Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2023, 04:17

General

  • Target

    DIM Premium Primismatic Precision Select.ani

  • Size

    377KB

  • MD5

    effeb9e23c8e9ace4eab8c477d5194fe

  • SHA1

    c68a416ba459ab986b286a34a359f69948f6f78d

  • SHA256

    d24c3bb8ff45b4a385d2341904b583aaf1122ce20cf6731fe03986f86c6ca7a0

  • SHA512

    77d8611fc167b3909430e334b75a4b4b125c01bff30cbadd085af165a20a35a7f377c944d376a5746be60fdc34d5b697b32bb27f239b67902c383eb5bf80b09c

  • SSDEEP

    1536:Hg5U/aZqwbrXrVKWNTnpBlFrO7zPHofU9dSU1zX:UDpKWdpRgPHiU9d9zX

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\DIM Premium Primismatic Precision Select.ani"
    1⤵
      PID:4512
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd4657e1bh4697h4dc4h917fhef02bd1afdd4
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2576
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fffd93946f8,0x7fffd9394708,0x7fffd9394718
        2⤵
          PID:4512
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12684958199921267027,11226393586106226646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
          2⤵
            PID:5232
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,12684958199921267027,11226393586106226646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:5240
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,12684958199921267027,11226393586106226646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
            2⤵
              PID:5260
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:5568
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
              1⤵
              • Drops desktop.ini file(s)
              • Checks processor information in registry
              • Modifies registry class
              PID:5976
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe"
              1⤵
                PID:5332
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe"
                  2⤵
                  • Checks processor information in registry
                  • Modifies registry class
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of SetWindowsHookEx
                  PID:5416
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.0.759805213\1413576483" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c666d157-52f1-49ed-b49e-40d948c7d693} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 1960 211deaefa58 gpu
                    3⤵
                      PID:5460
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.1.196118824\643843401" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2352 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad971e9c-c313-44e8-8fc2-8eadf5abfbc1} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 2376 211de5ede58 socket
                      3⤵
                        PID:5124
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.2.938801411\718649172" -childID 1 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a36b8c37-a882-4a2c-a1da-2ea37c3f51b0} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 3660 211e28fb258 tab
                        3⤵
                          PID:4984
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.3.461360292\122578841" -childID 2 -isForBrowser -prefsHandle 3124 -prefMapHandle 3456 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {565537c4-7038-4836-9a7a-d2111d30a844} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 3056 211d1f5eb58 tab
                          3⤵
                            PID:6032
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.4.1697160883\1090562487" -childID 3 -isForBrowser -prefsHandle 4048 -prefMapHandle 3688 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3201acc-2e52-4a34-bd57-3a0dc8171f82} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 3456 211e3a30158 tab
                            3⤵
                              PID:6108
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.7.526367101\426379855" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5092 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4644bc12-a0bd-49f0-be4b-4080a02d58cb} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5324 211e4d1e758 tab
                              3⤵
                                PID:5636
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.6.461643745\575117958" -childID 5 -isForBrowser -prefsHandle 5084 -prefMapHandle 5080 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1cb3373-bac9-42aa-9aa9-fc5576e0c21e} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5108 211e4d1db58 tab
                                3⤵
                                  PID:5404
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.5.2033365707\2060594608" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c6f674-ce4c-4f5b-bdef-0da640b6a9c6} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5092 211e4d1d558 tab
                                  3⤵
                                    PID:2892
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.8.143788051\587295151" -childID 7 -isForBrowser -prefsHandle 5928 -prefMapHandle 5932 -prefsLen 26575 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a6808ff-29ec-4715-a9dd-98a244e738ba} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 5092 211e632db58 tab
                                    3⤵
                                      PID:5792
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.9.1064057725\1566027140" -childID 8 -isForBrowser -prefsHandle 6048 -prefMapHandle 6132 -prefsLen 26575 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab46cf3b-02ee-4aef-abf5-210372fa47ce} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 6100 211e6672e58 tab
                                      3⤵
                                        PID:4728
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.10.1349814850\1255495229" -parentBuildID 20221007134813 -prefsHandle 6228 -prefMapHandle 6236 -prefsLen 26575 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f43e111b-efbd-4ba5-b7e9-54cf6caeb812} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 6252 211e6911058 rdd
                                        3⤵
                                          PID:5236
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.11.1240456482\250337474" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6384 -prefMapHandle 6380 -prefsLen 26575 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f88512e8-e5c5-451a-b4d5-fd4ff0cd4810} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 6392 211e6910158 utility
                                          3⤵
                                            PID:2132
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5416.12.1020964572\2009205231" -childID 9 -isForBrowser -prefsHandle 4292 -prefMapHandle 4280 -prefsLen 26750 -prefMapSize 232675 -jsInitHandle 1156 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f01bc8a-d013-4c3b-b0b1-9f0b89336cd7} 5416 "\\.\pipe\gecko-crash-server-pipe.5416" 4900 211de5eff58 tab
                                            3⤵
                                              PID:6260
                                        • C:\Windows\system32\rundll32.exe
                                          "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
                                          1⤵
                                            PID:7028
                                          • C:\Windows\System32\svchost.exe
                                            C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                            1⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            PID:7084
                                          • C:\Windows\system32\rundll32.exe
                                            C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
                                            1⤵
                                              PID:560

