hxxps://cinemitas[.]org

Analysis

max time kernel
299s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2023, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cinemitas.org

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe
Token: SeDebugPrivilege	4936	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe
4936	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 3592 wrote to memory of 4936	3592	firefox.exe	82
PID 4936 wrote to memory of 2228	4936	firefox.exe	83
PID 4936 wrote to memory of 2228	4936	firefox.exe	83
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 4680	4936	firefox.exe	85
PID 4936 wrote to memory of 3908	4936	firefox.exe	86
PID 4936 wrote to memory of 3908	4936	firefox.exe	86
PID 4936 wrote to memory of 3908	4936	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://cinemitas.org"
1⤵
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://cinemitas.org
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.0.82060416\1484730333" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1868 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78f36ba6-28c8-4ca1-a938-f84591cb31b1} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 1976 1b9e19cf158 gpu
    3⤵
    PID:2228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.1.1932411191\1505903833" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {327086d2-36ce-4e53-a17e-ef553a3d18cd} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 2400 1b9d5172e58 socket
    3⤵
    PID:4680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.2.654854559\1003453781" -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f98d2139-28a6-43e0-92b0-d107690c3889} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 3012 1b9e5bce658 tab
    3⤵
    PID:3908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.3.390356429\184420359" -childID 2 -isForBrowser -prefsHandle 3840 -prefMapHandle 3836 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec796764-fd72-4ebe-aaf5-328ee57d0445} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 3844 1b9d5161358 tab
    3⤵
    PID:1620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.5.863490453\1754870438" -childID 4 -isForBrowser -prefsHandle 5260 -prefMapHandle 5264 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9db3943f-ea3e-45ef-abe7-f5172793580f} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 5252 1b9e8ff0358 tab
    3⤵
    PID:2116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.4.1927783629\608560301" -childID 3 -isForBrowser -prefsHandle 4908 -prefMapHandle 5100 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c5255df-6cd3-4b25-80b3-c373028ab5c7} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 5092 1b9e8590258 tab
    3⤵
    PID:3312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.6.450627866\1337214591" -childID 5 -isForBrowser -prefsHandle 5440 -prefMapHandle 5444 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3218e584-6b2f-4223-b92f-3fb7bf35447f} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 5428 1b9e8ff0658 tab
    3⤵
    PID:4364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.7.1532030551\342506195" -childID 6 -isForBrowser -prefsHandle 5912 -prefMapHandle 5908 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7988647-ee58-45d8-936a-5490fd1c8edb} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 5920 1b9ea11e558 tab
    3⤵
    PID:1904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.8.2039670963\1358442597" -childID 7 -isForBrowser -prefsHandle 6200 -prefMapHandle 6216 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f69b064-d261-478f-80df-92586f2b6e26} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 6228 1b9ea121b58 tab
    3⤵
    PID:3200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.9.419832268\804584521" -childID 8 -isForBrowser -prefsHandle 9012 -prefMapHandle 9008 -prefsLen 30499 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb1ab28d-0e07-4be1-b3ca-ec4a9001943e} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 9048 1b9ed899258 tab
    3⤵
    PID:2696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.10.178416034\847306876" -childID 9 -isForBrowser -prefsHandle 9164 -prefMapHandle 9168 -prefsLen 30499 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0355c022-14f6-4ac1-852a-841de295512b} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 8912 1b9ed896e58 tab
    3⤵
    PID:1916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.11.1541185372\548789027" -childID 10 -isForBrowser -prefsHandle 10056 -prefMapHandle 8804 -prefsLen 30804 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51f0f525-4607-488e-9156-0b1e066e1d4c} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4792 1b9e5bb7558 tab
    3⤵
    PID:680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.12.892220645\1865493695" -childID 11 -isForBrowser -prefsHandle 5904 -prefMapHandle 8508 -prefsLen 30804 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c22dca9-6b17-4925-87c9-5b442c8d0ff7} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 8496 1b9e97e9d58 tab
    3⤵
    PID:2828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.13.1773909870\2067770084" -childID 12 -isForBrowser -prefsHandle 9028 -prefMapHandle 9312 -prefsLen 30804 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9527be08-3dda-490c-8f47-f13a934adb13} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 8916 1b9e476e558 tab
    3⤵
    PID:772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.14.1534837530\841833563" -childID 13 -isForBrowser -prefsHandle 8996 -prefMapHandle 4696 -prefsLen 30804 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58c2fc66-f811-4c95-bf44-6be7683d3501} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 8864 1b9e9afd358 tab
    3⤵
    PID:636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.15.657090745\743593006" -childID 14 -isForBrowser -prefsHandle 8556 -prefMapHandle 6072 -prefsLen 30813 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb17f064-09d7-45cb-a7d2-abf173e36bc2} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 8604 1b9e9a2b858 tab
    3⤵
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.16.639003406\1202185528" -childID 15 -isForBrowser -prefsHandle 5168 -prefMapHandle 5164 -prefsLen 30813 -prefMapSize 232675 -jsInitHandle 1392 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55940bd0-0dd6-4e6b-ad1f-0e4974288962} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 5156 1b9e5bcf558 tab
    3⤵
    PID:5092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x00o19f5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
c32d748726f4589aabd512eeefa4ce6a

