hxxps://jetray[.]itch[.]io/roblox-filtering-disabled/download/eyJpZCI6MjA4MjA1MywiZXhwaXJlcyI6MTcyODQyODUxNn0%3d[.]BxAfOBkm7RCzLZgt3gI1VBXNVCU%3d

Analysis

max time kernel
1512s
max time network
1597s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09/10/2024, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jetray.itch.io/roblox-filtering-disabled/download/eyJpZCI6MjA4MjA1MywiZXhwaXJlcyI6MTcyODQyODUxNn0%3d.BxAfOBkm7RCzLZgt3gI1VBXNVCU%3d

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3324	firefox.exe
Token: SeDebugPrivilege	3324	firefox.exe
Token: SeDebugPrivilege	3324	firefox.exe
Token: SeDebugPrivilege	3324	firefox.exe
Token: SeDebugPrivilege	3324	firefox.exe
Token: SeDebugPrivilege	3324	firefox.exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe
3324	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3324	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 4740 wrote to memory of 3324	4740	firefox.exe	72
PID 3324 wrote to memory of 4668	3324	firefox.exe	73
PID 3324 wrote to memory of 4668	3324	firefox.exe	73
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 1896	3324	firefox.exe	74
PID 3324 wrote to memory of 380	3324	firefox.exe	75
PID 3324 wrote to memory of 380	3324	firefox.exe	75
PID 3324 wrote to memory of 380	3324	firefox.exe	75

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://jetray.itch.io/roblox-filtering-disabled/download/eyJpZCI6MjA4MjA1MywiZXhwaXJlcyI6MTcyODQyODUxNn0%3d.BxAfOBkm7RCzLZgt3gI1VBXNVCU%3d"
1⤵
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://jetray.itch.io/roblox-filtering-disabled/download/eyJpZCI6MjA4MjA1MywiZXhwaXJlcyI6MTcyODQyODUxNn0%3d.BxAfOBkm7RCzLZgt3gI1VBXNVCU%3d
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.0.2016803823\2010696793" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1724 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eef4412a-6d3c-4d66-8a94-3dccfde3e4e1} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 1808 264b78c3758 gpu
    3⤵
    PID:4668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.1.1337022016\360083250" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4bd9f2e-741d-4a12-83fc-f242f515830e} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 2184 264ac87ab58 socket
    3⤵
    PID:1896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.2.913726548\166888224" -childID 1 -isForBrowser -prefsHandle 2788 -prefMapHandle 2948 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f445832c-2547-4039-99a6-5f83e2fe52fb} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 2904 264bb7ce058 tab
    3⤵
    PID:380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.3.1920271528\1487347093" -childID 2 -isForBrowser -prefsHandle 3708 -prefMapHandle 3704 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e31544f9-9a02-421b-b571-6831a41135b3} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 3656 264bcac3c58 tab
    3⤵
    PID:2348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.4.1583487650\746430322" -childID 3 -isForBrowser -prefsHandle 4788 -prefMapHandle 4784 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6664b6b1-2c75-41a6-8117-4412aed35259} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 4796 264bdfcbe58 tab
    3⤵
    PID:4512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.5.715519644\926022195" -childID 4 -isForBrowser -prefsHandle 4936 -prefMapHandle 4940 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {178a59a4-ddca-42c6-b712-8cb617e97bf8} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 4928 264bdfcd358 tab
    3⤵
    PID:3604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.6.1218211123\2022537399" -childID 5 -isForBrowser -prefsHandle 5116 -prefMapHandle 5124 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f662a352-8020-41b4-bfcb-b381824ba4f3} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 5104 264bdfcc158 tab
    3⤵
    PID:4248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.7.1113581244\1355007655" -parentBuildID 20221007134813 -prefsHandle 5524 -prefMapHandle 5448 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfc4e3b5-cd15-41f0-a977-f1eaa6718241} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 5532 264bf3bf958 rdd
    3⤵
    PID:2944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.8.2004303772\1502031789" -childID 6 -isForBrowser -prefsHandle 5784 -prefMapHandle 5680 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3208377-c5a3-4621-b896-8ea39cbf8dc8} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 5796 264bf6fd058 tab
    3⤵
    PID:2972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.9.553809743\218629725" -childID 7 -isForBrowser -prefsHandle 6092 -prefMapHandle 6100 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27b07a7b-0480-4178-b456-776537947b0e} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 6108 264bf387558 tab
    3⤵
    PID:4076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3324.10.907117818\435434864" -childID 8 -isForBrowser -prefsHandle 10072 -prefMapHandle 10080 -prefsLen 26503 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {203377ed-7075-481d-a738-d13102b46762} 3324 "\\.\pipe\gecko-crash-server-pipe.3324" 10060 264bb74bf58 tab
    3⤵
    PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\29250

