hxxp://hianime[.]to

Resubmissions

10/07/2024, 02:31

240710-czrxqstclb 1

10/07/2024, 02:25

240710-cwl73stapd 1

Analysis

max time kernel
292s
max time network
294s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 02:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://hianime.to

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2764	firefox.exe
Token: SeDebugPrivilege	2764	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2724 wrote to memory of 2764	2724	firefox.exe	30
PID 2764 wrote to memory of 2744	2764	firefox.exe	31
PID 2764 wrote to memory of 2744	2764	firefox.exe	31
PID 2764 wrote to memory of 2744	2764	firefox.exe	31
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2624	2764	firefox.exe	32
PID 2764 wrote to memory of 2564	2764	firefox.exe	33
PID 2764 wrote to memory of 2564	2764	firefox.exe	33
PID 2764 wrote to memory of 2564	2764	firefox.exe	33
PID 2764 wrote to memory of 2564	2764	firefox.exe	33
PID 2764 wrote to memory of 2564	2764	firefox.exe	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://hianime.to"
1⤵
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://hianime.to
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.0.217250283\840497207" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1180 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ecf161b4-d645-47c2-bc76-e40d93fab581} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 1332 10cd8e58 gpu
    3⤵
    PID:2744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.1.1194458606\1874926777" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1496 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {56ff7065-b247-417e-8986-33510e8c0d80} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 1512 e72b58 socket
    3⤵
    PID:2624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.2.681558346\1964251840" -childID 1 -isForBrowser -prefsHandle 2044 -prefMapHandle 2040 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c75202d1-4fca-436d-9267-930e6f97c388} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 2072 1a89b058 tab
    3⤵
    PID:2564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.3.1355276863\1286915355" -childID 2 -isForBrowser -prefsHandle 2516 -prefMapHandle 2512 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {434a2af0-3caf-4564-b117-0f68fdcc675f} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 2528 1c4dad58 tab
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.4.1413426311\1504408825" -childID 3 -isForBrowser -prefsHandle 3692 -prefMapHandle 3688 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90bd7ed8-908c-4fd1-90e0-49d1add01081} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 3704 1ecc1f58 tab
    3⤵
    PID:1640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.5.1662414667\232283146" -childID 4 -isForBrowser -prefsHandle 3812 -prefMapHandle 3816 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {486f4fc8-d0b6-4ed9-8236-67ab7f35c0b8} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 3800 1ecc1c58 tab
    3⤵
    PID:2196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.6.629147590\1736497105" -childID 5 -isForBrowser -prefsHandle 3976 -prefMapHandle 3980 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b4df794-7c8b-4e0c-afea-958c57a56c10} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 3964 21194d58 tab
    3⤵
    PID:1880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.7.594222956\1603694728" -childID 6 -isForBrowser -prefsHandle 3616 -prefMapHandle 3644 -prefsLen 26432 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce68fa3e-6541-4509-bf51-be8da552f42b} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 3636 1b64c858 tab
    3⤵
    PID:2188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.8.1661357219\1020706907" -childID 7 -isForBrowser -prefsHandle 8316 -prefMapHandle 8288 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ea32a12-f815-4be9-b3ae-21e188e04fdf} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 8264 22b5c258 tab
    3⤵
    PID:1080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.9.131281794\785917500" -childID 8 -isForBrowser -prefsHandle 8140 -prefMapHandle 8136 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18fef37f-1ffc-462e-bf22-277e45046b1a} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 8152 22be8a58 tab
    3⤵
    PID:2900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.10.423532056\394496268" -childID 9 -isForBrowser -prefsHandle 7972 -prefMapHandle 7968 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ea7cffa-4c74-474f-97a1-64b38f2bd638} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 7984 22be8d58 tab
    3⤵
    PID:1632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.11.390779026\531209100" -childID 10 -isForBrowser -prefsHandle 4116 -prefMapHandle 4112 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a3b744d-dceb-4574-8d3f-ae45cb869c71} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 3796 21036a58 tab
    3⤵
    PID:3100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.12.767186956\1707659362" -childID 11 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37f573d6-8830-4831-a101-df3f9dc4970b} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 4000 21038258 tab
    3⤵
    PID:3112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.13.306733128\685482998" -childID 12 -isForBrowser -prefsHandle 8236 -prefMapHandle 3808 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a812463-b926-4b29-b7eb-c0e045fdd760} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 8168 23009958 tab
    3⤵
    PID:3836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.14.1858288144\1120474782" -childID 13 -isForBrowser -prefsHandle 4448 -prefMapHandle 8312 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f326a5cf-a0e6-4979-828c-e18b1a01f8ae} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 8128 22736858 tab
    3⤵
    PID:3076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.15.2091238751\216128659" -childID 14 -isForBrowser -prefsHandle 7820 -prefMapHandle 7824 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {611b8055-953b-4f0c-a896-cff081e09c93} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 7840 21053958 tab
    3⤵
    PID:608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.16.1035848593\377039297" -childID 15 -isForBrowser -prefsHandle 8000 -prefMapHandle 7904 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eebc2049-acab-4afd-8ac2-0c581896a0d2} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 7936 2281c158 tab
    3⤵
    PID:3672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.17.169501112\337721716" -childID 16 -isForBrowser -prefsHandle 7900 -prefMapHandle 8220 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c65676a-0281-48a8-bdc4-c2588f5a1883} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 8088 1a81c458 tab
    3⤵
    PID:1932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.18.593063\10522516" -childID 17 -isForBrowser -prefsHandle 2044 -prefMapHandle 2088 -prefsLen 26607 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfbf4ecb-0411-4ce0-aa10-e6f6abbb0cff} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 3356 1dfc8558 tab
    3⤵
    PID:3224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.19.1183242195\954313255" -parentBuildID 20221007134813 -prefsHandle 7704 -prefMapHandle 7700 -prefsLen 26607 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b66b1b3f-a0ba-4855-9779-700521dfc0a1} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 7716 20d44558 rdd
    3⤵
    PID:3288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.20.651734774\1868674588" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3884 -prefMapHandle 848 -prefsLen 26607 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abe0feae-3c7f-461a-bdbb-d162fbf2f3f2} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 1936 e63558 utility
    3⤵
    PID:3620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.21.132424109\714164558" -childID 18 -isForBrowser -prefsHandle 4208 -prefMapHandle 4228 -prefsLen 26872 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8146dfae-5a41-4f03-89b8-dfbf9eaec3de} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 4220 1863f258 tab
    3⤵
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2764.22.1278910341\482798413" -childID 19 -isForBrowser -prefsHandle 7988 -prefMapHandle 7872 -prefsLen 26872 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cd8da3c-61e9-4af9-a480-629bd16dc994} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" 7840 20fbb458 tab
    3⤵
    PID:3796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
e64590e821afe391fa97eb314a5f582c