SHA1
85448baed994f123b999aa50908770ca4ba533dc

SHA256
64f98870bbefb82909206eeca68833f24269f4bd1e30dd1392ffbcba373838ac

SHA512
1497f544d855e8e54c36a5cae10ce37d1859bf65b6a4ba4d0d0db829c68cd2e9c34f10dcf5e99b302472e650feea46b1db3b2515de7741774231b04fcddeee0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x00o19f5.default-release\cache2\entries\2C15DC2EFA1ABE8B71995E5A8D6EE7CADA8AD45D

Filesize
48KB

MD5
1b2435757a678e1ef1fea7cd2d72f0ff

SHA1
3fe2806c5e40df287aef3e6797047aa704f47dc7

SHA256
a79207d4249ae8090e2df4134c181417d1089bf62c596c3b0ec2a4a23c156e51

SHA512
cab24e5491a8ce14402cd9cf32b0c376eb5236caa94d987d761543c4e5a14a477713b77be7b76e1d9a1b3ea730c5a4d5ebaa5c34fa8e5b7461268c195e1cbae3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x00o19f5.default-release\cache2\entries\51ADC04B6B3A8FE1A6C361C60E4BC3463A39FDBF

Filesize
74KB

MD5
442370ea98bd97735caf93e1dbcff2e0

SHA1
2e194b445a08b3e2128320bb0d80c55c2e542ba5

SHA256
a0103c311f7ffca7ad1cc21c3bc93a61998ef1a1fb6cd8e705531795e18ba523

SHA512
de28a82ddc96a3f9d7eafed25a4a76339481b8ff9744296ea76f12e1c302e36f36f50a1f02e7c6dc574f041ed2070a4a076321c2b92cb3a3860d4e0e44e1c24a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x00o19f5.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58

Filesize
13KB

MD5
3f0655540dee327e3c4c013bcf8fd547

SHA1
e2099c6c8330a0c3ccd4732c8921c20ef98e710c

SHA256
8616a8741c0b288552a053a1972fb5e06d933c6ee858620efc29cec8a00915da

SHA512
2e004366ee59c3d13f5a90aa112694516073bc7b7248a1843d486468af150af2e3983359d6e0e30ea7aae95e5e32415286f551ff9f146429cd656d7af30c5203

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x00o19f5.default-release\cache2\entries\70F438972190965EFDF6101AFE0662EA673D0F33

Filesize
41KB

MD5
2444a1090a69391e7d57914ae12c0ba4

SHA1
bf201f36ea740bfd40112cbbffb9f7e62a7d0bcd

SHA256
b04b1b7011f9526d94a136348aab181dbb64e7fb0a205b098462ee45dd8709cb

SHA512
a6870618b010018c9be4736ac7957fab85f8b74e84f45f3c5f8f2ff44d37ceb29d35cbe50aae095879e287d44694c72b7c3fc7221461c67d86851aeb2256ad9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp-ixk.xpi

