Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

CDMX Línea 1.zip

windows10-2004-x64

1

railway/Ob...to.bmp

windows10-2004-x64

7

railway/Ob...up.csv

windows10-2004-x64

1

railway/Ob...lo.b3d

windows10-2004-x64

3

railway/Ob...o2.b3d

windows10-2004-x64

3

railway/Ob...UP.csv

windows10-2004-x64

1

railway/Ob...ro.bmp

windows10-2004-x64

7

railway/Ob...id.b3d

windows10-2004-x64

3

railway/Ob...ov.b3d

windows10-2004-x64

3

railway/Ob...01.bmp

windows10-2004-x64

7

railway/Ob...04.bmp

windows10-2004-x64

7

railway/Ob...op.b3d

windows10-2004-x64

3

railway/Ob...op.bmp

windows10-2004-x64

7

railway/Ob...p2.bmp

windows10-2004-x64

7

railway/Ob...p3.bmp

windows10-2004-x64

7

railway/Ob...p4.bmp

windows10-2004-x64

7

railway/Ob...p5.bmp

windows10-2004-x64

7

railway/Ob...up.bmp

windows10-2004-x64

7

railway/Ob...ro.b3d

windows10-2004-x64

3

railway/Ob...o2.b3d

windows10-2004-x64

3

railway/Ob...to.bmp

windows10-2004-x64

7

railway/Ob...o1.bmp

windows10-2004-x64

7

railway/Ob...lL.csv

windows10-2004-x64

1

railway/Ob...lR.csv

windows10-2004-x64

1

railway/Ob...ro.bmp

windows10-2004-x64

7

railway/Ob...ed.bmp

windows10-2004-x64

7

railway/Ob...01.bmp

windows10-2004-x64

7

railway/Ob...ro.b3d

windows10-2004-x64

3

railway/Ob...o2.b3d

windows10-2004-x64

3

railway/Ob...to.bmp

windows10-2004-x64

7

railway/Ob...o1.bmp

windows10-2004-x64

7

railway/Ob...lL.csv

windows10-2004-x64

1

Resubmissions

02/05/2023, 18:43

230502-xc2tmscb37 1

02/05/2023, 18:29

230502-w5bbqadh3s 7

Analysis

  • max time kernel
    301s
  • max time network
    434s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2023, 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    railway/Object/1/Estaciones/11 Isabel/WallL.csv

  • Size

    1KB

  • MD5

    194bc9560d9054511319e9f30175b8a1

  • SHA1

    1142246bc060f6a148579e2adbfb7b7783bf437c

  • SHA256

    ceb8a0080242e01a533daebddb3f6d62249823d342d03161efc177134d0efa6d

  • SHA512

    c85b0a6694eba71e82518a496d7cac1ff9a8c32dee8a35fa82f40defd9d77d2dca351898aaea25986d433aa5335fbadc8c47335d9f1e0cd5e9c5dcf14a651935

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\railway\Object\1\Estaciones\11 Isabel\WallL.csv"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2008
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1004
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4948
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.0.1070829193\319639300" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f818b1fd-634a-4b6e-a422-404b791c631e} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 1936 1a379319b58 gpu
        3⤵
          PID:680
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.1.75029330\1179801684" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34527748-af47-486a-9579-4def76ef4a00} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 2316 1a36b372e58 socket
          3⤵
            PID:2112
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.2.938407106\35206940" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 3048 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a786d82-e3ca-4284-8cf8-ccefa94cee3d} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 3040 1a37c030e58 tab
            3⤵
              PID:548
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.3.2132513962\479365800" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3532 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37c0b12e-2175-448a-9dd3-197483a3f878} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 3456 1a36b360458 tab
              3⤵
                PID:1300
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.4.273049875\992296648" -childID 3 -isForBrowser -prefsHandle 4168 -prefMapHandle 4164 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3af63711-48fb-495c-a0ef-834005cf2c4d} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 4176 1a37cfb1658 tab
                3⤵
                  PID:3796
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.5.1409089915\1749061641" -childID 4 -isForBrowser -prefsHandle 5064 -prefMapHandle 5060 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cd0791b-71d6-451c-938a-9aea465150f4} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 5072 1a37dcf9e58 tab
                  3⤵
                    PID:1516
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.7.531008919\1441644288" -childID 6 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {072a434f-5886-4159-aeb4-230d718b20a4} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 5304 1a37e8d9d58 tab
                    3⤵
                      PID:1348
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.6.720131367\289336501" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b21a3a8d-32bf-47e1-a92b-c009bbc591d7} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 5012 1a37e8d8858 tab
                      3⤵
                        PID:2192
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.8.223933330\560666853" -childID 7 -isForBrowser -prefsHandle 5724 -prefMapHandle 5740 -prefsLen 26834 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee78bac8-5f71-4f19-b823-40b5dce12dcb} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 5648 1a37eaae458 tab
                        3⤵
                          PID:4188
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.10.262171372\33986060" -childID 8 -isForBrowser -prefsHandle 6000 -prefMapHandle 5976 -prefsLen 26851 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f49e28df-6be3-4c21-b43a-3660abd22fa8} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 5992 1a37cf56858 tab
                          3⤵
                            PID:2752
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4948.9.1046208052\866414649" -parentBuildID 20221007134813 -prefsHandle 2816 -prefMapHandle 2812 -prefsLen 26851 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4625f1c9-f427-43b7-9f95-2b96a4bd2b15} 4948 "\\.\pipe\gecko-crash-server-pipe.4948" 3976 1a37cf56558 rdd
                            3⤵
                              PID:3932