SHA1
f1cec577a3c66252bc25ca8f9199ae57ebd8fc54

SHA256
6563fe440a035882dc1e421a9e251c06ef9e04e3dd49ee362a491462287d0264

SHA512
b98546400bfc45530080e5a92e4cebfa436378b47f3696ba84ecc50d8a336dce2b891fe8f86f1c6ee32b5137ab87d87b490c59ef0eaa1f6baea8eede61b3b334

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
d1293b19ada151d655589d190fae381f

SHA1
f48ac880ebb29de9502f7c3b0ba6df4e5fa6f8e1

SHA256
ab015c5027e08c160236c1b952d4224a7c7458481e48c4f9becbbdaaa2020519

SHA512
e74658de6dfcec11048fbb31755ba24202dca053dbf81223330ee20af383443ba2e56535a30508910375757bd08be6225e04224704bf1e53513b272a029086dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\doomed\28739

Filesize
7KB

MD5
af0e69c7194215ea602e4e9e5ef651eb

SHA1
cd26b729fbde5800b21dad15df568ddb8111cee7

SHA256
171880b2d543ccafd7991b86ef893685d84214c2cb37025cb5e9c6ccb13982de

SHA512
401da29670062dfea7f63e463e710e9ac6139e023c02d337c9e997b85fd6bfd299125a8d62ad400313c2e9bc34633896297d7dc828a2c15736d58d3e2f0a3710

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\doomed\5737

Filesize
23KB

MD5
b6637035b1a4eb1e6d55a74d3431bb04

SHA1
99668d7ecb0c8be97fe4cb28a2240ffaa8016f54

SHA256
c686e932509e353e630fec78c51faa58690891c2c42ed9b5d08f34f52530063d

SHA512
6fa895501093da9273e8f14414cbbedec3fd7cf49a4b1db4d80ed5529548c1a8116c5e160e72802cfe702b3b838a879dcab28845cce0b3eb85706b5be9eb5284

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\03B5794DC3776721A88197A9F46B71A6D4AFCFA0