Filesize
11.3MB

MD5
dffe25b6bcdbf70ce5890813049f3e5a

SHA1
725d31103ebefd3c8a018a73d456ac861088768b

SHA256
ffb8bcc1b6646e7e049198bdcb2cb3f44881df94988594aecaf6b71696b190bd

SHA512
3621ef130b1df49f3806d248c48844c9eb9181771d7cc028561d74798945f18ea1b3fee9f27d8ee69b1edc9e96ab9ba8d0f6a94949f63bfc8b22b28962e8b675

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
126c880701d05e8eeaf1cc5c7ac6d741

SHA1
3c671b7630824db48e3b726ca29e93dfee8b9297

SHA256
3b0146577c4c1980b6e4f1155f62c58fe86c521edbd2bc1d279af3a487e3e572

SHA512
7aee15fdbb303f25c459bfa06be17d45a7c9c4de6f44f797279603381f33e409ac62a3c158c10d02517fa337ba20bad6ffad2c21d049aeb1cb708ac763f13b5c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
b5c7b633c2ac3bf4b6dad10c089397d6

SHA1
3711b559464cdefa00635351e646a3e8d149c11a

SHA256
c93c21025f78ab1dcc6909985b8f25031c95c719292caa2d348975ca359e7239

SHA512
e2acdcb039d61ed8dc03320824f795712fb6e09765d93d9c3d3094fbc2b881f1daa2f46944f6364743c1588662a26eb77ce4c473fa665f25eff0ba86474b65bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs-1.js

Filesize
6KB

MD5
3d24dd033da86d2dbd25db6c772ec6f5

SHA1
46f8124cdffe4eecdf78be82cb891b3187fa014b

SHA256
c4ebbe6355ee2e48f358eb0dd6aebb03d3361ab75900e18fd15871c92d961506

SHA512
0027b526f3a4796950e21fefe83b83bc3d86cc6264fe13d293be43706abd83d73e915812140bc5ba6a3b4206115f6b7891303d8c0f0a28209971afc842e08a65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs-1.js

Filesize
8KB

MD5
5817b8426df0c6ebbb8bc3ddce97d6b1

SHA1
0461f2117d28f15c9c84c3c3868fbb25631b3c97

SHA256
46a0424cf5a8637bfed28654a005e28e268f73dafe95a4a4d7b8c93dca9f09e5

SHA512
85bd38894e0767873ac7be849d8bfa93a4cb5d31abeb67fae9479c99b81ae8113ea569dbd471ec5f9abe4ccd69bd9beebc7d0a2655fed5d986ebdcc376e8c29f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs-1.js

Filesize
7KB

MD5
1912325930811f8adc46ae91c4d5f154

SHA1
62e6202d564fd0a3785e2c81d0c724fb8eb62bca

SHA256
4c066175ab00e6ba6b5da6b5e6999b1a316ed6f387e6f679f51dc40c2f0356a8

SHA512
8fff4587dd21d8a226860829f17a6d6c000f4b1ce4ee42d79c1bf6da9400bab05aa210f831e23fda1b05bd5eec7523a1b062f0194402acb8371d2a4330efab9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\prefs.js

Filesize
7KB

MD5
fc033cae4f3aea995a075024c2e72ec5

SHA1
4c75c1aafe8917178722f40d55ab3e414b3e0f56

SHA256
8d68c89bebfb84d3527ea04aab32c987635974ad952f9ef1b71733e77047649f

SHA512
ba3d0a7178d14b53cc0d8f1245a1606ac72b4d796360ae753d7361fc9f1404f4522021e5f332c09f401c39f996c567d61d6f5071627bc39955b4444f744c554f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5d7d3c3b9226fd10246175657a75468d

SHA1
1b3735976b55545d5aebb172bcad0b0de83f86e0

SHA256
8f7c719d58c1a7246316cac4c53a8326089f7b8f2d45c3d1346cdd80a7ba48fc

SHA512
74e1d8ed6beb3d5d6528d5b0b29025272967ac26cb9cadfc29c453c24ee59e0fef2a5a9364d296b30114cffd883f94a00a8d4f9fb1a9f8669761462278536dde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
51077099d0ee49a0d339a899e5d7d7f4