                                            Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

                                                    Filesize

                                                    16KB

                                                    MD5

                                                    bc88d96e24442fc1ded6baa172c7484f

                                                    SHA1

                                                    be3afe848a225862b995209c1f2b9ff15e685ffd

                                                    SHA256

                                                    36e36d38f994ec0f9ab85042ebb7782d6b82c1041bf7f63bda287f0f5ba0d335

                                                    SHA512

                                                    aec4b145e81eb51d6b4ad09795a73f17e822f1dd437852ba56b2900f251348ce5b8950fb962bc16d0277138d66e464d12ab3e096820297ddad1e55736625b6e4

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ea03d9602828b2d8f2b8817e89b06960

                                                    SHA1

                                                    80b3dad92c2312b04b2a4fae005e9cd0bf6d4e71

                                                    SHA256

                                                    e116c715af3149df19bd1b776adcac0979f08efc2568690dfa0d068dd8d6209c

                                                    SHA512

                                                    cfbc15f519e58578f2a25d6eb75784f64e836f93c78d72c4c1b06f4e47016135625ea5d8db1540a6aec3e1c60732d45f1e1f2ac6c007c552835fb4d71c474a08

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    111B

                                                    MD5

                                                    285252a2f6327d41eab203dc2f402c67

                                                    SHA1

                                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                    SHA256

                                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                    SHA512

                                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    74cf55477c1a293cab304c71e45d0534

                                                    SHA1

                                                    aaabaa5bbd1da4b215acd9d5fd9d3a9ef7953fd5

                                                    SHA256

                                                    29893f25b45d55fad5bea3fd2bad77630ef35efd4cffffaba23ff0c1f80f8c17

                                                    SHA512

                                                    af874d1ba3f8c6689f0270d3f032be595fd815f6bbad92f558acf98f6d9978360727951f74a1731b8066b5a8991d3e359880c827e6e54c539e3fd3fa939f84ca

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    3KB

                                                    MD5

                                                    7bd0e7f49dddea849f50b27d5d897b2e

                                                    SHA1

                                                    524e70733f1e3017f9c5907bc02a64a207e7aca2

                                                    SHA256

                                                    2792efc2d905006549a1dfbc8d72718e62c0292d352f03d39d85ca1ae4fe5f36

                                                    SHA512

                                                    179e5614dfb8bd59a8f4a91dd36675c8bc48b8eb6b2003c1147ce02ae521ce6d70acc2b523972a74439fd0c3a660b46d80e2275c1d7d74ca05ecdafd49cf84df

                                                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                    Filesize

                                                    442KB

                                                    MD5

                                                    85430baed3398695717b0263807cf97c

                                                    SHA1

                                                    fffbee923cea216f50fce5d54219a188a5100f41

                                                    SHA256

                                                    a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                                    SHA512

                                                    06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                    Filesize

                                                    8.0MB

                                                    MD5

                                                    a01c5ecd6108350ae23d2cddf0e77c17

                                                    SHA1

                                                    c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                                                    SHA256

                                                    345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                                                    SHA512

                                                    b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                                                    Filesize

                                                    997KB

                                                    MD5

                                                    fe3355639648c417e8307c6d051e3e37

                                                    SHA1

                                                    f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                                    SHA256

                                                    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                                    SHA512

                                                    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                                                    Filesize

                                                    116B

                                                    MD5

                                                    3d33cdc0b3d281e67dd52e14435dd04f

                                                    SHA1

                                                    4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                                    SHA256

                                                    f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                                    SHA512

                                                    a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                                                    Filesize

                                                    479B

                                                    MD5

                                                    49ddb419d96dceb9069018535fb2e2fc

                                                    SHA1

                                                    62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                                                    SHA256

                                                    2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                                                    SHA512

                                                    48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                                                    Filesize