Filesize
81KB

MD5
5240b82217b2ad8ffec55eb62d07569e

SHA1
62d42ab7b4439546b90e2e1dfe3b68721d26f3c7

SHA256
56589ec28c3e828e939f82c91589a345aea53c4614c7ae94696d3a02b80f12e9

SHA512
5a72e520f760b7a8af559422b8e78bbe61f284ddcbd8c0e177ba3f19327ef56785f84edfa9ab49d2c543378e76fb64912d14fce20f7c393f124f5a5a50431815

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\1F1BBBAB1CEDF80D401E6645617D2EED1D114FA1

Filesize
187KB

MD5
0b1097802c124bd966ca3057ea3c2cc4

SHA1
b9b4d335d93c82d24c3168e1c5d10baa66a99064

SHA256
0422f1863070c88f1f6546bbff81aefd58f4e7f8b7b1f91f32bf6aa8db017b23

SHA512
e98af8bb5ee3aee7b32e5570a575dda9469b4e5849ec6ce51a9908383412ab30386ee0db3c517407b20049656f3fb57d13066d3f1cb35eff32e52933ec5386b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\52D11129AA099DB07364CABBE4176EE96467742C

Filesize
16KB

MD5
36e369bc0f07d99660429d28e37d6250

SHA1
0e67a47ec08e6ecdc938b27e700c64ebda20e584

SHA256
ebbf9e671da6aeb944aef61a17d40024982cf487150f58b35a545184378f032f

SHA512
3d8a5847de2082956ad2b8066ae9aba7c3d852ae8617fbbedd258bf7325fcd702d83da6ad53725e9a18a56d11f8543b6044db24655284ffd1737724eafd4fbc8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\8328BD17D5875D40E73168579F6B1719A21358A1

Filesize
1.1MB

MD5
8fa15156805fd595518d71a1d76fb95a

SHA1
374491a713f533cd370a4dc02b15519e14f3c9b9

SHA256
1a1823b137b83d5c3d95c49914b7e75729d1add3eb22d6514dd25c9dec728f57

SHA512
e52f351f4a841d2dc07e898e971be90deefd32b743d354c80a81a6770524dee0c74e19dc9b3c6532dfb01a9aa9eafb8904dd9a37027cfe608e15c2fd58fe3006

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\88E7164D0C7B3CD7A889BD677AF592AE3E44C6EB

Filesize
442KB

MD5
bd34f87e07cd01bebe2d57a50ab33e6b

SHA1
6944e7d90585ac5902c4a5753afa69a944216652

SHA256
daf8bf6934cd131f73885bbe0d4b5a09144669e29599e60a98d0a47203effe9e

SHA512
3b1b25778a2e2e92e9b0e1b56dbd428ebd92905ce26199b73bfab67acdfc97476b39a632a4eadeaa6ff04f02a4a1bb62d126eb198e5309b407a8a800fe7eb61e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\AD9B2E7EE7FEA7852D0725CAA4DE9B8CF7721508

Filesize
23KB

MD5
9950c2999820477dfaada3a719b421b7

SHA1
7d436f35889721035cdbc0f9960f035da0dfe523

SHA256
1e9593b00ebd1f8d7165576b3a331aa60549d1cfbbea09cadba6c1e8840ea2f9

SHA512
eb1bb8f7b3d27f61c02ed48b4aa6e0d65a40b23731a6bf3b55f1dcd5f4b808800d68be11eaeeb4ffa68a54e10e714d1335cde26433216b19e937d6f8fd459811

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\BE180CC24D94DAE8C6AAB72806F77D0D32E0861E

Filesize
220KB

MD5
7943a522066692fae909b1b7a66431dd

SHA1
c02e8073434f0c644ef89c4037ae897da10253e0

SHA256
2cc02f14355d919e3eea74bcf8cd1ac673b35248379701be70ca468017d4efdb

SHA512
02ef351490f1df1cf582cd1aeb6bd7dd7287d64be443e764c19a7e498f52e0161e4535e6868d70d68e7ea5ef34a6fa8dc960b5d5f01b548f3d503a4a280df664

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\jumpListCache\KOJTyU6WeanB0yFdhs5ZoA==.ico