SHA1
0f3a65456b1a129c2d8a3337949f85df39cb80d1

SHA256
adf6ea230e68f849d99e5b48bf8f59f0606d5051fe22dba15dbcd3bb309cb0ab

SHA512
63ff93e4514623052e36ed33636974f627b7c722d8bb49c475c84dcae5270125af29eb4f0df13e859e9cb62c7f0a8424e3a00e06966cfb312dddd983eafe0632

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
88ca2a8540ca53186a8f4ff942461da8

SHA1
d2c355bf43470f71321579d2c7003784459cb75b

SHA256
0b3b3f2c4589c5299132887faeac45d50e02fda107b90dfa041c61f0ea62e6d6

SHA512
f2d5ec8cdbe54ec59cd48cbd798a33bdde576552d7e540632ea30c84dce6fdb89a99cd3be017d37eb7f91f24e691d7b9b8fd1abd84940a79faee609646a0adfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3b6d6fe9f4350bd6e845713386b46895

SHA1
ecc7b29c0535000febb96d0f718b525579f62dfe

SHA256
78405f397d3c536322e8194e090f0db784dff389d6fd1e5acc50c0f2bc7f79a5

SHA512
684b9c53ecb5c07323798289401b95a8e3d40687b15a6fa3c76790a14edb70797d2646765abb9fd36c76eaed6d27ed377a3170542e3852efa2d610c27987faa5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
36e27f22515a2b8f9519c347c394f1e7

SHA1
18948b663e83546a26fc1be5b27f5c5233513de6

SHA256
7fbba75b5bd74098530ad56b5dd00543154bf7c9c2189deced69aeae68c4d617

SHA512
e23c3beb36302a38dae23da68e4a6f9a7114fdf820f671cf9b96386eec134a82d55d6b432c756e9b10ab9a1b253699ba1d21e2f1772fe8bdb5d67a8a037bc58a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
331d18c2205724e675a9bb51320872ea

SHA1
23fb938f6792f5bb499ecf770a4f6ff16adf87af

SHA256
e636546ad677d8ca302dac40e47fa884952199de609a880faf82abf0a22ecc36

SHA512
ccbe43747a9181629da3720b47f210db6a0c1775edc809cff66108bda14ce3e45864b63855fc0b58945d53a42d96ab8c6543300dad091aaad62f9abce7ba2482

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
5b8c303ea94b97e65dfd142f60fcff43

SHA1
099a134316ed1c047bb8515f83f5401bb08583c1

SHA256
af9687e62f1a7467fa4d4ec5167d6c48cd353d60f4f20842df85218a3d293391

SHA512
ec959fc679a60595f3b73fcb13b7d3694c8285fa8b47c439cc1d35b6ddd9346978d86502ad531c388703d3c7df52a0b1adef4dfc665ef7067a04eb7e2dcf1fbd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
a153af2e2851719730f6d584fd52dd23

SHA1
7ef2f34c83033cd7903c7b332ec64aec676acb33

SHA256
4cb78b4760cdda33bffc9d834a4535bb43a52902a9ced8a147d5c1307a1f98c9

SHA512
fd39f901fe7873f40473a3ef5c836b1e058d175b3cf6505a9f56ebcd809441f09eae8aed0fb6f550be006389dd1265ae0c55d77ba7ddfd18d41fe63eb1fde737

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a9a3b7000ba87f624787e54428c79e99

SHA1
2144437764b140cbd1dd02173377c5ab3e81ef2d

SHA256
4a006c8fecb3dfe0ba3bf4ac1fd13b61b269ceb3ae9cc1629fba4a0e7ffd920f

SHA512
489074e703ba34c60d04eb25210a3f8586902a24cf0cfc89a70587a969d3130c3c0f1b3fd41b18f6cac9fdcf17129ef5ee8314bbd4b7367396ccdda813e81b77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
b4daf1e7fc3e917956cab082c75b2a8b

SHA1
0d4862463a18b65a0421643c27c634a194d3ca8b

SHA256
359af164b16519384562fb63ca98e5bb0441aaa389951f0844a4a017c7a00434

SHA512
031889792637fd5a4cf5d8dd37294e12dfd78080c31a01c5df0d9a017fb4ea6645591d1cb5fc3b5348fcebc7777261a00b7153d085f4d444db11f91fcd222015