Filesize
15KB

MD5
e63f8b6fd3b68d5342648edd11179463

SHA1
abcf9c3547355494ccfc491bd0e777555916ce2b

SHA256
4678cedfcef6605c4d5276b643c49200ad3a050b30c8fdfa604a952159bbe6a0

SHA512
82562c7bcb72933a51ccad62468147918a1b18c25e91871d1b4a78fe857640ce3d2af36fa8bd33343f6438c905dab895897f69d7c8d8ae8ddf41dc190bef28dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7F34D320F5B033BA8189CEC7C732CBF697D610DF

Filesize
222KB

MD5
b2a634453d3cb3db168775fc9a64fb40

SHA1
13c2fd7c8cca8666036870b51d5be24a9ca55a94

SHA256
6eb7417cdad5dcab9d7fb8cab5ca373fd7ec93cfec4df26b74caea5f1209cf07

SHA512
b0cd28a38909d6e39b9094f6149d98fb88a0092580f22c71e393b72690de25e87f471821d096e5c6a595ff0e1419bcbdef5f25f43aeb40acbb34bc82832617c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\853DB5B8D3E415296312186C9B7CBAC0450FE31B

Filesize
24KB

MD5
c6f699e2ccbe7123e8ed43f85891d716

SHA1
9b370922b3f2dbe98c154a72147b4389726b592e

SHA256
10c85f947ff8ae831320c150119b6e2c6c2db6c0e4e5aec8966072a6c9d58dbe

SHA512
c4d4ee9dd8aa6011dfb7079ad04675519f03b2c6034978ccea77b8e05e6bf4a430c4244a98d518dc319a1d04e760d79b3b5f1f59c5da3c54713ce74fc8d2d9a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\B424C714E910E9D5804AE31149EC880C7A333346

Filesize
23KB

MD5
bd241d9662a813fd65e04c4a20e0e607

SHA1
6b542ae3f783a144a46dc99934578bb87e5af94d

SHA256
f77929a819357c34dd725461f96884379f164987c8421791e0567ba6491a569a

SHA512
aaff32f7492fb1da12dee076192be22db3a469aa41ae874a0929bcc8d2f39a7f908353c280caecd363378b0b15c64d941a7f864702303ba82403a391b949bc2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FAEE03821D5B5DAEC933493BC37E95F80C91D18A

Filesize
61KB

MD5
ae210bc4638ef416ea38e6d15a812f48

SHA1
b7122e609eb93398452f9d0116b07f4f117a9d85

SHA256
c190eca88a219a6c78865d743924c77ced237671086f5aebacda27a80522bae3

SHA512
efa459d63c83b3666777be276d7273d2296dcf1d9eee275e5d4b21c94e9a2fd49a1e1658c1b09905f65761878586eb9f78e52b6090a1888ec01897d79c5aa1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
7bdd7eaf98c150a20f24ffa94ad5bfb5

SHA1
15aa2869e78d3cb678c7432266123c33d65377fd

SHA256
c103eea4d1ccbefcc375bfacf590ba66c6d5b5d5ab44c2477580fc980e60c598

SHA512
9561a67bba397f3a2094c16680d0c91a3e9a7265ed4d48184c5f97131ef41f5a6e17b336f4643cc496a2c95fe4a4a99ebd4eda286f9a8fe1f22ebfe1752f60f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-10-09_11_JYHA1IDH37kjW2ud4k03lA==.jsonlz4

