Analysis
-
max time kernel
91s -
max time network
207s -
platform
windows11-21h2_x64 -
resource
win11-20240730-en -
resource tags
arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system -
submitted
30-07-2024 19:11
Behavioral task
behavioral1
Sample
Encryption Loader.exe
Resource
win11-20240730-en
Behavioral task
behavioral2
Sample
discord_token_grabber.pyc
Resource
win11-20240709-en
Behavioral task
behavioral3
Sample
get_cookies.pyc
Resource
win11-20240729-en
Behavioral task
behavioral4
Sample
misc.pyc
Resource
win11-20240730-en
Behavioral task
behavioral5
Sample
passwords_grabber.pyc
Resource
win11-20240730-en
General
-
Target
source_prepared.pyc
-
Size
168KB
-
MD5
570f198746afd85965169e816b15c53b
-
SHA1
44036e9f22834ea855273463feaf4f91e29cd8ea
-
SHA256
7286bf38b8dc83cf59642eb3ca9552945790cc7a8186482ba3a6875a03f36b85
-
SHA512
0e22b06ca08d0b6f0b750aa2e91b67124799ffbdbb344515a8de6fcaff44966d787c4964f157441f2db1cfe566836a366d1af8c9e1e1387c7ede85ab7c87f609
-
SSDEEP
3072:xtRaOO9D4SDzvFoXPZTJ0pZXScT0sMIvdXzMsTWP:7RaOO9D4S/Fo4pUY0sKsS
Malware Config
Signatures
-
Detect Pysilon 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\Downloads\lCx6aA_c.pyc.part pysilon -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 18 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exefirefox.exefirefox.exefirefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 10 IoCs
Processes:
cmd.exeOpenWith.exefirefox.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\pyc_auto_file\shell\open OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\pyc_auto_file\shell OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\pyc_auto_file\shell\open\command OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\.pyc OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\pyc_auto_file OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\.pyc\ = "pyc_auto_file" OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-1872973762-1326452598-87257502-1000_Classes\pyc_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
OpenWith.exepid process 3760 OpenWith.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
firefox.exedescription pid process Token: SeDebugPrivilege 5092 firefox.exe Token: SeDebugPrivilege 5092 firefox.exe Token: SeDebugPrivilege 5092 firefox.exe Token: SeDebugPrivilege 5092 firefox.exe -
Suspicious use of FindShellTrayWindow 29 IoCs
Processes:
firefox.exepid process 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe -
Suspicious use of SendNotifyMessage 8 IoCs
Processes:
firefox.exepid process 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe -
Suspicious use of SetWindowsHookEx 35 IoCs
Processes:
OpenWith.exefirefox.exepid process 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 3760 OpenWith.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe 5092 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
OpenWith.exefirefox.exefirefox.exedescription pid process target process PID 3760 wrote to memory of 4552 3760 OpenWith.exe firefox.exe PID 3760 wrote to memory of 4552 3760 OpenWith.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 4552 wrote to memory of 5092 4552 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 3896 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 4916 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 4916 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 4916 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 4916 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 4916 5092 firefox.exe firefox.exe PID 5092 wrote to memory of 4916 5092 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc1⤵
- Modifies registry class
PID:1992
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3760 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc"2⤵
- Suspicious use of WriteProcessMemory
PID:4552 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\source_prepared.pyc3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5092 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea62c035-9b8c-4254-b43c-28b30941369e} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" gpu4⤵PID:3896
