756cea2af4437e9f1022e8d4a76839d37984cf

SHA512
47ea35b4e71f74941f41f129cc4c45c15b596423ed626f88bb6655d58f7b5c8507d069f4c98ce5bc93b13e5f21855a37ab21124f5c43b9fb37946fb34dafe16a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js
Filesize
6KB

MD5
5c51f46f0f543ca054b4fc248c23ab27

SHA1
2a67573352f237e99ae1cc3f2ae3ea289fc8328f

SHA256
5aba7f981f4e0aa00095b605ca59df46fee65537d72c608fb49559246ccee4e3

SHA512
8188f84a12a55fac28fa1a5e2962fc579f69fbff20772b615f388681e18994d6721dbb6a8850409fa13288903d9421fa7c112bd2018a9b3c3df7637f735be2ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\prefs-1.js
Filesize
7KB

MD5
c23fda23a12d9b98c482299a4fe8786f

SHA1
1cc1dc0a1caead483e740ee316ef8f0aa1231664

SHA256
634c202b7f7d4e4797dcf4f341db3699bdca67e621b3d0b26281e5c96e2f18c3

SHA512
3f7409c8149aca48ecedd2f2a42e8a144687996bb90457d98fac8152e52be592fcc96092e4846a2bd9e3849be6a85ec8654f7c4fc2671c03808fed9a0f7ea9ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
9343a364b5485d5231f780288d1b47e5

SHA1
ba52ea94e772c360cf660d3bf8376fa1a2d043d2

SHA256
80e1a9059f42647f633d568ca4e8b9eec84d4084e5f0ffe15ebc035a3b49eb9a

SHA512
0b35c5495040cf95da9073ab15c13954fe29d8f46a082ff5ae917c2d100d6500eb653c4a41820724f59a0eb10d5502cb1f473a2dea3ea44edf104efbd9b34715

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bov3gdb6.default-release\storage\default\https+++www.xvideos.com\idb\1204503687DVBX_.sqlite
Filesize
48KB

MD5
734b23e276f652204c461ce05bb10ca1

SHA1
1bf2b8b0e03b789a51eec0b77925f00d27593a71

SHA256
da9d6d7136304a1ee277d6b74ec02ee48199e055d50c4fa74aa7b91c72bfd8cc

SHA512
b5dfde6773821cadab1777fa781c05097e5564e02c3e3d0cc6eaf84fbde56ec54d75348c395a5310b40d82e41c63e84d3aa1daaa2779f279dd3c416c14bedc0d

Download Submit