Filesize
756B

MD5
b504ed863151187b5b454a19576850fc

SHA1
987c4753c3fd990a4c30da56e3b828ffa4614acf

SHA256
3d7dbfd58ae7c5c44b77fa591375ee8a66725967c9bee887df26abd448c09adc

SHA512
e048261405f0b2a38d97b3bbedd3bce9baf22062bc43a0a2c787e8704a67f299b0ea4c1584d4d3baa7ad3e2514777fce415df09941c260ddb1cca66057241658

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
eaba43610a3443e2a546ee2931f9e638

SHA1
705cff3759f1e01951d818b454f298c6e0061d7d

SHA256
be3f8ce15866631ae7285b0d2b455107ecbdad802d21c21fa540a45879baa1bb

SHA512
99676162d4b2ac69d9a15c19815bd5735461365750f64f317c22af64d5eabecdfd1fd4c9653112306d9f64b0ae5e1b86936a80f1285d0bc5f0a50cfaead53d47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\db\data.safe.bin

Filesize
19KB

MD5
7b8a7607639f95c9e28b6724a0309a8f

SHA1
d1ddb24d54cbc55dd9f721da5a205570fe738823

SHA256
0b117c2edcaf67448b021953ffb40c8fb56547851def2d935bef734f5c4f37e5

SHA512
b11142477044013dd9243d94bb74e0486ab1990383a59c2ce7ffda031ff09b2195c9d9e1d90c32203e72171049341779b5acc56bb92095632387e282c27cbb5f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
62592d47e08f09ecb79b6250724b100f

SHA1
3c770fef95d12857169b2db4c80c7baed2d7143a

SHA256
202b4b60164d0380824a822577268f0d01f57c09d9a39c19e0d49c907c9e9af8

SHA512
d84eb559984b724f13581737230daa646f84b4e59e13b682fa8fa8c883d269f1e0adba5fc049c6abed8d654a43ae7f3c98eacdd5c97cfa012fb63616e161849e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\pending_pings\04c3f0c6-e657-4899-a1be-d311e91807cd

Filesize
1KB

MD5
432cd664786aa2ab2860e056848d161e

SHA1
2b6f9fb37b5e0b38c5bc898aedef27e1d7261a86

SHA256
269049a3e156b948999ffd50aea8884f1d3738ad86f3206850fc62da5fff5755

SHA512
bbe6d567c27ffc8f62617c0cbd42bd643949959dc9ae3f3f8a46a8418a4d9cdb20138937557b6ad867b7a5dee648d951ca848e9ff16fe1da0f78388d048d1ffa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\pending_pings\0c8c59e8-3065-45b1-b51e-9ad714946ca5

Filesize
733B

MD5
40e767a2de709cdaaba0cf26c740e485

SHA1
b3e68b3173c169efd24e3245d63a9f9814db2d9b

SHA256
2761e5ab840d40898b203175dba4d42b824156f63a3b67eea7a4d2c2467823b7

SHA512
b709afe1488e2d5123ec6e835add5c27c15a02c8d9011dad10239b68d390c11c5eea23bd597c0091f423800ca76df1ba7512a8bbb9dfc1d40aea60c713bca1df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\pending_pings\15221cfe-c57b-41fc-9f58-6644c6651260

Filesize
855B

MD5
5568c5ec84226663b4cf634a092c80dd

SHA1
a18123ac02ed7e6870204c73b9ba5a7111eedd5d

SHA256
bad16af90422310e25a3a2c2ff1cd638b0c01f4cfea0f14b0a1bf2795a7fe8fc

SHA512
b21d6f9d043c6e29805574fb2893233593a1aca160ecdd8c8a4f75c4876b4a9fed276f29856947338500d483ddf20b2ea568cd90889b92cf2b247338b74398e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
6KB

MD5
cc6f13fb0ca260891a8d5355b0bef80b

SHA1
e95ac38628570a701454334d730a21521809c65e

SHA256
47b4590f7718bcb9f98c2581650bded9b963fefb3b7b2f6927b85eac0f3a535e

SHA512
aafeeb6a171ee26d56863a98612ac7875360bcc31b91eb992ee4ccf9ed6895f62299158b4cb71d47f8f1b0f022a28da217dba5db0de2ec975e6eca2a16259006

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs.js

Filesize
6KB

MD5
6965fb8be3d6a25161a2b39ab9c48f2d

SHA1
91a9806f585b516c7a613c0a91192b97038c6b91

SHA256
248df3b075b1074ca31427ba683fc27264def7aaf745788c3bb92fa7251087d2

SHA512
425da49bb6e67f4ea247871d09afcea3ad9730643c3298bce5c7a725bc54127721bf9aa400884077bec8683b8e40c6ffd8aabb289471d458405d79b0499eab3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs.js

