Overview
overview
6Static
static
1DIM Premiu...ct.ani
windows7-x64
3DIM Premiu...ct.ani
windows10-2004-x64
6DIM Premiu...ct.ani
android-9-x86
DIM Premiu...ct.ani
android-10-x64
DIM Premiu...ct.ani
android-11-x64
DIM Premiu...ct.ani
macos-10.15-amd64
1DIM Premiu...ct.ani
ubuntu-18.04-amd64
DIM Premiu...ct.ani
debian-9-armhf
DIM Premiu...ct.ani
debian-9-mips
DIM Premiu...ct.ani
debian-9-mipsel
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system -
submitted
14/09/2023, 04:17
Static task
static1
Behavioral task
behavioral1
Sample
DIM Premium Primismatic Precision Select.ani
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
DIM Premium Primismatic Precision Select.ani
Resource
win10v2004-20230831-en
Behavioral task
behavioral3
Sample
DIM Premium Primismatic Precision Select.ani
Resource
android-x86-arm-20230831-en
Behavioral task
behavioral4
Sample
DIM Premium Primismatic Precision Select.ani
Resource
android-x64-20230831-en
Behavioral task
behavioral5
Sample
DIM Premium Primismatic Precision Select.ani
Resource
android-x64-arm64-20230831-en
Behavioral task
behavioral6
Sample
DIM Premium Primismatic Precision Select.ani
Resource
macos-20230831-en
Behavioral task
behavioral7
Sample
DIM Premium Primismatic Precision Select.ani
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral8
Sample
DIM Premium Primismatic Precision Select.ani
Resource
debian9-armhf-20230831-en
Behavioral task
behavioral9
Sample
DIM Premium Primismatic Precision Select.ani
Resource
debian9-mipsbe-20230831-en
Behavioral task
behavioral10
Sample
DIM Premium Primismatic Precision Select.ani
Resource
debian9-mipsel-en-20211208
General
-
Target
DIM Premium Primismatic Precision Select.ani
-
Size
377KB
-
MD5
effeb9e23c8e9ace4eab8c477d5194fe
-
SHA1
c68a416ba459ab986b286a34a359f69948f6f78d
-
SHA256
d24c3bb8ff45b4a385d2341904b583aaf1122ce20cf6731fe03986f86c6ca7a0
-
SHA512
77d8611fc167b3909430e334b75a4b4b125c01bff30cbadd085af165a20a35a7f377c944d376a5746be60fdc34d5b697b32bb27f239b67902c383eb5bf80b09c
-
SSDEEP
1536:Hg5U/aZqwbrXrVKWNTnpBlFrO7zPHofU9dSU1zX:UDpKWdpRgPHiU9d9zX
Malware Config
Signatures
-
Drops desktop.ini file(s) 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-528036852-1341495193-1175965888-1000\{2463067A-8718-4884-8D18-ABF3C2C36877} svchost.exe Key created \REGISTRY\USER\S-1-5-21-528036852-1341495193-1175965888-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5240 msedge.exe 5240 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 5416 firefox.exe Token: SeDebugPrivilege 5416 firefox.exe Token: SeManageVolumePrivilege 7084 svchost.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 5416 firefox.exe 5416 firefox.exe 5416 firefox.exe 5416 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 5416 firefox.exe 5416 firefox.exe 5416 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5416 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2576 wrote to memory of 4512 2576 msedge.exe 108 PID 2576 wrote to memory of 4512 2576 msedge.exe 108 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5232 2576 msedge.exe 109 PID 2576 wrote to memory of 5240 2576 msedge.exe 110 PID 2576 wrote to memory of 5240 2576 msedge.exe 110 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 PID 2576 wrote to memory of 5260 2576 msedge.exe 111 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\DIM Premium Primismatic Precision Select.ani"1⤵PID:4512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd4657e1bh4697h4dc4h917fhef02bd1afdd41⤵
- Suspicious use of WriteProcessMemory
PID:2576 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffd93946f8,0x7fffd9394708,0x7fffd93947182⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12684958199921267027,11226393586106226646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,12684958199921267027,11226393586106226646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,12684958199921267027,11226393586106226646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:82⤵PID:5260
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5568
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5976
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:5332
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5416 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.0.759805213\1413576483" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c666d157-52f1-49ed-b49e-40d948c7d693} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 1960 211deaefa58 gpu3⤵PID:5460