                        Network

                        MITRE ATT&CK Enterprise v6

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          151KB

                          MD5

                          e520b8371ef1d7f588bb095971ec66db

                          SHA1

                          b52581f2de861742276a9f68f1705c4f7d1a3af6

                          SHA256

                          813981d71f4487677bb241bffec893a6722beea07653624a8df8b72239629bcb

                          SHA512

                          e2e73b6ef30362afbc2bef2ddb1057e0851da3097981cb5ec9db61bdbd1fbfae8b3bca1be2f5706ea82140687a9c817ab08952477a4feb32f14d657af40d7485

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E
                          Filesize

                          14KB

                          MD5

                          f2802117e69d3abe5324c7e2eb521f41

                          SHA1

                          5272a478c52b32fd158b275b96613daba583afa0

                          SHA256

                          8ab45ede658c9fcb1d45e7b83d0e110285bc2e800fdb2007f895ab3d23aed1e4

                          SHA512

                          85eea1176f0af743313d6a258d171c2c196fda3b9cb1e6ffbc884aef2266daa1cd7c80ea9f2bf49767e42f4be37ff77a4d708437a3256438df977ae8ab49162b

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          442KB

                          MD5

                          85430baed3398695717b0263807cf97c

                          SHA1

                          fffbee923cea216f50fce5d54219a188a5100f41

                          SHA256

                          a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                          SHA512

                          06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                          Filesize

                          8.0MB

                          MD5

                          a01c5ecd6108350ae23d2cddf0e77c17

                          SHA1

                          c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                          SHA256

                          345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                          SHA512

                          b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                          Filesize

                          997KB

                          MD5

                          fe3355639648c417e8307c6d051e3e37

                          SHA1

                          f54602d4b4778da21bc97c7238fc66aa68c8ee34

                          SHA256

                          1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                          SHA512

                          8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          3d33cdc0b3d281e67dd52e14435dd04f

                          SHA1

                          4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                          SHA256

                          f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                          SHA512

                          a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                          Filesize

                          479B

                          MD5

                          49ddb419d96dceb9069018535fb2e2fc

                          SHA1

                          62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                          SHA256

                          2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                          SHA512

                          48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                          Filesize

                          372B

                          MD5

                          8be33af717bb1b67fbd61c3f4b807e9e

                          SHA1

                          7cf17656d174d951957ff36810e874a134dd49e0

                          SHA256

                          e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                          SHA512

                          6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                          Filesize

                          11.8MB

                          MD5

                          33bf7b0439480effb9fb212efce87b13

                          SHA1

                          cee50f2745edc6dc291887b6075ca64d716f495a

                          SHA256

                          8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                          SHA512

                          d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                          Filesize

                          1KB

                          MD5

                          688bed3676d2104e7f17ae1cd2c59404

                          SHA1

                          952b2cdf783ac72fcb98338723e9afd38d47ad8e

                          SHA256

                          33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                          SHA512

                          7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                          Filesize

                          1KB

                          MD5

                          937326fead5fd401f6cca9118bd9ade9

                          SHA1

                          4526a57d4ae14ed29b37632c72aef3c408189d91

                          SHA256

                          68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                          SHA512

                          b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          9ad1415f2ec55e0d47a83d74609d6cec