Filesize
6KB

MD5
103cb4ac9007be4130fcb955378374e7

SHA1
f979b0838882cd80a5e7cd9fb744f9acceb53ff0

SHA256
caa8f0e3ad6d89ed7c944d6e24250a79695c0907a07bc7b46800965f4700b0e7

SHA512
5522f5e8ed1e1f6c3f8e48390f2645e56dd41cc13761c6c00022654cb6b1122ddd9d772c25c3ae1dc66dd8653297268fa4c71ee3cb602446f402c196d3295d1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
9239474242da7b2496719a571dab8d81

SHA1
4ead1fb2f8d0df3868c1fe2b290d83f3c48168da

SHA256
a6250a300204b439619f0ff9717a65b8e4a5cdc0a1b1d586d4519cfec72435f3

SHA512
7da9df39e1cb10f61649a8e7afa8fbc975426e634f3a05cfb485807d1459c653f8b64f465c65900f1c7e7232b6de8b743e7d5fa139fc0fdd11c049cca576c912

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e5dcfa82249156c413b51bbccbacecc1

SHA1
ec8f3b79c4f5824feb1c022678162bd4f47ddaf9

SHA256
1a8773f9beba1bbfd14dfc0cfc605a9a31110b9031f6ee5c743c018310d9f759

SHA512
2724ef1958326f9ca21c3494b3b7876280699541a637e4b8a2ae5e0cbb5f7c504e4aa687fcefff405eba0ac39261c22ce6813c3dec152804953ef381728c8b8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
d29f625542b09a576393dac5d5b6e9f7

SHA1
dbbb2829c1ce70a90081c88ac5f38d8ce2861edd

SHA256
42b0cf7396211fb5edf21cde37484fe89aa4931c9670fadbdd2593a3eb02ce4a

SHA512
21aca821d58eb0bb22068f225535a4128ed45ae2df3b777fe5e2b0d9c83d0b3bf1f12e47c5fc072983628b954fd6d35bce17eb962e21fd270bb13c2e7fba89f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
2557a0afb980323feb3f4534bf2bc7c9

SHA1
d6772d81fff7d015db404e32e2e59ae6709e1be9

SHA256
6ef24224a8fed0a3f278a7146f947e93501f7100c1b0ce350e4e7876da38237a

SHA512
ba1159c734163ee72d476aa4ae1a98657b1656cec50d3406484bcbc7d7440cce02871eb0517d7bcc1b4aa54e9f84d1121efd948f81627576a59e11c3ac0b9ff3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
f1b1c7fcad8096b1ee6584a7be2e7cfa

SHA1
1855f87120d15d5986e7909e1127c8ad983b6678

SHA256
0fd94427e74155d603cf19dc25845cb0fe0d2056067889ea81482ba013179607

SHA512
eed9d1d9d177cd7405a75f5a292ac649278b9eeca5d35dec6d21bd5c64e0e81383d6058ef22e27faa8467a1ad6ee31d0efbe0fce162436dfcca1bff81f2278a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
4d80fa0ca67d4c7b0693912e71200b48

SHA1
090b8115678c22912a6580b32749ffc0bbceec55

SHA256
9bc48bda9fd449b14e89006558eceba6ba0b348ec7ce50155c94afa441de43c6

SHA512
c3147c33fbeea8191f3b03f3fdff0c3bb08e85edb4674e1ed4502e9f00fbf3acd4119b3d841d0bdc0b4ae2f90011cc1d887ba581c1f4a1aa92f96d38225ec3f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
0952ad0de5e2e72e9c5863e40d80ea4b

SHA1
623bf8945c83fd969f6c11a99d723e11128edad3

SHA256
7ddc1220d67ade040bf228fad58c52a3920fad80c7f36c0df371f2ccebc6586b

SHA512
a6332d6b88fc0b22bfb2804ccd9aa832422b35aba6194dff1555da4822b1478aa6a9c8d4bbd69ab26a1f2c1a74ec83ceeeeab121806c12d3eba800f1b39df83d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
cedee34e6a31e6ffabf81b6709b11513