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.1.196118824\643843401" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2352 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad971e9c-c313-44e8-8fc2-8eadf5abfbc1} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 2376 211de5ede58 socket3⤵PID:5124
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.2.938801411\718649172" -childID 1 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a36b8c37-a882-4a2c-a1da-2ea37c3f51b0} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 3660 211e28fb258 tab3⤵PID:4984
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.3.461360292\122578841" -childID 2 -isForBrowser -prefsHandle 3124 -prefMapHandle 3456 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {565537c4-7038-4836-9a7a-d2111d30a844} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 3056 211d1f5eb58 tab3⤵PID:6032
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.4.1697160883\1090562487" -childID 3 -isForBrowser -prefsHandle 4048 -prefMapHandle 3688 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3201acc-2e52-4a34-bd57-3a0dc8171f82} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 3456 211e3a30158 tab3⤵PID:6108
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.7.526367101\426379855" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5092 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4644bc12-a0bd-49f0-be4b-4080a02d58cb} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5324 211e4d1e758 tab3⤵PID:5636
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.6.461643745\575117958" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1cb3373-bac9-42aa-9aa9-fc5576e0c21e} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5108 211e4d1db58 tab3⤵PID:5404
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.5.2033365707\2060594608" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c6f674-ce4c-4f5b-bdef-0da640b6a9c6} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5092 211e4d1d558 tab3⤵PID:2892
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.8.143788051\587295151" -childID 7 -isForBrowser -prefsHandle 5928 -prefMapHandle 5932 -prefsLen 26575 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a6808ff-29ec-4715-a9dd-98a244e738ba} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5092 211e632db58 tab3⤵PID:5792
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.9.1064057725\1566027140" -childID 8 -isForBrowser -prefsHandle 6048 -prefMapHandle 6132 -prefsLen 26575 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab46cf3b-02ee-4aef-abf5-210372fa47ce} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 6100 211e6672e58 tab3⤵PID:4728
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.10.1349814850\1255495229" -parentBuildID 20221007134813 -prefsHandle 6228 -prefMapHandle 6236 -prefsLen 26575 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f43e111b-efbd-4ba5-b7e9-54cf6caeb812} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 6252 211e6911058 rdd3⤵PID:5236
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.11.1240456482\250337474" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6384 -prefMapHandle 6380 -prefsLen 26575 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f88512e8-e5c5-451a-b4d5-fd4ff0cd4810} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 6392 211e6910158 utility3⤵PID:2132
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.12.1020964572\2009205231" -childID 9 -isForBrowser -prefsHandle 4292 -prefMapHandle 4280 -prefsLen 26750 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f01bc8a-d013-4c3b-b0b1-9f0b89336cd7} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 4900 211de5eff58 tab3⤵PID:6260
-
-
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:7028
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:7084
-
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask1⤵PID:560
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5bc88d96e24442fc1ded6baa172c7484f
SHA1be3afe848a225862b995209c1f2b9ff15e685ffd
SHA25636e36d38f994ec0f9ab85042ebb7782d6b82c1041bf7f63bda287f0f5ba0d335
SHA512aec4b145e81eb51d6b4ad09795a73f17e822f1dd437852ba56b2900f251348ce5b8950fb962bc16d0277138d66e464d12ab3e096820297ddad1e55736625b6e4
-
Filesize
152B
MD5ea03d9602828b2d8f2b8817e89b06960
SHA180b3dad92c2312b04b2a4fae005e9cd0bf6d4e71
SHA256e116c715af3149df19bd1b776adcac0979f08efc2568690dfa0d068dd8d6209c