                                                    372B

                                                    MD5

                                                    8be33af717bb1b67fbd61c3f4b807e9e

                                                    SHA1

                                                    7cf17656d174d951957ff36810e874a134dd49e0

                                                    SHA256

                                                    e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                                                    SHA512

                                                    6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                                                    Filesize

                                                    11.8MB

                                                    MD5

                                                    33bf7b0439480effb9fb212efce87b13

                                                    SHA1

                                                    cee50f2745edc6dc291887b6075ca64d716f495a

                                                    SHA256

                                                    8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                                                    SHA512

                                                    d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    688bed3676d2104e7f17ae1cd2c59404

                                                    SHA1

                                                    952b2cdf783ac72fcb98338723e9afd38d47ad8e

                                                    SHA256

                                                    33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                                                    SHA512

                                                    7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    937326fead5fd401f6cca9118bd9ade9

                                                    SHA1

                                                    4526a57d4ae14ed29b37632c72aef3c408189d91

                                                    SHA256

                                                    68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                                                    SHA512

                                                    b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\prefs-1.js

                                                    Filesize

                                                    6KB

                                                    MD5

                                                    a7ebbcff282fde1ce52e8b1d59d7e4b3

                                                    SHA1

                                                    3212867d1adc0fb0721039829fedddfe4ab01cc1

                                                    SHA256

                                                    b9dd8de7c5f4950ef878632cd9d43baa3cd194f66b7d5960c33c04ffb0b719fa

                                                    SHA512

                                                    4d43654686ff1c791d1f2e995a503eac9850f979e2098837e31666db1a80cbb66d34c772f3605adba113fb625995b11524dc7f0ce95647e88d5f7a30b3a2e523

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\prefs-1.js

                                                    Filesize

                                                    7KB

                                                    MD5

                                                    bee7a582daf19dbaed4643567f244dd8

                                                    SHA1

                                                    37ec6fd247c77ca3c3d1315de24f67b1aa32da01

                                                    SHA256

                                                    47c40719469d4c62831dd36f081d4b281438f774770b16c84dcd20e07700eb21

                                                    SHA512

                                                    465bebd78be90923db4c0cd7839ac6a2174ca5b455ccfe3cf7481c4112f6ed2843304cda3a2996d3dca062ec6c17383fa28a1521f29b51d46affda0adf78a0c8

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\prefs-1.js

                                                    Filesize

                                                    7KB

                                                    MD5

                                                    9ec10ebc0502e4ca5e0a8e7d13e7be0e

                                                    SHA1

                                                    790cedc7f577a666864c212cb35a97c1262d36ce

                                                    SHA256

                                                    464ee8b9105261b99d3f9e2f81965147805796c4eb1c36ad47e32e645cbf9402

                                                    SHA512

                                                    2058b26aa7745a73c9e2564f6516a1918e10682cf4c560e7107c6145b1de5e320ce5e476c7a576d4e860d25660f530572936721bd54963f030eba9d12114c931

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    a6367ca1c0ff9866476de0f7e8193d9b

                                                    SHA1

                                                    9ac0743eb1494114e3290d37498ad68a1da30ee2

                                                    SHA256

                                                    84591af9b0847495a4057c7dfc4268f77afc3ebe62e05fb96d6a58151f00dd06

                                                    SHA512

                                                    6bffc72dfaf2490ebfa4730073ae4ef56340f7ce4b82619c7a42482a3eb2af8f0a046e7582083c9adf17b836f8efc4d3e6aeda7e129bd944b39c143a5f32dbaf

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4

                                                    Filesize

                                                    4KB

                                                    MD5

                                                    d5205c20d7c93f25f1200b547dc95c98

                                                    SHA1

                                                    5ddb095dfdc770c98fdf4dd68e5ae3e6dc97ac6d

                                                    SHA256

                                                    a1ba2b1d5b9758b1165cc572c83547b1a408d51dd1ff8c5edf83d57e9789b8e7

                                                    SHA512

                                                    ba158b805537278f7be25ee58e969db465e52890d58e52b25e13ec2dedda00fd83fb3f37b0fc35e44f3e938a173ff3ad4c5251b6ae9ff3d3f54dc4ca36b6023b

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4

                                                    Filesize

                                                    4KB

                                                    MD5

                                                    94ae46fa8270f654af794841840acae8

                                                    SHA1

                                                    efa747051fe7f2f9f709ba2bb9013df72026811e

                                                    SHA256

                                                    c02761a1a72df4c9bd24e0ec701bc2cfd206bf29f7226febf2857174bbf56099

                                                    SHA512

                                                    1d2b1b77ed84a54fbde7448ac74b739c9edf2274f6827b9e7cb29d4268d01b86bdaf380f8b1e609d04e2107e56d6521a5cd023d99b1c64e84a556e70f09729ba