                          SHA1

                          7aa2b9136e95c4887a8052a168f77f12642686c9

                          SHA256

                          c07e561f289f1bf1d7d7b12fe5e180d5b1b6afdbab43d071100ed8f494cb95ae

                          SHA512

                          bf4c41ee273c7aac8377f1d10c0aeb6575f13385789b752ea3a52c5a706eed6d46f747fbc871377b440a99e2220ca5554f854a56723b170be6fc5830f471fb27

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                          Filesize

                          6KB

                          MD5

                          aa027394b2d3bd016c1d2bb38c71412d

                          SHA1

                          d7f3e1f84d56200f2317b0ce442717d0d71c5b79

                          SHA256

                          016378e31d57ea69dad6ecd67b8b47de809e1a600e2565f733fdededfe51e0f0

                          SHA512

                          6948b2bfaaa2920cac315d76e37e5bcc88d8250405dd08caf52b2fb8336cdc019fe7ca9a26cecba8a4b7bfd926e14920d747a5b37659beef7b6f8bbb43f41f62

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                          Filesize

                          7KB

                          MD5

                          ed419d7ee0c4e197b310989bcb46b98b

                          SHA1

                          418e89f680f4d9bb9df05ff07bb3ee9401418d5d

                          SHA256

                          6c34271c722bab647b8bdd96979d66d172b49786f41d30c1a4a9ca1bf00baf04

                          SHA512

                          36c4707a3ccbc3346a2f499ee7448e0d639b82c916eb639aa915d8a8f52b26764b52a3199eea0a0ee82a4ef6600638b88e2b22ad75a0509e9a79b125ac85115f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                          Filesize

                          8KB

                          MD5

                          5e7cb00492600932e019987cdde331ff

                          SHA1

                          4f0d4c3de71cd071c8109949fc8d647eb1d9f525

                          SHA256

                          793973bf8a39561735b9bffdad10772129d4588355b4f253ff4897c1dc9fa090

                          SHA512

                          815a2b3c0fa30850c83763ed0c95c96731fcbb74244f33b6a60adb8ecbb27563cae2bab5478d8eff895bd761e0c556d8faa72365ec302976f29a2adb27407939

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js
                          Filesize

                          10KB

                          MD5

                          80d61e4e3beb237d2eff5c6ac817c37f

                          SHA1

                          912d60455ce1749848e412ac2ca8991b90357e79

                          SHA256

                          28ab25f5fb0388f43fea0b5df7172e6ca1ed533fb6723fc904c6f05ed457f403

                          SHA512

                          5117791b254e1a0d810d9ae4f8d7cadadc298bcfd942cc3424f4955faa2af678de20a2a9a713b05bdf5788ce2112b071318213bd058b6aa4b7ccd6d945c2ae69

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js
                          Filesize

                          6KB

                          MD5

                          207077fed406e49d74fa19116d2712aa

                          SHA1

                          3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

                          SHA256

                          b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

                          SHA512

                          0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          3KB

                          MD5

                          40f4d64afe7bbc6ac517e4defd4ce12a

                          SHA1

                          a2698f1031151de6777797533192384a0d5159d2

                          SHA256

                          7bb07d7863dee71f1254f1ef48473bee12e48a9aeda41cb266e889fd67fc7fed

                          SHA512

                          4c31f008e66f0506b350dc7d960d9656b0d7c7d2af884890e76937a77cfa0fbae59711b97ad0a3bee748d426263ff8e6b5ed53dbfe9e82b7a86a539ed4527271

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4
                          Filesize

                          4KB

                          MD5

                          d1d48e0156b70dbd5825bdf086251504

                          SHA1

                          f09efd4d62bbac4093ff2484669556dbe1c5e604

                          SHA256

                          ef9ee3445b7ad9e74858abfd31ea4514ff1b37a9eee0432d1209ae07dfadfa86

                          SHA512

                          35078d1fb22f14128eb70353635e1d5eea126c173e7a81c23421855e13a76bd69b8d02663ab1fd5c142e9891e9eacd15fa162e849d538b560451bc2dfa3ddecf

                          Download Submit

                        • memory/2008-133-0x00007FFE11150000-0x00007FFE11160000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2008-139-0x00007FFE0F060000-0x00007FFE0F070000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2008-138-0x00007FFE0F060000-0x00007FFE0F070000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2008-137-0x00007FFE11150000-0x00007FFE11160000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2008-136-0x00007FFE11150000-0x00007FFE11160000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2008-134-0x00007FFE11150000-0x00007FFE11160000-memory.dmp

                          Filesize

                          64KB

                          Download

                        • memory/2008-135-0x00007FFE11150000-0x00007FFE11160000-memory.dmp

                          Filesize

                          64KB

                          Download