SHA512cfbc15f519e58578f2a25d6eb75784f64e836f93c78d72c4c1b06f4e47016135625ea5d8db1540a6aec3e1c60732d45f1e1f2ac6c007c552835fb4d71c474a08
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD574cf55477c1a293cab304c71e45d0534
SHA1aaabaa5bbd1da4b215acd9d5fd9d3a9ef7953fd5
SHA25629893f25b45d55fad5bea3fd2bad77630ef35efd4cffffaba23ff0c1f80f8c17
SHA512af874d1ba3f8c6689f0270d3f032be595fd815f6bbad92f558acf98f6d9978360727951f74a1731b8066b5a8991d3e359880c827e6e54c539e3fd3fa939f84ca
-
Filesize
3KB
MD57bd0e7f49dddea849f50b27d5d897b2e
SHA1524e70733f1e3017f9c5907bc02a64a207e7aca2
SHA2562792efc2d905006549a1dfbc8d72718e62c0292d352f03d39d85ca1ae4fe5f36
SHA512179e5614dfb8bd59a8f4a91dd36675c8bc48b8eb6b2003c1147ce02ae521ce6d70acc2b523972a74439fd0c3a660b46d80e2275c1d7d74ca05ecdafd49cf84df
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD5a7ebbcff282fde1ce52e8b1d59d7e4b3
SHA13212867d1adc0fb0721039829fedddfe4ab01cc1
SHA256b9dd8de7c5f4950ef878632cd9d43baa3cd194f66b7d5960c33c04ffb0b719fa
SHA5124d43654686ff1c791d1f2e995a503eac9850f979e2098837e31666db1a80cbb66d34c772f3605adba113fb625995b11524dc7f0ce95647e88d5f7a30b3a2e523
-
Filesize
7KB
MD5bee7a582daf19dbaed4643567f244dd8
SHA137ec6fd247c77ca3c3d1315de24f67b1aa32da01
SHA25647c40719469d4c62831dd36f081d4b281438f774770b16c84dcd20e07700eb21
SHA512465bebd78be90923db4c0cd7839ac6a2174ca5b455ccfe3cf7481c4112f6ed2843304cda3a2996d3dca062ec6c17383fa28a1521f29b51d46affda0adf78a0c8
-
Filesize
7KB
MD59ec10ebc0502e4ca5e0a8e7d13e7be0e
SHA1790cedc7f577a666864c212cb35a97c1262d36ce
SHA256464ee8b9105261b99d3f9e2f81965147805796c4eb1c36ad47e32e645cbf9402
SHA5122058b26aa7745a73c9e2564f6516a1918e10682cf4c560e7107c6145b1de5e320ce5e476c7a576d4e860d25660f530572936721bd54963f030eba9d12114c931
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5a6367ca1c0ff9866476de0f7e8193d9b
SHA19ac0743eb1494114e3290d37498ad68a1da30ee2
SHA25684591af9b0847495a4057c7dfc4268f77afc3ebe62e05fb96d6a58151f00dd06
SHA5126bffc72dfaf2490ebfa4730073ae4ef56340f7ce4b82619c7a42482a3eb2af8f0a046e7582083c9adf17b836f8efc4d3e6aeda7e129bd944b39c143a5f32dbaf
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5d5205c20d7c93f25f1200b547dc95c98
SHA15ddb095dfdc770c98fdf4dd68e5ae3e6dc97ac6d
SHA256a1ba2b1d5b9758b1165cc572c83547b1a408d51dd1ff8c5edf83d57e9789b8e7
SHA512ba158b805537278f7be25ee58e969db465e52890d58e52b25e13ec2dedda00fd83fb3f37b0fc35e44f3e938a173ff3ad4c5251b6ae9ff3d3f54dc4ca36b6023b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD594ae46fa8270f654af794841840acae8
SHA1efa747051fe7f2f9f709ba2bb9013df72026811e
SHA256c02761a1a72df4c9bd24e0ec701bc2cfd206bf29f7226febf2857174bbf56099
SHA5121d2b1b77ed84a54fbde7448ac74b739c9edf2274f6827b9e7cb29d4268d01b86bdaf380f8b1e609d04e2107e56d6521a5cd023d99b1c64e84a556e70f09729ba
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD541b54af506b9e1d4db44be53169833e2
SHA111f1160fc4d2d996b7441e7a548a268ca678c75c
SHA25683f4c91032b1ce768b62037093cdfc5e16329c5014a1918bbe1ade6c7657f76d
SHA5123e5d5039cb6c12884afda0d4c5eab0d0c4eadfd53da91917477a9d6da4cc7da39021bda9866a4449251ce801fe83a57d89b15d3ef60f281b553366668f2b8ef4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\103\{f3cff47e-2f97-40c1-8e35-1585730c7667}.final
Filesize4KB
MD58677d18d21f99a25e4c5f5f852df9510
SHA1d20cc94ab8b02dfde9f446856ca0d8b25285c2aa
SHA256f0dee5e3e26ca9ccc7f69498ccc13cd4b1a701e39cff179e487b160ed4055014
SHA5120aedc76bc3bafede69ab68587352ab26f3341054a040600438a3dbc121be3f422c814d5c6c493fba6f2e843a826482dd4f9ffa34032e24272fa9741eedf5ee4d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal
Filesize40KB
MD5612d78aae151d857a7a8620a24253e0e
SHA11a54fded5579844f36dd043c098bfeb6f8becebd
SHA2562d01741ad51b43012f56c0f8334407f0ec9f18a2fdf130b7a55f3874e11df376
SHA5120288448d67fd12b29c35368129c672e301d7b516d689e621a1475f7eb01ee27e5897ff511883ac77d2cacb99dc914a3ab795d022b638d09fb9ee6ae0c03b1ee3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\storage\default\https+++www.youtube.com\idb\3831057489yCt7-%iCt7-%r2e1s7peo.sqlite
Filesize48KB
MD52964678fdfa02b9773a7ddfaa11890b5
SHA1ac01c0b61bd664d52334bf44b3fdc1dd6b6cbe6d
SHA2566bc835cd4762da4cfb58af3888a77b28c0764371c2e7439dad372a3ff2fba491
SHA5125500d6ca81da2826cb242518e5b21546d2ef87b7701c22e6b51c6b947ad42212718b1a6864b4e46b4bb43b2c3346d4b19c398239a96ac308397d9bba2573fbea
-
Filesize
190B
MD5b0d27eaec71f1cd73b015f5ceeb15f9d
SHA162264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA25686d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA5127b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c