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\sessionstore-backups\recovery.jsonlz4

                                                    Filesize

                                                    4KB

                                                    MD5

                                                    41b54af506b9e1d4db44be53169833e2

                                                    SHA1

                                                    11f1160fc4d2d996b7441e7a548a268ca678c75c

                                                    SHA256

                                                    83f4c91032b1ce768b62037093cdfc5e16329c5014a1918bbe1ade6c7657f76d

                                                    SHA512

                                                    3e5d5039cb6c12884afda0d4c5eab0d0c4eadfd53da91917477a9d6da4cc7da39021bda9866a4449251ce801fe83a57d89b15d3ef60f281b553366668f2b8ef4

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\storage\default\https+++www.youtube.com\cache\morgue\103\{f3cff47e-2f97-40c1-8e35-1585730c7667}.final

                                                    Filesize

                                                    4KB

                                                    MD5

                                                    8677d18d21f99a25e4c5f5f852df9510

                                                    SHA1

                                                    d20cc94ab8b02dfde9f446856ca0d8b25285c2aa

                                                    SHA256

                                                    f0dee5e3e26ca9ccc7f69498ccc13cd4b1a701e39cff179e487b160ed4055014

                                                    SHA512

                                                    0aedc76bc3bafede69ab68587352ab26f3341054a040600438a3dbc121be3f422c814d5c6c493fba6f2e843a826482dd4f9ffa34032e24272fa9741eedf5ee4d

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

                                                    Filesize

                                                    40KB

                                                    MD5

                                                    612d78aae151d857a7a8620a24253e0e

                                                    SHA1

                                                    1a54fded5579844f36dd043c098bfeb6f8becebd

                                                    SHA256

                                                    2d01741ad51b43012f56c0f8334407f0ec9f18a2fdf130b7a55f3874e11df376

                                                    SHA512

                                                    0288448d67fd12b29c35368129c672e301d7b516d689e621a1475f7eb01ee27e5897ff511883ac77d2cacb99dc914a3ab795d022b638d09fb9ee6ae0c03b1ee3

                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\11ir96yb.default-release\storage\default\https+++www.youtube.com\idb\3831057489yCt7-%iCt7-%r2e1s7peo.sqlite

                                                    Filesize

                                                    48KB

                                                    MD5

                                                    2964678fdfa02b9773a7ddfaa11890b5

                                                    SHA1

                                                    ac01c0b61bd664d52334bf44b3fdc1dd6b6cbe6d

                                                    SHA256

                                                    6bc835cd4762da4cfb58af3888a77b28c0764371c2e7439dad372a3ff2fba491

                                                    SHA512

                                                    5500d6ca81da2826cb242518e5b21546d2ef87b7701c22e6b51c6b947ad42212718b1a6864b4e46b4bb43b2c3346d4b19c398239a96ac308397d9bba2573fbea

                                                  • C:\Users\Admin\Videos\Captures\desktop.ini

                                                    Filesize

                                                    190B

                                                    MD5

                                                    b0d27eaec71f1cd73b015f5ceeb15f9d

                                                    SHA1

                                                    62264f8b5c2f5034a1e4143df6e8c787165fbc2f

                                                    SHA256

                                                    86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

                                                    SHA512

                                                    7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

                                                  • memory/7084-657-0x00000225EEA40000-0x00000225EEA50000-memory.dmp

                                                    Filesize

                                                    64KB

                                                  • memory/7084-699-0x00000225F6C10000-0x00000225F6C11000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-702-0x00000225F6B50000-0x00000225F6B51000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-696-0x00000225F6C20000-0x00000225F6C21000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-714-0x00000225F6D50000-0x00000225F6D51000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-719-0x00000225F6D60000-0x00000225F6D61000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-694-0x00000225F6C10000-0x00000225F6C11000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-725-0x00000225F6D60000-0x00000225F6D61000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-726-0x00000225F6E70000-0x00000225F6E71000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-693-0x00000225F6C20000-0x00000225F6C21000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-692-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-691-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-690-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-689-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-686-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-685-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-684-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-683-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-682-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-681-0x00000225F6FF0000-0x00000225F6FF1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-679-0x00000225F6FD0000-0x00000225F6FD1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                  • memory/7084-641-0x00000225EE940000-0x00000225EE950000-memory.dmp

                                                    Filesize

                                                    64KB