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
4f8c1170db98c691b202fd78b0e73d6b

SHA1
c183bb56985719353bf5bc04dcc1aaab3b47036c

SHA256
783417ea6d5bf1574d0332f4b2d1dfdbb50049cf6ed72a750e764e092855ff48

SHA512
5fd0b82f1a6f7b8044ba5398bda9d83c1c125d5349fcf6a934e931e5142fa9c0a867e8562e40ea6e568d07f63d1ca76a5d7516f9ad69ffc9a37e4428a9b1f4a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
a2be798457881c562b0662d676cd1699

SHA1
b4b31f9d0d2ecae446ef545ee33fbe59a2c58366

SHA256
c6a31d85b91de6c90d0f979d16efc71543e39d5d1b70705ed7dfa217ec86788f

SHA512
a063ca9fb2fe791108578359181b4713a2c6cd9cedaadd5e5ae024ffcba2662f450cd833859f27d95cd20ba72f6e16806fc484509dd1fb6e1c1922143c43a240

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
114b20d68c39b2f9d576a01dbc26db19

SHA1
053976f8e78708cc35cbcad976673d18531e12b6

SHA256
a141c7ca34aa49d9b84f1af0823f51963ab9a7b0d526e028d0b61f399a757888

SHA512
5a69a6fed38d2ebcdb1651e7eeabc6c830599b6f7ffe363f944a95d4c64201d212b842b802a3922785ecb61f9cab790f08ec1e67181e9e5a68211fc60ec6c82b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\storage\default\https+++cinemitas.org\cache\morgue\108\{0e49fbdb-58c0-405b-9421-7d0e73f11e6c}.final

Filesize
120KB

MD5
1c1e70cc6185714c16d53244af06cddf

SHA1
8a8765acc16855c83bea2a9af78a99146c3a5c43

SHA256
ddc091cdcf5ad112a87cc121858769c8adc3a76dcb6f536e6dcb0f9ac27f0f83

SHA512
062a6dfb5a3b62bb9195934f3323d9394b0e0dc03c4167bccb615f67ff778d45fa3287c12c80808f9ae557001ba4cf645e86592efdb3b5912b817fdc970a5352

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\storage\default\https+++cinemitas.org\cache\morgue\40\{f431e987-8504-45ad-9987-30494730bb28}.final

Filesize
1KB

MD5
bbc13a2727a5012ccf279d012eb78fd9

SHA1
c73959c09b4e447d16d3a17a4413da08ffcf4486

SHA256
efb7bb901b5bf0996398ac1f93e88b330c5cb5b16af8d9a4d34468465eef79da

SHA512
e337ef50ce577369c4f3efb2fa58066cb35bcdaecfbd39cd6c01b9d04bd959c372d62eadd901cb0327955b2fd35b938ce774f7b60ade0f952f9440f99f30c608

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\storage\default\https+++core.arc.io^partitionKey=%28https%2Ccinemitas.org%29\idb\112462418acr.sqlite

Filesize
48KB

MD5
7e12568019e6160d27d72ab49b4a8c5a

SHA1
98075bf188a421e0c61b7f796244a8efdd5e0209

SHA256
62ea22522bd5a799fd5093923b48a2e8838ea6537f9202c70c7640ad548fe485

SHA512
6f327e6cfa373f4c1b0e6115393e544266b5bc1849da9aa3b9e6849d02dba3c8f53ec350d0247756f624ea177e04862f4ffe0887e426f6b55ed4f5026eb2f025

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x00o19f5.default-release\storage\default\https+++core.arc.io^partitionKey=%28https%2Ccinemitas.org%29\ls\usage

Filesize
12B

MD5
e977754c147a39c4c91734aec398eb3b

SHA1
8e3971021b6585499a968e9449818fdcedda99c2

SHA256
06a099580fd3ec5716b06cb25a8c6d3e1d33e588e1499a644ab7722f976e0ec1

SHA512
92b845498f1470d57a3892ed703c5a773e75661a04033da630422c2252029981b29a8817627775826c4b5ae3b6acce725786785a0d6280a3f85ef5a7300c9999

Download Submit