Filesize
948B

MD5
7c618c5385632ed123b3929e89a9104a

SHA1
877eef304b5bca587c7f990c0b187b1fbe666e04

SHA256
0c052f029079668e4dc8f63800c6b2fd173fd97de4739e5a66d017df726f519c

SHA512
78e0c287f8367a1fb67e816d2ca7a675cf880d1a245ebc1f4633c52a54bd7fb8ba4564d7c07ceddd9f56c9efbaadb2da1ccc928f679645b3d91dcdac7c87d64e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
59c8c3a98c4827492a973a61bdf5da38

SHA1
5ea9a08530f419d508f827444c7c146e589e9f1e

SHA256
9479b1ff5df3e805930d03dbb845a418bb1c5653c07d982bab7f8292dd4f9b69

SHA512
7a2b963be7a993e84a5e65ab9b0caa048ddb82931c7f13efe686c3571eaac189ffee3d66745958da21ae887ffb7525267ee3985de2a5c472028337311f80e0a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\2f04d1cd-322d-493f-a2c2-e4575f4b5bde

Filesize
734B

MD5
05cd5da2e83d4fb0404f5f637aa2b925

SHA1
06b29788bfcb8cdad25ba44af013c8d11a38b2ce

SHA256
4aa8753765729bdce5b7d63d7aaee015110e01ca0823da8cf27beaee200d1849

SHA512
e2a91076e9aa0e6163ef61bb3808318918da0a98c0302073b6238b89e41e2af7ee638fdc232b9d88211d12a64093f607aed7bf9380370fec9f516bcfc5289e33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
42ac462677b19676ef886d38cbe3be9f

SHA1
a42edb368cc9f555206d424e671af528c2327025

SHA256
e888b17e33089bc7e3f97ce6e7568198df53059dc75cea0f48b5473ca17971f7

SHA512
34c2f7577288ae47a61bb3c20186496585ecc515efff8bbeef71c295231c05426e98ab38b02ed3c09a397c8ef5c94b65985739aa2c0409ad991d1b9485bc7e67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
661cebf87fe5637940c4b8170773f98b

SHA1
83142ef8002a74efea4077a0a1a096333a6e905e

SHA256
675b789e751945c6a56b560f178fffaff6d32058b05e46351a99f24ae09a5a15

SHA512
22ff4297ef4ca492631f61416b304f7fd66766cb351ddd6ec7adcd8a13ca25ce17cf617daa295059c6c6231a6e89da530b42478221f02a7dc4ba19aee83bb26d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
0c6cb6f042359abc309a588b0a73d2df

SHA1
d38ed81c9dfcdeeb38aa80368c5c82bebf6e224a

SHA256
3f95a57fbaec6f55431677913d59cb24556d9bd975704de8e31bfc980b66bbd9

SHA512
8b4b2eb30015215c74020a6412e8873f92268808d693acbc46183789fc9551d2295980e10128f0053d5ff424a44f3411a8a2ecb623f5cbed676332041696bb8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
1d4e6d339df57ad5eeb4fb168c51035f

SHA1
d8b15ba1f1d852181b78c9596be95f3c47a362ea

SHA256
02bdaed5d76c4c1cef24d08eeda05b5a84758f41e98258598193c97b3a4945ee

SHA512
bedaad52f8bc527d453db2b249ee7632f299717463ecb0c7c1dbe45af19c306801868d5296447453ef115f6cfeff7120edf0e01d070023a854b00e879c628b66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a50ae615cd0467bbc9b14bcda3276cb5

SHA1
960ade8da725972b9afa53b8386f0adfdb83b3b2

SHA256
0b918aafbfc28baa2b5b200713d68f1e5e0f0a34165490137852b9b3556f084a

SHA512
76674b6047b7b7363cda94a4e5d5142edf8bf36c564ca514bfecd460488db1e14bea3be9d8726a652842b6c7643dc4c708f1e84dbbf0b1936df447144cf940bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
eca704b10b26360f5684cceec4c68743