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2336 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f674e14-8fe5-48d2-a929-0f4daab733f9} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" socket4⤵
- Checks processor information in registry
PID:4916 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2940 -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2956 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a4b48ca-2f9f-449d-8171-448ec58a0185} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" tab4⤵PID:5080
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 2 -isForBrowser -prefsHandle 3064 -prefMapHandle 3096 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd62a415-d0f2-435a-8aba-bd2b0a96ecea} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" tab4⤵PID:1128
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4640 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4636 -prefMapHandle 4632 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7432ad03-b2b2-4e59-b334-55e885d59c64} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" utility4⤵
- Checks processor information in registry
PID:4296 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 3 -isForBrowser -prefsHandle 5596 -prefMapHandle 5588 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a46a23b2-052d-4d92-b8a3-ab5bab67a13d} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" tab4⤵PID:4160
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5828 -childID 4 -isForBrowser -prefsHandle 5744 -prefMapHandle 5748 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2e6618d-32ba-4d96-876c-8d6649bdcffd} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" tab4⤵PID:1652
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5736 -childID 5 -isForBrowser -prefsHandle 5964 -prefMapHandle 5968 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54f3f29a-39ba-465b-a7fb-ade8abb282ec} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" tab4⤵PID:812
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6156 -childID 6 -isForBrowser -prefsHandle 5968 -prefMapHandle 6164 -prefsLen 29235 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cafedfe-cea5-454a-ba3f-22d7e173a2e6} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" tab4⤵PID:332
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6596 -childID 7 -isForBrowser -prefsHandle 6588 -prefMapHandle 6584 -prefsLen 27170 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b45f0a8-5d26-4ef7-a2fa-4f0bf0ede288} 5092 "\\.\pipe\gecko-crash-server-pipe.5092" tab4⤵PID:2340
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\source_prepared.pyc"1⤵PID:72
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\source_prepared.pyc2⤵
- Checks processor information in registry
PID:3392
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\activity-stream.discovery_stream.json
Filesize21KB
MD516b95cd91a641852440d6fdd966dc466
SHA11e30f3850f929d362d6f53e8d0afbab60557135d
SHA256d0370e6f5bbd58ad7fa05da59ba4597f321b4529d1f5c0c539b0636f88040296
SHA51277fa85f4d9512204e02fbd1a44c68fd4dcdf3d4e3460e0dc474b913cbd54148287ce44b0bc6bb7b324145c21194b2f44733e1b44f503787cb2c89c9994a95fa5
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t10v9lxo.default-release\activity-stream.discovery_stream.json.tmp
Filesize19KB
MD5b7b2a534f8ba8339e2afbdf75fed2df5
SHA1e27bb2ee2764e4c5ab80a48dcf23963a304d9f64
SHA25644a21d8b0e8c5d3c6e36bd7e6ce81261ec07643b1c4cd2815dce31301bdcff88
SHA512b1bf7cac88118d5e7ff439c9d4dcf2bf3bc3e209c0918f6d0a054773084b42744b3a66a9701bd1805de4834d8b4c693b9ec66c0e38922090055fa1bd9e495855
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\AlternateServices.bin
Filesize8KB
MD54727d98e23a088a2c27d747c3072a40a
SHA17ea8ce9830a8edb2844e6697aefee5e77f32097d
SHA2569f1e73479fac116b6b0b9cae0dc3793f1907cedf0a817c757538321aafca6fa5
SHA512e30d2f9d64bb98d72c3dc3317a654ae5fbb2f2c4ae379881bf9cc04199507f3af1138912a02501290e5f154e03a80676bab252dbc144dc16db6c6d3f3d077a31
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp
Filesize23KB
MD590ecbee48d2ef0471e3dd1aa2188404c
SHA1afac3ea4615db602bdb853ee3c67c6961b414095
SHA2569cdf8b46efdc1fd10da9bada4e5afd14a064a19775fba8d88feda04cbdaaca75