SHA1
1699fde4c18c3ce7dac625918145f94e07de68c5

SHA256
1df6c74fab7a7559dd7442bf1680519396383b2748b0540cd661738f91ec142b

SHA512
e0c22fa2e03742df308ca32826e37c3c59bcaccdadd3a0fe295cf2f5de37f2a7e6e7e3cb6a6ee9ab50d67b89a8b68adb14044701e340c221cb33d6d3beacf27e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
5c4ae09156a20076fb768e5c9f51764f

SHA1
4b6f4f9610f8b7f3879a45c1aaeb1c65a82b71f0

SHA256
7409fb6d405648b7e341acb53049eb5896f3cbe8e8a29430425696e96c4d5e18

SHA512
942e80bc7101830db614c7132d250e799ed13a3092f193a7c7d2a71251fd9be5f07d7baf8a4507443a980ccb2cfc538a5e559289c6f0fea96763ee7c37ac0f62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\storage\default\https+++hianime.to\cache\morgue\145\{6702578b-a7a1-4bf1-860f-73d136214891}.final

Filesize
437B

MD5
9bb6bdf8cc0356806d16ee9197cfc012

SHA1
cbdc7451b9ccf92627de2e64edf1be53594a6822

SHA256
b2386b5b38ce2b22fadacb1cf83b7ef4108cfa63170c801ae0bae7212fdb9e66

SHA512
06165a07d5a4c976fed17bd8299ded055b89da4bd5a85893b775a6592d54f8eddaeb3687a6084633c00862b59159a09a9dc21bf31592a782461a1e45eba5fd5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\storage\default\https+++megacloud.tv^partitionKey=%28https%2Chianime.to%29\ls\usage

Filesize
12B

MD5
906a096bf8c1596f82c27866815b4e98

SHA1
9935e9b0de8525df6ca6133df31253ef46af3258

SHA256
28cfd915b37ddb78e2104034d0c0fee751168c25ca646b912658f63d51654421

SHA512
a438277ca11d071eceb025eb0ff84604350052f9ca281edc13db59668804b5852d409f68f5ce1b5bdc3720d3c4ca7fc4bb5a2bea1f19459d0c2c308f17865224

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\storage\default\https+++megacloud.tv^partitionKey=%28https%2Chianime.to%29\ls\usage

Filesize
12B

MD5
022d9495ffaeea2706fbe9b0e1061221

SHA1
9365fdd74e28ba70f594227d34425bd526c2d862

SHA256
c815060fab5013dfda2ef6743dc6d800f82ee5418a22004edb520c067ccf2f51

SHA512
7136c0e6e25c66f485163b056622d056cac9edd20cd24bf494c79e7d8f7c90aace81e0f1636675da22662477d39811e9be4746a60784bdc23daccbf4df845131

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\storage\default\https+++megacloud.tv^partitionKey=%28https%2Chianime.to%29\ls\usage

Filesize
12B

MD5
9924644eb87085f2bff21794e44d63b3

SHA1
de01e54aa3534e08f58bb5d11117d539b94af673

SHA256
d0b0ba5af6951313cf7a91ae20b8229b2b32165cdecfea7b80be8a34411fa28d

SHA512
7d2cf7e8e2b94dd483a51c7a2fa8f6467c990e56eb672cf937971c2b9237556c8d2a5e08d068364f9d6411cf49b3e36a189456de8717b12cde84e86599c69fdf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\storage\default\https+++megacloud.tv^partitionKey=%28https%2Chianime.to%29\ls\usage

Filesize
12B

MD5
8c76267deb754bbb1f7a9a798d626a9a

SHA1
bc35122c891d132da3dce2d9c1198f4d5929b55f

SHA256
7853acb32a99b8240be46b33dae3d1e92c61cb16693e1fb42400f779401b5113

SHA512
ced7c0acab588fba70a1fc202d519747797faf37d0c2f81b4ef1f9061eb2cdb414cc955f480a6db31384607fbacef9b52e5852f7f54688ba3b01fd6634d82193

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\storage\default\https+++megacloud.tv^partitionKey=%28https%2Chianime.to%29\ls\usage

Filesize
12B

MD5
a88369dc0cb3299b065f4b3e014aaf41

SHA1
35f21138bec46dcb0af9680581f90c1c914e10c8

SHA256
6e0c07ea2b6733f4a40a1efe13ed7e3d848aac0ddf27bc0e6bbd8b6fc4ed9d9c

SHA512
1bb1f01b7cef28bd148eea4004f4a678440a07455d3b2d722611f05f970dcd723ebd17fcb368d580da06c6fc5930bdebdc6ee258d73a87b4268cf89ae90b56b1

Download Submit