SHA1
ce733cd1531c52304e48a0764db149f20ac12442

SHA256
74fa2751442d30d5c3b266b315767f8979a2e8cb12699601736bcee51125b58c

SHA512
b3a6b8814b75a33661412e75ccc8970c20aab92818867157b6e4d3c883d17b3def1302b0903d8288524550364bcf62c2cb4c9f81fddf8e642d2adec20ea41535

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
83abab9ff55bfaf092ee8ae78e148fb6

SHA1
9e6fdd1d28a17a8fe1a7a35d67202c41ffaa53bf

SHA256
c875b4ee29af625eed2e37c5bd07a58b6530fad0ef7f86035b2164d50ee64815

SHA512
fc4a2593fb6fc95f33c23bcb52adb9693615eabb681920375ed95a2bd97bd9d87b6e332d1ec01879b22417846ac343f90279ad2970e69ddb6fa728d0dedb6400

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
50cf2e5d68fd2d7877c19db7b91b3c5a

SHA1
7e385f099506fa79d954d5f41211773f3ec3323d

SHA256
954993b9921ae52a9ac7f469ffe2326b16a33f43b39c043551c5effa750a51d4

SHA512
889c071ab7733c3f02372c553874171ac225ca9260a4ec88451b0f7f33df278877ca3681fd28d78a93f3335a67205e14e88bfa972ba3f75e76d1abd3b9616b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
ece25ea3bd17929f0b025ec85acb097f

SHA1
6f4af2fcafc0ffd65be1a9ddecfb84074d58d5c8

SHA256
2b398e1d8bf64793c674e327a5877fadb2707e644550c78e1365176d6ae50ff6

SHA512
1dded13c4ffd0956161507fb3c767c324f75b9c09ef30fc8a76d0b55395aeb11756537c2dc69d66163902b0996b535b50f295be1db3ae5907a093dcb4442301e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Citch.io%29\idb\397697096LCo7g%sCD7a%t9aeb9a9s.sqlite

Filesize
48KB

MD5
24ab337badef4e59c2fed98b25bfe55c

SHA1
b943341e468b62c9366d3a648fbd1b6d26214ee1

SHA256
c0055bc3292a979a885d937894e2340a18ef864a41a1d8c8326a4224320e3205

SHA512
cf58e54ce47ff8fc29f96f5faa8286261f9fd089647ddfff142816a5935d53be0d76a230e9abfd2d76b98f2b75b73c183b130f541c50ffa04aaf548b6563fc68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
a20c7f678e786a26edd4a4c13703d683

SHA1
556ee4d04cb92c094984ed109ae56683f30d8a22

SHA256
cd397d71c9525f50f214c32a38d874a74155a500a486689b4a76da6fadf1663f

SHA512
cc45c83d66069db6fedb234af85055af34d5d894a01bd2abb93a31dd5818357a59eb7b00108e59b29565bca2909e2a902145e1921a0f7a06a3be1bc606fcf70a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1fdc13de64cfdb8ba3fcd71aad9d33d3

SHA1
b7649cfd66d751435fa56a4b4b20daace452c692

SHA256
fa890605b23aecfebe4300d159f10096cfaba982a942c8ce829617b3de36a783

SHA512
3c9dc261a1f0a96d4433d60de03423d58f0bd63dbf5db48962372658103f16991f6da06c1670deea1e51efd2a15aae699d1d287ee377e0a457299a7dd9f691a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json

Filesize
3KB

MD5
8ea466f2fed8183fd88773c4c5f4d111

SHA1
d24d932284086071faf78c6d15ded5bda9d7bca9

SHA256
37e9e01d2c78ebcf0bf195e3d7a4c92e2eb1d5667ee95556d4119e0efb7ff2af

SHA512
779a1a3e5c72ff3ba33910cd5f49adec6b1e54dd72e6e0078ff727af1023647680fcc601347bdace1100b2388a4616ed14b753f1b56b0ea04027dc498f498878

Download Submit