SHA512bfd78aff00cc658a561b83943b3384295af5505003de13bd9a861b2ab916f0e913471dcd96cf7e724ce69749288d9ddbf8e68ee7570fb68724578c2d778c139e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp
Filesize22KB
MD53b4764402668d392ba889e3daa8da890
SHA1268e7efabe427eeb04921191f85f5471a146c736
SHA25695e58227f90409487a2d2adcbe9110ef14072f66677d3e5828958a009fa2136d
SHA5124a82511aee7fae65d94deccd6928c11bb6864b4bf8718f24dafd1ec14d3a26d1f5df8c1bb0da8614b597a439138845c6c70e8d8ddfa4b4e21461c85c54cadcb8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp
Filesize22KB
MD5e283706cfa34ad2f94462c6b3b24514c
SHA159e61af4c9c3bdd2f0f005606b9ecf029efb94c4
SHA256626be39b8da3e2db886e6f1cc7988dcf7246d283beec584d1413d6680397ef9e
SHA5129fb9d221ef1e8db030622487a3afc7fda76da10925547762b91cbbbc00bf153a7d5c2214ad1671c059731273871f67aabf602e784056d6f020fec61d0b32aa27
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\db\data.safe.tmp
Filesize21KB
MD569b96771acafea7c0e7604e6075189d0
SHA1f105a2ca69d45f73fa070dd19db70fd4bd75cace
SHA2566ab2554ac697d838f340c5136480ffba9a53945fe773de87ff32b0e2a7645133
SHA512139996e71aebcddcad56e5fac13e7ee6692cb1540f92ae1fbc053fd62b60cb776ab8d2dbdf9ee013fb194c91d857b370abef1f3114f536e0611036573e77759b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\pending_pings\9e3b3135-bd53-432b-b711-2d6ced1aa3a5
Filesize659B
MD56fe5f4b1a6ef83ae796ff0ff54a02fd9
SHA1d29323ebd0b4f74cafc85ba50929ac0cd9aac0ac
SHA2565a895af7743612bbb015252a9d36a9f34031bd03e5dac8f441ae736e22a57a6b
SHA5120ca312b29a891bb3455d61c6ec08a1b351a29c19057fc46502c69e258d128b55906e533d21c5cc2feb8821d7fe3bf1f1e9211037eed2d6c2be7f09b91f92e25e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\datareporting\glean\pending_pings\ff68d73d-c72d-419e-bca9-ce1e4d251f88
Filesize982B
MD5926bcd613cccc50689816ce019aac2d1
SHA192cfa9ab2c9a30d7ac6d8614fc610104de3f982c
SHA25601f244c8e3100b0fd1e6904bbb53e5337e298552bb1d320c8ec52006406d1817
SHA512cb86880c626f75b5a21ff5641a45ddd65a869dabb392f62434ec37751e35d12d24d5ba4b0a85ff18b8cff09d5bd2a3ea4d2607eeb889ec96383acc4d6b223728
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD51e3feda3b7f06285742a16399adcd67d
SHA11f3d3ce5684145a78dea71a70dc615dc6931c36e
SHA256b581ffc8832334e34352bbaee01ed1a5c0c7f3d2132e9eb0ce9237bc560aa0fb
SHA512dad0d0a2f83cfdd6a7d35ba2517b28d00ca7474b68b40cb020a3391475e490bc267f28b6b0cb9fd731d637ddf1d8dfa71d02d80b2d009306d146d380a87efe7f
-
Filesize
11KB
MD561a582a83e0a7940e42b294cb244c224
SHA147cf37bde52b2778d140a6bc869fd3c4d2021e3a
SHA2561fabac8443578de79c1bccbbdcf1cb6aed21effd18d810c52570c150d19ba3cf
SHA512fa660d623446e0d22a8588cc23b7bab67fcbac5d879310100a64c369061eb449ae5bf4a0dfc2b0b6cbe4c326b04afe774adc91f335cf1e8a66283f04dcfdcc51
-
Filesize
10KB
MD56419734a72dab5109863d5fb57557d94
SHA165bd6e8f1b14d4d04b0b1fd01c037813a868e6fa
SHA256690621a8329f867331bba3b4ee6f3c1fb0026ee037ecbe908fd266cd9c0b1fc6
SHA5126a2a32df27cf4c3addaae63c876d35c3c7aea1b8e8a4fa4c28f2b6c5d83aefd621dce99c369e4b63468a11ffb26abe61536798a0ac7590fdeabf612a25c67715
-
Filesize
11KB
MD51a8dcc3c25addba23936e0d44b4f8c54
SHA1eebb73a7f52951d9f42626cd90deacbb87d16f00
SHA25697dfc650ab6e3ac6f405f4c53276dbba7a621f0590a870e93844dadbc1b4d789
SHA51241f2c1916f7b9c6a87279673a64e780fdb882639c915805a47c72d71314b56d3c82d1e1f76d37bdd27fbe4faede5595008231ee046dd0c9318455d602b2dfa6d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\sessionCheckpoints.json.tmp
Filesize288B
MD5362985746d24dbb2b166089f30cd1bb7
SHA16520fc33381879a120165ede6a0f8aadf9013d3b
SHA256b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e
SHA5120e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t10v9lxo.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD51fcdab7184b05121119d0b0a184cb10c
SHA12f1e7b2bc9c05aead454d25b581c96447d0f2563
SHA256d0beda823713aac23a15dcc56149b884034dfe7bf8ea99cec07812d89c80a751
SHA512c72b2835fd94c505ca06349935c9f5a787b7c82ae605ae7a6263cbc9b8c137308b3b17721b7abd91bc71b3a9e58bd47e5cd17fcb11e3ec8f44307eb7885c48d0
-
Filesize
168KB
MD5570f198746afd85965169e816b15c53b
SHA144036e9f22834ea855273463feaf4f91e29cd8ea
SHA2567286bf38b8dc83cf59642eb3ca9552945790cc7a8186482ba3a6875a03f36b85
SHA5120e22b06ca08d0b6f0b750aa2e91b67124799ffbdbb344515a8de6fcaff44966d787c4964f157441f2db1cfe566836a366d1af8c9e1e1387c7ede85ab7c87f609